1. Field of the Invention (Technical Field)
The present invention relates to the field of displaying digital images on a computer, and in particular to the protection of these images from unauthorized copying.
2. Background Art
One of the fundamental problems associated with making multimedia content (e.g., digital images, digital video, and digital audio) publicly available over the global internet is the inability of stopping anyone who accesses the content from copying it, and subsequently distributing it to others. For example, using the Microsoft Internet Explorer(copyright) or the Netscape Navigator(copyright) browsers, a user can press the right mouse button while a multimedia object in the browser is selected, and they are then given the option of saving this object. Furthermore, in the case of digital images, the Microsoft Windows(copyright) 95, 98, or NT operating systems generally allow a user to perform a xe2x80x9cscreen capturexe2x80x9d, saving a copy of whatever is displayed on the screen. In these operating systems, this is accomplished by pressing the xe2x80x9cPrint Screenxe2x80x9d button on the computer keyboard, thereby saving a bit-mapped image of the computer screen in a xe2x80x9cclipboardxe2x80x9d. The clipboard can then be xe2x80x9cpastedxe2x80x9d into image processing applications that can manipulate the bit-mapped image, allowing one to save selected regions of the bit-map. In addition, there are a number of software applications that provide more sophisticated image capture capabilities, including xe2x80x9cHyperSnap-Dxxe2x80x9d, G. Koshaniak, and xe2x80x9cCapture Professionalxe2x80x9d. Recently, a number of products related to the idea of a xe2x80x9csecure containerxe2x80x9d have been proposed, including DigiBox(trademark) by InterTrust Technologies Corporation, xe2x80x9cThe DigiBox: A Self-Protecting Container for Electronic Commercexe2x80x9d, O. Sibert, Dbernstein, and D. Van Wie, USENIX 1995 Electronic Commerce Workshop, and Cryptolopes(copyright) by the IBM Corporation, xe2x80x9cCryptolope Containersxe2x80x9d. The generic idea involves encapsulating encrypted digital content, along with a set of rules for decrypting the content, within the secure container. Users are only allowed to decrypt specific pieces of the content, as specified by the rules, once they have obtained authority for doing so. Typically, access to the encrypted content is controlled via a xe2x80x9ckey exchangexe2x80x9d over a separate channel to each user (e.g., Cryptolope(copyright) uses RSA public key encryption). If the proper authority is granted to a user, then that user is able to use their specific key to xe2x80x9cunlockxe2x80x9d portions of the content, thereby obtaining a xe2x80x9cclear viewxe2x80x9d of the content. This same concept can be extended to groups of users.
With respect to images, secure containers prevent a protected image from being viewed until a user is given the proper authority. Once the image is viewable; however, secure containers do not specifically prevent the image from being copied using screen capture programs. To address this problem, a number of xe2x80x9ccountermeasuresxe2x80x9d have been employed by content providers in order to discourage illicit copying of images once they are in xe2x80x9cclear viewxe2x80x9d. These include placing visible watermarks in an image, or only making a xe2x80x9clow resolutionxe2x80x9d version of the image available for viewing. However, each of these approaches is lacking in one way or another. For example, visible watermarks are in general easily removed using simple image processing operations, and in both of the cases cited above, the prospective buyer does not get to view the image they may wish to buy. Ideally, a consumer should be able to view the actual content they are contemplating purchasing, but they should not be able to download this content unless the owner of the content has granted permission to do so.
An example of the present methodology for securing video images is in U.S. Pat. No. 5,881,287 to Mast, entitled Method and Apparatus for Copy Protection of Images in a Computer System. However, as can be seen, there are several deficiencies in the Mast patent. The embodiment in Mast discloses a library, plus a set of installed services to be used by other applications. The present invention is an application. The copy protection is provided to the image files, not as a run-time service to other applications. Additionally, The present invention does not require the presence or installation of services or other applications other than provided by the operating system-level components.
In the Mast patent, the sole mode of copy protection once the image has been decrypted, requires the use of windows hooks as means to protect the images in disk and video memory. The present invention does not rely or require any kind of hook mechanism. Hook global mechanisms are not favored in environments where process security is important. The present invention uses direct manipulation of video memory that will bypass hook mechanisms. Mast requires that the applications that use the protection provided by said invention, be modified to link and make calls into the protection DLL (BITBLOCK.DLL). In addition, the protection DLL must make calls to the protected applications. The present invention does not require other programs to be modified to accommodate the means of protection. In addition, the present invention does not rely on calls to other applications to provide the means of protection. The means of protection relies solely on calls to operating system-level services.
Mast also requires the protection DLL (BITBLOCK.DLL) to install a callback function into the Microsoft Windows 3.1(copyright) BitBlt( ) GDI function hook chain. The present invention does not make use of protection DLLs, nor does it use callback functions to provide means of protection. The Mast invention requires a device driver and a means for intercepting memory read requests. The present invention does not rely or require device drivers or other standalone decryption services, although it can be implemented using them. Decryption is provided as a routine embedded in the application.
The general goal of the present invention is to allow multimedia content providers to make their intellectual property (i.e., their images) publicly available, while at the same time preventing those who view these images from copying them. Specifically, during the time an image is viewable, the present invention prevents the image from being copied or screen captured. Thus, if users attempt to view the image from xe2x80x9coutsidexe2x80x9d the secure viewer, they will only see the noise-like encrypted content. Under specific conditions, the secure viewer will allow a user to copy an image, but only if the user possesses a secret key necessary to decrypt the image. This gives content owners the ability to control who is able to save their images. Note that this approach is quite different from the manner in which secure containers are used. In particular, under a specific viewing mode (and assuming the image is encrypted for this mode) a user can always view the image; however, they are never able to copy it. This security is accomplished in the secure viewer by directly controlling the client system output devices. Specifically, the present invention details how operating system services or custom device drivers can be used to gain direct control of video hardware. In its present embodiment in the Microsoft Windows(copyright) 95/98/NT platforms, it uses the services of DirectX(copyright) to directly manipulate and control the video hardware. Other embodiments are possible, as described below.
