US20080155702A1 - Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent - Google Patents

Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent Download PDF

Info

Publication number
US20080155702A1
US20080155702A1 US11/986,984 US98698407A US2008155702A1 US 20080155702 A1 US20080155702 A1 US 20080155702A1 US 98698407 A US98698407 A US 98698407A US 2008155702 A1 US2008155702 A1 US 2008155702A1
Authority
US
United States
Prior art keywords
content
application
content processor
processor application
integration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/986,984
Inventor
Vasanth Bala
Michael D. Smith
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liquid Machines Inc
Original Assignee
Liquid Machines Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liquid Machines Inc filed Critical Liquid Machines Inc
Priority to US11/986,984 priority Critical patent/US20080155702A1/en
Assigned to LIQUID MACHINES, INC. reassignment LIQUID MACHINES, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BALA, VASANTH, SMITH, MICHAEL D.
Publication of US20080155702A1 publication Critical patent/US20080155702A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • Cryptographic solutions such as Pretty Good Privacy (PGP) (available from Network Associates) and RSA (available from RSA Security, Inc.), secure digital content during its transmission through an untrusted channel, but are inadequate for securing it once it gets to the end user's machine.
  • PGP Pretty Good Privacy
  • RSA RSA Security, Inc.
  • the content provider would generally prefer to not have to trust the end user receiving the content, and so the security of the content must continue to persist even after the digital content has been received by the end user.
  • end users who receive digital content would generally prefer to not be burdened with the security concerns of the content provider simply because they received the digital content.
  • This “last mile” problem cannot be addressed by cryptographic techniques alone, because they require the encrypted document to be converted to clear-text on disk before it can be viewed or manipulated by an application on the end user's machine.
  • One way to establish a trusted end point on the end user's machine is to force the end user to use a trusted piece of software, namely the content player application, to “play” or process the content.
  • the trusted content player application should be capable of directly processing the digital content in the encrypted format in which it is shipped, so that a decrypted or “clear text” form of the original content is never created on disk.
  • Another solution is to create a security plugin module that can extend the content player application with the desired security features.
  • Some software manufacturers such as Microsoft Corporation, have taken the initiative of integrating their own security solutions into the content players that they manufacture. They can then provide security services to the content publishers, instead of third-parties such as RSA that are not themselves player software manufacturers.
  • plugin strategies one problem is that they rely on the application to provide a plugin interface that is appropriate for such a solution. Many important applications do not provide such interfaces. For example, there is often a need for securing CAD files that contain proprietary product details, but existing CAD packages that are widely deployed do not provide a plugin interface that allows the implementation of a security solution.
  • plugin solution is application-specific.
  • a separate plugin module would have to be developed for each player.
  • the end user upgrades a player, he is responsible for upgrading the plugin as well, assuming an upgraded plugin is readily available at that time.
  • Grimm appears to require that the disk image of the content processing application be modified prior to its execution.
  • Grimm employs a “′′static integration” scheme, where protection functionality is integrated with an application prior to execution time.
  • the present invention is a dynamic integration scheme, with the integration being repeated every time execution begins.
  • the static integration scheme suffers from some several limitations.
  • the DLLs of some commercial applications have a built-in “checksum” mechanism to detect tampering of their disk image.
  • the tool chain that creates the DLL binary at the application vendor's site embeds a checksum value in the DLL header.
  • This checksum is computed using an algorithm implemented by the operating system. For example, Win32 operating systems provide a “CheckSumMappedFile” system call that can produce the checksum number for a given DLL or EXE file, which may be embedded into the header area of the DLL or EXE file. Thereafter, when the Win32 loader loads that DLL into memory on the end user's system, it will compute the checksum itself and compare the result with the checksum embedded in the header.
  • the loader If these two numbers do not match, the loader returns a failure and the application aborts. Because the checksum depends on the bytes that make up the disk image of the original DLL as shipped by the content processing application vendor, any modification of this disk image could cause a checksum comparison failure during loading.
  • the present invention only modifies the already loaded memory image of the DLL, and never its disk image, thus avoiding the above problems.
  • the present invention on the other hand, only patches the loaded memory image of the import table after the linker has initialized the import table's entries with target addresses. Furthermore, only the relevant entries that pertain to file I/O related calls need to be patched.
  • a final problem with static integration of a security policy with the content processor application is that it binds a single policy with the application.
  • two different content publishers A and B want to associate two different content protection modules with their respective documents, two different versions of the content processor application will have to be created on the end user's machine.
  • the present invention allows the same content processor application to be used for both.
  • the present invention allows any digital content protection solution to be deployed easily, without disrupting an existing installed base of legacy applications, or preventing upgrades or replacement of these applications. It effectively disassociates the content protection enforcement from the content processor application, thereby empowering content publishers to use any content protection method of their choice, without tying it to a specific content processor application. It is also content processor application “agnostic,” allowing a single solution to work across a variety of applications that may all be capable of processing the same content format type. The invention also does not rely on the existence of a plugin interface in the application, allowing it to work even with future upgrades of the current application.
  • the invention method for extending a content processor application includes loading the content processor application into memory from a master image to form a runtime content processor application image, and dynamically integrating a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality. Only the runtime content processor application image is extended with the protection agent—the application master image remains unaltered.
  • the protection agent may comprise an amalgamator and one or more content protection modules.
  • the protection agent is integrated into the runtime content processor application image by first injecting the amalgamator into the runtime content processor application image. The amalgamator then loads the content protection modules, and integrates the modules with the runtime content processor application image to provide the extended functionality.
  • Such extended functionality may include, for example, accessing protected content.
  • the protection agent preferably executes within the same address space as the customized content processor application, and is thus easily able to support editing of protected content without the loss of protection, for example by intercepting I/O function calls, memory storage calls, cut/paste calls, etc.
  • Some content protection modules may be used to access protected content.
  • Content protection modules may be produced by a third-party. Plural content protection modules may be simultaneously registered with the protection agent, and may correspond to different content formats. They may be used in parallel by the customized content processor application to process different documents, or to process different portions of a single document. Content protection modules may be used to prevent the export, in an unprotected form, of at least a portion of the protected content, for example, by causing all I/O operations that target unprotected files/memory buffers to write out data in a protected format. Furthermore, content protection modules may be used to maintain an audit trail.
  • the customized content processor may process both protected and unprotected content.
  • the extended functionality may include, for example, content protection, rights management, and encryption/decryption.
  • the protection agent is independent of the content processor application. That is, they may be independently developed, each with no prior knowledge of the other. Similarly, the protection agent may be independent of any plugin interface provided by the content processor application.
  • the content processor application may be an existing/legacy application.
  • the dynamic integration of the protection agent with the content processor application may be performed either in hardware, software, or a combination.
  • the operating system boot process is modified so that upon attempting to launch an application that serves as an interactive shell, such as Microsoft's Windows Explorer, which can be used to launch other applications, instead an integration agent application is launched.
  • the integration agent then launches the intended application (e.g., Microsoft's Windows Explorer) and dynamically integrates it with the protection agent.
  • an end user may explicitly enable the automatic and dynamic integration of the protection agent into all subsequently launched content processor applications.
  • the dynamic integration of the protection agent into the loaded application runtime memory image may be performed by an integration agent, which may be a standalone software application.
  • the integration agent may be associated with a file type corresponding to at least one protected content document.
  • Integration of the protection agent into the runtime content processor application image may include identifying file I/O related operating system calls that can be made by the application, and then overwriting the identified file I/O related operating system calls to point to corresponding functions which extend the functionality of the content processor application.
  • file I/O related operating system calls may be identified by examining an import table associated with the runtime content processor application image. These system calls may then be intercepted by overwriting corresponding identified entries in the import table.
  • calls to functions that load additional executable code, such as a dynamically linked library (DLL) module, into memory may be identified and overwritten to point to corresponding functions contained within the protection agent.
  • DLL dynamically linked library
  • the steps of loading the application and integrating the protection agent into the runtime content processor application image are performed automatically and transparently (that is, without the knowledge or active participation of the end user) when the application is selected for execution.
  • the integration agent may be registered in place of the content processor application, so that the integration agent is executed when the application is selected.
  • the integration agent then proceeds to integrate the protection agent with (i.e., inject the protection agent into) the runtime content processor application image.
  • a system for extending a content processor application includes a loader, an integration agent and a protection agent.
  • the loader loads the content processor application into memory from a master image to form a runtime content processor application image.
