[go: up one dir, main page]

WO2002035324A2 - Système et procédé de gestion de contenu numérique - Google Patents

Système et procédé de gestion de contenu numérique Download PDF

Info

Publication number
WO2002035324A2
WO2002035324A2 PCT/CA2001/001514 CA0101514W WO0235324A2 WO 2002035324 A2 WO2002035324 A2 WO 2002035324A2 CA 0101514 W CA0101514 W CA 0101514W WO 0235324 A2 WO0235324 A2 WO 0235324A2
Authority
WO
WIPO (PCT)
Prior art keywords
content
audience management
secondary content
authenticable
primary content
Prior art date
Application number
PCT/CA2001/001514
Other languages
English (en)
Other versions
WO2002035324A3 (fr
Inventor
Scott Alan Thomson
Gordon Edward Larose
Original Assignee
Netactive Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netactive Inc filed Critical Netactive Inc
Priority to AU2002213711A priority Critical patent/AU2002213711A1/en
Publication of WO2002035324A2 publication Critical patent/WO2002035324A2/fr
Publication of WO2002035324A3 publication Critical patent/WO2002035324A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to a system and method for managing digital content, and in particular to a system and method for controlling the presentation of digital content to a user.
  • Digital content is expensive to produce.
  • One means that the producers of such content have to recoup their development and distribution costs is through the association of primary content with secondary content such as advertising.
  • the expectation is that the revenues from advertising will recoup the costs of creating and distributing the primary content desired by users.
  • the association of secondary content with primary content can take on a number of forms, including the following: (i) the incorporation of advertising in the form of banner ads or otherwise, into World Wide Web (WWW) pages requested by a user; (ii) software applications, such as the Microsoft Outlook Express (when accessing Hotmail) and the Qualcomm Eudora e-mail programs, with built-in advertising capabilities; and (iii) a user agreeing to receive advertising in the form of e-mail as a condition for using an Internet service.
  • WWW World Wide Web
  • a major drawback of these forms of advertising is that the advertising is only loosely coupled, if it is coupled at all, to the primary content desired by the user.
  • HTML Hypertext Transfer Protocol
  • filtering software that accomplishes this task is GuidescopeTM.
  • This software installs a proxy server on a personal computer that blocks the receipt of messages from known advertising servers.
  • Another method of blocking advertising is to enter the address of the advertising server in the "hosts" file (in the "Windows” directory in the Microsoft WindowsTM 95/98 operating system) and equating it to address 127._0.0.1.
  • e-mail program filters can easily filter out advertising in e-mail messages.
  • Most e-mail programs allow users to set up "Message Rules." These allow users to specify e-mail messages that are to be deleted without being read, based on their origin or specific terms in the title of the e-mail. Alternatively, e-mail messages can be deleted by a user before being read, or simply ignored altogether.
  • This invention relates to a method and system for controlling the presentation of primary content on a computing device (which can be a general-purpose personal computer, hand-held computer, or a specialized computing appliance, such as a games console or cellular phone Internet appliance) such that secondary content, including advertising, is always presented to a user in the manner that is intended for the presentation of said secondary content .
  • a computing device which can be a general-purpose personal computer, hand-held computer, or a specialized computing appliance, such as a games console or cellular phone Internet appliance
  • secondary content including advertising
  • a user acquires primary content and secondary content through the Internet, via CD-ROM, DVD or otherwise.
  • the primary content is delivered to a user in encrypted form to prevent uncontrolled access thereto.
  • the user is also provided with the secondary content, audience management metadata specifying rules for the presentation of the primary content and the secondary content at the user's computer, and audience management software that authenticates all the aforesaid components.
  • the audience management metadata can be in any format, but it is anticipated that it will be based on an accepted industry standard such as extensible markup " language (XML) .
  • the audience management software in conjunction with the audience management metadata, ensures that the primary content and the secondary content are presented (i.e.
  • the exact method used by the audience management software to ensure that secondary content is displayed to the user as intended may vary in different embodiments, but the process will typically, but not necessarily, include encryption/decryption of the primary content and authentication of the secondary content and the audience management metadata. Decryption of the primary content with a public decryption key will produce a useable result only if the encrypted primary content is valid. Authentication of the secondary content and the audience management metadata can be accomplished through the use of a locally-computed digital signature which is compared to an expected value in order to detect any corruption of the components.
  • the audience management software ensures that both the primary content and the secondary content are displayed to the user as specified by the rules listed in the audience management metadata. It is therefore not possible for the user to be presented with the primary content without also being presented with the secondary content, as specified by the audience management metadata. It is not necessary for the primary content and the secondary content to be presented to a user on the same computing device.
  • Digital rights management may also form part of the feature set of the audience management software. Targeting of secondary content is also possible. Countermeasures against attacks by hackers to corrupt the primary content, secondary content and/or the audience management metadata are also described.
  • the audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices .
  • the method comprising the steps of: (i) encrypting primary content; (ii) rendering the secondary content authenticable; (iii) rendering the audience management metadata authenticable; and (iv) upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the computing devices in accordance with rules listed in the audience management metadata.
  • a method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software .
  • the audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices.
