EP1820147A2 - Digital rights management using network topology testing - Google Patents
Digital rights management using network topology testingInfo
- Publication number
- EP1820147A2 EP1820147A2 EP05822285A EP05822285A EP1820147A2 EP 1820147 A2 EP1820147 A2 EP 1820147A2 EP 05822285 A EP05822285 A EP 05822285A EP 05822285 A EP05822285 A EP 05822285A EP 1820147 A2 EP1820147 A2 EP 1820147A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- packet
- transmitting
- receiving device
- crafted
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 claims abstract description 51
- 230000004044 response Effects 0.000 claims abstract description 36
- 230000005540 biological transmission Effects 0.000 claims abstract description 25
- 230000001143 conditioned effect Effects 0.000 claims 1
- 230000003750 conditioning effect Effects 0.000 claims 1
- 238000013475 authorization Methods 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 12
- 230000037361 pathway Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 6
- 238000012876 topography Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- HLYCTXRRGDDBOW-UHFFFAOYSA-N 2-methylpiperazine-1-carbodithioic acid Chemical compound CC1CNCCN1C(S)=S HLYCTXRRGDDBOW-UHFFFAOYSA-N 0.000 description 1
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 240000003473 Grevillea banksii Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Definitions
- a satellite or cable subscriber may be permitted to view or record copyrighted content on any device for personal or household use, but should not be permitted to share the content with another household operating its own LAN 110, nor should the subscriber be permitted to upload digital content to a network server 126.
- Methods for using proximity detection for digital rights management in such contexts and for such uses are described below.
- a request to transmit digital content to an identified network location is received.
- the request may be intercepted by a TD-DRM device between an originating device, such as a computer 116, and a network connection device 112 or other portal to WAN 102, or anywhere within local area network 108.
- the TD-DRM function may be implemented as a component or accessory of the originating device.
- TD-DRM functionality may be implemented in software used for transmitting files to addresses within a network, such as, for example, e-mail software or application software for file transfers or streaming media.
- the TD-DRM function may first check a transmission request for copyrighted content before implementing a topology detection routine.
- the content is transmitted to the recipient device if the transmission pathway is deemed eligible.
- the content is disabled if the transmission pathway is not deemed eligible. Disabling may comprise, for example, preventing transmission of all or a portion of the controlled content, or transmitting the content in an unusable form, such as in an encrypted form without a decryption key.
- the receiving device may also use a secure time function to stamp the message at the time it is received from the source device.
- the source device can simply measure the time differential between the time sent by the source and the time received by the receiving device. This time difference may also be used with information concerning network characteristics to determine the relative proximity of the receiving device.
- a message transit time for the reply message may also be used to determine a device proximity.
- an eligibility estimate may be expressed in a probabilistic manner. For example, "there is a 95% certainty that the device is eligible to receive this content" represents a simple probabilistic estimate of eligibility.
- a user may define a desired level of certainty as a threshold required before action is taken by a source device. For example, a 95% confidence that a device is eligible may be required.
- a definition of "eligible" can be set by the source device according to any desired value of various parameters. Once a device is determined to be eligible, then the source device can perform a transaction that is contingent on eligibility, such as transmitting video content.
- Fig. 4 shows exemplary steps of a method 400 for evaluating a network topography. It should be appreciated that while method 400 comprises transmitting a series of test packets, transmitting as few as one test packet is also within the scope of the invention. In addition, transmission of a different number of test packets, or different types of test packets from those shown in Fig. 4 are also in the scope of the invention. Furthermore, examples of well-crafted packets as described below may also be useful for transmitting key components according to steps 304 and 306 of method 300.
- Either of the foregoing handshakes may use HMAC authentication, in which the two devices 'A' and 'B' share a common HMAC cryptographic key.
- the test packet's data payload may contain a nounce value ('n') encrypted using the HMAC key ⁇ HMAC-
- the recipient device if able to decrypt the nounce, replies with an ⁇ +1 ⁇ HMAC (or other predesignated altered nounce value) in the test + response packet or the response packet, as the case may be.
- Other challenge/response procedures may also be suitable.
- authentication may make use of PKI authentication, in which each of the devices knows the other devices' public key but not the private key.
- the data packets contain a nounce value or altered nounce value according to the predesignated challenge/response protocol, which are decrypted by the recipient device using the PKI public key.
- Test packets may contain a copyrighted work followed by a copyright notice. For example, "Haiku, I hate you. You're so hard to do. ⁇ 2003 Author unknown.”