  • the integration agent dynamically integrates a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality, only the runtime content processor application image being extended with the protection agent, leaving the application master image unaltered.
  • the protection agent provides access to protected content.
  • FIG. 1A is a high-level block diagram that illustrates the creation of a protected document containing protected content.
  • FIG. 1B is a high-level block diagram illustrating the use or access of the protected content with an embodiment of the present invention.
  • FIG. 2 is a flowchart of the dynamic integration process as implemented by the integration agent of the present invention.
  • FIG. 3A is a flowchart illustrating details of step 203 of FIG. 2 .
  • FIG. 3B is a schematic diagram illustrating the process of FIG. 3A .
  • FIG. 4 is a flowchart illustrating the amalgamator initialization routine of step 309 of FIG. 3A .
  • FIG. 5 is a flowchart illustrating the steps performed by the integration agent when it begins execution under one embodiment of the present invention.
  • a “content protection module” (or protection module, for short) is a software module which provides clear-text access to cipher-text content for only authorized users.
  • a “content processor application” (or content processor) is any software application that supports the viewing and/or editing of clear-text content files.
  • a “protected content” is an encrypted cipher-text file (possibly containing additional information required for authentication), which the content protection module knows how to decrypt and interpret.
  • the content protection module may also be implemented using a combination of software and hardware.
  • the software component possibly backed by hardware support, must include the “main” or “driver” portion because it is integrated into the software of the content processor application and gets control before the content processor application.
  • FIG. 1A is a high-level block diagram that illustrates the creation of a protected document.
  • the original (clear-text) document 101 is encrypted at 105 by the content protection module 103 , to form a protected document (cipher-text) 107 .
  • the protected document 107 comprises an encrypted header area 109 and the protected content 111 .
  • FIG. 1B is a high-level block diagram illustrating the use or access of the protected document 107 and hence protected content 111 with an embodiment of the present invention.
  • the content processor application 121 To view or edit the protected document 111 , the content processor application 121 must be integrated with an appropriate content protection module 103 to translate or decrypt the document contents into a clear-text version 123 of the original document 101 .
  • the existence of the content protection module 103 is transparent to the content processor application 121 .
  • the present invention does not depend upon the specific content protection algorithm used by the content protection module 103 (e.g., for encryption or authentication); any desired method may be integrated with a new or legacy content processor application 121 without requiring any access to source code of the content processor application, or any cooperation from the vendor of that application.
  • the focus is instead on the integration of a protection scheme with the content processor application 121 , and not on the particular technology used for content protection (encryption, authentication, etc.).
  • An embodiment of the present invention consists of an “integration agent”, which may be a stand-alone application, and an “amalgamator” module that automatically integrates one or more content protection modules 103 with any existing or legacy content processor application 121 that is capable of processing the original clear-text form of the content/document.
  • Integration is performed dynamically when the content processor application 121 ( FIG. 1B ) is launched, and is performed only on the image of the content processor application loaded into memory.
  • the content processor application 121 itself is never modified on disk, and no source-level integration or plugin interface is required.
  • Applicants thus refer to the memory image of the content processor application modified by such a process as a “dynamically customized content processor”, or more simply, a “customized content processor” 121 A.
  • a content protection module 103 may be automatically and dynamically integrated with any existing content processor application 121 that is used to process a content file.
  • the present invention enables a Word document to be transferred and stored as a protected cipher-text document 107 (which need not be in a format that is compatible with the Microsoft Word application), while an existing Microsoft Word application 121 can process it as if it were a regular clear-text Word file.
  • the dynamic integration process of the present invention automatically integrates an appropriate content protection module 103 with the Microsoft Word application 121 in memory. Thereafter, whenever the executing Word application 121 accesses the encrypted Word document 107 , the content protection module 103 is invoked automatically and transparently, dynamically authenticating the access rights and decrypting the portion of the protected document that is being accessed.
  • This dynamic integration occurs only on the memory image of the content processor application 121 , not in its disk image. Thus, an installed content processor application 121 is never modified on disk, and the user's experience of working with the document is unchanged, unless some authentication or authorization check fails.
  • the integration agent application and the amalgamator module are small enough that they can be shipped with the protected document 107 , so that the end user can install them if they are not already installed on the user's computer.
  • FIG. 2 is a flowchart illustrating the dynamic integration process as implemented by the integration agent 200 , once installed, of an embodiment of the present invention.
  • the process begins, at step 201 , when the user indicates, by double-clicking or through other means, a desire to launch a content processor application 121 either explicitly, for example, by clicking on the application itself, or implicitly, for example, by clicking on the content to which access is desired.
  • the integration agent 200 intercedes and launches the content processor application 121 in a suspended state. Launching the content processor application 121 in this manner ensures that no part of the application's execution occurs outside the control of the integration agent 200 or the content protection module 103 .
  • the integration agent 200 begins the dynamic integration of the amalgamator module and content protection modules 103 with the content processor application 121 .
  • the required content protection modules 103 are loaded and the memory image of the content processor application 121 is modified so that the content protection modules 103 are tightly integrated into the application, producing the customized content processor 121 A.
  • FIG. 3A discussed below, provides further details of step 203 .
  • the integration agent 200 After receiving confirmation from the amalgamator that the dynamic integration (or injection) has succeeded, the integration agent 200 terminates (step 204 ).
  • step 205 execution of the customized content processor application 121 A, with its modified capabilities, is resumed.
  • the customized content processor application 121 A processes the protected content as direct by the user.
  • Step 205 continues to process until some exit condition is indicated, as at step 206 .
  • step 207 some security-specific appropriate action may be triggered. For example, a pop-up message may appear, and/or the execution of the customized content processor application 121 A may terminate.
  • the system is flexible in that any number of content protection modules 103 can be registered for the same type of document.
  • different content publishers can, if they prefer, register different content protection modules at different times or even at the same time, for a single document type. Even a single content publisher could similarly register different content protection modules 103 for a single document type.
  • multiple content protection modules 103 may be integrated into a single content processor application 121 , so that the resulting customized content processor application 121 A can handle many different protection schemes. Depending on the protected content file being accessed, the appropriate content protection module 103 may automatically be invoked.
  • the same content publisher may associate different content protection modules 103 with different protected content files, even if all of the files will be processed by the same customized content processor application 121 A.
  • a customized content processor application 121 A that is capable of processing several content files simultaneously.
  • a user may use a content processor application, such as Microsoft Word, to open multiple windows simultaneously, each window containing a protected document 107 .
  • the customized content processor application 121 A may invoke the appropriate content protection module 103 for each protected Word document 107 .
  • the customized content processor 121 A can simultaneously process protected content as well as clear-text (i.e., unprotected) content.
  • content protection modules 103 execute within the address space of the customized content processor application 121 A, editing of protected content may be supported.
  • the content protection module 103 may include support for decrypting the protected content 111 to permit the customized content processor 121 A to edit it, as well as encryption support for protecting the content upon a save to disk or any other mechanism by which protected data is extracted from the address space of the customized content processor 121 A.
  • an appropriately authorized user can open a protected document 107 (e.g., using Microsoft Word), edit that document, and then cut text out of that document or save that document to another file system under a new filename.
  • the exported data remains protected with the security attributes of the original file (i.e., the security status of the exported portions of the protected content 111 do not change). Furthermore, this entire protection process can occur without the knowledge of the appropriately authorized user.
  • the invention enables a content publisher to use a custom content encryption or digital rights management format for shipping documents, and have its corresponding custom security solution or authenticator be automatically integrated with whatever content processing application 121 exists on the end user's machine to produce a customized content processor 121 A. Furthermore, because the integration is done dynamically without altering the disk image of the content processing application 121 , any upgrading or replacement of the content processor application 121 does not affect the ability of the authorized end user to process the protected document. Finally, because the processing of protected content 111 is integrated into applications only when needed at run time, any upgrade or change to algorithms used in the content protection modules 103 can be deployed without the need to redeploy the content processor applications 121 .
  • Win32 system such as Windows 2000 and Windows XP
  • Win32 executable application e.g., Microsoft Word
  • a Win32 application typically consists of an executable (EXE) file and several, separately compiled, dynamically linked library (DLL) files. These files contain the binary code for the functions that compose the application. Some of the DLLs may be part of the Win32 operating system library, and not part of the application itself.
  • EXE executable
  • DLL dynamically linked library
  • Launching and running an application involves some existing process on the computing system requesting that a new process be created and loaded with the memory image of the EXE file.
  • “Explorer.exe” or Explorer, for short
  • UI desktop user interface
  • the “CreateProcess” function in Win32 is the interface point that invokes the Win32 loader for launching a Win32 application.
  • the import table contains a unique entry for each external function, and is initialized by an operating system utility called the “loader” to contain the actual target address in memory for that function.
  • the Win32 loader first loads the EXE file into memory, then examines the EXE file's import table for DLL files that it could reference during the course of execution. Finally, the loader loads each of the DLL files in turn.
  • the loader repeats this sequence to load other DLL files that this one may require during the course of execution.
  • the process completes when all DLL dependencies have been resolved, that is, all referenced DLLs have been loaded into memory and initialized.
  • the loader then causes control to jump to the entry point of the application in the EXE memory image, upon which the application begins executing.
  • a similar table-like structure may provide the information necessary to allow the system loader to initialize the executables (EXEs in Win32) and shared libraries (DLLs in Win32) so that control can flow between these separately-compiled modules.
  • the process described above is modified with respect to launching and running of an EXE, in a manner that involves no additional efforts by the user wishing to run the EXE or by the vendors that provided the EXE and associated DLL files.
  • the dynamic integration process of an embodiment of the present invention modifies the process of launching and running an EXE to achieve the desired goal of such automatic and user-transparent content protection using given content processor applications.
  • the first step is to achieve the launching of the content processor application 121 for processing the protected content file 107 under control of the integration agent 200 .
  • the integration agent 200 There are a number of different ways to accomplish this, two of which are now discussed.
  • the integration agent 200 may be registered as the application associated with the file type corresponding to protected content documents 107 .
  • a protected document will always have the file extension “.CTL”.
  • an attempt to open a “.CTL” file will automatically cause the integration agent 200 to be invoked by the operating system.
  • the “.CTL” file selected by the user will then be passed to the integration agent application as an input parameter by the operating system.
  • FIG. 5 is a flowchart illustrating, for this example, the steps performed by the integration agent 200 of an embodiment of the present invention when it begins execution. Steps 501 - 503 expand on step 202 of FIG. 2 .
  • the integration agent 200 checks the header area 109 ( FIG. 1A ) of the input protected document 107 to determine the original file type of the document (e.g., “.DOC” for a Word document).
  • the “header area” is defined as part of the protected content file format, and contains, among other things, information about the original content file (such as its size, file type, etc), and authentication information that will be read by the content protection module 103 .
  • the actual format of the header area is dependent on the implementation of the content protection module 103 , which is outside the scope of this invention.
  • the integration agent 200 looks in the Windows registry for the content processor application 121 that is currently registered to handle documents of the original file type. For example, this may be some version of Microsoft Word.
  • the integration agent 200 launches the registered content processor application 121 in suspended mode. This is possible in Win32 via the “CreateProcess” system call, which invokes the Win32 loader to load the .EXE executable file and all of its dependent DLLs into memory. By launching the application 121 in suspended mode, the integration agent 200 regains control after the application 121 is loaded into memory, but before it starts execution.
  • the dynamic integration method may modify the behavior of, say, the Windows Explorer process.
  • the purpose of the modification is to customize Windows Explorer using the dynamic integration method so that it acts as the integration agent when launching content processor applications 121 .
  • the integration process modifies the Explorer so that this process's control flow is directed into a content protection module 103 before execution of the “CreateProcess” call that is used to launch any application in response to a user's interaction with the Windows desktop UI.
  • the code in the protection module 103 may launch the content processor application 121 (Microsoft Word) in suspended mode via its own invocation of the “CreateProcess” system call.
  • the integration agent 200 (this time as a module within Windows Explorer and not as a standalone application) gains control after loading but before the content processor application 121 starts its execution.
  • One solution is to modify the operating system boot process so that the launching of Windows Explorer is replaced with the launching of the integration agent application whose sole task is to launch and dynamically inject Windows Explorer.
  • a system may be implemented in which the end user explicitly enables the automatic and dynamic integration of content protection modules 103 into all subsequently launched content processor applications 121 .
  • Such a single explicit action may be acceptable and desirable in some end-user situations, and it still provides for the automatic integration of the protection modules 103 with the actual processor applications 121 .
  • the Windows Hooks facility supported by the “SetWindowsHookEx” functionality in Win32 may be used to cause Windows to inject the integration agent 200 as a DLL into the address space of the running process that is the Windows Explorer.
  • the procedure specified by the second parameter to the “SetWindowsHookEx” function identifies a procedure within the integration agent DLL, and this procedure implements the work done by the integration agent 200 after it has gained control of the content processor application 121 , as described below.
  • the next step is to inject the amalgamator module 72 ( FIG. 3B ) into the address space of the content processor and direct the content processor application's control flow into this module.
  • the amalgamator module has control, the required content protection modules 103 can be loaded, and the memory image of the content processor application 121 can be modified so that the content protection modules 103 are tightly integrated into the application.
  • a sequence of steps is followed that yields a solution that is broadly applicable across the entire range of programmable computing systems. Broad applicability is achieved by relying on only a small set of capabilities that can be found on almost any programmable computing system.
  • the approach followed by an embodiment of the present invention requires the capability and permission for one process to read and write its own or another process's address space.
  • FIG. 3A is a flowchart illustrating details of step 203 of FIG. 2 . These details include the steps by which the integration agent 200 carefully works the amalgamator module 72 into the code space of the content processor, even though the content processor 121 was never designed to load the amalgamator 72 or content protection modules 103 .
  • FIG. 3A describes the interaction between the running process (i.e., the integration agent 200 ) and the suspended process (i.e., the content processor application 121 ).
  • the integration agent 200 knows the memory address at which execution of the content processor application has been suspended and where to find the amalgamator 72 and content protection modules 103 .
  • FIG. 3B is a schematic diagram of the process of FIG. 3A and is discussed in parallel below.
  • the integration agent 52 when a user attempts to launch an application (i.e., a content processor application 121 ), for example by attempting to open the application itself or a document (content) associated with the application, the integration agent 52 is instead launched.
  • the integration agent 52 then causes the original content processor application 121 to be loaded from a master image such as a disk image 50 to a memory image 54 . (This corresponds to steps 201 and 202 of FIG. 2 .)
  • the integration agent 52 specializes a small code template 58 , (the “integrator generator template”).
  • the particular actions taken during this specialization involve setting of instruction immediates and address offsets that depend upon certain memory image 54 values such as the instruction address in the content processor's address space where the processor application is to resume execution (called the start address), the address of the “LoadLibrary” function, and the location of the amalgamator module 72 .
  • the result of this specialization is a sequence of code and data bytes called the “integrator generator” 60 , which includes an “integrator” 62 .
  • the integration agent creates a “shared byte” store 56 that acts both as a communication structure between the integration agent 52 and the amalgamator module 72 , and as a temporary store for information.
  • the integration agent 52 copies a portion 54 A of the content processor application 54 code into the store 56 , starting at the content processor application's start address and continuing until a number of bytes equal to the size of the integrator generator 60 / 62 have been copied. This copy operation can be accomplished, for example, using the Win32 “ReadProcessMemory” function.
  • the store 56 may also be written with some meta-data that specifies the size of the copied code and its original starting address, among other things.
  • the shared byte store 56 may be created, for example, as a named, memory-mapped file.
  • step 303 the integration agent 52 writes the integrator generator 60 / 62 into the address space of the content processor application starting at the start address, for example using the Win32 “WriteProcessMemory” function, so that the memory image is now as appears at 64 .
  • this and possibly other steps may require temporary manipulation of the virtual memory page protection bits to enable reading and writing of the pages containing the referenced code.
  • step 304 the integration agent 52 “resumes” execution of the content processor application 64 at the start address, for example using the Win32 “ResumeThread” function. Since first instructions of the integrator generator 60 now reside at that start address, control in the content processor flows to the integrator generator 60 . Note that the integrator generator 60 transfers control to the integrator 62 in such a manner that the control flow never has to return to the integrator generator. This is done so that the amalgamator module 72 can restore the application's code originally stored at the start address, thus removing the code for the integrator generator.
  • the integrator generator 60 first saves a portion of the content processor application's state so that resources such as registers can be temporarily used without losing the state of the application. Since the state of the program stack is known, space on the stack can be allocated to save the application's state. Alternatively, other temporary storage (e.g., the shared byte store) could be used.
  • step 306 the integrator generator 60 identifies a part of the application's address space free of code or data and creates a code cache 68 in this space.
  • the integrator generator 60 writes a sequence of code and data, called the “integrator” 62 , into this code cache. From this cache, calls can safely be made to load and initialize the amalgamator module 72 .
  • the image of working memory is now as appears at 66 in FIG. 3B .
  • the cache 68 is deallocated when the application resumes execution.
  • Such a code cache may be built, for example, by using the next set of free space on the program stack.
  • step 307 once the integrator generator 60 has created the integrator 62 , it unconditionally jumps to the first instruction in the integrator 62 .
  • step 308 the integrator 62 loads the amalgamator module 72 , so that the memory image is now as appears at 70 in FIG. 3B . Under Win32, this can be done with a call to “LoadLibrary”, with the module name recorded during specialization of the integrator generator template 58 .
  • step 309 ( FIG. 3A ) once the amalgamator module 72 has been loaded, control returns to the integrator 62 , which then makes a call to an initialization routine in the amalgamator module 72 .
  • This initialization routine 309 are explained below, with respect to FIG. 4 .
  • a loaded module is given the opportunity to initialize itself by placing some code in the stylized “DllMain” function required in all Win32 DLLs. Applicants have found that it is better to have the integrator 62 make a call to a separate initialization routine run after the completion of the “LoadLibrary” call, since only a small set of the application's and operating system's functionality is available within “DllMain”.
  • step 310 once the amalgamator's 72 initialization routine has completed, control again returns to the integrator 62 .
  • Part of the amalgamator's initialization process 309 involves restoring of the content processor application's code originally found at the start address, from the store 56 .
  • the integrator 62 can now deallocate the space for the code cache 68 and unconditionally jump to the start address, thus returning control to the now customized content processor.
  • Some architectures like the Intel x86 provide a return instruction that simultaneously deallocates a block of space on the program stack. If no architectural mechanism exists for atomically deallocating space and non-trivially changing the program counter, an alternative would be to leave a small amount of code cache space in the content processor application, enough to deallocate the larger code cache and return control to the start address.
  • the initialization routine 309 ( FIG. 4 ) in the amalgamator module 72 is primarily responsible for loading the content protection modules 76 and tightly integrating them into the memory image of the content processor application to produce the customized content processor, so that the memory image finally appears as at 74 in FIG. 3B .
  • the amalgamator 72 and content protection modules 76 are collectively called the “protection agent”.
  • This integration process does not stop once the content processor application begins running.
  • Other events such as the delay loading of a DLL or the explicit loading of a DLL by code in the content processor, may require that some portion of the integration process run again to ensure that the content protection modules are properly integrated with the current state of the content processor.
  • the launching of another content processor application by this content processor requires the amalgamator 72 to act as an integration agent and propagate itself as described above to this new content processor.
  • the integration process as performed by the amalgamator module 72 begins in its initialization routine 309 and proceeds as shown in the flowchart in FIG. 4 . Recall that this integration process begins as part of step 309 of FIG. 3A , once the content processor application 121 (that is, its EXE and dependent DLL files) and amalgamator module 72 (but not the content protection modules) have been loaded.
  • the amalgamator 72 determines the type and location of the content protection modules to load and loads them.
  • the first part of this step may be accomplished, for example, by having the amalgamator 72 read part of the header area of a protected content file 107 to determine the associated content protection module 103 for the file.
  • the integration agent 52 may have specified the location of the content protection modules to load by encoding that information in the shared byte store 56 .
  • a content protection module can be shipped separately by the content publisher, or some or all of it can optionally be embedded into the protected content file itself. In all cases, the entire contents of each protection module are copied into the address space of the content processor application.
  • the amalgamator 72 identifies each module (EXE or DLL) that is part of the content processor application's loaded memory image. Using this list, the amalgamator performs steps 403 and 404 .
  • the amalgamator 72 examines the module to identify any file I/O-related operating system calls that can be made by the content processor application while executing this module.
  • I/O functions, or system calls are those involved in input and output to the file system, including operations such as read and write, as well as cut and paste operations. Such an analysis may be performed, for example, by the amalgamator 72 examining the import table of the module looking for addresses of known file I/O-related functions.
  • the identified calls are rewritten by the amalgamator 72 so that control flows not to the I/O related function on such calls but to a corresponding function defined in a content protection module. Again, there are many ways to accomplish this redirecting of control flow.
  • One such method that is appropriate for the example given above involves the replacement of the I/O-related function call entries in the module's import table with the addresses of corresponding functions defined in the content protection module.
  • the original address inserted by the Win32 loader into that import table entry is also noted in a separate table that is accessible by the content protection module code. This “patching” of the import table ensures that when the application makes the I/O call, the content protection module gets control first, allowing it to perform any authentication or decryption actions before redirecting the call to the original function address.
  • Any function calls used to explicitly load another DLL or executable into memory are also handled by steps 402 and 403 as described above.
  • a call to “LoadLibrary” by customized content processor application during its execution will cause the amalgamator 72 to execute steps 403 and 404 for each newly loaded DLL. This ensures that any DLL or executable that is explicitly loaded by the content processor application at execution time will also have its import table entries patched appropriately.
  • amalgamator 72 for the routines in the amalgamator and content protection modules to access the functions protected in steps 403 and 404 above.
  • the “patching” mentioned above occurs only on import tables of modules belonging to the original application and not to modules associated with the amalgamator or the content protection modules.
  • step 405 the initialization routine 309 of the amalgamator accesses the shared byte store 56 , replaces the code and data for integrator generator with the content processor's original application code, and then in step 406 signals to the integration agent 63 that it is done with the shared byte store 56 .
  • the initialization routine 309 of the amalgamator returns so that the suspended application can resume execution.
  • the integration agent 52 receives notification from the amalgamator 72 that injection is complete, it terminates (or returns control to the Windows Explorer for the example scenario).
  • a content protection module 103 can prevent the export of any part of the protected document by simply ensuring that any I/O operations that target an unprotected file or memory buffer only write out encrypted data. That is, “cut/paste” operations can be prevented from being used to copy the contents of the protected document to an unprotected document. Thus, the protection associated with the document (content) continues to persist, independent of the content processor application used to process it.
  • the invention provides a very practical way to deploy digital content protection solutions in the market.
  • a secure enterprise email solution as an example to illustrate this point.
  • Many current secure email solutions allow an email sender to encrypt an outgoing email, and require the recipient to connect to a trusted server to download an authorization key that will allow the recipient user to decrypt the message.
  • the message itself is never decrypted to disk, so the clear text form of the original message never persists on the recipient's machine.
  • Attachments can also be encrypted using the same key, but unless the application used to read the attachment on the recipient's machine understands the content encryption format, the attachment cannot be read directly.
  • the attachment is a Word document that was encrypted on send
  • the attachment has to be first decrypted back to the original Word document on the recipient's machine before the Microsoft Word application on the recipient's machine can read it.
  • This creates a security hole, since the original Word document now persists in clear-text form on the recipient's machine, allowing the recipient to copy it illegally, or distribute it to unauthorized persons in an unprotected (unencrypted) form.
  • the integration agent when the recipient opens the encrypted attachment, the integration agent is invoked transparently (to the recipient), launching the Microsoft Word application and dynamically integrating the appropriate content protection module with the application in memory. Finally, the modified application may read the protected Word attachment directly.
  • the content protection module intercepts all I/O traffic between the Microsoft Word application and the content file, the fact that the attachment is an encrypted Word document is also transparent to the Word application. The end user never experiences the integration agent or the integration process, and is unaware that the attachment is actually an encrypted document, unless he or she attempts to make an unauthorized access.
  • the content protection module When the content protection module discovers an unauthorized access, it can display a message indicating authorization failure, and terminate the Microsoft Word application.
  • the content protection module could also be used to automatically maintain an audit trail.
  • a computer program product that includes a computer usable medium.
  • a computer usable medium can include a readable memory device, such as a solid state memory device, a hard drive device, a CD-ROM, a DVD-ROM, or a computer diskette, having stored computer-readable program code segments.
  • the computer readable medium can also include a communications or transmission medium, such as a bus or a communications link, either optical, wired, or wireless, carrying program code segments as digital or analog data signals.

Abstract

A content processor application is loaded into memory from a master image to form a runtime content processor application image. An integration agent dynamically integrates a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality. Only the runtime content processor application image is extended with the protection agent—the application master image remains unaltered.