  • the method comprises the steps of: (i) receiving encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software; (ii) decrypting the encrypted primary content with a decryption key Kl; (iii) authenticating the authenticable secondary content, authenticable audience management metadata; and (iv) if the primary content, secondary content, the audience management metadata are valid, presenting the primary content and the secondary content at the computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
  • Figure 1 is a schematic diagram of a prior art computer network showing how primary content and secondary content are delivered via the Internet to a user;
  • Figure 2 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via the Internet in accordance with one embodiment of the present invention
  • Figure 3 is an example of audience management metadata that specifies the relationship between primary content and secondary content
  • Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM in accordance with a second embodiment of the present invention.
  • Figure 5 is a flowchart illustrating the binding of secondary content to primary content through the use of a watermark in the secondary content that is used in the decryption of the primary content.
  • FIG. 1 is a schematic diagram showing how primary content and secondary content such as advertisements are typically delivered to a user via the Internet . Components shown in dotted outline are optional.
  • Client 102 which is a computer or other Internet capable device, operates an Internet web browser application such as Netscape Communicator or Internet Explorer to access web content stored on primary content server 122. To access such web content, a request specifying a Universal Resource Locator (URL) of such web content is generated by client 102 using the hypertext transfer protocol (HTTP) .
  • HTTP hypertext transfer protocol
  • the response from primary content server 122 typically contains a description of the structure of the web page for display of the primary content, text information to be rendered on the web page, and additional links for graphics and multi-media to be rendered on the web page.
  • the response from primary content server 122 may or may not include associated secondary content (e.g. one or more advertisements) , either embedded directly into the forwarded web page or included in an accompanying pop-up window. If such secondary content is included, it is typically implemented by advertisement links that point to an advertisement server, such as secondary content server 125. Secondary content server 125 could be on-site or off-site with primary content server 122. Where secondary content server 125 is off-site, it may be operated by a third party different from the operator of primary content server 122, for example an advertising service provider such as the Doubleclick Corporation. The user's browser automatically retrieves the secondary content 106 and renders it on the user's Internet browser together with the primary content 104.
  • secondary content server 125 could be on-site or off-site with primary content server 122. Where secondary content server 125 is off-site, it may be operated by a third party different from the operator of primary content server 122, for example an advertising service provider such as the Doubleclick Corporation.
  • the user's browser automatically retrieves the secondary content
  • secondary content filter 110 When a secondary content filter 110 is used, secondary content 106 may not be rendered with the primary content 104 on the user's Internet browser as intended.
  • secondary content filter 110 is shown exterior to client 102 though it is typically a software process executing on client 102 along with the user's browser.
  • secondary content filters There are many kinds of secondary content filters known in the art, all of which are designed to suppress secondary content from being displayed on the user's Internet browser along with primary content.
  • secondary content filter 150 is a HTTP proxy server that monitors data flowing between the proxy server and the user's Internet browser to delete any unwanted WWW data stream such as an advertisement, a cookie and/or a popup window.
  • the user's browser may be configured by the user to show only primary content 104.
  • FIG. 2 is a schematic diagram of a computer network showing how primary content and secondary content is delivered to a user via the Internet in accordance with one embodiment of the present invention.
  • client 102 can be a general-purpose personal computer, or a specialized computing appliance, such as a games console or an Internet appliance, or a terminal device for a wireless network.
  • embodiments of the present invention can be distributed to users in a number of different ways, such as via CD-ROM, DVD, or by wireless or wireline networks other than the Internet such as a digital cellular telephone network (e.g. a 3G cellular telephone network) , or a combination of these or other distribution media.
  • a digital cellular telephone network e.g. a 3G cellular telephone network
  • FIG. 4 An embodiment of the present invention utilizing CD-ROM as the distribution medium for primary content and secondary content is described by reference to Figure 4.
  • the creation, distribution, activation, and refreshing of primary content and secondary content in accordance with the embodiment shown in Figure 2 is as follows.
  • the four basic components of the present invention are as follows: (i) primary content, which is desired by a user at client 102; (ii) secondary content, such as advertising, intended by a content distributor or producer to be presented with the primary content; (iii) audience management metadata that includes rules for the presentation of the primary content and the secondary content; and (iv) audience management software that controls the presentation (e.g. display, audio, etc.) of the primary content and the secondary content to the user as intended by the content distributor or producer.
  • primary content which is desired by a user at client 102
  • secondary content such as advertising, intended by a content distributor or producer to be presented with the primary content
  • audience management metadata that includes rules for the presentation of the primary content and the secondary content
  • audience management software that controls the presentation (e.g. display, audio, etc.) of the primary content and the secondary content to the user as intended by the content distributor or producer.
  • the primary content is encrypted, and the secondary content and audience management metadata are rendered authenticable by the use of embedded digital signatures.
  • the audience management software can be protected as well.
