This invention relates generally to a method and system for distribution of data across networks, and, more specifically to a system for delivering executable software content over broadband access networks in a secure manner that enables on-demand subscription.
The on-demand delivery of software applications and multimedia data types such as audio, video, animation, etc. has not been practical until recently primarily due to the rates at which data is transmitted across communication networks. The rate at which data, formatted into a series of bits, is transmitted is referred to as a bit per second (bps). Early modems were capable of transmitting information at a rate of approximately 300 bits per second. Thereafter, the speeds at which modems were capable of transmitting and receiving data increased. With such increases in modem speed, the nature of network topologies as well as the types of data transmitted across networks began to evolve. With modem speeds of 9600 bps and 1200 bps computer networks such as the Internet were primarily an ASCII text environment with specific protocols and text messaging. Subsequent increases in modem speed enabled more complex information to be accessed over the Internet and other computer networks. While ASCII text paradigm still exist on the World Wide Web portion of the Internet today, the more recent increased bandwidth environment has enabled communication of more complex content and multimedia data types.
More recently, high performance broadband technology and cable modems, with connectivity speeds in excess of 1 million bps, are being deployed and offered by cable, telephone, cellular and satellite enterprises worldwide. Current broadband access networks include the cable industry""s shared medium Hybrid Fiber Coax (HFC) networks and the telephone industry""s digital subscriber lines (xDSL).
With the advent of broadband technology and broadband access networks, complex multimedia data types and software titles, previously only available on Compact Disc Read Only Memory (CD-ROM) and Digital Versatile Disc (DVD), hereafter referred to as xe2x80x9ctitle(s),xe2x80x9d are now capable of being remotely accessed by subscribers to broadband access network services.
There are, however, factors other than data rates that also have made on-demand delivery of titles impractical. One such obstacle preventing on-demand delivery of content including software and multimedia titles to date has been the requirement to have the title loaded onto the subscriber""s local computer system in order to execute the title. Further, the widespread copying or xe2x80x9cpiratingxe2x80x9d of title content, and the associated security risks associated with distribution of fully enabled copies of titles, has made on-demand distribution unattractive to software publishers and content libraries.
Accordingly, a need exists for a method and system for on-demand delivery of executable software content, which does not require installation of the content on the subscriber""s local computer system.
An additional need exists for a method and system to deliver content to subscriber""s in an on-demand basis which provides security to protect the value of the content and which prevents unauthorized use and copying thereof. An additional need exists for a method and system in which content may be delivered across broadband access network in a manner which meets the latency requirements of the content being executed.
The Secure Content Delivery Platform (SCDP) of the present invention delivers high-bandwidth executable content, on-demand, over broadband access networks. Using the SCDP platform, broadband subscribers, e.g. subscribers to cable modem and xDSL services, have access to titles across the broadband networks.
Users select a title to run from a virtual storefront, for example on the World Wide Web, which contains a virtual catalog of available titles. Upon selection of the title, the user negotiates for an actual purchase of the title. Negotiation includes user registration with a third party electronic commerce system (eCommerce), provision of user billing information, and selection of one of the purchase types offered with the selected title. Examples of possible purchase types may include 1) a time-limited demo of the title, 2) a single payment for a single usexe2x80x9d of a title, 3) a single payment which allows unlimited xe2x80x9cusesxe2x80x9d of a title over some specified time period e.g., week, month, etc.
Upon completion of the purchase negotiation, SCDP client software running on the user""s PC obtains an authorization token and keying material from a Conditional Access Server (CAS). The token authorizes the client process to run the selected title from a network file server accessible across the broadband network. The data retrieved from the file server is encrypted. The SCDP client process uses the keying material provided by the conditional access server to decrypt the data from the file server. With the present invention, titles run on the user""s PC, but the title is not downloaded, in its entirety, onto the PC. A title is formatted into an electronic package that contains the title""s files in a compressed and encrypted form, referred to hereafter as a briq. The briq is actually a portable, self-contained file system, containing all of the files necessary to run a particular title. Briqs are stored on a network file server, referred to hereafter as a RAFT server, accessible across a broadband network. The SCDP client treats the briq like a local file system on the user""s PC. When running a title, the operating system, e.g. Windows, makes read requests to this local file system. The SCDP client, which, in the illustrative embodiment, includes a Windows Virtual Device Driver (VxD), services these requests by retrieving the requested blocks of briq data from the RAFT server. After retrieving the requested block of data, the VxD decompresses and decrypts the briq data, and passes the data onto the operating system on the user""s PC.
