Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
6240185
Van Wie , ; et al.
May 29, 2001
Title
Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
Abstract
Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times.
Inventors:
Van Wie; David M.
(Eugene,
OR
)
, Weber; Robert P.
(Menlo Park,
CA
)
Assignee:
Intertrust Technologies Corporation
(Santa Clara,
CA
)
Appl. No.:
09/247,328
Filed:
February 10, 1999
Current U.S. Class:
380/232
705/51
705/52
705/54
705/55
705/59
705/76
713/176
713/189
713/193
726/21
380/205
380/210
380/221
380/227
380/231
Field of Search:
705/26,30,35,39-44,50,51,55-59,52-54,64,76 380/3,4,5,9,23,24,25,49,50,54,59,201,202,203,210,221,223,227-234,239,241,242 382/100,232,233 713/189,193,194,200,168,176
U.S. Patent Documents
4112421
September 1978
Freeny
4120030
October 1978
Johnstone
4163280
July 1979
Mori et al.
4168396
September 1979
Best
4196310
April 1980
Forman et al.
4200913
April 1980
Kuhar et al.
4209787
June 1980
Freeny
4217588
August 1980
Freeny
4220991
September 1980
Hamano et al.
4232193
November 1980
Gerard
4232317
November 1980
Freeny
4236217
November 1980
Kennedy
4253157
February 1981
Kirschner et al.
4262329
April 1981
Bright et al.
4265371
May 1981
Desai et al.
4270182
May 1981
Asija
4278837
July 1981
Best
4305131
December 1981
Best
4306289
December 1981
Lumley
4309569
January 1982
Merkle
4319079
March 1982
Best
4323921
April 1982
Guillou
4328544
May 1982
Baldwin et al.
4337483
June 1982
Guillou
4361877
November 1982
Dyer et al.
4375579
March 1983
Davida et al.
4433207
February 1984
Best
4434464
February 1984
Suzuki et al.
4442486
April 1984
Mayer
4446519
May 1984
Thomas
4454594
June 1984
Heffron et al.
4458315
July 1984
Uchenick
4462076
July 1984
Smith
4462078
July 1984
Ross
4465901
August 1984
Best
4471163
September 1984
Donald et al.
4484217
November 1984
Block et al.
4494156
January 1985
Kadison et al.
4513174
April 1985
Herman
4528588
July 1985
Lofberg
4528643
July 1985
Freeny
4553252
November 1985
Egendorf
4558176
December 1985
Arnold et al.
4558413
December 1985
Schmidt et al.
4562306
December 1985
Chou et al.
4562495
December 1985
Bond et al.
4577289
March 1986
Comerford et al.
4584641
April 1986
Guglielmino
4588991
May 1986
Atalla
4589064
May 1986
Chiba et al.
4593353
June 1986
Pickholtz
4593376
June 1986
Volk
4595950
June 1986
Lofberg
4597058
June 1986
Izumi et al.
4634807
January 1987
Chorley et al.
4644493
February 1987
Chandra et al.
4646234
February 1987
Tolman et al.
4652990
March 1987
Pailen et al.
4658093
April 1987
Hellman
4670857
June 1987
Rackman
4672572
June 1987
Alsberg
4677434
June 1987
Fascenda
4680731
July 1987
Izumi et al.
4683553
July 1987
Mollier
4685056
August 1987
Barnsdale et al.
4688169
August 1987
Joshi
4691350
September 1987
Kleijne et al.
4696034
September 1987
Wiedemer
4701846
October 1987
Ikeda et al.
4712238
December 1987
Gilhousen et al.
4713753
December 1987
Boebert et al.
4740890
April 1988
William
4747139
May 1988
Taaffe
4757533
July 1988
Allen et al.
4757534
July 1988
Matyas et al.
4768087
August 1988
Taub et al.
4791565
December 1988
Dunham et al.
4796181
January 1989
Wiedemer
4799156
January 1989
Shavit
4807288
February 1989
Ugon et al.
4817140
March 1989
Chandra et al.
4823264
April 1989
Deming
4827508
May 1989
Shear
4858121
August 1989
Barber et al.
4864494
September 1989
Kobus
4868877
September 1989
Fischer
4903296
February 1990
Chandra et al.
4924378
May 1990
Hershey et al.
4930073
May 1990
Cina
4949187
August 1990
Cohen
4977594
December 1990
Shear
4999806
March 1991
Chernow et al.
5001752
March 1991
Fischer
5005122
April 1991
Griffin et al.
5005200
April 1991
Fischer
5010571
April 1991
Katznelson
5023907
June 1991
Johnson et al.
5047928
September 1991
Wiedemer
5048085
September 1991
Abraham et al.
5050213
September 1991
Shear
5091966
February 1992
Bloomberg et al.
5103392
April 1992
Mori
5103476
April 1992
Waite et al.
5111390
May 1992
Ketcham
5119493
June 1992
Janis et al.
5128525
July 1992
Stearns et al.
5136643
August 1992
Fischer
5136646
August 1992
Haber et al.
5136647
August 1992
Haber et al.
5136716
August 1992
Harvey et al.
5146575
September 1992
Nolan
5148481
September 1992
Abraham et al.
5155680
October 1992
Wiedemer
5168147
December 1992
Bloomberg
5185717
February 1993
Mori
5201046
April 1993
Goldberg et al.
5201047
April 1993
Maki et al.
5208748
May 1993
Flores et al.
5214702
May 1993
Fischer
5216603
June 1993
Flores et al.
5221833
June 1993
Hecht
5222134
June 1993
Waite et al.
5224160
June 1993
Paulini et al.
5224163
June 1993
Gasser et al.
5235642
August 1993
Wobber et al.
5245165
September 1993
Zhang
5247575
September 1993
Sprague et al.
5260999
November 1993
Wyman
5263158
November 1993
Janis
5265164
November 1993
Matyas et al.
5276735
January 1994
Boebert et al.
5280479
January 1994
Mary
5285494
February 1994
Sprecher et al.
5301231
April 1994
Abraham et al.
5311591
May 1994
Fischer
5319705
June 1994
Halter et al.
5319785
June 1994
Halter et al.
5337360
August 1994
Fischer
5341429
August 1994
Stringer et al.
5343527
August 1994
Moore et al.
5347579
September 1994
Blandford
5351293
September 1994
Michener et al.
5355474
October 1994
Thuraisngham et al.
5373561
December 1994
Haber et al.
5390247
February 1995
Fischer
5390330
February 1995
Talati
5392220
February 1995
van den Hamer et al.
5392390
February 1995
Crozier
5394469
February 1995
Nagel et al.
5410598
April 1995
Shear
5412717
May 1995
Fischer
5421006
May 1995
Jablon
5422953
June 1995
Fischer
5428606
June 1995
Moskowitz
5438508
August 1995
Wyman
5442645
August 1995
Ugon
5444779
August 1995
Daniele
5449895
September 1995
Hecht et al.
5449896
September 1995
Hecht et al.
5450493
September 1995
Maher
5453601
September 1995
Rosen
5453605
September 1995
Hecht et al.
5455407
October 1995
Rosen
5455861
October 1995
Faucher et al.
5455953
October 1995
Russell
5457746
October 1995
Dolphin
5463565
October 1995
Cookson et al.
5473687
December 1995
Lipscomb et al.
5473692
December 1995
Davis
5479509
December 1995
Ugon
5485622
January 1996
Yamaki
5491800
February 1996
Goldsmith et al.
5497479
March 1996
Hornbuckle
5497491
March 1996
Mitchell et al.
5499298
March 1996
Narasimhalu et al.
5504757
April 1996
Cook et al.
5504818
April 1996
Okano
5504837
April 1996
Griffeth et al.
5508913
April 1996
Yamamoto et al.
5509070
April 1996
Schull
5513261
April 1996
Maher
5530235
June 1996
Stefik et al.
5530752
June 1996
Rubin
5533123
July 1996
Force et al.
5534975
July 1996
Stefik et al.
5537526
July 1996
Anderson et al.