  • Suitable oneway hash functions include MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) .
  • MD5 Message Digest 5
  • SHA Secure Hash Algorithm
  • hash functions also known as cryptographic hash functions, take a variable-length input and create a fixed-length output, known as a hash value, which is usually much shorter than the input.
  • An example of a hash function is the Secure Hash Algorithm (SHA) .
  • the SHA uses a series of iterative mathematical operations to create a 160-bit hash value from any input that is less than 2 64 (approximately l. ⁇ xlO 19 ) bits in length.
  • the SHA has the characteristics that it is computationally infeasible to recover the input from the hash value, and it is also infeasible to find two different inputs that hash to the same digital signature.
  • a digital signature is obtained when the result of the hash function is put through a one-way encryption function, such as RSA, using a private key known only to the content producer or distributor.
  • the result can be decrypted using a public key to yield the correct hash value for the data.
  • An attacker who does not know the private key cannot generate a correctly encrypted version of the result of the hash function for false content.
  • the primary content should never be capable of being presented to a user independent of the secondary content.
  • the primary content will generally have a native format that is usable by many software applications, such as MPEG-4 video.
  • a user can use a third-party multimedia software application in violation of any rules listed in the audience management metadata if the primary content is not encrypted. Therefore, primary content must be encrypted in its entirety so as to not be usable by applications other than prescribed by the audience management software and the audience management metadata as described herein.
  • the primary content and secondary content always be presented primarily on the same device at the same time.
  • the primary content comprises stock quotations
  • a user might reasonably expect this content to be displayed on cellular phone 175, perhaps on an unsolicited real-time basis, using the Wireless Application Protocol (WAP) through wireless connection 176.
  • WAP Wireless Application Protocol
  • a cellular phone using WAP is a very poor environment for the delivery of secondary content such advertising, so associated secondary content can be delivered to a more highly capable device operated by the user such as a personal computer or personal digital assistant .
  • the secondary content can be presented at a different time than the primary content, e.g. when the user updates a list of stocks to be tracked. While this creates greater opportunity to view primary content in the absence of secondary content, at least for a period of time, such capability can be limited as desired by the content producer or distributor, and can make the secondary content more effective.
  • All of the above components could be stored at one server in a computer network before delivery to a user, though they could also be stored at any combination of separate servers such as primary content server 122, secondary content server 125, and audience management server 127.
  • servers such as primary content server 122, secondary content server 125, and audience management server 127.
  • the packaging of the above four items can vary.
  • the primary content and audience management software could be distributed to a user on a CD-ROM, with the secondary content and audience management metadata delivered over the Internet.
  • the entire package could be contained in one distribution medium, such as a CD-ROM (see the description of Figure 4) .
  • a user would typically click a hyperlink in a web page to initiate a download of the package of required components over the Internet.
  • the user's download request is forwarded across ' network communication link 150, Internet 120 and network communication links 159, 160 and/or 161 to the one or more servers where the required components (i) - (iv) described above are located.
  • the user's download request could be forwarded to primary content server 122 where the primary content is stored.
  • the user's download request may also be forwarded to secondary content server 125 where the secondary content is stored, and to audience management server 127 where the audience management metadata and the audience management software are stored.
  • Retrieval of the above components could be implemented in a number of ways.
  • the initial data retrieved from primary content server 122 could include an active Web control that initiates download of the other components from the other servers to client 102.
  • the overall objective is to ensure that the primary content, the secondary content and the audience management metadata have not been tampered with by encrypting the primary content, and rendering the secondary content and the audience management metadata authenticable by one of the means described below.
  • client 102 is delivered the following four components: (i) a version of the primary content fully encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm; (ii) digitally signed but unencrypted secondary content; (iii) digitally signed but unencrypted audience management metadata; and (iv) unencrypted audience management software.
  • a version of the primary content fully encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm
  • digitally signed but unencrypted secondary content (iii) digitally signed but unencrypted audience management metadata; and (iv) unencrypted audience management software.
  • the audience management software can authenticate the primary content in a number of ways.
  • the audience management software can calculate a digital signature using a one-way hashing function.
  • This locally-computed cryptographic signature of the encrypted primary content can then be transmitted across communications link 158, through Internet 120 and communications link 159 to primary content server 122 where a pre-calculated digital signature of the encrypted primary content is stored.
  • the primary content server 122 can then compare the locally-computed digital signature with the pre- calculated digital signature of the encrypted primary content. If the digital signatures match, primary content server 122 would then transmit an enabling message to the audience management software at client 102.
  • the audience management software Upon receipt of the enabling message, the audience management software would then decrypt the primary content using a public decryption key Kl that could be built-in to the audience management software, or alternatively could be retrieved from primary content server 122.
