The present inventions relate generally to computer security, and more particularly to steganographic techniques for hiding or encoding electronic control information within an information signal carried by an insecure communications channel. Still more particularly, the present inventions relate to systems, methods and techniques that substantially invisibly and/or indelibly convey, over analog or other insecure communications channels, digital rights management control information for use within a virtual distribution environment electronic rights management system.
The world is becoming digital. Digital signals are everywherexe2x80x94in our computers, television sets, VCRs, home stereos, and CD players. Digital processingxe2x80x94which operates on information xe2x80x9cbitsxe2x80x9d (numerical xe2x80x9conxe2x80x9d or xe2x80x9coffxe2x80x9d values)xe2x80x94provides a degree of precision and protection from noise that cannot be matched by the older, xe2x80x9canalogxe2x80x9d formats we have used since the beginning of the electronic age.
Despite the clear advantage of digital communications, the older xe2x80x9canalogxe2x80x9d domain remains significant. Many of our most important information delivery mechanisms continue to be based on analogxe2x80x94not digitalxe2x80x94signaling. In fact, most of our electronic entertainment, news, sports and music program material comes to us in the form of analog signals. For example:
Television remains largely analog. Although the distribution of television programming to local cable systems is increasingly digital and most modem television sets include digital signal processing circuits, the local cable television xe2x80x9chead endxe2x80x9d continues to send television signals to the subscriber""s set top box and television in analogxe2x80x94not digitalxe2x80x94form. It will cost a great deal to convert local cable distribution from analog to digital. In the United States, for example, the widespread conversion from analog to digital television is projected to take no less than 15 years and perhaps even longer.
In radio broadcasting, too, analog communication continues to reign supreme. Thousands of radio stations broadcast music, news and other programs every day in analog form. Except for a few experimental digital systems, practically all radio broadcasting is carried over analog communications channels.
The movies and videos we rent at the local video tape rental store are analog.
Commercially available music tape cassettes are recorded in analog formats.
Moreover, the xe2x80x9creal worldxe2x80x9d is analog. Everything digital must ultimately be turned into something analog if we are to experience it; and conversely, everything analog must be turned into something digital if the power of modern digital technology will be used to handle it. Modem digital technology also allows people to get better quality for less money.
Despite the pervasiveness of analog signals, existing methods for managing rights and protecting copyright in the analog realm are primitive or non-existent. For example:
Quality degradation inherent in multigenerational analog copying has not prevented a multi-billion dollar pirating industry from flourishing.
Some methods for video tape copy and pay per view protection attempt to prevent any copying at all of commercially released content, or allow only one generation of copying. These methods can generally be easily circumvented.
Not all existing devices respond appropriately to copy protection signals.
Existing schemes are limited for example to xe2x80x9ccopy/no copyxe2x80x9d controls.
Copy protection for sound recordings has not been commercially implemented.
A related problem relates to the conversion of information between the analog and digital domains. Even if information is effectively protected and controlled initially using strong digital rights management techniques, an analog copy of the same information may no longer be securely protected.
For example, it is generally possible for someone to make an analog recording of program material initially delivered in digital form. Some analog recordings based on digital originals are of quite good quality. For example, a Digital Versatile Disk (xe2x80x9cDVDxe2x80x9d) player may convert a movie from digital to analog format and provide the analog signal to a high quality analog home VCR. The home VCR records the analog signal. A consumer now has a high quality analog copy of the original digital property. A person could re-record the analog signal on a DVD-R (a Digital Versatile Disk appliance and media supporting both read and write operations). This recording will in many circumstances have substantial qualityxe2x80x94and would no longer be subject to xe2x80x9cpay per viewxe2x80x9d or other digital rights management controls associated with the digital form of the same content.
Since analog formats will be with us for a long time to come, rightsholders such as film studios, video rental and distribution companies, music studios and distributors, and other value chain participants would very much like to have significantly better rights management capabilities for analog film, video, sound recordings and other content. Solving this problem generally requires a way to securely associate rights management information with the content being protected.