5539735
July 1996
Moskowitz
5539828
July 1996
Davis
5550971
August 1996
Brunner et al.
5553282
September 1996
Parrish et al.
5557518
September 1996
Rosen
5563946
October 1996
Cooper et al.
5568552
October 1996
Davis
5572673
November 1996
Shurts
5592549
January 1997
Nagel et al.
5606609
February 1997
Houser et al.
5613004
March 1997
Cooperman et al.
5621797
April 1997
Rosen
5629980
May 1997
Stefik et al.
5633932
May 1997
Davis et al.
5634012
May 1997
Stefik et al.
5636292
June 1997
Rhoads
5638443
June 1997
Stefik
5638504
June 1997
Scott et al.
5640546
June 1997
Gopinath et al.
5655077
August 1997
Jones et al.
5687236
November 1997
Moskowitz et al.
5689587
November 1997
Bender et al.
5692180
November 1997
Lee
5710834
January 1998
Rhoads
5740549
April 1998
Reilly et al.
5745569
April 1998
Moskowitz et al.
5745604
April 1998
Rhoads
5748763
May 1998
Rhoads
5748783
May 1998
Rhoads
5748960
May 1998
Fischer
5754849
May 1998
Dyer et al.
5757914
May 1998
McManis
5758152
May 1998
LeTourneau
5765152
June 1998
Erickson
5768426
June 1998
Rhoads
5832119
November 1998
Rhoads
5896454
April 1999
Cookson et al.
5940505
August 1999
Kanamaru
6009170
December 1999
Sako et al.
Foreign Patent Documents
0 084 441 A1
Jul., 1983
EP
0 135 422 A1
Mar., 1985
EP
0 180 460 A1
May., 1986
EP
0 370 146 A1
Nov., 1988
EP
0 456 386 A2
Nov., 1991
EP
0 469 864 A2
Feb., 1992
EP
0 593 305 A2
Apr., 1994
EP
0 651 554 A1
May., 1995
EP
0 668 695 A2
Aug., 1995
EP
0 695 985 A1
Feb., 1996
EP
0 696 798 A1
Feb., 1996
EP
0 714 204 A2
May., 1996
EP
0 715 243 A1
Jun., 1996
EP
0 715 244 A1
Jun., 1996
EP
0 715 245 A1
Jun., 1996
EP
0 715 246 A1
Jun., 1996
EP
0 715 247 A1
Jun., 1996
EP
0 725 376 A2
Aug., 1996
EP
0 749 081 A1
Dec., 1996
EP
0 763 936 A2
Sep., 1996
EP
0 778 513 A2
Jun., 1997
EP
0 795 873 A2
Sep., 1997
EP
0 800 312 A1
Oct., 1997
EP
1-068835
Mar., 1989
JP
2-242352
Sep., 1990
JP
2-247763
Oct., 1990
JP
2-294855
Dec., 1990
JP
2136175
Sep., 1984
GB
2294348
Apr., 1996
GB
2295947
Jun., 1996
GB
3803982A1
Jan., 1990
DE
4-369068
Dec., 1992
JP
5-181734
Jul., 1993
JP
5-257783
Oct., 1993
JP
5-268415
Oct., 1993
JP
57-726
May., 1982
JP
6-175794
Jun., 1994
JP
6-215010
Aug., 1994
JP
62-241061
Oct., 1987
JP
64-68835
Mar., 1989
JP
7-056794
Mar., 1995
JP
7-084852
Mar., 1995
JP
7-141138
Jun., 1995
JP
7-200317
Aug., 1995
JP
7-200492
Aug., 1995
JP
7-244639
Sep., 1995
JP
8-137795
May., 1996
JP
8-152990
Jun., 1996
JP
8-185298
Jul., 1996
JP
9 004 79
Dec., 1984
BE
WO 85/02310
May., 1985
WO
WO 85/03584
Aug., 1985
WO
WO 92/06438
Apr., 1992
WO
WO 93/01550
Jan., 1993
WO
WO 94/01821
Jan., 1994
WO
WO 94/16395
Jul., 1994
WO
WO 94/18620
Aug., 1994
WO
WO 94/22266
Sep., 1994
WO
WO 94/27406
Nov., 1994
WO
WO 96/00963
Jan., 1996
WO
WO 96/03835
Feb., 1996
WO
WO 96/05698
Feb., 1996
WO
WO 96/06503
Feb., 1996
WO
WO 96/13013
May., 1996
WO
WO 96/21192
Jul., 1996
WO
WO 97/03423
Jan., 1997
WO
WO 97/07656
Mar., 1997
WO
WO 97/25816
Jul., 1997
WO
WO 97/32251
Sep., 1997
WO
WO 97/48203
Dec., 1997
WO
Other References
Michael Baum, "Worldwide Electronic Commerce: Law, Policy and Controls Conference," Nov. 11, 1993, 18 pages. .
Richard L. Bisbey, II and Gerald J. Popek, Encapsulation: An Approach to Operating System Security, (USC/Information Science Institute, Marina Del Rey, CA), Oct. 1973, pp. 666-675. .
Rolf Blom, Robert Forchheimer, et al., Encryption Methods in Data Networks, Ericsson Technics, No. 2, Stockholm, Sweden, 1978. .
Rick E. Bruner, Document from the Internet: PowerAgent, NetBot help advertisers reach Internet shoppers, Aug. 1997, 3 pages. .
Denise Caruso, Technology, Digital Commerce: 2 plans for watermarks, which can bind proof of authorship to electronic works, N.Y. Times, Aug. 7, 1995, p. D5. .
A.K. Choudhury, N. F. Maxemchuck, et al., Copyright Protection for Electronic Publishing Over Computer Networks, (AT&T Bell Laboratories, Murray Hill, N. J.) Jun. 1994, 17 pages. .
Tim Clark, Ad service gives cash back, Document from the Internet: <www.news.com./News/Item/0,4,13050,00.html> (visited Aug. 4, 1997), 2 pages. .
Donna Cunningham, David Arneke, et al., Document from the Internet: AT&T, VLSI Technology join to improve info highway security, ( News Release) Jan. 31, 1995, 3 pages. .
Lorcan Dempsey and Stuart Weibel, The Warwick Metadata Workshop: A Framework for the Deployment of Resource Description, D-Lib Magazine, Jul. 15, 1996. .
Dorothy E. Denning and Peter J. Denning, Data Security, 11 Computing Surveys No. 3, Sep. 1979, pp. 227-249. .
Whitfield Diffie and Martin E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, vol. 22, No. 6, No. 1976, pp. 644-651. .
Whitfield Diffie and Martin E. Hellman, Privacy and Authentication: An Introduction to Cryptography, Proceedings of the IEEE, vol. 67, No. 3, Mar. 1979, pp. 397-427. .
Stephen R. Dusse and Burton S. Kaliski, A Cryptographic Library for the Motorola 56000, Advances in Cryptology-Proceedings of Eurocrypt 90, (I.M. Damgard, ed., Springer-Verlag) 1991, pp. 230-244. .
Esther Dyson, Intellectual Value, WIRED Magazine, Jul. 1995, pp. 136-141 and 182-183. .
James Gleick, Dead as a Dollar, The New York Times Magazine, Jun. 16, 1996, Sect. 6, pp. 26-30, 35, 42, 50, 54. .
Fred Greguras, Document from Internet: Softic Symposium '95, Copyright Clearances and Moral Rights, Dec. 11, 1995, 3 pages. .
Louis C. Guillou, Smart Cards and Conditional Access, Advances in Cryptography--Proceedings of EuroCrypt 84 (T. Beth et al, Ed., Springer-Verlag, 1985) pp. 480-490. .
Harry H. Harman, Modern Factor Analysis, Third Edition Revised, University of Chicago Press, Chicago and London, 1976. .
Amir Herzberg and Shlomit S. Pinter, Public Protection of Software, ACM Transactions on Computer Systems, vol. 5, No. 4, Nov. 1987, pp. 371-393. .
Jud Hofmann, Interfacing the NII to User Homes, (Consumer Electronic Bus. Committee) NIST, Jul. 1994, 12 slides. .