  • the server could then retransmit an encrypted version of the primary content to client 102, and the validity check would be performed again. If there is still a mismatch, the audience management software could display an error message to the user and terminate.
  • the encrypted primary content could be authenticated locally, without the intervention of primary content server 122.
  • This mode of local authentication which involves the storing of an digital signature of the encrypted primary content within the encrypted primary content, is described below by reference to the authentication of the secondary content .
  • the audience management software can validate the secondary content through local verification of authentication data such as a digital signature.
  • the audience management software would parse the secondary content and extract a digital signature embedded therein by the content producer, distributor or some third party.
  • the audience management software would decrypt the digital signature using a public decryption key K2 that could be built-in to the audience management software, or alternatively could be retrieved from secondary content server 125. This produces a hash result of the secondary content excluding the digital signature first retrieved by the audience management software.
  • the audience management software Using the secondary content (minus the digital signature) as an input, the audience management software would then perform its own independent calculation of the hash result which is then compared to the hash result retrieved from the secondary content. Only if the two hash values match would the secondary content be deemed valid. ' In the case of a mismatch, the audience management software would abort or, if network resources were available, attempt to retrieve an updated version of the secondary content from secondary content server 127 so that the above validity check can be performed again. Note that the use of public key K2 in the decryption of the digital signature ensures that an attacker cannot insert an incorrect digital signature and thus allow for a false positive validity check.
  • the secondary content and the audience management metadata in their entirety can be encrypted, so that they are not easily subject to any kind of inspection and modification such as by a text editor.
  • Multiple levels of decryption with chains of keys from various sources can also be used.
  • public decryption keys Kl, K2 and K3 can be used for multiple unrelated purposes by the audience management software. For example, they can be used to decrypt some of the audience management software itself, or to decrypt the primary content.
  • audience management software simply does not function as intended or at all.
  • the audience management software may also perform integrity checks on itself to ensure that it has not been tampered with and that a software debugger is not in use.
  • the audience management software is then executed at client 102 with its behavior mediated by the audience management metadata.
  • Figure 3 is an example of audience management metadata that specifies the relationship between the primary content and the secondary content.
  • the XML-based audience management metadata specifies that, to run successfully, the audience management software must be version 1.2 (or higher) . This is necessary to ensure that the audience management software is capable of supporting all of the features implicit in the audience management metadata. If the version of the audience management software is not version 1.2 or higher, the audience management software can retrieve a newer version automatically over the Internet.
  • the audience management metadata then hierarchically describes one or more business campaigns each of which has one or more items of primary content and secondary content.
  • business campaign "NetActive_publisherl” is described.
  • the secondary content includes an item “af iliate_ad_l” that includes a graphic in the GIF format, 120 by 320 pixels in size, that is associated with the primary content item "rock__video_l” , and is always displayed, in the same screen window as the primary content, on all presentations of that primary content, before the primary content is displayed. It has an associated action, which is a standard click-through.
  • the audience management metadata set is defined first at the business level - designated a "campaign" here - and that any number of items of primary content and secondary content with arbitrary relationships between them, can be specified by such a structure.
  • the primary content could include stock market quotations that are periodically updated.
  • a parameter that uniquely identifies the user to the stock quote supplier is referenced in the audience management metadata and will be sent to the server (such as primary content server 122) storing the stock market quotations.
  • the audience management metadata also provides for an audio advertisement (i.e. the secondary content) to be presented along with the stock quotes.
  • the advertisement is in the MP3 audio format and is retrieved from a local file, which is updated on a hourly basis from a specified server path.
  • the primary content and the secondary content can be targeted to separate computing devices.
  • primary stock quotes can be presented at a WAP cellular phone, with the secondary content such as advertising being presented at a personal computer. This would be done only as allowed by the metadata.
  • audience management software and audience management metadata are logically partitioned between both computing devices and a central server which knows the association of the computing devices with the user, as well as the user's primary content and secondary content status. Periodic communication between the computing device used for the presentation of secondary content and the central server would ensure that continued access to the primary content depended on regular exposure to the secondary content .
  • Network interactions to/from client 102 could also include information that is gathered about user behavior. For example, in a given campaign, a publisher could offer access to a certain class of primary content and secondary content only if the user agreed to allow the publisher to collect statistical data on the user's viewing habits. Even though both the primary content and secondary content might all be stored locally, the audience management software could gather information about when and how often the content is consumed, about which primary content items are most effective in triggering click-throughs on a given secondary- content advertisement, and so forth.
