Tamper prevention and detection for video provided over a network to a client

US 8,689,016 B2
Filed: 11/30/2006
Issued: 04/01/2014
Est. Priority Date: 12/02/2005
Status: Active Grant

First Claim

Patent Images

1. A server device for use in detecting tampering on a client device over a network, comprising:

a storage repository that is configured to remotely store tamper event objects for a plurality of client devices; and

a hardware processor that is configured to perform actions, including;

providing at least one publisher code component to each of the plurality of client devices, wherein the at least one publisher code component is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the at least one publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering for the corresponding client device;

providing at least one subscriber code component to each of the plurality of client devices while providing at least a portion of media content to one or more of the client devices, wherein the at least one subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository that are published by the at least one publisher code component on each of the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices;

enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;

enabling each publisher code component to publish tamper event objects to at least one of the other publisher code components; and

enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, and method are directed to providing digital copy protection of media using a subscriber/publisher architecture. In one embodiment, a publisher employs various dynamic and/or static tamper detection, including, filter graph change detectors, ICE detectors, screen scraping detectors, debugger detectors, pattern recognizers, or the like. When a tampering event is detected by one or more of the publishers, the tamper event may be published for access by a subscriber. Published tamper events may be pushed to or pulled by the subscribers. When one or more subscribers receive the tamper event, the subscriber(s) may perform one or more tamper response actions according to various business rules, and/or other core rules.

144 Citations

20 Claims

1. A server device for use in detecting tampering on a client device over a network, comprising:
- a storage repository that is configured to remotely store tamper event objects for a plurality of client devices; and
  
  a hardware processor that is configured to perform actions, including;
  
  providing at least one publisher code component to each of the plurality of client devices, wherein the at least one publisher code component is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the at least one publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering for the corresponding client device;
  
  providing at least one subscriber code component to each of the plurality of client devices while providing at least a portion of media content to one or more of the client devices, wherein the at least one subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository that are published by the at least one publisher code component on each of the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices;
  
  enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
  
  enabling each publisher code component to publish tamper event objects to at least one of the other publisher code components; and
  
  enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server of claim 1, wherein the at least one publisher code component is configured to operate as at least one of an ICE detector, debug detector, pattern recognition detector, or a screen scraper detector.
  - 3. The server of claim 1, wherein the at least one subscriber code component receives the tamper event object using a pull protocol mechanism.
  - 4. The server of claim 1, wherein the storage repository is managed through a mediator code component that is configured to manage receipt of the tamper event objects and to distribute the tamper event objects to one or more subscriber code components and one or more publisher code components.
  - 5. The server of claim 1, wherein the tamper event objects are encrypted.
  - 6. The server of claim 1, wherein the at least one subscriber code components is provided to another client device, and wherein the at least one subscriber code component executing on the other client device subscribes to the storage repository, receives published tamper event objects that originated from the client device, and performs at least one defensive action based on the tamper event objects and at least one business rule.

7. A system that is arranged to respond to unauthorized actions on a plurality of client devices, the system comprising:
- a storage repository that is configured to remotely store tamper event objects for the plurality of client devices;
  
  a publisher code component executing on a hardware processor on each client device that is configured to monitor for an unauthorized action on a corresponding client device, and if the unauthorized action is detected, enabling the publisher code component to publish a tamper event object to the storage repository, wherein the tamper event object stores an indication of tampering at the corresponding client device;
  
  a subscriber code component that is provided to each client device while a portion of media content is provided to the client device, wherein the provided subscriber code component executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object and is configured to subscribe to the storage repository, receive tamper event objects from the storage repository published by each publisher code component for the plurality of client devices, and based on the received tamper event objects, and at least one business rule, to perform at least one defensive action to inhibit the unauthorized action for each of the plurality of client devices;
  
  enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
  
  enabling each publisher code component to publish the tamper event object to at least one of the other publisher code components; and
  
  enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein at least one other subscriber code component and at least one other publisher code component are configured to reside on a server device.
  - 9. The system of claim 7, wherein another subscriber code component is configured to reside on a server device, and wherein the other subscriber code component performs at least another defensive action comprising at least one of terminating a media stream to a client device, disabling a decryption key associated with the media stream, or terminating an application.
  - 10. The system of claim 7, wherein the publisher code component employs at least one of a sequence of different types of computer system calls and related responses to evaluate a presence of unauthorized action, or a digital fingerprint that is generated based on a plurality of parameters that are employed to generate delta events and an associated entropy and if the associated entropy exceeds a determined value detecting the unauthorized action.
  - 11. The system of claim 7, wherein the tamper event objects further comprise a time indicating when the unauthorized action is detected, and an identifier indicating a type of unauthorized action detected.