In accordance with one aspect of the present invention, the software title is never xe2x80x9cinstalledxe2x80x9d on the target system. The SCDP client software creates an installation abstraction, maintaining the illusion for the operating system that the title currently executing is installed on the host PC. Thus, when execution of the title is terminated, there is no remaining evidence the title ran on the system. No files associated with the title are left on the PC""s hard-drive, and no operating system state information e.g., registry variables associated with the title, remains. Users of titles have the option of saving certain state information that would be desirable to maintain across plays; e.g., the xe2x80x9clevelxe2x80x9d achieved in a game, etc. Such state information may be saved in write-through file described hereinafter.
In accordance with another aspect of the present invention, the SCDP client software uses an inventive proprietary Random Access File Transport (RAFT) protocol to retrieve briq data across broadband network. The protocol provides SCDP clients with read-only access to files and directories stored on RAFT servers. Because the briq is treated like a local file system, the RAFT client does not need to be visible as an operating system drive and does not need to interface with the operating system""s file system manager, the Windows Installable File System (IFS) Manager in the illustrative embodiment. As a result, the RAFT client file system driver, a VxD in the illustrative embodiment, is smaller and simpler than a remote or network file system driver. In addition, the RAFT protocol supports dynamic bandwidth restrictions ,e.g., xe2x80x9cbandwidth throttlingxe2x80x9d, and access control through the use of RAFT authorization tokens.
In accordance with another aspect of the present invention, the SCDP employs a variety of security mechanisms to protect content from unauthorized access and replay. Authorization tokens and decryption keys are obtained from a conditional access server. Network communication between an SCDP client and CAS is protected via a secure remote procedure call (RPC) interface. Once a secure channel is established between SCDP client and CAS, the SCDP client requests a RAFT authorization token and keying material for the selected title. The authorization token is a signed message from the CAS indicating that the requesting user can have access to a specified briq, on a specific RAFT file server, for the length of time spelled out in the negotiated payment type.
While the RAFT authorization token gives an SCDP client access to a title""s briq, the SCDP client must still unpack, e.g. decompress and decrypt, the briq to gain access to the title""s file data. The CAS provides the user with the keying material necessary to decrypt briq data, however, the CAS does not directly provide the SCDP client with keying material. Instead, the CAS hides keying material from the user by embedding the keys in obfuscated bytecode that implements the decryption algorithm. Rather than delivering isolated keying material to the SCDP client, the CAS delivers obfuscated bytecode, referred to hereafter as an activator. The SCDP client""s virtual device driver decrypts briq data by running the activator on a bytecode interpreter. Code obfuscation makes the activator difficult to reverse engineer, requiring a hacker to spend significant time and resources to extract the keying material from the activator, at a cost typically greater than the value of the content being protected. With the contemplated invention, activators are unique per client, per briq, per execution, i.e., each activator obtained from the CAS is different and usable for one time only thereby preventing the leveraging of a single, costly reverse engineering effort out to multiple users.
In accordance with the present invention, both the RAFT authentication tokens and activators have a limited lifetime. Authorization tokens include an expiration time, after which they are no longer valid. A running activator, at a certain point, initiates an exchange with the CAS to refresh itself. If the exchange is unsuccessful, the activator becomes inoperable and the title inoperable. The refreshing of activators is referred to hereinafter as activator keepalive. The keepalive mechanism results in the delivery of an update to the currently running activator, which may include new keys, data, or even code. Authorization token refresh accompanies activator refresh. A new authorization token, along with the decryption keying data, is embedded within the new activator. At startup, the refreshed activator delivers a new RAFT authentication token to the RAFT VxD within the SCDP client.