  • the audience management metadata may also specify rights that a user has to the use of the primary content, which may be independent of the secondary content . For example, a user may be allowed to use the primary content for a fixed period of time, pay to use the content for a longer period of time, or to purchase it outright. If a user does not have any rights to use the primary content, a digital rights management component of the audience management software will start an Internet browser session to allow the user to obtain permission to use the primary content.
  • the protection of overall system integrity, including secondary content, can be persistent in time. While the audience management software is running, an inspection thread periodically runs and scans the secondary content to determine its integrity.
  • the audience management software can initiate a connection to primary content server 122 and secondary content server 125 to periodically refresh the primary content, the secondary content and/or the audience management metadata.
  • the audience management software itself can also be similarly updated. Validation checks as described above could then be performed on these refreshed components .
  • Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM 300 in accordance with a second embodiment of the present invention.
  • the CD-ROM 300 is a computer readable medium that stores processor executable instructions.
  • a distributor of primary content and secondary content can create a package of processor executable instructions consisting of: (i) an encrypted version of the primary content 302 desired by the user; (ii) digitally signed but unencrypted secondary content 306 (such as advertising) desired by the content distributor to be presented with the primary content; (iii) digitally signed but unencrypted audience management metadata 304 that governs the relationship between the primary content and the secondary content; and (iv) audience management software 305 that controls the presentation of the primary content and the secondary content to the user as dictated by the audience management metadata. All of the above elements of a package are stored on CD-ROM 300.
  • a user would typically insert the CD-ROM 300 into client 102 which would then automatically execute the audience management software 305 with no user action required.
  • the audience management software 305 would then perform integrity checks of at least the primary content, the secondary content and the audience management metadata similar to those performed in connection with Figure 2.
  • This embodiment is designed to function without a requirement for an Internet connection.
  • the audience management software would therefore perform the necessary integrity checks by creating locally-generated hash values of the primary content and secondary content, as described previously, and comparing them with hash values contained in the digital signatures embedded in the primary content and secondary content .
  • the content distributor can specify, through the audience management metadata, whether an Internet connection to the audience management server 127 is desired, or required, in order for the user to view the primary content and secondary content .
  • an Internet connection is " available "
  • the necessary " integrity checks can be accomplished through use of Internet communications to primary content server 122, secondary content server 125 and audience management server 127 as described in the embodiment shown in Figure 2.
  • digital rights management for the primary content may also form part of the feature set of the audience management software.
  • the audience management software can be used as an intermediary between client 102 and the primary content server 122 to negotiate arbitrary license terms with the user, display an End-User License Agreement (EULA) , confirm acceptance of that agreement, and automatically perform on-line registration of the primary content based on the specific license terms.
  • EULA End-User License Agreement
  • the identity of the user could be verified by the primary content server 122 through use of a confirmation e-mail sent to an e-mail address or a smart card or an X.509 certificate.
  • the primary content server 122 could offer different pricing and license terms, and possibly different executable versions of the primary content, to users in different countries, for example.
  • Single use licenses for the primary content can also be negotiated with primary content server 122.
  • Audience management software can also have the ability to arrange for the targeting of secondary content.
  • the choice of primary content itself provides very useful targeting information.
  • Additional targeting could be based on one or more parameters that include behavior profiling parameters and/or registration-based targeting parameters.
  • Behavior profiling parameters often, but not necessarily, relate to the use of cookies, which are small pieces of data sent by a web server and stored on a user's computer in association with a web browser so they can later be read back from that browser. Cookies are useful for having the browser remember some specific information about a user. Cookies can be used to build a profile of which web sites have been visited by a user and which advertisements have been selected by the user. This information can then be used to target secondary content to a user.
  • Registration-based targeting parameters target advertisements at users based on registration information inputted by a user. For example, a user who signs up for a particular online service may be first asked to provide a home address, and other information including income, profession, home ownership status, etc. before being allowed access to primary content . The operator of primary content server 122 can then use the registration information to tailor secondary content specifically to the interests of the user.
  • secondary content may comprise an advertisement with an expiry date.
  • secondary content server 125 could use digital rights management logic to determine that the particular secondary content had expired, and cause an on-line upgrade of the secondary content.
  • the audience management software stored on client 102 may have no knowledge of this. In such a case, it would simply performs on-line checks and upgrades as instructed by the audience management metadata and directives from one or more of the primary content server 122, secondary content server 125 and audience management server 127. It is also possible to include countermeasures against attack by hackers to prevent corruption of the primary content, the secondary content and/or the audience management metadata.
  • the design of the secondary content may also help to defeat any attempts at modifying it.
  • the secondary content can contain parts of the primary content, so that the primary content is incomplete if the secondary content is tampered with.