12. A method for managing responses to unauthorized actions on a plurality of hardware client devices over a network, the method comprising:
- providing to each hardware client device a plurality of different publisher code components, each publisher code component being configured to employ a different detection code mechanism for detecting unauthorized actions on a corresponding client device;
  
  providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object;
  
  if an unauthorized action is detected on at least one of the plurality of client devices by at least one of the plurality of different publisher code components, publishing information about each unauthorized action in a separate tamper event object, wherein each published tamper event object stores an indication of tampering at a corresponding client device, and wherein the plurality of published tamper event objects are remotely stored in a storage repository;
  
  receiving the plurality of published tamper event objects by the one or more subscriber code components residing on each client device and subscribed to the storage repository, wherein the plurality of published tamper event objects are received from the storage repository;
  
  in response to receiving the plurality of published tamper event objects, performing by each subscriber code component at least one action, based on the received published tamper event objects and at least one business rule, that is directed towards deterring the detected unauthorized action on each of the plurality of client devices;
  
  enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
  
  enabling each publisher code component to publish the separate tamper event object to at least one of the other publisher code components; and
  
  enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the published separate tamper event object is published over an encrypted communications channel.
  - 14. The method of claim 12, wherein another subscriber code component resides on a server, and performs at least one of terminating a transmission to at least one of the plurality of client devices, disabling a decryption key, or terminating an application associated with each detected unauthorized action.
  - 15. The method of claim 12, wherein providing each client device a plurality of different publisher code components, further comprises providing at least one of the publisher code components within a stream of media content to the plurality of client devices.

16. A non-transitory computer-readable storage medium having program instructions stored thereon, the program instructions being executable by a processor on a computing device to enable actions for managing responses to unauthorized actions on a plurality of client devices over a network comprising:
- providing to each client device a plurality of different publisher code components, each publisher code component being configured to employ a different detection code mechanism for detecting unauthorized actions on a corresponding client device;
  
  providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device is operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object;
  
  if an unauthorized action is detected on at least one of the plurality of client devices by at least one of the plurality of different publisher code components, publishing information about each unauthorized action in a separate tamper event object, wherein each published tamper event object stores an indication of tampering at a corresponding client device, and wherein a plurality of published tamper event objects are remotely stored in a storage repository;
  
  receiving the plurality of published tamper event objects by the one or more subscriber code components subscribed to the storage repository and residing on each client device, wherein the plurality of published tamper event objects are received from the storage repository;
  
  in response to receiving the plurality of published tamper event objects, performing by each subscriber code component at least one action, based on the received published tamper event objects and at least one business rule, that is directed towards deterring the detected unauthorized action on each of the plurality of client devices;
  
  enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
  
  enabling each publisher code component to publish at least one of the plurality of tamper event objects to at least one of the other publisher code components; and
  
  enabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.

17. A non-transitory computer-readable storage medium having computer-executable instructions for managing responses to unauthorized actions, the computer-executable instructions when installed onto a plurality of client devices enable each client device to perform actions, comprising:
- receiving a publisher code component for each client device, that is configured to detect an unauthorized action on a corresponding client device;
  
  providing one or more subscriber code components to each client device while providing at least a portion of media content to each client device, wherein the one or more subscriber code components executing on each client device are operative to register to consume a plurality of tamper event objects and to apply specific business rules to each consumed tamper event object;
  
  if the publisher code component detects an unauthorized action on the corresponding client device, publishing a tamper event object that includes at least a time of detection of the unauthorized action, and an identifier associated with the unauthorized action, wherein the published tamper event object is remotely stored in a storage repository for a plurality of tamper objects;
  
  receiving by the one or more subscriber code components subscribed to the storage repository and residing on each client device the plurality of tamper event objects, wherein the plurality of tamper event objects are received from the storage repository, and wherein the one or more subscriber code components are configured to perform at least one action, based on the plurality of tamper event objects and at least one business rule, directed to deterring the unauthorized action on each of the plurality of client devices;
  
  enabling at least one of the subscriber code components and at least one of the publisher code components to initiate registration with each other, wherein each subscriber code component is operable to receive tamper event objects from each respectively registered publisher code component;
  
  enabling each publisher code component to publish the at least one of the plurality of tamper event objects to at least one of the other publisher code components, andenabling another publisher code component to subscribe to the storage facility and receive the published tamper event objects, wherein the published tamper event objects are employed by the other publisher code component to detect a presence of the unauthorized action associated with the published tamper event object on another client device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable storage medium of claim 17, wherein another client device is configured to receive another publisher code component that is configured to receive the published tamper event object and employ the published tamper event object to monitor for the unauthorized action on the other client device.
  - 19. The non-transitory computer-readable storage medium of claim 17, wherein the publisher code component is configured to employ at least one of the following detection mechanisms:
    - an integrated circuit emulator detector, a pattern recognition detector, or a screen scraper detector.
  - 20. The non-transitory computer-readable storage medium of claim 17, wherein publishing the tamper event object further comprises providing the published tamper event object over a secure communications channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Morten, Glenn A., Hiar, Edward Charles, Jacobs, Andre, Veres, James E., Zhuk, Oscar V., Tinker, Jeffrey Lee
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/565,223
Publication Number

US 20070271189A1
Time in Patent Office

2,679 Days
Field of Search

713/194
US Class Current

713/194
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/55   Detecting local intrusion o...

H04N 21/44236   Monitoring of piracy proces...

H04N 21/6543   for forcing some client ope...

H04N 21/8355   involving usage data, e.g. ...

H04N 7/1675   Providing digital key or au...

H04N 7/173   with two-way working, e.g. ...

Tamper prevention and detection for video provided over a network to a client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper prevention and detection for video provided over a network to a client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links