Jud Hofmann, Interfacing the NII to User Homes, Electronic Industries Association, (Consumer Electronic Bus Committee) (undated), 14 slides. .
Stannie Holt, Document from the Internet: Start-up promises user confidentiality in Web marketing service, InfoWorld Electric News (updated Aug. 13, 1997). .
Jay J. Jiang and David W. Conrath, A Concept-based Approach to Retrieval from an Electronic Industrial Directory, International Journal of Electronic Commerce, vol. 1, No. 1 (Fall 1996) pp. 51-72. .
Debra Jones, Document from the Internet: Top Tech Stories, PowerAgent Introduces First Internet `Informediary` to Empower and Protect Consumers, (updated Aug. 13, 1997) 3 pages. .
Kevin Kelly, E-Money, Whole Earth Review, Summer 1993, pp. 40-59. .
Stephen Thomas Kent, Protecting Externally Supplied Software in Small Computers, (MIT/LCS/TR-255) Sep. 1980 254 pages. .
David M. Kristol, Steven H. Low and Nicholas F. Maxemchuk, Anonymous Internet Mercantile Protocol, (AT&T Bell Laboratories, Murray Hill, NJ) Draft: Mar. 17, 1994. .
Carl Lagoze, The Warwick Framework, A Container Architecture for Diverse Sets of Metadata, D-Lib Magazine, Jul./Aug. 1996. .
Mike Lanza, e-mail, George Gilder's Fifth Article--Digital Darkhorse--Newspapers, Feb. 21, 1994. .
Steven Levy, E-Money, That's What I want, WIRED, Dec. 1994, 10 pages. .
Steven H. Low and Nicholas F. Maxemchuk, Anonymous Credit Cards, AT&T Bell Laboratories, Proceedings of the 2.sup.nd ACM Conference on Computer and Communication Security, Fairfax, VA, Nov. 2-4, 1994, 10 pages. .
Steven H. Low, Nicholas F. Maxemchuk, and Sanjoy Paul, Anonymous Credit Cards and its Collusion Analysis (AT&T Bell Laboratories, Murray Hill, N.J.) Oct. 10, 1994, 18 pages. .
S. H. Low, N.F. Maxemchuk, et al., Document Marking and Identification using both Line and word Shifting (AT&T Bell Laboratories, Murray Hill, N.J.) Jul. 29, 1994, 22 pages. .
N.F. Maxemchuk, Electronic Document Distribution, (AT&T Bell Laboratories, Murray Hill, N.J.) (undated). .
Nicholas Negroponte, Some Thoughts on Likely and Expected Communications Scenarios: A Rebuttal, Telecommunications, Jan. 1993, pp. 41-42. .
Nicholas Negroponte, Electronic Word of Mouth, WIRED, Oct. 1996, p. 218. .
Peter G. Neumann, Robert S. Boyer, et al., A Provably Secure Operating System: The System, Its Applications, and Proofs, Computer Science Laboratory Report CSL-116, Second Edition, SRI International, Jun. 1980. .
Joseph N. Pelton (Dr.), Why Nicholas Negroponte is Wrong About the Future of Telecommunication, Telecommunications, Jan. 1993, pp. 35-40. .
Gordon Rankine (Dr.), Thomas--A Complete Single-Chip RSA Device, Advances in Cryptography, Proceedings of CRYPTO 86, (A.M. Odiyzko Ed., Springer-Verlag) 1987, pp. 480-487. .
Arthur K. Reilly, Input to the `International Telecommunications Hearings,` Panel 1: Component Technologies of the NII/GII, Standards Committee T1-Telecommunications (undated). .
Paul Resnick and Hal R. Varion, Recommender Systems, Communications of the ACM, vol. 40, No. 3, Mar. 1997 pp. 56-89. .
Lance Rose, Cyberspace and the Legal Matrix: Laws or Confusion?, 1991. .
Steve Rosenthal, Interactive Network: Viewers Get Involved, New Media, Dec. 1992, pp. 30-31. .
Steve Rosenthal, Interactive TV: The Gold Rush is on, New Media, Dec. 1992, pp. 27-29. .
Steve Rosenthal, Mega Channels, New Media, Sep. 1993, pp. 36-46. .
Edward Rothstein, Technology, Connections, Making the Internet come to you through `push` technology, N.Y. Times, Jan. 20, 1997, p. D5. .
Ken Rutkowski, Document from Internet: PowerAgent Introduces First Internet `Informediary` to Empower and Protect Consumers, Tech Talk News Story, Aug. 4, 1997, 1 page. .
Ira Sager (Edited by), Bits & Bytes, Business Week, Sep. 23, 1996, p. 142E. .
Schlosstein, Steven, America: The G7's Comeback Kid, International Economy, Jun./Jul. 1993, 5 pages. .
Ingrid Scnaumueller-Bichl and Ernst Piller, A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques, (undated), 9 pages. .
Jurgen Schurmann, Pattern Classification, A Unified View of Statistical and Neural Approaches, John Wiley & Sons, Inc., 1996. .
Victor Shear, Solutions for CD-ROM Pricing and Data Security Problems, CD ROM Yearbook 1988-1989 (Microsoft Press 1988 or 1989) pp. 530-533. .
Sean Smith and J.D. Tygar, Signed Vector Timestamps: A Secure Protocol for Partial Order Time, CMU-93-116, School of Computer Science Carnegie Mellon University, Pittsburgh, Pennsylvania, Oct. 1991; version of Feb. 1993, 15 pages. .
Mark Stefik, Letting Loose the Light: Igniting Commerce in Electronic Publication, (Xerox PARC, Palo Alto, CA) 1994-1995, 35 pages. .
Bruce Sterling, Literary freeware: Not for Commercial Use, remarks at Computers, Freedom and Private Conference IV, Chicago, IL , Mar. 26, 1994. .
Bruno Struif, The Use of Chipcards for Electronic Signatures and Encryption, Proceedings for the 1989 Conference on VSLI and Computer Peripherals, IEEE Computer Society Press, 1989, pp. (4)155-(4)158. .
J.D. Tygar and Bennet Yee, Cryptography: It's Not Just For Electronic Mail Anymore, CMU-CS-93-107, School of Computer Science Carnegie Mellon University, Pittsburgh, PA, Mar. 1, 1993, 21 pages. .
J.D. Tygar and Bennet Yee, Dyad: A System for Using Physically Secure Coprocessors, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, May 1991, 36 pages. .
T. Valovic, The Role of Computer Networking in the Emerging Virtual Marketplace, Telecommunications, (undated), pp. 40-44. .
Joan Voight, Beyond the Banner, Wired, Dec. 1996, pp. 196, 200, 204. .
Steven Vonder Haar, Document from the Internet: PowerAgent Launches Commercial Service, Interactive Week, Aug. 4, 1997, 1 page. .
Robert Weber, Document from the Internet: Digital Rights Management Technologies, Oct. 1995, 21 pages. .
Robert Weber, Digital Rights Management Technologies, A Report to the International Federation of Reproduction Rights Organisations, Northeast Consulting Resources, Inc., Oct. 1995, 49 pages. .
Adele Weder, Life on the Infohighway, Insite, (undated), pp. 23-25. .
Steve H. Weingart, Physical Security for the ABYSS System, (IBM Thomas J. Watson Research Center, Yorktown Heights, NY), 1987, pp. 52-58. .
Daniel J Weitzner, A Statement on EFF's Open Platform Campaign as of Nov., 1993, 3 pages. .
Steve R. White, ABYSS: A Trusted Architecture for Software Protection, (IBM Thomas J. Watson Research Center, Yorktown Heights, NY), 1987, pp. 38-50. .
Bennet Yee, Using Secure Coprocessors, CMU-CS-94-149, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, 1994, 94 pages. .
Frank Yellin, Document from the Internet: Low Level Security in Java, Sun Microsystems, 1996, 8 pages..~
Primary Examiner:
Gregory; Bernarr E.
Attorney, Agent or Firm:
Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P.