  • the secondary content contains a watermark that is an encrypted partial key for the primary content, which, through the use of asymmetric encryption, is extremely difficult to ascertain.
  • the audience management software reads the secondary content.
  • the audience management software reads a digital watermark from the secondary content.
  • the audience management software decrypts the digital watermark using the public decryption key K2 to produce a partial primary content public decryption key K4.
  • the audience management software performs an exclusive OR (XOR) operation for this partial primary content public decryption key K4 and a stored public decryption key K5. The end result is the true primary content public decryption key Kl .
  • the audience management software decrypts the primary content using the true primary content public decryption key, and then proceeds to present the primary content in the normal manner under the control of the audience management metadata as described above. If at any time the secondary content has been tampered with or removed, the partial primary content decryption key will be incorrect, thereby denying access to the user.
  • the above-described mechanism can be applied in a case where the secondary content watermark contained several decryption keys, e.g. different keys for different items of primary content.
  • such watermarks can be generated dynamically, so as to enable any item of secondary content to contain the relevant keys to allow for the presentation any item of primary content, without the requirement for pre-generating a large number of content/watermark pairs.
  • a hacker could replace components of the audience management software, such as Dynamic Link Libraries (DLLs) in a Microsoft Windows environment, with versions that are either non-operational stubs or that return false data.
  • the components could be designed to return a result that was unpredictable, and required for subsequent execution. In this case, if fake stub components were injected, they would not return correct values, and subsequent execution would terminate.
  • the original components could perform system-level functions essential to the audience management software - such as file input/output - in addition to their security functions so that, again, simply replacing them with modified versions would "break" the program.
  • the audience management software could receive checksum data from one or more of the servers such as primary content server 122, secondary content server 125, and audience management server 127 and, without explicitly calculating its own version of the checksum, use the received checksum data as part of a self-inspecting calculation that would yield a "fail” result if any of the four components had been modified.
  • the servers 122, 125, and 127 could subject the audience management software to a pseudo-random hashing inspection, where it could not be known in advance what parts of the program were to be hashed and thus the results could not be precompiled as part of an attack. Logic of this type is applied in the music domain, using the "beam-it" protocol from MP3.com.
  • VxDs virtual device drivers
  • One of the countermeasures relates to an attacker executing a software debugger, such as Softlce from Numega Corporation, in order to inspect the processes of the audience management software while it is running, with a view to reverse-engineering its behavior in order to understand which parts of the code to modify.
  • a software debugger such as Softlce from Numega Corporation
  • Such an attack could be countered by including code in the audience management software to test for a running debugger and terminate execution if one is found.
  • code could be included which explicitly interfered with the operation of known debuggers, without explicitly detecting their operation. For instance, on an Intel x86 family microprocessor, code could be included that wrote specific binary patterns, known to deactivate hardware debug support features, into the CPU's debug registers. Even in the absence of such detection and termination, in order for a hacker to succeed in producing a redistributable crack, it would be necessary to modify executable code - and such modifications, once in place, would be detected by self-check
  • the audience management software described herein could include a data- driven inspection thread, which would periodically wake up, hash the code space of the various internal components of the audience management logic and supporting functions, and compare the values obtained to stored correct values .
  • a data- driven inspection thread which would periodically wake up, hash the code space of the various internal components of the audience management logic and supporting functions, and compare the values obtained to stored correct values .
  • such values could be used in implicit computations rather than being the subject of explicit comparison instructions. The objective of this is that there is no single place to attack code for fraudulent purposes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Finance (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un procédé, un dispositif et un support informatique permettant de commander la présentation d'un contenu primaire (message de courrier électronique, page web, jeu électronique, ou autre programme exécutable), de façon que le contenu secondaire, et notamment la publicité, se présente systématiquement à un utilisateur de la façon prévue. Un système de gestion d'auditoire mettant en oeuvre un logiciel de gestion d'auditoire et des méta-données de gestion d'auditoire, garantit qu'il n'est pas possible pour un utilisateur que le contenu primaire lui soit présenté sans le contenu secondaire qui lui était également destiné. Le contenu primaire est remis à l'utilisateur en format crypté pour interdire l'accès non autorisé. L'utilisateur reçoit également le contenu secondaire, les méta-données de gestion d'auditoire spécifiant les règles de présentation du contenu primaire et du contenu secondaire au niveau de l'ordinateur de l'utilisateur, et le logiciel de gestion d'auditoire qui authentifie ces composants. La gestion des droits numériques peut également faire partie des fonctions du logiciel de gestion d'auditoire. Le ciblage du contenu secondaire est également possible. L'invention concerne également des contre-mesures empêchant les pirates informatiques d'altérer les contenus primaires et secondaires ainsi que les méta-données de gestion d'auditoire.
PCT/CA2001/001514 2000-10-26 2001-10-26 Système et procédé de gestion de contenu numérique WO2002035324A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002213711A AU2002213711A1 (en) 2000-10-26 2001-10-26 System and method for managing digital content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US69629500A 2000-10-26 2000-10-26
CA09/696,295 2000-10-26

