Patent Application
20090119782
Herein are presented a method, device and system for digital rights protection and, more particularly, to a method, device and system for discouraging a user from copying digital data.
Methods by which owners of copyrighted digital data manage (“digital rights management”) and protect (“digital rights protection” access to their data are well-known in the art. Digital rights protection, as discussed herein, relates to protecting access to data stored in a storage device that is operationally installed or operationally connected to a computing system that is referred to herein as the “host” of the storage device. All known methods of digital rights protection require adjustment of the host to enable the use of the protected content. For example, the host might need to have special software installed in order to read the protected data.
An “access profile” is a set of restrictions on access (reading, writing, erasing) of data.
A “static” access profile restricts whether data may be read, written or erased. A “dynamic” access profile restricts how data may be read, written or erased. Common examples of static access profiles include marking data as “read only” and allowing only specified users to write data. The method, device and system presented herein are concerned with dynamic access profiles. Examples of dynamic access profiles include restrictions on how fast data are allowed to be read and in what sequence data are allowed to be read.
As noted above, the specific field of the method, device and system presented herein is digital rights protection. The method presented herein may be integrated with any prior art method of digital rights management.
As noted above, all known methods of digital rights protection require adjustment of the host, of the data storage device wherein the data are stored, to enable the use of the protected content. The data storage device presented herein uses a digital rights protection method that does not require adjustment, adaptation or enhancement of the device's host.
There is presented herein a method of providing data stored in a memory to a host of the memory, including the steps of: (a) monitoring an access, by the host, of is data stored in the memory, the data having a dynamic access profile associated therewith; and (b) responding to a deviation of the access from the dynamic access profile.
Furthermore, there is presented herein a data storage device for providing data to a host, including: (a) a memory wherein the data are stored together with a corresponding data access profile; and (b) an access control mechanism for (i) monitoring an access by the host to the memory; and (ii) responding to a deviation of the access from the dynamic access profile.
The basic method presented herein is a method of providing data stored in a memory to a host of the memory. For example, the method could be used to provide data from a high capacity SIM card to a cellular telephone in which the high capacity SIM card is installed. Access of the data by the host is monitored. A deviation of the access from a dynamic access profile that corresponds to the data is responded to, e.g. by terminating the access. Alternatively or additionally, the response includes issuing a report of the deviation, for example issuing an error message to the host, or, e.g. if the host is a cellular telephone, sending a report in the form of an SMS message to a remote server. Alternatively or additionally, the response includes sending spurious data to the host instead of the requested real data.
Preferably, the method also includes the step of providing the access profile, usually by storing the access profile in the memory in association with the data. Most preferably, the providing of the access profile includes the step of learning a normal access pattern of the data. The access profile then is based on the normal access pattern. A “normal” access pattern is the manner in which an application program, for which the data is intended, accesses the data.
Preferably, the access profile includes a rate schedule of access of the data by the host. For example, the access of audiovisual data by a player application is expected to be slower than the access of the data by a copy application. As another example, the access of a database by a database application is expected to be sporadic, rather than continuous as by a copy application.
Also preferably, the access profile includes a sequence of access of the data by the host. For example, the access of a database by a database application is expected to be piecewise sequential, as opposed to the fully sequential access of a copy application.
Also preferably, the access profile includes an identity of the data, for example a list of (logical) block numbers to which access is allowed (thus directly identifying the data) or a list of (logical) block numbers to which access is not allowed (thus identifying the data by implication).
A basic data storage device, for providing data to a host, includes a memory wherein the data are stored and an access control mechanism for implementing the method presented herein, i.e., for monitoring an access by the host to the memory and for responding to a deviation of the access from an access profile that corresponds to the data. For example, in the case of the host being a cellular telephone, the data storage device could be a high capacity SIM card configured to implement the method provided herein. Other embodiments of the data storage device of the present invention include hard disk drives, and solid state drives such as flash disk drives.
Preferably, the data storage device also includes a standard interface to the host.
It is known to associate digital content, that is stored in a storage device, with a “throughput rate” that also is stored in the storage device. For example, the throughput rate could be used to limit the rate at which audiovisual content is presented to a host of the device. This, however, is quite different from the method and device presented herein, because the content always is presented to the host by the known storage device in accordance with the throughput rate, regardless of how the host accesses the content. The only monitoring of the access that that known storage device performs is relative to other parameter values that are stored in the known storage device for the purpose of securing access to the content, which parameter values constitute a “static” access profile as defined herein.
The method, device and system presented herein is described, by way of example only, with reference to the accompanying drawings, wherein:
Referring now to the drawings,
Interface 18 is a standard interface for interfacing data storage device 10 with its host for exchange of data. By “standard” interface is meant an interface that complies with a commonly accepted industry standard and that lacks special provision for data rights protection. Common examples of such standards include SD, compact flash, MMC and USB.
For each file 20 a corresponding access profile 22 is stored in memory 12. Each access profile 22 describes limitations on how data storage device 10 presents data from that file 20 to the host of data storage device 10. These limitations are enforced by access control functionality 16 of controller 14. Examples of such limitations are described below. Access profiles 22a through 22n may be in the same partition of memory 12 as files 20a through 20n or alternatively may be in a separate partition of memory 12.
When data storage device 10 is connected operationally to host 30, host 30 reads file system 24 to determine how files 20a through 20n are stored in memory 12, so that applications running on host 30 can know the identities of the blocks of memory 12 in which files 20a through 20n are stored. (If memory 12 is a flash memory then its blocks are identified by logical block number rather than by physical block number, as is known in the prior art.) The applications running on host 30 issue block read commands to read the data in the various blocks. A monitoring module 15 of access control functionality 16 monitors these read commands. If read commands for accessing data of a file 20 are not in accordance with the access profile 22 of that file 20, a response module 17 of access control functionality 16 takes appropriate action.
Like the rest of controller 14, access control functionality 17 generally, and monitoring module 15 and response module 17 in particular, may be implemented in hardware, in firmware or in software.
Each access profile 22 describes limits of normal accesses of the associated file 20 by applications that access that file 20 for the purposes for which that file 20 was created. Typical examples of such access profiles, for an audiovisual file and for a database file, and how access control functionality 16 enforces these access profiles, now will be presented.
Audiovisual File
Normally, the blocks of an audiovisual file are read sequentially. The first several blocks are read as fast as host 30 can copy the blocks, in order to fill a buffer in host 30. Subsequently, the blocks are read more slowly, only as fast as host 30 can display the blocks to the user. The corresponding access profile is an access rate schedule that defines a sequence of minimum times that must elapse between successive block read commands. If data storage device 10 receives block read commands faster than allowed by this rate schedule (as measured e.g. by counting how many blocks data storage device 10 sends to host 30 per unit time), response module 17 of access control functionality 16 takes one or more of the following defensive actions:
Refuse to honor the block read commands. Stop sending data to host 30.
Issue an error message.
Issue a report of an attempt to copy protected data. For example, if host 30 is a cellular telephone, issue an SMS message to the owner of the audiovisual file.
Send spurious data to host 30 instead of real data.
A hacker can fool this access profile by coding a copy application that emulates an audiovisual player application by issuing block read commands only at the rate that an audiovisual player application would issue such commands. But then the hacker would copy the file at the slow play speed of the file, for example 90 minutes for a 90 minute movie.
Database File
Normally, the blocks of a database file are read sporadically and piecewise sequentially. The corresponding access profile includes a maximum number of blocks that are allowed to be read without a pause of pre-defined minimum duration and/or a maximum number of blocks that are allowed to be read sequentially. Any attempt by host 30 to read more than that number of blocks sequentially is countered by one or more of the following defensive actions:
Refuse to honor the block read commands. Stop sending data to host 30.
Issue an error message.
Issue a report of an attempt to copy protected data. For example, if host 30 is a cellular telephone, issue an SMS message to the owner of the database.
Send spurious data to host 30 instead of real data.
In addition, if the owner of the database also is the owner of the database application, the owner can code the database application to always ignore certain blocks. The access profile then includes the identities of these spurious blocks, or equivalently the identities of the legitimate blocks, for example as the logical numbers (e.g. relative to the first block of the file) of these spurious blocks or of the legitimate blocks. If host 30 attempts to read a spurious block, access control functionality 16 takes one or more of the defensive actions listed above. For example, host 30 could be sent spurious data simply by loading the blocks designated as spurious with all 0's, all 1's or random bits.
Some access profiles are easy to determine a priori. For example, the rate schedule of an audiovisual file can be predicted in advance, on the basis of the largest buffer that host 30 is likely to have and on the basis of how fast host 30 needs to display successive blocks of the audiovisual file. Other access profiles need to be learned empirically. For example, it is difficult to predict in advance the largest number of blocks of a database file that will be read sequentially in normal use. For example, the owner of both the database and the database application can learn the normal access pattern of the database by monitoring use of the database during beta-testing of the database application by friendly users.
Memory 12 is shown as having stored therein one more file 44, of encrypted data. File 44 includes its own access profile 42. File system 24 presents file 44 to host 30 as a virtual clear file 40 that has the same name as file 44 but may or may not have the same filename extension, so that, optionally, host 30 may or may not be aware of the existence of file 44. For example, if the data in file 44 are audiovisual data, virtual file 40 could be given a filename extension such as “mp4” that is appropriate to audiovisual data while encrypted file 44 is given a filename extension such as “mxx” to indicate to controller 14 that file 44 is an encrypted file. When host 30 starts to access file 40, controller 14 decrypts the requested blocks of file 44 using decryption functionality 26 and sends the decrypted blocks to host 30, while using access control functionality 16 to monitor the access of the blocks by host 30 relative to access profile 42. If monitoring module 15 of access control functionality 16 determines that the accessing of file 40 by host 30 deviates from access profile 40, response module 17 of access control functionality 16 takes one or more of the defensive actions listed above.
A limited number of embodiments of a method, device and system for digital rights protection have been described. It will be appreciated that many variations, modifications and other applications of the method, device and system may be made.