Parent Case Text
CROSS REFERENCE TO RELATED APPLICATION
This application is a continuation of Ser. No. 08/689,606, filed Aug. 12, 1996, now U.S. Pat. No. 5,943,422, issued Aug. 24, 1999, which is herein incorporated by reference; and
This application is related to commonly assigned copending application Ser. No. 08/388,107 of Ginter et al., filed Feb. 13, 1995, entitled "SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION" (now abandoned). We incorporate by reference, into this application, the entire disclosure of this prior-filed Ginter et al. patent application just as if its entire written specification and drawings were expressly set forth in this application.
Claims
What is claimed is:
1. A method including the following:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file;
at said first apparatus, receiving a first control set made up of at least one control separately from said first secure digital container;
at said first apparatus, opening said first secure digital container; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, including
determining user information related to the age of a user of said first apparatus;
determining whether said user's age is equal to or greater than a threshold;
allowing said user to complete at least one access to or use of at least a portion of said controlled item if said user's age is equal to or greater than said threshold; and
blocking said user from completion of at least one access to or use of at least a portion of said controlled item if said user's age is less than said threshold.
2. A method including the following:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file;
at said first apparatus, receiving a first control set made up of at least one control separately from said first secure digital container;
at said first apparatus, opening said first secure digital container; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, said use including
determining whether a conversion of at least a portion of said controlled item is authorized;
converting said portion of said controlled item if said conversion is authorized and storing said converted portion; and
failing to convert said portion if said conversion is not authorized.
3. A method as in claim 2, in which converting includes:
converting said controlled item portion from a first format to a second format.
4. A method as in claim 3, in which said first format comprises a digital format and said second format comprises an analog format.
5. A method as in claim 3, in which said first format comprises an analog format and said second format comprises a digital format.
6. A method including the following:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file;
at said first apparatus, receiving a first control set made up of at least one control separately from said first secure digital container;
at said first apparatus, opening said first secure digital container; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, said use including:
gaining access to information regarding at least one aspect of a second apparatus;
determining whether transmitting said portion of said controlled item is authorized based at least in part on said second apparatus information; and
if transmitting is authorized, transmitting said portion of said controlled item from said first apparatus to said second apparatus.
7. A method as in claim 6, in which said second apparatus information includes information relating to the level of security, integrity, or copy protection present at second apparatus.
8. A method including the following:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file;
at said first apparatus, receiving a first control set made up of at least one control separately from said first secure digital container;
at said first apparatus, opening said first secure digital container; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said file, said use including directly or indirectly providing payment-related information to a second apparatus.
9. A method including:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file, said information including a first control set made up of at least one control;
at said first apparatus, retrieving at least a portion of said controlled item from said first secure digital container;
at said first apparatus, steganographically recovering said first control set from said controlled item; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, said use including:
determining user information related to the age of a user of said apparatus;
determining whether said user's age is equal to or greater than a threshold;
allowing said user to complete at least one access to or use of at least a portion of said controlled item if said user's age is equal to or greater than said threshold; and
blocking said user from completion of at least one access to or use of at least a portion of said controlled item if said user's age is less than said threshold.
10. A method including:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file, said information including a first control set made up of at least one control;
at said first apparatus, retrieving at least a portion of said controlled item from said first secure digital container;
at said first apparatus, steganographically recovering said first control set from said controlled item; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, including
determining whether a conversion of at least a portion of said controlled item is authorized;
converting said portion of said controlled item if said conversion is authorized and storing said converted portion; and
failing to perform said conversion if said conversion is not authorized.
11. A method as in claim 10, in which converting includes:
converting at least a portion of said controlled item from a first format to a second format.
12. A method as in claim 11, in which said first format comprises a digital format and said second format comprises an analog format.
13. A method as in claim 11, in which said first format comprises an analog format and said second format comprises a digital format.
14. A method including:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file, said information including a first control set made up of at least one control;
at said first apparatus, retrieving at least a portion of said controlled item from said first secure digital container;
at said first apparatus, steganographically recovering said first control set from said controlled item; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, including:
gaining access to information regarding at least one aspect of a second apparatus;
determining whether transmitting said portion of said controlled item to said second apparatus is authorized based at least in part on said second apparatus information; and
if transmission is authorized, transmitting said portion from said first apparatus to said second apparatus.
15. A method as in claim 14, in which said second apparatus information includes information relating to the level of security, integrity, or copy protection present at said second apparatus.
16. A method including:
at a first apparatus, receiving a first secure digital container including a controlled item, said controlled item including a file and information steganographically encoded into said file, said information including a first control set made up of at least one control;
at said first apparatus, retrieving at least a portion of said controlled item from said first secure digital container;
at said first apparatus, steganographically recovering said first control set from said controlled item; and
at said first apparatus, using said first control set to control at least one aspect of access to or use of at least a portion of said controlled item, including directly or indirectly providing payment-related information to a second apparatus.
17. An apparatus including the following elements:
a portable memory reader;
a processing unit;
a memory; and
a portable memory including:
a first secure digital container,
a controlled item and information steganographically encoded in said controlled item; and
control information relating to at least one aspect of control of said controlled item, including a control based at least in part based on information relating to the age of a user of said apparatus.
18. An apparatus including the following elements:
a portable memory reader;
a processing unit;
a memory; and
a portable memory including:
a first secure digital container,
a controlled item and information steganographically encoded in said controlled item; and
control information including at least one control at least in part controlling when at least a portion of said item is capable of being converted from a first format to a second format and of being stored in said second format.
19. An apparatus as in claim 18, in which said first format comprises a digital format and said second format comprises an analog format.
20. An apparatus as in claim 18, in which said first format comprises an analog format and said second format comprises a digital format.
21. A secure digital container including:
an encrypted controlled item comprising digital information;
first control information steganographically encoded into said controlled item;
second control information;
said first or second control information including information relating to the age of a user; and
a cryptographic key capable of being used to at least in part decrypt said controlled item.
22. A secure digital container including:
an encrypted controlled item comprising digital information;
first control information steganographically encoded into said controlled item;
second control information;
said first or second control information including at least one control at least in part controlling whether at least a portion of said item is capable of being converted from a first format to a second format and of being stored in said second format; and
a cryptographic key capable of being used to at least in part decrypt said controlled item.
23. A secure digital container as in claim 22, in which said first format comprises a digital format and said second format comprises an analog format.
24. A secure digital container as in claim 22, in which said first format comprises an analog format and said second format comprises a digital format.
25. A secure digital container including:
encrypted controlled contents comprising digital information;
a first digital control of a first entity, said first digital control controlling at least one aspect of access to or use of at least a portion of said controlled contents;
a second digital control of a second entity different from said first entity, said second digital control controlling at least one aspect of access to or use of at least a portion of said controlled contents;
said first or second digital controls including at least one control based at least in part on information relating to the age of a user; and
information steganographically encoded in said controlled contents.
26. A secure digital container including:
encrypted controlled contents comprising digital information;
a first digital control of a first entity, said first digital control controlling at least one aspect of access to or use of at least a portion of said controlled contents;
a second digital control of a second entity different from said first entity, said second digital control controlling at least one aspect of access to or use of at least a portion of said controlled contents;
said first or second digital controls including at least one control at least in part controlling whether at least a portion of said item is capable of being converted from a first format to a second format and of being stored in said second format; and
information steganographicalIV encoded in said controlled contents.
27. A secure digital container as in claim 26, in which said first format comprises a digital format and said second format comprises an analog format.
28. A secure digital container as in claim 26, in which said first format comprises an analog format and said second format comprises a digital format.
29. A secure digital container including:
a controlled item comprising digital information, said controlled item being at least in part encrypted;
a first control steganographically encoded into at least a portion of said controlled item, said first control controlling at least one aspect of access to or use of at least a portion of said controlled item;
a second control controlling at least one aspect of access to or use of at least a portion of said controlled item; said second control being different from said first control;
said first or second controls including at least one control based at least in part on information relating to the age of a user of said apparatus.