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/425,989 Continuation US7636459B2 (en) 2000-10-31 2003-04-30 High precision modeling of a body part using a 3D imaging system

Publications (2)

Publication Number Publication Date
WO2002035324A2 true WO2002035324A2 (fr) 2002-05-02
WO2002035324A3 WO2002035324A3 (fr) 2003-04-10

Family

ID=24796475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2001/001514 WO2002035324A2 (fr) 2000-10-26 2001-10-26 Système et procédé de gestion de contenu numérique

Country Status (2)

Country Link
AU (1) AU2002213711A1 (fr)
WO (1) WO2002035324A2 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005119537A1 (fr) * 2004-05-25 2005-12-15 Lassad Toumi Procede de telechargement avec insertion publicitaire et player specifique
WO2006010950A3 (fr) * 2004-07-29 2006-04-27 Radioscape Ltd Procede de stockage et de lecture de contenu multimedia numerique
GB2445627A (en) * 2007-04-24 2008-07-16 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
GB2448792A (en) * 2007-04-24 2008-10-29 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
GB2451346A (en) * 2007-07-24 2009-01-28 Discretix Technologies Ltd Digital rights management (DRM) with forced presentation of advertisements
US7725876B2 (en) 2004-06-07 2010-05-25 Ntt Docomo, Inc. Original contents creation apparatus, derived contents creation apparatus, derived contents using apparatus, original contents creation method, derived contents creation method, and derived contents using method and verification method
US20100312771A1 (en) * 2005-04-25 2010-12-09 Microsoft Corporation Associating Information With An Electronic Document
US7920845B2 (en) 2003-09-11 2011-04-05 Cvon Innovations Limited Method and system for distributing data to mobile devices
FR2981182A1 (fr) * 2011-10-10 2013-04-12 France Telecom Controle d'acces a des donnees d'un contenu chiffre
US8595851B2 (en) 2007-05-22 2013-11-26 Apple Inc. Message delivery management method and system
US8671000B2 (en) 2007-04-24 2014-03-11 Apple Inc. Method and arrangement for providing content to multimedia devices
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2435565B (en) 2006-08-09 2008-02-20 Cvon Services Oy Messaging system
US9367847B2 (en) 2010-05-28 2016-06-14 Apple Inc. Presenting content packages based on audience retargeting