SCDP system is media independent and will operate across any broadband networking technology, including HFC networks and the telephone industry""s digital subscriber lines, provided sufficient bandwidth exists between the user and network file servers to satisfy the latency requirements of the currently executing CD title. The SCDP system may also be implemented using 10 Mbps and 100 Mbps Ethernet Local Area Networks, for example within enterprise networks to deliver executable content over intranets as well.
According to one embodiment of the invention, a method for executing an application on a local computer system without the application being installed on the local computer system comprises the steps of: (a) accessing a network mountable file system and set of registry entries related to the application; (b) mounting the network file system; (c) storing the registry entries on the local computer system; (d) retrieving at least a portion of the application from a remote source; (e) executing the application on an operating system on the local computer system; (f) intercepting requests from the local operating system; and (g) redirecting selected of the intercepted requests to the registry entries stored on the local computer system.
According to a second embodiment of the invention, a computer program product for use with a computer system comprises a computer usable medium having program code stored thereon comprising: (a) program code for accessing a network mountable file system and set of registry entries related to the application; (b) program code for mounting the network file system and storing the registry entries locally on the computer system; (c) program code for executing at least a portion of the application retrieved from a remote source; (d) program code for intercepting requests from the operating system during application execution; and (e) program code for redirecting selected of the intercepted requests to the registry entries.
According to a third embodiment of the invention, an apparatus for executing an application without installing the application on the computer system comprises: program logic configured to mount a network file system and store in memory a plurality of registry entries related to the application; program logic configured to execute at least a portion of the application retrieved from a remote source; and program logic, responsive to requests from the operating system and configured to intercept requests from the operating system and redirect selected of the intercepted requests to the set of registry entries.
According to a fourth embodiment of the invention, a computer data signal embodied in a carrier wave comprises: (a) program code for receiving a network mountable file system and a set of registry entries related to an application; (b) program code for mounting the network file system and storing the registry entries locally on a computer system; (c) program code for executing at least a portion of the application retrieved from a remote source; (d) program code for intercepting requests from an be operating system executing on the computer system; and (e) program code for redirecting selected of the intercepted requests to the registry entries.
According to a fifth embodiment of the invention, in a client process executing on a local computer system operatively coupled over a computer network to an access server and one or more sources of title data, a method for enabling on-demand delivery of a title, comprises the steps of: (a) obtaining from the access server a token, an activator and a network address of a source at which an identified title can be accessed; (b) transmitting the token to the source, the token data defining an interval of time in which the source may be accessed; (c) retrieving at least a portion of the title from the source; (d) executing the portion of the title received from the source; and (e) obtaining from the access server a refreshed token.
According to a sixth embodiment of the invention, a computer program product for use with computer system comprises a computer usable medium having program code stored thereon comprising: (a) program code for obtaining from the access server a token, an activator and a network address of a source at which an identified title can be accessed; (b) program code for transmitting the token to the source, the token data defining an interval of time in which the source may be accessed; (c) program code for retrieving at least a portion of the title from the source; (d) program code for executing the portion of the title received from the source; and (e) program code for obtaining from the access server a refreshed token.
According to a seventh embodiment of the invention, in a computer system operatively coupled over a computer network to an access server and one or more sources of title data, an apparatus for enabling on-demand delivery of a title comprises: (a) program logic configured to obtaining from the access server a token, an activator and a network address of a source at which an identified title can be accessed; (b) program logic configured to transmit the token to the source, the token data defining an interval of time in which the source may be accessed; (c) program logic configured to retrieve at least a portion of the title from the source; program logic configured to execute the portion of the title received from the source; and program logic configured to obtain from the access server a refreshed token.
According to an eight embodiment of the invention, a computer data signal embodied in a carrier wave comprising: (a) program code for obtaining from the access server a token, an activator and a network address of a source at which an identified title can be accessed; (b) program code for transmitting the token to the source, the token data defining an interval of time in which the source may be accessed; (c) program code for retrieving at least a portion of the title from the source; (d) program code for executing the portion of the title received from the source; and (e) program code for obtaining from the access server a refreshed token.