30. A secure digital container including:
a controlled item comprising digital information, said controlled item being at least in part encrypted;
a first control steganographically encoded into at least a portion said controlled item, said first control controlling at least one aspect of access to or use of at least a portion of said controlled item;
a second control controlling at least one aspect of access to or use of at least a portion of said controlled item; said second control being different from said first control
said first or second controls including at least one control at least in part controlling whether at least a portion of said item is capable of being converted from a first format to a second format and of being stored in said second format.
31. A secure digital container as in claim 30, in which said first format comprises a digital format and said second format comprises an analog format.
32. A secure digital container as in claim 30, in which said first format comprises an analog format and said second format comprises a digital format.
Description
FIELD OF THE INVENTION
The present inventions relate generally to computer security, and more particularly to steganographic techniques for hiding or encoding electronic control information within an information signal carried by an insecure communications channel. Still more particularly, the present inventions relate to systems, methods and techniques that substantially invisibly and/or indelibly convey, over analog or other insecure communications channels, digital rights management control information for use within a virtual distribution environment electronic rights management system.
BACKGROUND AND SUMMARY OF THE INVENTION
The world is becoming digital. Digital signals are everywhere--in our computers, television sets, VCRs, home stereos, and CD players. Digital processing--which operates on information "bits" (numerical "on" or "off" values)--provides a degree of precision and protection from noise that cannot be matched by the older, "analog" formats we have used since the beginning of the electronic age.
Despite the clear advantage of digital communications, the older "analog" domain remains significant. Many of our most important information delivery mechanisms continue to be based on analog--not digital--signaling. In fact, most of our electronic entertainment, news, sports and music program material comes to us in the form of analog signals. For example:
Television remains largely analog. Although the distribution of television programming to local cable systems is increasingly digital and most modern television sets include digital signal processing circuits, the local cable television "head end" continues to send television signals to the subscriber's set top box and television in analog--not digital--form. It will cost a great deal to convert local cable distribution from analog to digital. In the United States, for example, the widespread conversion from analog to digital television is projected to take no less than 15 years and perhaps even longer.
In radio broadcasting, too, analog communication continues to reign supreme. Thousands of radio stations broadcast music, news and other programs every day in analog form. Except for a few experimental digital systems, practically all radio broadcasting is carried over analog communications channels.
The movies and videos we rent at the local video tape rental store are analog.
Commercially available music tape cassettes are recorded in analog formats.
Moreover, the "real world" is analog. Everything digital must ultimately be turned into something analog if we are to experience it; and conversely, everything analog must be turned into something digital if the power of modern digital technology will be used to handle it. Modem digital technology also allows people to get better quality for less money.
Despite the pervasiveness of analog signals, existing methods for managing rights and protecting copyright in the analog realm are primitive or non-existent. For example:
Quality degradation inherent in multigenerational analog copying has not prevented a multi-billion dollar pirating industry from flourishing.
Some methods for video tape copy and pay per view protection attempt to prevent any copying at all of commercially released content, or allow only one generation of copying. These methods can generally be easily circumvented.
Not all existing devices respond appropriately to copy protection signals.
Existing schemes are limited for example to "copy/no copy" controls.
Copy protection for sound recordings has not been commercially implemented.
A related problem relates to the conversion of information between the analog and digital domains. Even if information is effectively protected and controlled initially using strong digital rights management techniques, an analog copy of the same information may no longer be securely protected.
For example, it is generally possible for someone to make an analog recording of program material initially delivered in digital form. Some analog recordings based on digital originals are of quite good quality. For example, a Digital Versatile Disk ("DVD") player may convert a movie from digital to analog format and provide the analog signal to a high quality analog home VCR. The home VCR records the analog signal. A consumer now has a high quality analog copy of the original digital property. A person could re-record the analog signal on a DVD-R (a Digital Versatile Disk appliance and media supporting both read and write operations). This recording will in many circumstances have substantial quality--and would no longer be subject to "pay per view" or other digital rights management controls associated with the digital form of the same content.
Since analog formats will be with us for a long time to come, rightsholders such as film studios, video rental and distribution companies, music studios and distributors, and other value chain participants would very much like to have significantly better rights management capabilities for analog film, video, sound recordings and other content. Solving this problem generally requires a way to securely associate rights management information with the content being protected.
People have for many years been using various techniques allowing digital information to, in effect, ride "piggyback" on analog information signals. For example, since the 1960s, it has been common to digitally encode text information such as subtitles into otherwise unused portions of analog television signals (e.g., within the so-called "Vertical Blanking Interval").
Unfortunately, sending digital information using such known digital encoding techniques is problematic because the digital information is not persistent. It is relatively easy to strip out or eliminate digital information encoded using prior techniques commonly employed for superimposing digital signals onto an analog information signal. Analog communications channels may commonly be subjected to various signal processing that may (intentionally or unintentionally) strip out digital information added to the analog signal--defeating any downstream system, process or technique that depends on the presence and readability of the digital information. For example, the television vertical blanking signal--along with any signal components disposed within the vertical blanking interval--is typically routinely eliminated whenever a video signal is processed by a computer.
Attempting to use insecure techniques for providing rights management is at best ineffective, and can be worse than no rights management at all. Unscrupulous people can strip out insecure control information altogether so that the corresponding information signal is subject to no controls at all--for example, defeating copy protection mechanisms and allowing users to avoid paying for rights usage. More nefariously, an unscrupulous person could alter an insecure system by substituting false control information in place of the proper information. Such substitutions could, for example, divert payments to someone other than legitimate rights holders--facilitating electronic fraud and theft.
Prior, insecure techniques fail to solve the overall problem of how to provide and securely manage advanced automatic electronic rights management for analog and other information signals conveyed over an insecure communications channel. The lack of strong rights management for analog signals creates a huge gap in any comprehensive electronic rights management strategy, and makes it possible for consumers and others to circumvent--to at least some extent--even the strongest digital rights management technologies. Consequently, there is a real need to seamlessly integrate analog delivery models with modern electronic digital rights management techniques.
The present inventions solve these and other problems by providing "end to end" secure rights management protection allowing content providers and rights holders to be sure their content will be adequately protected--irrespective of the types of devices, signaling formats and nature of signal processing within the content distribution chain. This "end to end" protection also allows authorized analog appliances to be easily, seamlessly and cost-effectively integrated into a modern digital rights management architecture.
The present inventions may provide a Virtual Distribution Environment ("VDE") in which electronic rights management control information may be delivered over insecure (e.g., analog) communications channels. This Virtual Distribution Environment is highly flexible and convenient, accommodating existing and new business models while also providing an unprecedented degree of flexibility in facilitating ad hoc creation of new arrangements and relationships between electronic commerce and value chain participants--regardless of whether content is distributed in digital and/or analog formats.
The present inventions additionally provide the following important and advantageous features:
An indelible and invisible, secure technique for providing rights management information.
An indelible method of associating electronic commerce and/or rights management controls with analog content such as film, video, and sound recordings.
Persistent association of the commerce and/or rights management controls with content from one end of a distribution system to the other--regardless of the number and types of transformations between signaling formats (for example, analog to digital, and digital to analog).
The ability to specify "no copy/one copy/many copies" rights management rules, and also more complex rights and transaction pricing models (such as, for example, "pay per view" and others).
The ability to fully and seamlessly integrate with comprehensive, general electronic rights management solutions (such as those disclosed in the Ginter et al. patent specification referenced above).
Secure control information delivery in conjunction with authorized analog and other non-digital and/or non-secure information signal delivery mechanisms.
The ability to provide more complex and/or more flexible commerce and/or rights management rules as content moves from the analog to the digital realm and back.
The flexible ability to communicate commerce and/or rights management rules implementing new, updated, or additional business models to authorized analog and/or digital devices.
Briefly, the present inventions use "steganography" to substantially indelibly and substantially invisibly encode rights management and/or electronic commerce rules and controls within an information signal such as, for example, an analog signal or a digitized (for example, sampled) version of an analog signal.