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US5995625A (en) * 1997-03-24 1999-11-30 Certco, Llc Electronic cryptographic packing
US6519700B1 (en) * 1998-10-23 2003-02-11 Contentguard Holdings, Inc. Self-protecting documents

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8781449B2 (en) 2003-09-11 2014-07-15 Apple Inc. Method and system for distributing data to mobile devices
US7920845B2 (en) 2003-09-11 2011-04-05 Cvon Innovations Limited Method and system for distributing data to mobile devices
US8099079B2 (en) 2003-09-11 2012-01-17 Apple Inc. Method and system for distributing data to mobile devices
US8280416B2 (en) 2003-09-11 2012-10-02 Apple Inc. Method and system for distributing data to mobile devices
WO2005119537A1 (fr) * 2004-05-25 2005-12-15 Lassad Toumi Procede de telechargement avec insertion publicitaire et player specifique
US7725876B2 (en) 2004-06-07 2010-05-25 Ntt Docomo, Inc. Original contents creation apparatus, derived contents creation apparatus, derived contents using apparatus, original contents creation method, derived contents creation method, and derived contents using method and verification method
WO2006010950A3 (fr) * 2004-07-29 2006-04-27 Radioscape Ltd Procede de stockage et de lecture de contenu multimedia numerique
US20100312771A1 (en) * 2005-04-25 2010-12-09 Microsoft Corporation Associating Information With An Electronic Document
GB2445627A (en) * 2007-04-24 2008-07-16 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
GB2448792A (en) * 2007-04-24 2008-10-29 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
US8671000B2 (en) 2007-04-24 2014-03-11 Apple Inc. Method and arrangement for providing content to multimedia devices
US8595851B2 (en) 2007-05-22 2013-11-26 Apple Inc. Message delivery management method and system
US8935718B2 (en) 2007-05-22 2015-01-13 Apple Inc. Advertising management method and system
US8201260B2 (en) 2007-07-24 2012-06-12 Discretix Technologies Ltd. Device, system, and method of digital rights management utilizing supplemental content
GB2451346A (en) * 2007-07-24 2009-01-28 Discretix Technologies Ltd Digital rights management (DRM) with forced presentation of advertisements
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information
FR2981182A1 (fr) * 2011-10-10 2013-04-12 France Telecom Controle d'acces a des donnees d'un contenu chiffre

Also Published As

Publication number Publication date
AU2002213711A1 (en) 2002-05-06
WO2002035324A3 (fr) 2003-04-10

Similar Documents

Publication Publication Date Title
CN113015974B (zh) 针对隐私保护的可验证同意
AU2006252994B2 (en) Advertising in application programs
US6108420A (en) Method and system for networked installation of uniquely customized, authenticable, and traceable software application
US8327453B2 (en) Method and apparatus for protecting information and privacy
US20020053024A1 (en) Encrypted program distribution system using computer network
US20020095579A1 (en) Digital data authentication method
US20120036565A1 (en) Personal data protection suite
US20080133928A1 (en) A computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
US20110060688A1 (en) Apparatus and methods for the distribution of digital files
WO2002035324A2 (fr) Système et procédé de gestion de contenu numérique
US8892894B2 (en) Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
JP7098065B1 (ja) 電気通信ネットワーク測定におけるデータ操作の防止およびユーザのプライバシーの保護
JP4972208B2 (ja) デジタル配信の帯域外追跡を可能にする、コンピュータにより実施される方法およびシステム
EP3005207B1 (fr) Mécanisme de commande d'exécution de contenu numérique
KR101085365B1 (ko) 디지털적으로 서명된 콘텐츠에서 보조 정보를 임베딩 및 인증하기 위한 컴퓨터-구현된 방법 및 시스템
JP7250112B2 (ja) クラウドソーシングを用いて偽情報に対処すること
CN116348874B (zh) 使用鉴证令牌的安全归因的方法、系统以及介质
JP2012142022A (ja) デジタル配信の帯域外追跡を可能にする、コンピュータにより実施される方法およびシステム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10425989

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC EPO FORM 1205A DATED 03.09.03

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP