Tamper prevention and detection for video provided over a network to a client
First Claim
1. A server device for use in detecting tampering on a client device over a network, comprising:
- a storage repository that is configured to remotely store tamper event objects for a plurality of client devices; and
a hardware processor that is configured to perform actions, including;
providing at least one publisher code component to each of the plurality of client devices, wherein the at least one publisher code component is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the at least one publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering for the corresponding client device;
providing at least one subscriber code component to each of the plurality of client devices while providing at least a portion of media content to one or more of the client devices, wherein the at least one subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository that are published by the at least one publisher code component on each of the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices;
enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
enabling each publisher code component to publish tamper event objects to at least one of the other publisher code components; and
enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, and method are directed to providing digital copy protection of media using a subscriber/publisher architecture. In one embodiment, a publisher employs various dynamic and/or static tamper detection, including, filter graph change detectors, ICE detectors, screen scraping detectors, debugger detectors, pattern recognizers, or the like. When a tampering event is detected by one or more of the publishers, the tamper event may be published for access by a subscriber. Published tamper events may be pushed to or pulled by the subscribers. When one or more subscribers receive the tamper event, the subscriber(s) may perform one or more tamper response actions according to various business rules, and/or other core rules.
144 Citations
20 Claims
-
1. A server device for use in detecting tampering on a client device over a network, comprising:
-
a storage repository that is configured to remotely store tamper event objects for a plurality of client devices; and a hardware processor that is configured to perform actions, including; providing at least one publisher code component to each of the plurality of client devices, wherein the at least one publisher code component is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the at least one publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering for the corresponding client device; providing at least one subscriber code component to each of the plurality of client devices while providing at least a portion of media content to one or more of the client devices, wherein the at least one subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository that are published by the at least one publisher code component on each of the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices; enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component; enabling each publisher code component to publish tamper event objects to at least one of the other publisher code components; and enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system that is arranged to respond to unauthorized actions on a plurality of client devices, the system comprising:
-
a storage repository that is configured to remotely store tamper event objects for the plurality of client devices; a publisher code component executing on a hardware processor on each client device that is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering at the corresponding client device; a subscriber code component that is provided to each client device while a portion of media content is provided to the client device, wherein the provided subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository published by each publisher code component for the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices; enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component; enabling each publisher code component to publish the tamper event object to at least one of the other publisher code components; and enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for managing responses to unauthorized actions on a plurality of hardware client devices over a network, the method comprising:
-
providing to each hardware client device a plurality of different publisher code components, each publisher code component being configured to employ a different detection code mechanism for detecting unauthorized actions on a corresponding client device; providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object; if an unauthorized action is detected on at least one of the plurality of client devices by at least one of the plurality of different publisher code components, publishing information about each unauthorized action in a separate tamper event object, wherein each published tamper event object stores an indication of tampering at a corresponding client device, and wherein the plurality of published tamper event objects are remotely stored in a storage repository; receiving the plurality of published tamper event objects by the one or more subscriber code components residing on each client device and subscribed to the storage repository, wherein the plurality of published tamper event objects are received from the storage repository; in response to receiving the plurality of published tamper event objects, performing by each subscriber code component at least one action, based on the received published tamper event objects and at least one business rule, that is directed towards deterring the detected unauthorized action on each of the plurality of client devices; enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component; enabling each publisher code component to publish the separate tamper event object to at least one of the other publisher code components; and enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device. - View Dependent Claims (13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having program instructions stored thereon, the program instructions being executable by a processor on a computing device to enable actions for managing responses to unauthorized actions on a plurality of client devices over a network comprising:
-
providing to each client device a plurality of different publisher code components, each publisher code component being configured to employ a different detection code mechanism for detecting unauthorized actions on a corresponding client device; providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object; if an unauthorized action is detected on at least one of the plurality of client devices by at least one of the plurality of different publisher code components, publishing information about each unauthorized action in a separate tamper event object, wherein each published tamper event object stores an indication of tampering at a corresponding client device, and wherein a plurality of published tamper event objects are remotely stored in a storage repository; receiving the plurality of published tamper event objects by the one or more subscriber code components subscribed to the storage repository and residing on each client device, wherein the plurality of published tamper event objects are received from the storage repository; in response to receiving the plurality of published tamper event objects, performing by each subscriber code component at least one action, based on the received published tamper event objects and at least one business rule, that is directed towards deterring the detected unauthorized action on each of the plurality of client devices; enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component; enabling each publisher code component to publish at least one of the plurality of tamper event objects to at least one of the other publisher code components; and enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
-
-
17. A non-transitory computer-readable storage medium having computer-executable instructions for managing responses to unauthorized actions, the computer-executable instructions when installed onto a plurality of client devices enable each client device to perform actions, comprising:
-
receiving a publisher code component for each client device, that is configured to detect an unauthorized action on a corresponding client device; providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device are operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object; if the publisher code component detects an unauthorized action on the corresponding client device, publishing a tamper event object that includes at least a time of detection of the unauthorized action, and an identifier associated with the unauthorized action, wherein the published tamper event object is remotely stored in a storage repository for a plurality of tamper objects; receiving by the one or more subscriber code components subscribed to the storage repository and residing on each client device the plurality of tamper event objects, wherein the plurality of tamper event objects are received from the storage repository, and wherein the one or more subscriber code components are configured to perform at least one action, based on the plurality of tamper event objects and at least one business rule, directed to deterring the unauthorized action on each of the plurality of client devices; enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component; enabling each publisher code component to publish the at least one of the plurality of tamper event objects to at least one of the other publisher code components, and enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device. - View Dependent Claims (18, 19, 20)
-
Specification