The Greek term "steganography" refers to various "hidden writing" secret communication techniques that allow important messages to be securely carried over insecure communications channels. Here are some examples of steganography:
In ancient Persia an important message was once tattooed on a trusted messenger's shaved scalp. The messenger then allowed his hair to grow back--completely hiding the message. Once the messenger made his way to his destination, he shaved his hair off again--exposing the secret message so the recipient could read it on the messenger's shaved scalp. See Kahn, David, The Codebreakers page 81 et seq. and page 513 et seq. (Macmillan 1967). This unusual technique for hiding a message is one illustration of "steganography."
Another "steganographic" technique encodes a secret message within another, routine message. For example, the message "Hey Elmer, Lisa Parked My Edsel" encodes the secret message "HELP ME"--the first letter of each word of the message forming the letters of the secret message ("Hey Elmer, Lisa Parked My Edsel"). Variations on this technique can provide additional security, but the basic concept is the same--finding a way to hide a secret message within information that can or will be sent over an insecure channel.
Invisible ink is another commonly used "steganography" technique. The secret message is written using a special disappearing or invisible ink. The message can be written on a blank piece of paper, or more commonly, on the back or front of the piece of paper carrying a routine-looking or legitimate letter or other written communication. The recipient performs a special process on the received document (e.g., exposing it to a chemical or other process that makes the invisible ink visible) so that he or she can read the message. Anyone intercepting the paper will be unable to detect the secret message--or even know that it is there--unless the interceptor knows to look for the invisible message and also knows how to treat the paper to make the invisible ink visible
The present inventions use steganography to ensure that encoded control information is both substantially invisible and substantially indelible as it passes over an insecure communications channel. At the receiving end, a secure, trusted component (such as a protected processing environment described in Ginter et al.) recovers the steganographically-encoded control information, and uses the recovered information to perform electronic rights management (for example, on analog or other information signals carried over the same channel).
One specific aspect provided by the present inventions involve steganographically encoding digital rights management control information onto an information signal such as, for example, an analog or digitized television, video or radio signal. The steganographic encoding process substantially inextricably intertwines the digital control information with images, sounds and/or other content the information signal carries--but preferably without noticeably degrading or otherwise affecting those images, sounds and/or other content. It may be difficult to detect (even with educated signal processing techniques) that the analog signal has been steganographically encoded with a rights management control signal, and it may be difficult to eliminate the steganographically encoded control signal without destroying or degrading the other information or content the signal carries.
The present inventions also provide a secure, trusted protected processing environment to recover the steganographically-encoded control signal from the information signal, and to enforce rights management processes based on the recovered steganographically encoded control signal. This allows the information signal delivery mechanism to be fully integrated (and made compatible) with a digital virtual distribution environment and/or other electronic rights management system.
In accordance with yet another aspect provided by this invention, steganographically encoded, digital rights management control information may be used in conjunction with a scrambled and/or encrypted information signal. The scrambling and/or encryption can be used to enforce the rights management provided in accordance with the steganographically encoded rights management control information. For example, the control signal can be steganographically decoded and used to control, at least in part, under what circumstances and/or how the information signal is to be descrambled and/or decrypted.
In accordance with yet another feature provided by the invention, digital certificates can be used to securely enforce steganographically encoded rights management control information.
In accordance with still another feature provided by the invention, steganography is used to encode an information signal with rights management control information in the form of one or more protected organizational structures having association with electronic controls. The electronic controls may, for example, define permitted and/or required operation(s) on content, and consequences of performing and/or failing to perform such operations. The organizational structure(s) may identify, implicitly or explicitly, the content the electronic controls apply to. The organizational structure(s) may also define the extent of the content, and semantics of the content.
The type, amount and characteristics of the steganographically encoded rights management control information are flexible and programmable--providing a rich, diverse mechanism for accommodating a wide variety of rights management schemes. The control information can be used to securely enforce straightforward secure rights management consequences such as "copy/no copy/one copy" type controls--but are by no means limited to such models. To the contrary, the present invention can be used to enable and enforce much richer, more complex rights management models--including for example those involving usage auditing, automatic electronic payment, and the use of additional electronic network connections. Moreover, the rights management control arrangements provided by the present invention are infinitely extensible and scaleable--fully accommodating future models as they are commercially deployed while preserving full compatibility with different (and possibly more limited) rights management models deployed during earlier stages.
The organizational structure(s) may be steganographically encoded in such a way that they are protected for purposes of secrecy and/or integrity. The employed steganographic techniques may provide some degree of secrecy protection--or other security techniques (e.g., digital encryption, digital seals, etc.) may be used to provide a desired or requisite degree of security and/or integrity protection for the steganographically encoded information.
In one example, the organizational structure(s) may comprise digital electronic containers that securely contain corresponding digital electronic control information. Such containers may, for example, use cryptographic techniques. In other examples, the organizational structure(s) may define associations with other electronic control information. The other electronic control information may be delivered independently over the same or different communications path used to deliver the organizational structure(s).
In one example, the steganographic techniques employed may involve applying the organizational structure information in the form of high frequency "noise" to an analog information signal. Spectral transforms may be used to apply and recover such steganographically-encoded high frequency "noise." Since the high frequency noise components of the information signal may be essentially random, adding a pseudo-random steganographically encoded control signal component may introduce substantially no discernible information signal degradation, and may be difficult to strip out once introduced (at least without additional knowledge of how the signal was incorporated, which may include a shared secret).
In accordance with another aspect provided by the invention, a steganographic encoding process analyzes an information signal to determine how much excess bandwidth is available for steganographic encoding. The steganographic encoding process may use variable data rate encoding to apply more control information to parts of an information signal that use much less than all of the available communications channel bandwidth, and to apply less control information to parts of an information signal that use nearly all of the available communications channel bandwidth.
In accordance with still another aspect provided by the invention, multiple organizational structures may be steganographically encoded within a given information signal. The multiple organizational structures may apply to different corresponding portions of the information signal, and/or the multiple organizational structures may be repetitions or copies of one another to ensure that an electronic appliance has "late entry" and/or error correcting capability and/or can rapidly locate a pertinent organizational structure(s) starting from any arbitrary portion of the information signal stream.
In accordance with yet another aspect provided by this invention, an organizational structure may be steganographically encoded within a particular portion of a content-carrying information signal to which the organizational structure applies--thereby establishing an implicit correspondence between the organizational structure and the identification and/or extent and/or semantics of the information content to which the organizational structure applies. The correspondence may, for example, include explicit components (e.g., internally stated start/end points), with the storage or other physical association determined by convenience (i.e., it may make sense to put the organizational structure close to where it is used, in order to avoid seeking around storage media to find it).
In accordance with yet another aspect provided by this invention, pointers can be steganographically encoded into parts of an information signal stream that has little excess available bandwidth. Such pointers may be used, for example, to direct an electronic appliance to portions of the information signal stream having more available bandwidth for steganographic encoding. Such pointers may provide improved steganographic decode access time--especially, for example, in applications in which the information signal stream is stored or otherwise available on a random access basis.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features and advantages provided by this invention may be better and more completely understood by referring to the following detailed description of presently preferred example embodiments in conjunction with the drawings, of which:
FIG. 1 shows a virtual distribution environment providing steganographic encoding of digital rights management control information;
FIGS. 1A-1E show example electronic appliances embodying aspects of this invention;
FIG. 2 shows an example of how electronic control information can be steganographically encoded within an image;
FIG. 3 shows an example rights management component providing a steganographic decoding function;
FIG. 4 shows an example of how steganographically encoded electronic control signals can be extracted and used for digital rights management;
FIGS. 5A-5D show example techniques for enforcing steganographically encoded rights management control information;
FIGS. 5E-5F show example "end to end" protected distribution systems provided in accordance with the invention;
FIG. 6 shows an example of multiple sets of digital rights management control information steganographically encoded onto different parts of the same information signal stream;
FIG. 7A shows an example detailed steganographic encoding process;
FIG. 7B shows an example detailed steganographic decoding process;
FIG. 8 shows an example frequency domain view of an example steganographic signal encoding technique;
FIG. 9 shows an example use of a variable steganographic encoding rate to avoid exceeding channel bandwidths;
FIGS. 10 and 10A show how steganographically encoded pointers can be used to minimize access times to control sianals steganographically encoded onto information signal streams available on a random access basis;
FIG. 11 shows an example steganographically encoded organizational structure;
FIG. 12 shows an example electronic appliance architecture having electronic rights management capabilities based at least in part on steganographically encoded control information;
FIGS. 13 and 13A show example control steps that may be performed by the FIG. 12 appliance;
FIG. 14 shows an example steganographic refresh arrangement; and
FIGS. 15A-15F show example distribution systems using steganographic encoding of rights management control information along at least one leg of an information distribution path.
DETAILED DESCRIPTION OF PRESENTLY PREFERRED EXAMPLE EMBODIMENTS
FIG. 1 shows an example Virtual Distribution Environment (VDE) 50 employing steganography to deliver electronic digital rights management control information over an insecure (e.g., analog) communications channel.
In this example, a provider 60 delivers an information signal 70 to multiple electronic appliances 100(1), . . . , 100(N). In this particular example, provider 60 is shown as being a television broadcaster that delivers an analog television information signal 70 over a wireless or cable communications path, and appliances 100(1), . . . , 100(N) are shown as being home color television sets 106. As made clear by FIGS. 1A-1E, the present inventions may be used by a variety of different types of electronic appliances 100 receiving a variety of different types of information signals via a variety of different types of communications channels.
In the FIG. 1 example, provider 60 steganographically encodes electronic rights management control information 126 into the information signal 70. This control information 126 is represented in this diagram as a traffic light because it may define permitted and/or required operation(s), and consequences of performing or failing to perform such operations. For example, control information 126 could specify that a viewer or class of viewers has permission to watch a particular program, is forbidden to watch a program, or may watch a program only under certain conditions (for example, based on paying a certain amount, being over a certain age, etc.). In this example the control information 126 is shown as being packaged within an electronic "container" 136. Container 136 (which in at least one example is provided by steganographic encoding techniques) is used to protect the integrity ofthe control information 126.
The provider 60 encodes the electronic rights management control information 126 onto information signal 70 using steganographic techniques that make the control information both:
substantially invisible, and
substantially indelible.
The control information 126 is substantially indelibly encoded because, in this example, it is substantially inextricably intertwined with the television images and/or sound--and can't easily be eliminated from information signal 70 without destroying the images, sound or other information carried by the information signal. For example, steganographically encoding rights management control information will generally survive compression and decompression of a digitized analog signal, and will also survive repeated analog/digital/analog conversion sequences.
Even though the steganographically encoded control information 126 is substantially indelible, the television viewer is not bothered by the steganographically encoded information because the steganographically encoded rights management control information is, in this example, also encoded substantially invisibly. In fact, the viewer may not be able to see the steganographic control information at all--and it may have no effect whatsoever on his or her viewing experience (other than in terms of the effect is has on associated rights management processes). The control information 126 is shown in dotted lines on the FIG. 1 screens of television sets 106 to emphasize that the control information is substantially inextricably intertwined with the television images and/or sounds--and yet can't really be seen or noticed by the television viewer.
FIG. 2 shows an example of how digital control information 126 may be encoded within an image 128 so that, in one particular example, it is both substantially invisible and substantially indelible. In this specific image context, for example, "substantially invisible" may refer to the characteristic of the encoded control information as not substantially interfering with or adversely affecting the viewer's experience in viewing image 128 or otherwise using the content carried by the information signal 70 and/or that it is difficult to detect using various types of signal processing techniques, for example. For example, invisibility can be a measurable quantity (measured in a number of processor instructions, such as MIPS years, for example), and can be related to signal processing as opposed to the naked eye. In this context, "substantially indelible" can mean, for example, that the encoded digital control information is substantially inextricably intertwined with the content information, making it difficult for example to strip out the encoded digital control information without also damaging or degrading the content. Degree of indelibility may, for example, be measured by the number of processor instructions required to strip the information out.
FIG. 2 shows that a slight rearrangement of picture element configuration in a small portion of image 128 is one way to steganographically encode electronic control information into the image to provide a substantially indelible, substantially invisible encoding. This encoding may be unnoticeable to the viewer, and yet it may be difficult to strip out or eliminate without also damaging the image. Steganographically encoding digital control information into the information signal 70 may effectively merge, from a practical standpoint, the digital control information with the other information carried by the signal (for example, television programming or other content). The steganographic techniques make it difficult for someone to intentionally or unintentionally eliminate the encoded control information without damaging the content, but may (in one example) nevertheless hide the encoded control information so that it does not unduly detract from the content.
Since indelibility of the steganographic encoding provides persistence, indelibility may be more important than invisibility in at least some applications. For example, it may be desirable in some applications to use a shared secret to decode and then remove the steganographically encoded control information 126 before presenting the information signal (or its content) to the user. The steganographically encoded information need not be particularly invisible in this scenario. Even though someone with knowledge of the shared secret can remove the steganographically encoded information, it may nevertheless remain substantially indelible to anyone who doesn't know the shared secret required to remove it.
Organization Structures
FIG. 1 shows that control information 126 may be packaged within one or more organizational structures such as secure digital containers 136. Containers 136 may be, for example, of the type described in the Ginter et al. patent specification in connection with FIGS. 17-26B. The organizational structure(s) may identify, implicitly or explicitly, the content the electronic controls apply to. The organizational structure(s) may also define the extent of the content, and semantics of the content.
The organizational structure(s) may be encoded in such a way that they are protected for purposes of secrecy, authenticity and/or integrity. The employed steganographic technique may provide such protection, or another security technique may be used in conjunction with steganography to provide a desired or requisite degree of protection depending on the application. Containers 136 may, for example, use mathematical techniques called "encryption" that help guarantee the integrity and/or secrecy of the control information 126 they contain.
Example Rights Management Component
Each of the FIG. 1 example appliances 100 may include a electronic digital rights management component 124. Rights management component 124 may, for example, comprise one or more tamper-resistant integrated circuit "chips". Components 124 may, for example, be of the general type described in detail at FIG. 9 and following of the Ginter et al. patent specification. Briefly, Ginter et al. describes a Virtual Distribution Environment ("VDE") including multiple electronic appliances coupled together through a communications capability. Each electronic appliance has such a secure, tamper-resistant "protected processing environment" in which rights management processes may securely take place. The Virtual Distribution Environment delivers digital control information to the protected processing environments by packaging the control information within secure electronic digital containers. This delivered control information provides at least part of the basis for performing electronic rights management functions within the protected processing environments.
The ability to securely deliver digital control information to such protected processing environments as embodied with components 124 is important at least because it increases flexibility and enhances functionality. For example, different digital control information can be delivered for the same or different electronic content. As one specific example, one set of rules may apply to a particular television program, another set of rules might apply to a particular film, and a still different set of rules could apply to a particular musical work. As yet another example, different classes of users of the same electronic content can receive different control information depending upon their respective needs.
Rights management components 124 are able to steganographically decode the control information 126 carried by the information signal 70. Components 124 use the decoded control information 126 to electronically manage rights. For example, components 126 may use the decoded control information 126 to control how the images and/or sound carried by information signal 70 may be used.
In one example, digital rights management component 124 may comprise or include one or more integrated circuit chips as shown in FIG. 3. The FIG. 3 example rights management component 124 includes an analog-to-digital converter 130, a steganographic decoder 132, and a rights management processor 134. Rights management processor 134 may include or comprise a protected processing environment 138 as described in Ginter et al. FIGS. 8-12, for example, providing a tamper-resistant execution environment for effecting the operations provided by electronic controls 126. Rights management component 124 may also include a steganographic encoder and a digital-to-analog converter (not shown).
The analog-to-digital converter (ADC) 130 shown in FIG. 3 takes the incoming information signal 70 and--if it is in analog form--converts it to a digital signal (see FIG. 4, step "A"). Steganographic decoder 132 obtains the digital control information 126 from the resulting digital signal (FIG. 4, step "B"). As mentioned above, digital control information 126 may define permitted and/or required operation(s) on the content carried by signal 70, and may further define consequences of performing and/or failing to perform such operations. Rights management processor 134 may manage these rights and/or permissions and associated consequences (FIG. 4, step "C").
Example Electronic Appliances
The present inventions may be used with all sorts of different kinds of electronic appliances 100 each of which may include a rights management component 124. FIGS. 1A-1E show various example electronic appliances 100 embodying aspects of the present invention. For example:
FIG. 1A shows an example media player 102 capable of playing Digital Versatile Disks (DVDs) 104 on a home color television set 106. For example, media player 102 may provide analog output signals to television set 106, and may also process digitized video and/or audio analog signals stored on optical disk 104. Rights management component 124A provides digital rights protection based on steganographically encoded controls 126.
FIG. 1B shows an example set top box 108 that can receive cable television signals (for example, via a satellite dish antenna 110 from a satellite 112) for performance on home television set 106. Set top box 108 shown in FIG. 1B may receive television signals from antenna 110 in analog scrambled or unscrambled form, and provide analog signals to television 106. Rights management component 124B provides digital rights protection based on steganographically encoded controls 126.
FIG. 1C shows an example radio receiver 114 that receives radio signals and plays the radio sound or music on a loud speaker 116. The radio receiver 114 of FIG. 1C may receive analog radio signals, and provide analog audio signals to loud speaker 116. Rights management component 124C provides digital rights protection based on steganographically encoded controls 126.
FIG. 1D shows an example video cassette recorder 118 that can play back video and sound signals recorded on a video cassette tape 120 onto television 106. In FIG. 1D, the video tape 120 may store video and audio signals in analog form, which VCR
118 may read and provide to television 106 in analog form. Rights management component 124D provides digital rights protection based on steganographically encoded controls 126.
FIG. 1E shows an example television camera that can capture video images and produce video signals for recording on a video cassette tape 120 and play back on television set 106. The FIG. 1E camcorder 122 may generate analog video and audio signals for storage onto video tape 120, and/or may provide analog signals for processing by television 106. Rights management component 124E provides digital rights protection based on steganographically encoded controls 126.
Example Rights Management Enforcement Techniques
Different rights holders want different types of rights management and control. For example, some rights holders may be completely satisfied with a relatively simple "copy/no copy/one copy" rights management control model, whereas other rights holders may desire a richer, more complex rights management scheme. The present inventions flexibly accommodate a wide variety of electronic rights management techniques--giving rightsholders extreme flexibility and programmability in defining, for example, commerce and rights management models that far exceed the simple "copy/no copy, one copy." Assuming a closed appliance, that is, one lacking at least an occasional connection to a payment method (e.g., Visa, MasterCard, American Express, electronic cash, Automated Clearinghouses (ACHs) and/or a Financial Clearinghouse that serves as the interface for at least one payment method), the following are non-limiting examples of steganographically encoded rights controls and associated consequences that can be accommodated by the present invention:
Limiting use of a given property to a specified number of times this property can be used on a given appliance;
Prohibiting digital to analog and analog to digital conversions;
Ensuring that one analog or digital appliance will communicate the protected property only to another appliance that is also VDE enabled and capable of enforcing the controls associated with that property;
Time-based rental models in which a consumer may "perform" or "play" the property an unlimited number of times in a given interval (assuming the appliance has a built-in secure time clock, can operatively connect itself to such a clock, or otherwise receive time from a reliable source);
Enforcing an expiration date after which the property cannot be performed (also assuming access to a reliable time source);
Associating different control sets with each of several properties on a single physical media. In one example, a "trailer" might have unlimited copying and use associated while a digital film property may have an associated control set that prevents any copying;
Associating multiple control sets with a given property regardless of media and whether the appliance is closed or has an occasionally connected communications "backchannel."
An even more flexible and diverse array of rights controls and associated consequences are enabled by the present inventions if at least one appliance is connected to some form of communications "backchannel" between the appliance and some form of payment method. This backchannel may be a telephone call, the use of a modem, a computer data network, such as the Internet, a communications channel from a settop box to the head end or some other point on a cable TV distribution system, or a hybrid arrangement involving high bandwidth distribution of analog properties with a slower return channel, a phone line and modem--just to name a few examples. Non-limiting examples of such more rights controls and associated consequences enabled by the present invention include the following:
Associating with a given property in analog format new, independently delivered controls obtained from a rightsholder or other authorized source;
A broad range of usage-based pricing models, including pay-per-view or pay-per-use;
Creating permissions enabling excerpting of properties in analog formats, maintaining persistent control over those excerpts, and charging for those excerpts;
Pay-per-use models in which a customer pays a specified price for each use of the property and/or different unit prices depending on the number of uses. In one example, the customer might pay $3.99 for the first viewing and $2.99 for each subsequent viewing; and,
Controls that prevent an analog property being converted to digital format and then being transmitted or communicated except in a container with controls and/or with a pointer to a source of controls, that apply in a digital environment.
FIGS. 5A-5D show some examples of how rights management component 124 can enforce steganographically encoded digital rights management controls.
In the FIG. 5A example, rights management component 124 controls an on/off switch 140 based on steganographically encoded electronic controls 126. Component 124 turns switch 140 on (for example, to allow the analog television signal to pass to television set 106) when electronic controls 126 permit, and otherwise opens (turns off) switch 140 to prevent the analog signal from reaching the output.
In a more secure-example, the incoming analog signal is scrambled, and the FIG. 5A on/off switch 140 is replaced by a FIG. 5B descrambler 142 of conventional design. The descrambler 142 descrambles the analog input signal to provide a descrambled output under control of rights management component 124. Rights management component 124 allows descrambler 142 to descramble the analog signal only under conditions specified by electronic controls 126 that the component 124 obtains from the analog input signal. Scrambling the analog signal gives the rights management component 124 a relatively secure way of enforcing electronic controls 126--since the rights management component can prevent the descrambler from operating unless conditions set by the controls are satisfied. The rights management function and the descrambling flnction may be integrated into a single component in which the descramble and decrypt functions of the rights management component are essentially serving the same function, but may still be distinct to account for specialized approaches to descrambling that may not be sufficiently strong or interoperable with other environments to use generally. If they are separate components, the data path between them should be protected (for example, by ensuring that both components are in a tamper resistant enclosure, or using secure authentication and key exchange to send the descrambling sequence to the descrambler).
FIG. 5C shows how digital certificates may be used to enforce steganographically encoded electronic controls 126. In this example, appliance 100A outputs content to another appliance 110D only if appliance 100D has a rights management component
124D that can enforce the electronic controls 126. In this example, there may be a "handshake" between the content supplying appliance 100A and the content receiving appliance 100D sufficient to ensure the content supplying appliance that the content receiving appliance will enforce the electronic controls 126. For example, the supplying appliance 100A's rights management component 124A may require the receiving appliance 100D's rights management component 124D to present a digital certificate 199
attesting to the fact that the receiving appliance 100D has a rights management component 124 fully capable of securely enforcing electronic controls 126. Receiving appliance 110D could present this digital certificate 199 by steganographically encoding it within an analog signal it provides to the supplying appliance over an analog signal channel for example (the analog signal channel could be the same one the supplying appliance will use to deliver the steganographically encoded content). If a digital channel is available, the handshake can be over a digital link between the two appliances using, for example, secure authentication techniques disclosed in Ginter et al. and/or for example in Schneier, Applied Cryptography (2d Ed. Wiley 1996) at page 52 et seq.
FIG. 5D shows that rights management component 124A can enforce electronic controls 126 by marking the content through "fingerprinting" and/or "watermarking" prior to releasing the content to a device that doesn't have a rights management component 124. See Ginter et al. patent specification, FIGS. 58A-58C. Such fingerprinting could involve using steganographic techniques to fingerprint the content. For example, a movie delivered using "conventional" containers as disclosed in Ginter et al. could use steganographically encoded containers "on the way" to the display device. Furthermore, it could include the identity of the user, etc. as well as the control information appropriate for the device. Another case could be text sent to a printer, using different steganographic encoding techniques such as line and/or character shifting.