1. Field of the Invention
The present invention relates to systems and methods for authorizing devices to replay media content such as video programs, and in particular to a system and method for device authorization and remediation.
2. Description of the Related Art
In the past two decades, digital rights management (DRM) technologies have been developed to protect digital media content such as video programs and audio from unauthorized distribution and/or consumption. DRM technologies perform a host of functions including, install authorizations, watermarking of digital content, and digitally locking the media content so that it cannot be consumed without authorization. Digitally locking the media content itself is typically accomplished by encrypting the content or a function necessary to decrypt the content using keys that are only accessible to or derivable by authorized entities.
No DRM system is one hundred percent secure, and DRM systems are under constant attack by unauthorized users and their agents. Devices which have been “hacked” or compromised can allow unauthorized users to consume protected content and distribute it to others. For example, this may be accomplished on an ANDROID device by allowing applications to invoke super user (“su”) privileges.
One means for dealing with this problem is to occasionally check the playback devices to confirm that their configuration is approved (e.g. the device has not been compromised), and to update the DRM systems or functions implemented in such devices, typically through remote means as necessary. One example of such periodic updates is periodic online authorization, whereby content consumption devices must occasionally refresh their credentials to consume the protected content, obtain updated keys, or updated DRM software and data. Such systems have the advantage of allowing the content owner or device manufacturer to close “holes” in the DRM techniques implemented in such devices as the holes are identified, essentially making the DRM system a moving target for hackers.
Currently, there are two possible ways to implement the foregoing technique. The first is a local “precondition” check that is performed prior to executing the process that enables decryption of the protected content. The application executing on the device 102 locally evaluates the device environment and locally determines whether that environment is a permitted configuration. If the device configuration is as expected, normal content consumption processing can proceed. However, if the device configuration is not as expected, the application necessary to consume the digital content (e.g. the media player application 114 and/or associated DRM plug-ins exit and the device 102 can no longer be used. While this approach can be effective, false positives (indicating that the device is not in a permitted environment when it in fact is in a permitted environment) require a new version of the application to be installed on the device 102. Further, once installed, the new version of the application(s) 114 typically must typically be restarted manually by the user. This is an all or none approach in which execution either continues normally or halts altogether depending upon whether the device 102 configuration is as expected.
The second possible solution also involves a precondition check, but the check is performed by an authorization server or other entity, typically remote from the device 102m not the device 102 itself. In this paradigm, the application uploads a description of the device configuration to a server, and awaits instructions from that server regarding how to further proceed. One example of this paradigm is evidenced by U.S. Patent Application 2011/0030069, for “System and method for Preventing Unauthorized Use of Digital Media,” hereby incorporated by reference herein. Using this method, the client device receives a list of blacklisted items such as processes, instructions, activity descriptions or data types that must not be active concurrent with the playback of digital content. The client device checks for the presence of any such blacklisted items, and with continuing communication with the server, permits key management and playback of the protected content only if no items on the list are detected on the client. While this solution is more resilient to false positives, it may result in a loss of the user's privacy because it transmits information about the client device to the authorization server.
Other solutions are also known. For example, U.S. Patent Application 2009/0251282, for “System for Mitigating the Unauthorized Use of a Device,” incorporated by reference herein, discloses another technique. A device monitors its use, it's local environment, an/or it's operating context to determine that the device is no longer in the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. The device may also gather forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device. However, the device does not allow a remote server to describe or configure the required environment to the client or the remedial action to be undertaken if the device is not in the required environment.
Accordingly, there is a need to determine a remedial action to be performed by a content consumption device upon the detection of an unexpected, unpermitted, or forbidden device environment in such a way that addresses false positives and does not compromise the user's privacy. This disclosure describes a solution to this need.