People have for many years been using various techniques allowing digital information to, in effect, ride xe2x80x9cpiggybackxe2x80x9d on analog information signals. For example, since the 1960s, it has been common to digitally encode text information such as subtitles into otherwise unused portions of analog television signals (e.g., within the so-called xe2x80x9cVertical Blanking Intervalxe2x80x9d).
Unfortunately, sending digital information using such known digital encoding techniques is problematic because the digital information is not persistent. It is relatively easy to strip out or eliminate digital information encoded using prior techniques commonly employed for superimposing digital signals onto an analog information signal. Analog communications channels may commonly be subjected to various signal processing that may (intentionally or unintentionally) strip out digital information added to the analog signalxe2x80x94defeating any downstream system, process or technique that depends on the presence and readability of the digital information. For example, the television vertical blanking signalxe2x80x94along with any signal components disposed within the vertical blanking intervalxe2x80x94is typically routinely eliminated whenever a video signal is processed by a computer.
Attempting to use insecure techniques for providing rights management is at best ineffective, and can be worse than no rights management at all. Unscrupulous people can strip out insecure control information altogether so that the corresponding information signal is subject to no controls at allxe2x80x94for example, defeating copy protection mechanisms and allowing users to avoid paying for rights usage. More nefariously, an unscrupulous person could alter an insecure system by substituting false control information in place of the proper information. Such substitutions could, for example, divert payments to someone other than legitimate rights holdersxe2x80x94facilitating electronic fraud and theft.
Prior, insecure techniques fail to solve the overall problem of how to provide and securely manage advanced automatic electronic rights management for analog and other information signals conveyed over an insecure communications channel. The lack of strong rights management for analog signals creates a huge gap in any comprehensive electronic rights management strategy, and makes it possible for consumers and others to circumventxe2x80x94to at least some extentxe2x80x94even the strongest digital rights management technologies. Consequently, there is a real need to seamlessly integrate analog delivery models with modern electronic digital rights management techniques.
The present inventions solve these and other problems by providing xe2x80x9cend to endxe2x80x9d secure rights management protection allowing content providers and rights holders to be sure their content will be adequately protectedxe2x80x94irrespective of the types of devices, signaling formats and nature of signal processing within the content distribution chain. This xe2x80x9cend to endxe2x80x9d protection also allows authorized analog appliances to be easily, seamlessly and cost-effectively integrated into a modem digital rights management architecture.
The present inventions may provide a Virtual Distribution Environment (xe2x80x9cVDExe2x80x9d) in which electronic rights management control information may be delivered over insecure (e.g., analog) communications channels. This Virtual Distribution Environment is highly flexible and convenient, accommodating existing and new business models while also providing an unprecedented degree of flexibility in facilitating ad hoc creation of new arrangements and relationships between electronic commerce and value chain participantsxe2x80x94regardless of whether content is distributed in digital and/or analog formats.
The present inventions additionally provide the following important and advantageous features:
An indelible and invisible, secure technique for providing rights management information.
An indelible method of associating electronic commerce and/or rights management controls with analog content such as film, video, and sound recordings.
Persistent association of the commerce and/or rights management controls with content from one end of a distribution system to the otherxe2x80x94regardless of the number and types of transformations between signaling formats (for example, analog to digital, and digital to analog).
The ability to specify xe2x80x9cno copy/one copy/many copiesxe2x80x9d rights management rules, and also more complex rights and transaction pricing models (such as, for example, xe2x80x9cpay per viewxe2x80x9d and others).
The ability to fully and seamlessly integrate with comprehensive, general electronic rights management solutions (such as those disclosed in the Ginter et al. patent specification referenced above).
Secure control information delivery in conjunction with authorized analog and other non-digital and/or non-secure information signal delivery mechanisms.
The ability to provide more complex and/or more flexible commerce and/or rights management rules as content moves from the analog to the digital realm and back.
The flexible ability to communicate commerce and/or rights management rules implementing new, updated, or additional business models to authorized analog and/or digital devices.