In accordance with the present invention, there is provided a method of securing video images in computer systems. The invention provides a method of allowing copies of images to be made only with authorization. The preferred method of preventing illicit copying of a displayed image from a computer video memory comprises the steps of decoding a proprietary image format into video memory, controlling video hardware and locking video memory and displaying the image. The preferred step of decoding a proprietary image format into video memory comprises decrypting a previously encrypted image using a secret key. The preferred step of controlling video hardware and locking video memory comprises the substeps of obtaining exclusive cooperative control of the video hardware, allocating video memory, locking video hardware and issuing pending video hardware operations, and destroying an image displayed in video memory via pending video hardware operations if an attempt is made to unlock video memory. The preferred substep of obtaining exclusive cooperative control of the video hardware comprises issuing video hardware control DirectX(copyright) calls. An alternative substep of obtaining exclusive cooperative control of the video hardware comprises a first set of calls to a video device driver. The preferred substep of allocating video memory comprises creating at least one display surface. The preferred substep of locking video hardware and issuing pending video hardware operations comprises issuing video hardware locking and issuing pending hardware operation DirectX(copyright) calls. The alternative substep of locking video hardware and issuing pending video hardware operations comprises a second set of calls to a video device driver. The preferred substep of destroying the image via pending video hardware operations if an attempt is made to unlock video memory comprises execution of pending video hardware operations. The preferred step of displaying the image comprises the steps of decoding a native image file format, verifying an image file using a check sum method, if the image file is valid, reading decrypting information from the image file and decrypting the image into video memory.
The preferred method of preventing illicit copying of images from a computer video memory comprises the steps of decoding a proprietary image format into video memory, controlling video hardware and locking video memory comprising the substeps of executing the following DirectX(copyright) calls:
LPDIRECTDRAW DirectXhandle1, DirectXhandle2;
DirectDrawCreate(VideoID, andDirectXhandle, 0);
DirectXhandle1xe2x86x92Queryinterface(IID_IDirectDraw2, (void**)DirectXhandle2);
DirectXhandle2xe2x86x92SetCooperativeLevel(WindowHandle, DDSCL_EXCLUSIVE|DDSCL_FULLSCREEN);
obtaining exclusive cooperative control of the video hardware, allocating video memory comprising the substeps of executing the following DirectX(copyright) calls:
LPDIRECTDRAWSURFACE primary_surface, back_surface, blank_surface;
DDSURFACEDESC surface_descriptor;
DDSCAPS surface_capabilities;
surface_descriptor.ddsCaps.dwCaps=DDSCAPS_PRIMARYSURFACE|
DDSCAPS_FLIP |DDSCAPS_COMPLEX;
surface_descriptor.dwBackBufferCount=1;
DirectXhandle2xe2x86x92CreateSurface(andsurface_descriptor, andprimary_surface, 0);
primary_surfacexe2x86x92GetAftachedSurface(andsurface_capabilities, andback_surface);
locking video hardware and issuing pending video hardware operations comprising the substeps of executing the following DirectX(copyright) call:
primary_surfacexe2x86x92Lock(0, andsurface_descriptor, DDLOCK_WAIT|
DDLOCK_WRITEONLY, 0)
destroying an image via pending video hardware operations if an attempt is made to unlock video memory comprising the substeps of issuing the following DirectX(copyright) calls:
primary_surfacexe2x86x92Flip(0, DDFLIP_WAIT);
back_surfacexe2x86x92BItFast(0, 0, blank_surface, 0, DDBLTFAST_WAIT).
The preferred method further comprises the step of creating a blank surface. The preferred step of creating a blank surface comprises executing the following DirectX(copyright) calls:
LPDIRECTDRAWSURFACE blank_surface;
DDSURFACEDESC surface_descriptor;
surface_descriptor.ddsCaps.dwCaps=DDSCAPS_PRIMARYSURFACE;
DirectXhandle2xe2x86x92CreateSurface(andsurface_descriptor, andblank_surface, 0);
A primary objective of the present invention is to allow multimedia content providers to make images publicly available, while at the same time preventing those who view these images from copying them without authority.
Another object of the present invention is to allow multimedia content providers to make selected images available to designated user groups. In this case, images will be encrypted according to a key associated with the user group, and therefore only members of the user group will be able to view the selected images. A second key can be provided to the user for the purpose of downloading (i.e., copying) the image if the content provider wishes to do so.
A primary advantage of the present invention is that it allows content providers to explicitly control not only who is able to view their images, but more importantly, who is able to copy them.
Another advantage of the present invention is that it can be used to make potentially offensive images xe2x80x9cnon-viewablexe2x80x9d to certain users. For example, the required viewing key can be supplied to a user once he has indicated that he would like to view the material, the content provider has verified some claim (e.g., proof of age), etc. Such protocols are easily incorporated into the present invention. In addition, the present invention can be used to protect the confidentiality of sensitive or personal information, such as medical x-rays, or classified images.
Yet another advantage is that the invention can allow the viewing of images to be time-locked, allowing the image to be viewed for a prescribed period of time.
Other objects, advantages, and novel features, and further scope of applicability of the present invention will be set forth in part in the detailed description to follow, taken in conjunction with the accompanying drawings, and in part will become apparent to those skilled in the art upon examination of the following, or may be learned by practice of the invention. The objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.