- the copyright notice and work may be defined in the header rather than in the data (layer 7) portion of the packet. Thus, the copyrighted work may be made part of the test protocol itself.
- a device may check the validity of a test packet by checking the value of its copyright works and notice against an expected value. The device may require a license by the copyright holder to legally copy or retransmit the packet. This may include retransmission by routers, VPN gateways and other network components.
- copyrighted works may be provided in the data portion of the packet only.
- Fig. 4 illustrates a deductive method by which specific network components can be detected.
- the illustrated steps may be performed in any operative order, and may be combined in fewer than the illustrated number of steps.
- network connectivity is tested by exchanging any form of standard network communication, such as a ping packet according to TCP/IP (i.e., a TCMP Request/Reply packet), a Netware ping packet, or an Appletalk ping packet.
- Other useful protocols and communications may include UDP datagrams, TCP handshake, IPX/SPX, NetBEUI, and so forth. If a return packet is not received, then the devices are disconnected, or separated by a firewall.
- a test for a router or VPN gateway may be performed by exchanging test packets using a non-routable protocol, such as, for example, UDP broadcasts, NetBEUI, or Appletalk. Routers do not retransmit these test packets unless specifically configured to do so, and such packets therefore cannot be transmitted across a massive public wide area network such as the Internet. Switches and hubs, in comparison, generally always transmit these test packets.
- a VPN gateway can be configured either way, and may retransmit these packets across the Internet using protocol encapsulation.
- a router or VPN gateway if a router or VPN gateway is detected, the content may be restricted or disabled, as the transmission is likely to involve use of the Internet to a remote location.
- a test for a high-end corporate switch may be performed. More sophisticated switches as used in corporate networks often validate the CRC checksum in the Ethernet frame. Therefore, to test for switches with validation capabilities, a test packet with an invalid CRC checksum may be used. A router, VPN gateway, and validating switch will reject these test packets, while a less-sophisticated switch, such as a consumer-grade switch or hub, will retransmit them.
- content is restricted if a corporate (checksum validating) switch is detected. If no corporate switch is detected, content may be provided to the recipient device at step 420. In the alternative, an additional layer of testing may be performed at step 416.
- the packet is routed or retransmitted to the designated recipient.
- the diverted recipient may be configured to provide a response packet to the source as described herein.
- an intervening circumvention device may intercept and modify the response packet to hide any indication that the test protocol is being circumvented.
- the source may thereby not be able to detect the prohibited topography and may transmits enabled digital content to an unauthorized recipient. It should be noted that combining topographical testing with other methods, for example, geographic location testing, may make the digital rights management method of the invention more difficult to circumvent.
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US62482904P | 2004-11-03 | 2004-11-03 | |
US10/998,030 US20050234735A1 (en) | 2003-11-26 | 2004-11-24 | Digital rights management using proximity testing |
PCT/US2005/040168 WO2006050521A2 (en) | 2004-11-03 | 2005-11-03 | Digital rights management using network topology testing |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1820147A2 true EP1820147A2 (en) | 2007-08-22 |
EP1820147A4 EP1820147A4 (en) | 2009-09-23 |
Family
ID=36319827
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05822285A Withdrawn EP1820147A4 (en) | 2004-11-03 | 2005-11-03 | Digital rights management using network topology testing |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1820147A4 (en) |
JP (1) | JP2008519355A (en) |
KR (1) | KR20070085748A (en) |
WO (1) | WO2006050521A2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082690B (en) * | 2011-01-10 | 2013-04-03 | 北京邮电大学 | Passive finding equipment and method of network topology |
DE102012205988A1 (en) | 2012-04-12 | 2013-10-17 | Robert Bosch Gmbh | Subscriber station for a bus system and method for transmitting messages between subscriber stations of a bus system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001069354A2 (en) * | 2000-03-14 | 2001-09-20 | Microsoft Corporation | Secure distribution of digital products against unauthorized use |
WO2002088991A1 (en) * | 2001-04-30 | 2002-11-07 | Markany Inc. | Method of protecting and managing digital contents and system for using thereof |
US20030037010A1 (en) * | 2001-04-05 | 2003-02-20 | Audible Magic, Inc. | Copyright detection and protection system and method |
