Systems and methods for the prevention of unauthorized use and manipulation of digital content

US 7,328,453 B2
Filed: 05/09/2002
Issued: 02/05/2008
Est. Priority Date: 05/09/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for preventing unauthorized use of digital content data in a computer system comprising:

executing protected digital content data;

in response to the execution of the protected digital content data, examining system devices that are operational in the system;

determining whether at least one of the operational system devices is a subversion device that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, wherein the subversion device performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data, wherein determining comprises;

determining a performance parameter of the at least one operational system device. wherein determining a performance parameter comprises supplying test data to the at least one operational system device, and monitoring performance data of the at least one operational device; and

comparing the performance data to actual data collected on a sample operational device, and if the comparison result is outside a predetermined range, then determining that the operational system device is a subversion device; and

initiating a defensive action if it is determined that at least one of the operational system devices is a subversion device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A number of systems and methods, alone, or in combination, achieve various levels of protection against unauthorized modification and distribution of digital content. This encompasses at least unauthorized study, modification, monitoring, reconstruction, and any other means for subversion from the originally intended purpose and license model of the digital content. The invention combines a number of techniques that in whole, or in part, serve to protect such content from unauthorized modification, reconstructive engineering, or monitoring by third parties. This is accomplished by means of methods which protect against subversion by specific tools operating on specific platforms as well as general tools operating on general platforms. Specific time domain attacks are identified, code modification can be identified and reversed, and virtual and emulated systems are identified. In addition, identification of in-circuit emulator tools (both software and hardware), debuggers, and security threats to running programs can be achieved.

Citations

28 Claims

1. A method for preventing unauthorized use of digital content data in a computer system comprising:
- executing protected digital content data;
  
  in response to the execution of the protected digital content data, examining system devices that are operational in the system;
  
  determining whether at least one of the operational system devices is a subversion device that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, wherein the subversion device performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data, wherein determining comprises;
  
  determining a performance parameter of the at least one operational system device. wherein determining a performance parameter comprises supplying test data to the at least one operational system device, and monitoring performance data of the at least one operational device; and
  
  comparing the performance data to actual data collected on a sample operational device, and if the comparison result is outside a predetermined range, then determining that the operational system device is a subversion device; and
  
  initiating a defensive action if it is determined that at least one of the operational system devices is a subversion device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein examining comprises examining device-specific registration data for the system devices within an operating system operating on the computer system.
  - 3. The method of claim 1 wherein examining further comprises examining system memory for the existence of system devices, determining whether the system device is a physical or virtual device, and if a determination is made that the system device is a virtual device, initiating the defensive action.
  - 4. The method of claim 2 wherein determining further comprises comparing the device specific registration data to known data for each system device and if the data are not a match, initiating the defensive action.
  - 5. The method of claim 1 wherein determining further comprises determining a memory latency value for the at least one system device and comparing the determined memory latency value to a known memory latency value.
  - 6. The method of claim 5 wherein if the comparison indicates that the determined and known memory latency values are not a match, initiating the defensive action.
  - 7. The method of claim 1 wherein the subversion device is a device selected from the group of devices consisting of:
    - in circuit emulator and virtual emulator.
  - 8. The method of claim 1 wherein determining further comprises dynamically loading at least one of a valid device-specific driver, device driver subcomponent, and device driver simulator component and determining whether the load was successful for that driver.
  - 9. The method of claim 1 wherein the defensive action comprises a data saturation event.
  - 10. The method of claim 1 wherein the defensive action comprises initiating a notification event for notifying other entities operating in the system of the presence of the subversion device.
  - 11. The method of claim 1 wherein the defensive action comprises a defensive action selected from the group consisting of:
    - deactivating the system devices, modifying a display coupled to the system to make information conveyed on the display unintelligible;
      
      modifying the display coupled to the system to change the position of windows on the display;
      
      suppressing undesired input signals from input devices;
      
      initiating a system reboot;
      
      invoking system destabilization through memory corruption;
      
      providing false information to the subversion device; and
      
      generating saturation data in the system.

12. A method for preventing unauthorized use of digital content data in a computer system comprising:
- executing protected digital content datain response to the execution of the protected digital content data, enumerating processes that are active on the computer system, wherein enumerating comprises at least one of examining processes registered in a taskbar of the computer system and inspecting memory partitioning signatures of the computer system;
  
  determining whether at least one of the processes is a subversion process that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, wherein the subversion process performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein enumerating processes further comprises examining system memory for process signatures.
  - 14. The method of claim 12 wherein enumerating processes further comprises examining incremental portions of system memory.

15. A method for preventing unauthorized use of digital content data in a computer system comprising:
- executing protected digital content datain response to the execution of the protected digital content data, enumerating processes that are active on the computer system, wherein enumerating comprises at least one of examining incremental portions of system memory and examining processes registered in a taskbar of the computer system;
  
  determining whether at least one of the processes is a subversion process by searching the computer system memory for a known signature of a subversion process that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, wherein the subversion process performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (16)
- - 16. The method of claim 15 wherein searching system memory comprises continuous searching of system memory.

17. A method for preventing unauthorized use of digital content data in a computer system comprising:
- executing protected digital content data;
  
  in response to the execution of the protected digital content data, enumerating processes that are active on the computer system, wherein enumerating comprises at least one of examining incremental portions of system memory and examining processes registered in a taskbar of the computer system;
  
  determining whether at least one of the processes is a subversion process by searching the computer system memory for a known memory partitioning signature of a subversion process that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, wherein the subversion process performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data; and
  
  initiating a defensive action if it is determined that at least one of the operational system processes is a subversion process.
- View Dependent Claims (18)
- - 18. The method of claim 17 wherein the known memory partitioning signature comprises at least one of:
    - amount of memory used;
      
      memory allocation; and
      
      partitioning patterns.

19. A method for preventing unauthorized use of digital content data in a computer system comprising:
- executing protected digital content data;
  
  in response to the execution of the protected digital content data, examining system memory for the existence of system devices that are operational in the system;
  
  determining whether at least one of the operational system devices is a physical or virtual subversion device that subverts control mechanisms of the computer system that control the unauthorized use of the digital content data, by determining a memory latency value for the at least one system device and comparing the determined memory latency value to a known memory latency value, wherein the subversion device performs at least one of unauthorized study, modification, monitoring, and reconstruction of the executed protected digital content data; and
  
  initiating a defensive action if it is determined that at least one of the operational system devices is a virtual subversion device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The method of claim 19 wherein if the comparison indicates that the determined and known memory latency values are not a match, initiating the defensive action.
  - 21. The method of claim 19 wherein the subversion device is a device selected from the group of devices consisting of:
    - in circuit emulator and virtual emulator.
  - 22. The method of claim 19 wherein determining further comprises determining a performance parameter of the at least one operational system devices.
  - 23. The method of claim 22 wherein determining a performance parameter comprises supplying test data to the at least one operational system device, and monitoring performance data of the at least one operational device.
  - 24. The method of claim 23 further comprising comparing the performance data to actual data collected on a sample operational device, and if the comparison result is outside a predetermined range, then determining that the operational system device is a subversion device.
  - 25. The method of claim 19 wherein determining further comprises dynamically loading at least one of a valid device-specific driver, device driver subcomponent, and device driver simulator component and determining whether the load was successful for that driver.
  - 26. The method of claim 19 wherein the defensive action comprises a data saturation event.
  - 27. The method of claim 19 wherein the defensive action comprises initiating a notification event for notifying other entities operating in the system of the presence of the subversion device.
  - 28. The method of claim 19 wherein the defensive action comprises a defensive action selected from the group consisting of:
    - deactivating the system devices, modifying a display coupled to the system to make information conveyed on the display unintelligible;
      
      modifying the display coupled to the system to change the position of windows on the display;
      
      suppressing undesired input signals from input devices;
      
      initiating a system reboot;
      
      invoking system destabilization through memory corruption;
      
      providing false information to the subversion device; and
      
      generating saturation data in the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SCA IPLA Holdings Incorporated (Sony Group Corp.)
Original Assignee
ECD Systems Incorporated
Inventors
Hart, III, John J., Merkle, Jr., James A., LeVine, Richard B., Lee, Andrew R., Howard, Daniel G., Goldman, Daniel M., Pagliarulo, Jeffrey A., Bouza, Jose L.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Dada, Beemnet W

Application Number

US10/142,366
Publication Number

US 20040030912A1
Time in Patent Office

2,098 Days
Field of Search

726 22- 24, 726/26, 726/27, 726/32, 726/33, 713/188, 713/165, 713/167, 713/193, 711/6, 711/154, 711/163
US Class Current

726/23
CPC Class Codes

G06F 12/08   in hierarchically structure...

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/55   Detecting local intrusion o...

Systems and methods for the prevention of unauthorized use and manipulation of digital content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for the prevention of unauthorized use and manipulation of digital content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links