Briefly, the present inventions use xe2x80x9csteganographyxe2x80x9d to substantially indelibly and substantially invisibly encode rights management and/or electronic commerce rules and controls within an information signal such as, for example, an analog signal or a digitized (for example, sampled) version of an analog signal.
The Greek term xe2x80x9csteganographyxe2x80x9d refers to various xe2x80x9chidden writingxe2x80x9d secret communication techniques that allow important messages to be securely carried over insecure communications channels. Here are some examples of steganography:
In ancient Persia an important message was once tattooed on a trusted messenger""s shaved scalp. The messenger then allowed his hair to grow backxe2x80x94completely hiding the message. Once the messenger made his way to his destination, he shaved his hair off againxe2x80x94exposing the secret message so the recipient could read it on the messenger""s shaved scalp. See Kahn, David, The Codebreakers page 81 et seq. and page 513 et seq. (Macmillan 1967). This unusual technique for hiding a message is one illustration of xe2x80x9csteganography.xe2x80x9d
Another xe2x80x9csteganographicxe2x80x9d technique encodes a secret message within another, routine message. For example, the message xe2x80x9cHey Elmer, Lisa Parked My Edselxe2x80x9d encodes the secret message xe2x80x9cHELP MExe2x80x9dxe2x80x94the first letter of each word of the message forming the letters of the secret message (xe2x80x9cHey Elmer, Lisa Parked My Edselxe2x80x9d). Variations on this technique can provide additional security, but the basic concept is the samexe2x80x94finding a way to hide a secret message within information that can or will be sent over an insecure channel.
Invisible ink is another commonly used xe2x80x9csteganographyxe2x80x9d technique. The secret message is written using a special disappearing or invisible ink. The message can be written on a blank piece of paper, or more commonly, on the back or front of the piece of paper carrying a routine-looking or legitimate letter or other written communication. The recipient performs a special process on the received document (e.g., exposing it to a chemical or other process that makes the invisible ink visible) so that he or she can read the message. Anyone intercepting the paper will be unable to detect the secret messagexe2x80x94or even know that it is therexe2x80x94unless the interceptor knows to look for the invisible message and also knows how to treat the paper to make the invisible ink visible.
The present inventions use steganography to ensure that encoded control information is both substantially invisible and substantially indelible as it passes over an insecure communications channel. At the receiving end, a secure, trusted component (such as a protected processing environment described in Ginter et al.) recovers the steganographically-encoded control information, and uses the recovered information to perform electronic rights management (for example, on analog or other information signals carried over the same channel).
One specific aspect provided by the present inventions involve steganographically encoding digital rights management control information onto an information signal such as, for example, an analog or digitized television, video or radio signal. The steganographic encoding process substantially inextricably intertwines the digital control information with images, sounds and/or other content the information signal carriesxe2x80x94but preferably without noticeably degrading or otherwise affecting those images, sounds and/or other content. It may be difficult to detect (even with educated signal processing techniques) that the analog signal has been steganographically encoded with a rights management control signal, and it may be difficult to eliminate the steganographically encoded control signal without destroying or degrading the other information or content the signal carries.
The present inventions also provide a secure, trusted protected processing environment to recover the steganographically-encoded control signal from the information signal, and to enforce rights management processes based on the recovered steganographically encoded control signal. This allows the information signal delivery mechanism to be fully integrated (and made compatible) with a digital virtual distribution environment and/or other electronic rights management system.
In accordance with yet another aspect provided by this invention, steganographically encoded, digital rights management control information may be used in conjunction with a scrambled and/or encrypted information signal. The scrambling and/or encryption can be used to enforce the rights management provided in accordance with the steganographically encoded rights management control information. For example, the control signal can be steganographically decoded and used to control, at least in part, under what circumstances and/or how the information signal is to be descrambled and/or decrypted.
In accordance with yet another feature provided by the invention, digital certificates can be used to securely enforce steganographically encoded rights management control information.
In accordance with still another feature provided by the invention, steganography is used to encode an information signal with rights management control information in the form of one or more protected organizational structures having association with electronic controls. The electronic controls may, for example, define permitted and/or required operation(s) on content, and consequences of performing and/or failing to perform such operations. The organizational structure(s) may identify, implicitly or explicitly, the content the electronic controls apply to. The organizational structure(s) may also define the extent of the content, and semantics of the content.
The type, amount and characteristics of the steganographically encoded rights management control information are flexible and programmablexe2x80x94providing a rich, diverse mechanism for accommodating a wide variety of rights management schemes. The control information can be used to securely enforce straightforward secure rights management consequences such as xe2x80x9ccopy/no copy/one copyxe2x80x9d type controlsxe2x80x94but are by no means limited to such models. To the contrary, the present invention can be used to enable and enforce much richer, more complex rights management modelsxe2x80x94including for example those involving usage auditing, automatic electronic payment, and the use of additional electronic network connections. Moreover, the rights management control arrangements provided by the present invention are infinitely extensible and scaleablexe2x80x94fully accommodating future models as they are commercially deployed while preserving full compatibility with different (and possibly more limited) rights management models deployed during earlier stages.
The organizational structure(s) may be steganographically encoded in such a way that they are protected for purposes of secrecy and/or integrity. The employed steganographic techniques may provide some degree of secrecy protectionxe2x80x94or other security techniques (e.g., digital encryption, digital seals, etc.) may be used to provide a desired or requisite degree of security and/or integrity protection for the steganographically encoded information.
In one example, the organizational structure(s) may comprise digital electronic containers that securely contain corresponding digital electronic control information. Such containers may, for example, use cryptographic techniques. In other examples, the organizational structure(s) may define associations with other electronic control information. The other electronic control information may be delivered independently over the same or different communications path used to deliver the organizational structure(s).
In one example, the steganographic techniques employed may involve applying the organizational structure information in the form of high frequency xe2x80x9cnoisexe2x80x9d to an analog information signal. Spectral transforms may be used to apply and recover such steganographically-encoded high frequency xe2x80x9cnoise.xe2x80x9d Since the high frequency noise components of the information signal may be essentially random, adding a pseudo-random steganographically encoded control signal component may introduce substantially no discernible information signal degradation, and may be difficult to strip out once introduced (at least without additional knowledge of how the signal was incorporated, which may include a shared secret).
In accordance with another aspect provided by the invention, a steganographic encoding process analyzes an information signal to determine how much excess bandwidth is available for steganographic encoding. The steganographic encoding process may use variable data rate encoding to apply more control information to parts of an information signal that use much less than all of the available communications channel bandwidth, and to apply less control information to parts of an information signal that use nearly all of the available communications channel bandwidth.
In accordance with still another aspect provided by the invention, multiple organizational structures may be steganographically encoded within a given information signal. The multiple organizational structures may apply to different corresponding portions of the information signal, and/or the multiple organizational structures may be repetitions or copies of one another to ensure that an electronic appliance has xe2x80x9clate entryxe2x80x9d and/or error correcting capability and/or can rapidly locate a pertinent organizational structure(s) starting from any arbitrary portion of the information signal stream.
In accordance with yet another aspect provided by this invention, an organizational structure may be steganographically encoded within a particular portion of a content-carrying information signal to which the organizational structure appliesxe2x80x94thereby establishing an implicit correspondence between the organizational structure and the identification and/or extent and/or semantics of the information content to which the organizational structure applies. The correspondence may, for example, include explicit components (e.g., internally stated start/end points), with the storage or other physical association determined by convenience (i.e., it may make sense to put the organizational structure close to where it is used, in order to avoid seeking around storage media to find it).
In accordance with yet another aspect provided by this invention, pointers can be steganographically encoded into parts of an information signal stream that has little excess available bandwidth. Such pointers may be used, for example, to direct an electronic appliance to portions of the information signal stream having more available bandwidth for steganographic encoding. Such pointers may provide improved steganographic decode access timexe2x80x94especially, for example, in applications in which the information signal stream is stored or otherwise available on a random access basis.