US20030046022A1 (en) * | 2001-08-31 | 2003-03-06 | International Business Machines Corporation | System and method for determining the location of remote devices |
US20040052257A1 (en) * | 2002-06-24 | 2004-03-18 | Miguel Abdo | Automatic discovery of network core type |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6684250B2 (en) * | 2000-04-03 | 2004-01-27 | Quova, Inc. | Method and apparatus for estimating a geographic location of a networked entity |
-
2005
- 2005-11-03 KR KR1020077012620A patent/KR20070085748A/en not_active Application Discontinuation
- 2005-11-03 EP EP05822285A patent/EP1820147A4/en not_active Withdrawn
- 2005-11-03 WO PCT/US2005/040168 patent/WO2006050521A2/en active Application Filing
- 2005-11-03 JP JP2007540106A patent/JP2008519355A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001069354A2 (en) * | 2000-03-14 | 2001-09-20 | Microsoft Corporation | Secure distribution of digital products against unauthorized use |
US20030037010A1 (en) * | 2001-04-05 | 2003-02-20 | Audible Magic, Inc. | Copyright detection and protection system and method |
WO2002088991A1 (en) * | 2001-04-30 | 2002-11-07 | Markany Inc. | Method of protecting and managing digital contents and system for using thereof |
US20030046022A1 (en) * | 2001-08-31 | 2003-03-06 | International Business Machines Corporation | System and method for determining the location of remote devices |
US20040052257A1 (en) * | 2002-06-24 | 2004-03-18 | Miguel Abdo | Automatic discovery of network core type |
Non-Patent Citations (1)
Title |
---|
See also references of WO2006050521A2 * |
Also Published As
Publication number | Publication date |
---|---|
EP1820147A4 (en) | 2009-09-23 |
KR20070085748A (en) | 2007-08-27 |
WO2006050521A2 (en) | 2006-05-11 |
JP2008519355A (en) | 2008-06-05 |
WO2006050521A3 (en) | 2007-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4214807B2 (en) | Copyright protection system, transmission apparatus, copyright protection method, and recording medium | |
KR101004218B1 (en) | Data transferring method | |
JP4257235B2 (en) | Information processing apparatus and information processing method | |
US9009465B2 (en) | Augmenting name/prefix based routing protocols with trust anchor in information-centric networks | |
US7987359B2 (en) | Information communication system, information communication apparatus and method, and computer program | |
KR100593768B1 (en) | Content sending device, content receiving device and content transmitting method | |
US8230087B2 (en) | Enforcing geographic constraints in content distribution | |
US8181262B2 (en) | Network user authentication system and method | |
KR101015362B1 (en) | Content distribution system | |
JP3814620B2 (en) | Information processing apparatus and information processing method | |
US20060265735A1 (en) | Content transmission apparatus, content reception apparatus, content transmission method and content reception method | |
EP1811742A2 (en) | System, apparatus, method and computer program for transferring content | |
US20050124319A1 (en) | Digital rights management using a triangulating geographic locating device | |
US20090144581A1 (en) | Data Transfer Controlling Method, Content Transfer Controlling Method, Content Processing Information Acquisition Method And Content Transfer System | |
US8429300B2 (en) | Data transferring method | |
Calhoun Jr et al. | An 802.11 MAC layer covert channel | |
US20060206432A1 (en) | Digital rights management using network topology testing | |
JP2007537624A (en) | Method and system for determining location using network signature | |
JP2005352910A (en) | Information processor and processing method | |
JP2006018439A (en) | Information processing device, method, and program | |
WO2006050521A2 (en) | Digital rights management using network topology testing | |
JP2006080587A (en) | Transmission time measuring method, data transmission and reception system, medium and information aggregate | |
JP4181951B2 (en) | Content distribution system | |
CN101292231A (en) | Digital rights management using network topology testing | |
JP2011139189A (en) | Content transmitter, content receiver, and authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20070427 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
R17D | Deferred search report published (corrected) |
Effective date: 20071206 |
|
DAX | Request for extension of the european patent (deleted) | ||
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 12/56 20060101ALI20080417BHEP Ipc: G06F 15/173 20060101ALI20080417BHEP Ipc: G06F 15/16 20060101ALI20080417BHEP Ipc: G06F 15/00 20060101AFI20080417BHEP |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20090824 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 12/24 20060101ALI20090818BHEP Ipc: H04L 12/26 20060101ALI20090818BHEP Ipc: H04L 29/06 20060101ALI20090818BHEP Ipc: H04L 12/56 20060101ALI20090818BHEP Ipc: G06F 15/173 20060101ALI20090818BHEP Ipc: G06F 15/16 20060101ALI20090818BHEP Ipc: G06F 15/00 20060101AFI20080417BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20091121 |