Description

    RELATED APPLICATIONS
  • This application is a continuation of U.S. application Ser. No. 10/194,655, filed Jul. 11, 2002, which claims the benefit of U.S. Provisional Application No. 60/305,589, filed on Jul. 13, 2001.
  • The entire teachings of the above applications are incorporated herein by reference.
  • BACKGROUND OF THE INVENTION
  • As more and more digital content is transacted electronically, there is an increasing demand for technologies that can secure the content from unauthorized use and distribution. Unlike physical goods, digital content is easily copied and distributed. The only way to prevent this is for the content provider to establish a trusted environment on the end user's machine that can act as a proxy for securing the content from illegal copying and distribution after it is shipped to an authorized end user.
  • Cryptographic solutions such as Pretty Good Privacy (PGP) (available from Network Associates) and RSA (available from RSA Security, Inc.), secure digital content during its transmission through an untrusted channel, but are inadequate for securing it once it gets to the end user's machine. In fact, the science of cryptography matured during World War II as a means for protecting an untrusted communication channel between two parties that trust each other.
  • In the present case however, the content provider would generally prefer to not have to trust the end user receiving the content, and so the security of the content must continue to persist even after the digital content has been received by the end user. Furthermore, end users who receive digital content would generally prefer to not be burdened with the security concerns of the content provider simply because they received the digital content. This “last mile” problem cannot be addressed by cryptographic techniques alone, because they require the encrypted document to be converted to clear-text on disk before it can be viewed or manipulated by an application on the end user's machine.
  • One way to establish a trusted end point on the end user's machine is to force the end user to use a trusted piece of software, namely the content player application, to “play” or process the content. The trusted content player application should be capable of directly processing the digital content in the encrypted format in which it is shipped, so that a decrypted or “clear text” form of the original content is never created on disk.
  • Another solution is to create a security plugin module that can extend the content player application with the desired security features.
  • SUMMARY OF THE INVENTION
  • What makes the “last mile” difficult to solve in the real world is the fact that most content publishers do not control the source code for the content player applications that process their content. For example, music publishers create audio content in formats such as MP3, Real Audio and Windows Media, but the applications that play audio files in these formats are manufactured by software publishers, and not the music publishers.
  • Companies that offer digital content security or digital rights management solutions have to seek the cooperation of the software publishers before they can sell their solutions to the content publishers. They have to partner with the software publisher to do source-level integration of their security solution into the software application that will play the content, in order to create a trusted endpoint on the end user's machine for the content publisher. This makes market penetration for such approaches very difficult.
  • Even if the cooperation of software publishers can be successfully obtained, it is still up to the end user to upgrade any existing version of the software application to the custom version that has the content protector embedded in it. This creates an additional barrier to deployment, especially if the end user has to pay for the upgrade.
  • An example of such a situation recently appeared in connection with the encryption of PDF files using a digital rights management (DRM) solution. Adobe Systems Incorporated is a software company that manufactures a line of software applications, called Acrobat, based on the PDF file format. It distributes both a limited-functionality Acrobat Reader, which is free, and a full-featured Acrobat product, which costs several hundred dollars to purchase.
  • Adobe recently announced a partnership with the developer of the DRM solution to integrate that solution into Adobe's line of Acrobat applications. However, Adobe chose to integrate the DRM solution only with its full-featured product and not with the free reader.
  • From the perspective of a content publisher interested in secure distribution of PDF files, it would prefer to see the DRM solution integrated into both the free reader as well as the full-featured Acrobat application. This is because the high cost of the full-featured product creates a significant market barrier for the content publisher: an end-user receiving a secure PDF file would have to have the expensive full-feature Acrobat product and not just the free reader.
  • The impact of this price differential can be clearly seen by comparing the installed base of the full-featured version against that of the free reader; the installed base of the full-featured version is tiny compared to that of the free reader. This highlights the fact that for a digital content security solution to be easily deployable in the market, it should be able to work with existing and legacy software applications that can process the original content format.
  • Some software manufacturers, such as Microsoft Corporation, have taken the initiative of integrating their own security solutions into the content players that they manufacture. They can then provide security services to the content publishers, instead of third-parties such as RSA that are not themselves player software manufacturers.
  • Even this strategy has problems that concern content publishers. Consider the digital music market for example. The major music publishers are wary of using a proprietary security solution from one manufacturer of a software music player, because it gives that software manufacturer an unfair advantage in the market and locks the music publishers into that one software manufacturer. Furthermore, the problem of upgrading existing and legacy software players still remains.
  • In an enterprise setting, the problem of legacy software is especially acute. Enterprises typically upgrade software packages long after the upgrades are released, because of the potential disruption such upgrades can cause to the business. For example, many enterprises were still using Microsoft Office 97 in the year 2001, while in this same year, Microsoft prepared to launch its third major release of the Office Suite since releasing Office 97. Though the newest Office Suite may have built-in features for creating and handling encrypted Office files directly, the older versions of the Office Suite still installed in some parts of the enterprise will not be able to interpret these encrypted files. In situations where a secure document needs to be exchanged across enterprise boundaries, this can be particularly vexing.
  • With respect to plugin strategies, one problem is that they rely on the application to provide a plugin interface that is appropriate for such a solution. Many important applications do not provide such interfaces. For example, there is often a need for securing CAD files that contain proprietary product details, but existing CAD packages that are widely deployed do not provide a plugin interface that allows the implementation of a security solution.
  • A further problem with the plugin solution is that it is application-specific. Thus, in the case of MP3 audio format, where there are numerous players installed in the field, a separate plugin module would have to be developed for each player. When the end user upgrades a player, he is responsible for upgrading the plugin as well, assuming an upgraded plugin is readily available at that time.
  • U.S. Pat. No. 6,317,868, “Process for transparently enforcing protection domains and access control as well as auditing operations in software components” by Grimm, et al., describes another technique for enforcing content protection transparently without requiring the cooperation of the content processing application vendor. Grimm is aimed at enforcing controls on the applications themselves, rather than the content files they process. Although it might be possible to extend Grimm to protect content files as well, Grimm does not address the difficulties of actual deployment on a commercial scale.
  • For example, Grimm appears to require that the disk image of the content processing application be modified prior to its execution. Thus, Grimm employs a “″static integration” scheme, where protection functionality is integrated with an application prior to execution time.
  • In contrast, the present invention is a dynamic integration scheme, with the integration being repeated every time execution begins. The static integration scheme suffers from some several limitations.
  • For example, it is generally impossible to determine all of an application's dependencies (i.e., the required DLLs, other data structures it uses at runtime, etc.) from a static analysis of the application binary. For instance, many Win32 applications use “LoadLibrary” to dynamically load certain libraries at execution time, making it very difficult to statically enforce any protection policy on such code.
  • In addition, many commercial applications invoke operating system DLLs that are not part of the application itself, but nonetheless provide access to many system objects such as the file system. Modifying the disk image of system DLLs can be catastrophic to the robustness of the entire operating system.
  • Furthermore, the DLLs of some commercial applications have a built-in “checksum” mechanism to detect tampering of their disk image. The tool chain that creates the DLL binary at the application vendor's site embeds a checksum value in the DLL header. This checksum is computed using an algorithm implemented by the operating system. For example, Win32 operating systems provide a “CheckSumMappedFile” system call that can produce the checksum number for a given DLL or EXE file, which may be embedded into the header area of the DLL or EXE file. Thereafter, when the Win32 loader loads that DLL into memory on the end user's system, it will compute the checksum itself and compare the result with the checksum embedded in the header. If these two numbers do not match, the loader returns a failure and the application aborts. Because the checksum depends on the bytes that make up the disk image of the original DLL as shipped by the content processing application vendor, any modification of this disk image could cause a checksum comparison failure during loading.
  • By dynamically performing the integration, the present invention only modifies the already loaded memory image of the DLL, and never its disk image, thus avoiding the above problems.
  • In addition, static modification of applications can create serious adoption barriers for content publishers interested in distributing protected content files to machines that are outside their jurisdiction. For example, a department within enterprise A wishing to send a protected PDF file to a department within enterprise B cannot require enterprise B to modify all installed copies of their Acrobat PDF reader application in order to view the protected PDF file.
  • U.S. Pat. No. 5,953,534, entitled “Environment manipulation for executing modified executable and dynamically-loaded library files,” to Romer, et al., describes a technique used to statically transform an application DLL or EXE file, such that the transformed version behaves the same as the original, but allows features like instrumentation, security, auditing, etc., to be implemented transparently. This scheme suffers from the same problems as Grimm regarding static integration. Manipulation of import tables is performed statically. This implies that the import table entries have not yet been initialized by the operating system linker, so that the import table can be replaced in its entirety if so desired.
  • The present invention, on the other hand, only patches the loaded memory image of the import table after the linker has initialized the import table's entries with target addresses. Furthermore, only the relevant entries that pertain to file I/O related calls need to be patched.
  • A final problem with static integration of a security policy with the content processor application is that it binds a single policy with the application. Thus, if two different content publishers A and B want to associate two different content protection modules with their respective documents, two different versions of the content processor application will have to be created on the end user's machine. By using dynamic integration, the present invention allows the same content processor application to be used for both.
  • In summary, the present invention allows any digital content protection solution to be deployed easily, without disrupting an existing installed base of legacy applications, or preventing upgrades or replacement of these applications. It effectively disassociates the content protection enforcement from the content processor application, thereby empowering content publishers to use any content protection method of their choice, without tying it to a specific content processor application. It is also content processor application “agnostic,” allowing a single solution to work across a variety of applications that may all be capable of processing the same content format type. The invention also does not rely on the existence of a plugin interface in the application, allowing it to work even with future upgrades of the current application.
  • Accordingly, the invention method for extending a content processor application includes loading the content processor application into memory from a master image to form a runtime content processor application image, and dynamically integrating a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality. Only the runtime content processor application image is extended with the protection agent—the application master image remains unaltered.
  • The protection agent may comprise an amalgamator and one or more content protection modules. The protection agent is integrated into the runtime content processor application image by first injecting the amalgamator into the runtime content processor application image. The amalgamator then loads the content protection modules, and integrates the modules with the runtime content processor application image to provide the extended functionality. Such extended functionality may include, for example, accessing protected content.
  • The protection agent preferably executes within the same address space as the customized content processor application, and is thus easily able to support editing of protected content without the loss of protection, for example by intercepting I/O function calls, memory storage calls, cut/paste calls, etc.
  • Some content protection modules may be used to access protected content.
  • Content protection modules may be produced by a third-party. Plural content protection modules may be simultaneously registered with the protection agent, and may correspond to different content formats. They may be used in parallel by the customized content processor application to process different documents, or to process different portions of a single document. Content protection modules may be used to prevent the export, in an unprotected form, of at least a portion of the protected content, for example, by causing all I/O operations that target unprotected files/memory buffers to write out data in a protected format. Furthermore, content protection modules may be used to maintain an audit trail.
  • The customized content processor may process both protected and unprotected content. The extended functionality may include, for example, content protection, rights management, and encryption/decryption.
  • Preferably, the protection agent is independent of the content processor application. That is, they may be independently developed, each with no prior knowledge of the other. Similarly, the protection agent may be independent of any plugin interface provided by the content processor application.
  • The content processor application may be an existing/legacy application.
  • The dynamic integration of the protection agent with the content processor application may be performed either in hardware, software, or a combination.
  • In one embodiment, the operating system boot process is modified so that upon attempting to launch an application that serves as an interactive shell, such as Microsoft's Windows Explorer, which can be used to launch other applications, instead an integration agent application is launched. The integration agent then launches the intended application (e.g., Microsoft's Windows Explorer) and dynamically integrates it with the protection agent.
  • In another embodiment, an end user may explicitly enable the automatic and dynamic integration of the protection agent into all subsequently launched content processor applications.
  • The dynamic integration of the protection agent into the loaded application runtime memory image may be performed by an integration agent, which may be a standalone software application. In one embodiment, the integration agent may be associated with a file type corresponding to at least one protected content document.
  • Integration of the protection agent into the runtime content processor application image may include identifying file I/O related operating system calls that can be made by the application, and then overwriting the identified file I/O related operating system calls to point to corresponding functions which extend the functionality of the content processor application. For example, file I/O related operating system calls may be identified by examining an import table associated with the runtime content processor application image. These system calls may then be intercepted by overwriting corresponding identified entries in the import table. Alternatively, calls to functions that load additional executable code, such as a dynamically linked library (DLL) module, into memory may be identified and overwritten to point to corresponding functions contained within the protection agent.
  • In one embodiment, the steps of loading the application and integrating the protection agent into the runtime content processor application image are performed automatically and transparently (that is, without the knowledge or active participation of the end user) when the application is selected for execution.
  • The integration agent may be registered in place of the content processor application, so that the integration agent is executed when the application is selected. The integration agent then proceeds to integrate the protection agent with (i.e., inject the protection agent into) the runtime content processor application image.
  • A system for extending a content processor application according to an embodiment of the present invention, includes a loader, an integration agent and a protection agent. The loader loads the content processor application into memory from a master image to form a runtime content processor application image. The integration agent dynamically integrates a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality, only the runtime content processor application image being extended with the protection agent, leaving the application master image unaltered. The protection agent provides access to protected content.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The foregoing will be apparent from the following more particular description of example embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments of the present invention.
  • FIG. 1A is a high-level block diagram that illustrates the creation of a protected document containing protected content.
  • FIG. 1B is a high-level block diagram illustrating the use or access of the protected content with an embodiment of the present invention.
  • FIG. 2 is a flowchart of the dynamic integration process as implemented by the integration agent of the present invention.
  • FIG. 3A is a flowchart illustrating details of step 203 of FIG. 2.
  • FIG. 3B is a schematic diagram illustrating the process of FIG. 3A.
  • FIG. 4 is a flowchart illustrating the amalgamator initialization routine of step 309 of FIG. 3A.
  • FIG. 5 is a flowchart illustrating the steps performed by the integration agent when it begins execution under one embodiment of the present invention.
  • DETAILED DESCRIPTION OF THE INVENTION
  • A description of example embodiments of the invention follows.
  • As used herein, a “content protection module” (or protection module, for short) is a software module which provides clear-text access to cipher-text content for only authorized users. Further, a “content processor application” (or content processor) is any software application that supports the viewing and/or editing of clear-text content files. Also, a “protected content” is an encrypted cipher-text file (possibly containing additional information required for authentication), which the content protection module knows how to decrypt and interpret.
  • The content protection module may also be implemented using a combination of software and hardware. In any case, the software component, possibly backed by hardware support, must include the “main” or “driver” portion because it is integrated into the software of the content processor application and gets control before the content processor application.
  • FIG. 1A is a high-level block diagram that illustrates the creation of a protected document. The original (clear-text) document 101 is encrypted at 105 by the content protection module 103, to form a protected document (cipher-text) 107. In one embodiment, the protected document 107 comprises an encrypted header area 109 and the protected content 111.
  • FIG. 1B is a high-level block diagram illustrating the use or access of the protected document 107 and hence protected content 111 with an embodiment of the present invention. To view or edit the protected document 111, the content processor application 121 must be integrated with an appropriate content protection module 103 to translate or decrypt the document contents into a clear-text version 123 of the original document 101. The existence of the content protection module 103 is transparent to the content processor application 121.
  • The present invention does not depend upon the specific content protection algorithm used by the content protection module 103 (e.g., for encryption or authentication); any desired method may be integrated with a new or legacy content processor application 121 without requiring any access to source code of the content processor application, or any cooperation from the vendor of that application. The focus is instead on the integration of a protection scheme with the content processor application 121, and not on the particular technology used for content protection (encryption, authentication, etc.).
  • An embodiment of the present invention consists of an “integration agent”, which may be a stand-alone application, and an “amalgamator” module that automatically integrates one or more content protection modules 103 with any existing or legacy content processor application 121 that is capable of processing the original clear-text form of the content/document.
  • Integration is performed dynamically when the content processor application 121 (FIG. 1B) is launched, and is performed only on the image of the content processor application loaded into memory. The content processor application 121 itself is never modified on disk, and no source-level integration or plugin interface is required. Applicants thus refer to the memory image of the content processor application modified by such a process as a “dynamically customized content processor”, or more simply, a “customized content processor” 121A. Thus, a content protection module 103 may be automatically and dynamically integrated with any existing content processor application 121 that is used to process a content file.
  • For example, if the content processor application 121 is Microsoft Word and the original content file 101 is a Word document, then the present invention enables a Word document to be transferred and stored as a protected cipher-text document 107 (which need not be in a format that is compatible with the Microsoft Word application), while an existing Microsoft Word application 121 can process it as if it were a regular clear-text Word file.
  • When the Microsoft Word application 121 is launched, the dynamic integration process of the present invention automatically integrates an appropriate content protection module 103 with the Microsoft Word application 121 in memory. Thereafter, whenever the executing Word application 121 accesses the encrypted Word document 107, the content protection module 103 is invoked automatically and transparently, dynamically authenticating the access rights and decrypting the portion of the protected document that is being accessed.
  • This dynamic integration occurs only on the memory image of the content processor application 121, not in its disk image. Thus, an installed content processor application 121 is never modified on disk, and the user's experience of working with the document is unchanged, unless some authentication or authorization check fails.
  • In one embodiment, the integration agent application and the amalgamator module are small enough that they can be shipped with the protected document 107, so that the end user can install them if they are not already installed on the user's computer.
  • FIG. 2 is a flowchart illustrating the dynamic integration process as implemented by the integration agent 200, once installed, of an embodiment of the present invention.
  • The process begins, at step 201, when the user indicates, by double-clicking or through other means, a desire to launch a content processor application 121 either explicitly, for example, by clicking on the application itself, or implicitly, for example, by clicking on the content to which access is desired.
  • At step 202, the integration agent 200 intercedes and launches the content processor application 121 in a suspended state. Launching the content processor application 121 in this manner ensures that no part of the application's execution occurs outside the control of the integration agent 200 or the content protection module 103.
  • At step 203, the integration agent 200 begins the dynamic integration of the amalgamator module and content protection modules 103 with the content processor application 121. As part of this step, the required content protection modules 103 are loaded and the memory image of the content processor application 121 is modified so that the content protection modules 103 are tightly integrated into the application, producing the customized content processor 121A. FIG. 3A, discussed below, provides further details of step 203.
  • After receiving confirmation from the amalgamator that the dynamic integration (or injection) has succeeded, the integration agent 200 terminates (step 204).
  • At step 205, execution of the customized content processor application 121A, with its modified capabilities, is resumed. The customized content processor application 121A processes the protected content as direct by the user. Step 205 continues to process until some exit condition is indicated, as at step 206.
  • On the other hand, if at any time, any authorization failure is detected, then at step 207, some security-specific appropriate action may be triggered. For example, a pop-up message may appear, and/or the execution of the customized content processor application 121A may terminate.
  • The system is flexible in that any number of content protection modules 103 can be registered for the same type of document. Thus, for example, different content publishers can, if they prefer, register different content protection modules at different times or even at the same time, for a single document type. Even a single content publisher could similarly register different content protection modules 103 for a single document type.
  • In addition, multiple content protection modules 103 may be integrated into a single content processor application 121, so that the resulting customized content processor application 121A can handle many different protection schemes. Depending on the protected content file being accessed, the appropriate content protection module 103 may automatically be invoked.
  • The same content publisher may associate different content protection modules 103 with different protected content files, even if all of the files will be processed by the same customized content processor application 121A.
  • Furthermore, different protected content files requiring different content protection modules 103 may be processed simultaneously by a customized content processor application 121A that is capable of processing several content files simultaneously. For example, a user may use a content processor application, such as Microsoft Word, to open multiple windows simultaneously, each window containing a protected document 107. In an embodiment of the present invention, the customized content processor application 121A may invoke the appropriate content protection module 103 for each protected Word document 107.
  • Furthermore, the customized content processor 121A can simultaneously process protected content as well as clear-text (i.e., unprotected) content.
  • Because content protection modules 103 execute within the address space of the customized content processor application 121A, editing of protected content may be supported. For example, the content protection module 103 may include support for decrypting the protected content 111 to permit the customized content processor 121A to edit it, as well as encryption support for protecting the content upon a save to disk or any other mechanism by which protected data is extracted from the address space of the customized content processor 121A.
  • For example, an appropriately authorized user can open a protected document 107 (e.g., using Microsoft Word), edit that document, and then cut text out of that document or save that document to another file system under a new filename. The exported data remains protected with the security attributes of the original file (i.e., the security status of the exported portions of the protected content 111 do not change). Furthermore, this entire protection process can occur without the knowledge of the appropriately authorized user.
  • Thus, the invention enables a content publisher to use a custom content encryption or digital rights management format for shipping documents, and have its corresponding custom security solution or authenticator be automatically integrated with whatever content processing application 121 exists on the end user's machine to produce a customized content processor 121A. Furthermore, because the integration is done dynamically without altering the disk image of the content processing application 121, any upgrading or replacement of the content processor application 121 does not affect the ability of the authorized end user to process the protected document. Finally, because the processing of protected content 111 is integrated into applications only when needed at run time, any upgrade or change to algorithms used in the content protection modules 103 can be deployed without the need to redeploy the content processor applications 121.
  • Next described is an embodiment of the invention in the context of the Windows operating system (specifically a Win32 system such as Windows 2000 and Windows XP) and a Win32 executable application (e.g., Microsoft Word). Although this description focuses on specific applications, executable formats and operating systems, those of ordinary skill in the art will understand that the scope of the invention is not intended to be limited in any way by this particular example.
  • A Win32 application typically consists of an executable (EXE) file and several, separately compiled, dynamically linked library (DLL) files. These files contain the binary code for the functions that compose the application. Some of the DLLs may be part of the Win32 operating system library, and not part of the application itself.
  • Launching and running an application involves some existing process on the computing system requesting that a new process be created and loaded with the memory image of the EXE file. Under Windows, “Explorer.exe” (or Explorer, for short) is this existing process; it provides the desktop user interface (UI) familiar to users of Windows. In addition, the “CreateProcess” function in Win32 is the interface point that invokes the Win32 loader for launching a Win32 application.
  • Functions defined external to but referenced within an EXE or a given DLL file are listed in a special area of the file called the “import table”. The import table contains a unique entry for each external function, and is initialized by an operating system utility called the “loader” to contain the actual target address in memory for that function. At runtime, the Win32 loader first loads the EXE file into memory, then examines the EXE file's import table for DLL files that it could reference during the course of execution. Finally, the loader loads each of the DLL files in turn.
  • Each time a new DLL is loaded, the loader repeats this sequence to load other DLL files that this one may require during the course of execution. The process completes when all DLL dependencies have been resolved, that is, all referenced DLLs have been loaded into memory and initialized. The loader then causes control to jump to the entry point of the application in the EXE memory image, upon which the application begins executing.
  • In other executable formats, a similar table-like structure may provide the information necessary to allow the system loader to initialize the executables (EXEs in Win32) and shared libraries (DLLs in Win32) so that control can flow between these separately-compiled modules.
  • It is also possible for an application to specify that a DLL should be loaded and initialized by the Win32 loader. The “LoadLibrary” function in Win32 provides such a capability. Some systems also provide for the delayed loading of DLLs, where the actual loading of a DLL does not occur until the code attempts to transfer control to a function contained within that DLL.
  • In an embodiment of the present invention, the process described above is modified with respect to launching and running of an EXE, in a manner that involves no additional efforts by the user wishing to run the EXE or by the vendors that provided the EXE and associated DLL files. Next is explained how the dynamic integration process of an embodiment of the present invention modifies the process of launching and running an EXE to achieve the desired goal of such automatic and user-transparent content protection using given content processor applications.
  • The first step is to achieve the launching of the content processor application 121 for processing the protected content file 107 under control of the integration agent 200. There are a number of different ways to accomplish this, two of which are now discussed.
  • As a first example, the integration agent 200 may be registered as the application associated with the file type corresponding to protected content documents 107. For example, assume that a protected document will always have the file extension “.CTL”. Then by registering the integration agent 200 (at integration agent installation time) as the application associated with the “.CTL” file type, an attempt to open a “.CTL” file will automatically cause the integration agent 200 to be invoked by the operating system. The “.CTL” file selected by the user will then be passed to the integration agent application as an input parameter by the operating system.
  • FIG. 5 is a flowchart illustrating, for this example, the steps performed by the integration agent 200 of an embodiment of the present invention when it begins execution. Steps 501-503 expand on step 202 of FIG. 2.
  • First (step 501), the integration agent 200 checks the header area 109 (FIG. 1A) of the input protected document 107 to determine the original file type of the document (e.g., “.DOC” for a Word document). The “header area” is defined as part of the protected content file format, and contains, among other things, information about the original content file (such as its size, file type, etc), and authentication information that will be read by the content protection module 103. The actual format of the header area is dependent on the implementation of the content protection module 103, which is outside the scope of this invention.
  • Next, at step 502, the integration agent 200 looks in the Windows registry for the content processor application 121 that is currently registered to handle documents of the original file type. For example, this may be some version of Microsoft Word.
  • Next, at step 503, the integration agent 200 launches the registered content processor application 121 in suspended mode. This is possible in Win32 via the “CreateProcess” system call, which invokes the Win32 loader to load the .EXE executable file and all of its dependent DLLs into memory. By launching the application 121 in suspended mode, the integration agent 200 regains control after the application 121 is loaded into memory, but before it starts execution.
  • As another example of launching, the dynamic integration method may modify the behavior of, say, the Windows Explorer process. The purpose of the modification is to customize Windows Explorer using the dynamic integration method so that it acts as the integration agent when launching content processor applications 121. Here, the integration process modifies the Explorer so that this process's control flow is directed into a content protection module 103 before execution of the “CreateProcess” call that is used to launch any application in response to a user's interaction with the Windows desktop UI. The code in the protection module 103 may launch the content processor application 121 (Microsoft Word) in suspended mode via its own invocation of the “CreateProcess” system call. As above, the integration agent 200 (this time as a module within Windows Explorer and not as a standalone application) gains control after loading but before the content processor application 121 starts its execution.
  • An astute reader will realize that the problem of gaining control of the content processor application 121 has simply been changed into a problem of gaining control of the launching of the Windows Explorer process. Again, several options present themselves, two of which are now presented.
  • One solution is to modify the operating system boot process so that the launching of Windows Explorer is replaced with the launching of the integration agent application whose sole task is to launch and dynamically inject Windows Explorer.
  • Alternatively, a system may be implemented in which the end user explicitly enables the automatic and dynamic integration of content protection modules 103 into all subsequently launched content processor applications 121. Such a single explicit action may be acceptable and desirable in some end-user situations, and it still provides for the automatic integration of the protection modules 103 with the actual processor applications 121. To achieve such an approach, the Windows Hooks facility supported by the “SetWindowsHookEx” functionality in Win32 may be used to cause Windows to inject the integration agent 200 as a DLL into the address space of the running process that is the Windows Explorer. The procedure specified by the second parameter to the “SetWindowsHookEx” function identifies a procedure within the integration agent DLL, and this procedure implements the work done by the integration agent 200 after it has gained control of the content processor application 121, as described below.
  • Once the integration agent 200 has control of the content processor application 121, the next step is to inject the amalgamator module 72 (FIG. 3B) into the address space of the content processor and direct the content processor application's control flow into this module. Once the amalgamator module has control, the required content protection modules 103 can be loaded, and the memory image of the content processor application 121 can be modified so that the content protection modules 103 are tightly integrated into the application.
  • A sequence of steps is followed that yields a solution that is broadly applicable across the entire range of programmable computing systems. Broad applicability is achieved by relying on only a small set of capabilities that can be found on almost any programmable computing system. In particular, the approach followed by an embodiment of the present invention requires the capability and permission for one process to read and write its own or another process's address space.
  • FIG. 3A is a flowchart illustrating details of step 203 of FIG. 2. These details include the steps by which the integration agent 200 carefully works the amalgamator module 72 into the code space of the content processor, even though the content processor 121 was never designed to load the amalgamator 72 or content protection modules 103.
  • FIG. 3A describes the interaction between the running process (i.e., the integration agent 200) and the suspended process (i.e., the content processor application 121). The integration agent 200 knows the memory address at which execution of the content processor application has been suspended and where to find the amalgamator 72 and content protection modules 103.
  • FIG. 3B is a schematic diagram of the process of FIG. 3A and is discussed in parallel below.
  • With reference to the top of FIG. 3B, when a user attempts to launch an application (i.e., a content processor application 121), for example by attempting to open the application itself or a document (content) associated with the application, the integration agent 52 is instead launched. The integration agent 52 then causes the original content processor application 121 to be loaded from a master image such as a disk image 50 to a memory image 54. (This corresponds to steps 201 and 202 of FIG. 2.)
  • In step 301 (FIG. 3A), the integration agent 52 specializes a small code template 58, (the “integrator generator template”). The particular actions taken during this specialization involve setting of instruction immediates and address offsets that depend upon certain memory image 54 values such as the instruction address in the content processor's address space where the processor application is to resume execution (called the start address), the address of the “LoadLibrary” function, and the location of the amalgamator module 72. The result of this specialization is a sequence of code and data bytes called the “integrator generator” 60, which includes an “integrator” 62.
  • Next, in step 302 of FIG. 3A, the integration agent creates a “shared byte” store 56 that acts both as a communication structure between the integration agent 52 and the amalgamator module 72, and as a temporary store for information. The integration agent 52 copies a portion 54A of the content processor application 54 code into the store 56, starting at the content processor application's start address and continuing until a number of bytes equal to the size of the integrator generator 60/62 have been copied. This copy operation can be accomplished, for example, using the Win32 “ReadProcessMemory” function. The store 56 may also be written with some meta-data that specifies the size of the copied code and its original starting address, among other things. The shared byte store 56 may be created, for example, as a named, memory-mapped file.
  • Next, in step 303, the integration agent 52 writes the integrator generator 60/62 into the address space of the content processor application starting at the start address, for example using the Win32 “WriteProcessMemory” function, so that the memory image is now as appears at 64. On some systems (including non-Win32 systems), this and possibly other steps may require temporary manipulation of the virtual memory page protection bits to enable reading and writing of the pages containing the referenced code.
  • In step 304, the integration agent 52 “resumes” execution of the content processor application 64 at the start address, for example using the Win32 “ResumeThread” function. Since first instructions of the integrator generator 60 now reside at that start address, control in the content processor flows to the integrator generator 60. Note that the integrator generator 60 transfers control to the integrator 62 in such a manner that the control flow never has to return to the integrator generator. This is done so that the amalgamator module 72 can restore the application's code originally stored at the start address, thus removing the code for the integrator generator.
  • Next, in step 305, the integrator generator 60 first saves a portion of the content processor application's state so that resources such as registers can be temporarily used without losing the state of the application. Since the state of the program stack is known, space on the stack can be allocated to save the application's state. Alternatively, other temporary storage (e.g., the shared byte store) could be used.
  • Next, in step 306, the integrator generator 60 identifies a part of the application's address space free of code or data and creates a code cache 68 in this space. The integrator generator 60 writes a sequence of code and data, called the “integrator” 62, into this code cache. From this cache, calls can safely be made to load and initialize the amalgamator module 72. The image of working memory is now as appears at 66 in FIG. 3B.
  • Note that the cache 68 is deallocated when the application resumes execution. Such a code cache may be built, for example, by using the next set of free space on the program stack.
  • Next, in step 307 (FIG. 3A), once the integrator generator 60 has created the integrator 62, it unconditionally jumps to the first instruction in the integrator 62.
  • The application's code may now be restored as originally found at the start address. In step 308, the integrator 62 loads the amalgamator module 72, so that the memory image is now as appears at 70 in FIG. 3B. Under Win32, this can be done with a call to “LoadLibrary”, with the module name recorded during specialization of the integrator generator template 58.
  • In step 309 (FIG. 3A), once the amalgamator module 72 has been loaded, control returns to the integrator 62, which then makes a call to an initialization routine in the amalgamator module 72. The details of this initialization routine 309 are explained below, with respect to FIG. 4. Under Win32, a loaded module is given the opportunity to initialize itself by placing some code in the stylized “DllMain” function required in all Win32 DLLs. Applicants have found that it is better to have the integrator 62 make a call to a separate initialization routine run after the completion of the “LoadLibrary” call, since only a small set of the application's and operating system's functionality is available within “DllMain”.
  • Finally, in step 310, once the amalgamator's 72 initialization routine has completed, control again returns to the integrator 62. Part of the amalgamator's initialization process 309 involves restoring of the content processor application's code originally found at the start address, from the store 56. The integrator 62 can now deallocate the space for the code cache 68 and unconditionally jump to the start address, thus returning control to the now customized content processor.
  • Again, there are many methods that can accomplish this. Some architectures like the Intel x86 provide a return instruction that simultaneously deallocates a block of space on the program stack. If no architectural mechanism exists for atomically deallocating space and non-trivially changing the program counter, an alternative would be to leave a small amount of code cache space in the content processor application, enough to deallocate the larger code cache and return control to the start address.
  • The initialization routine 309 (FIG. 4) in the amalgamator module 72 is primarily responsible for loading the content protection modules 76 and tightly integrating them into the memory image of the content processor application to produce the customized content processor, so that the memory image finally appears as at 74 in FIG. 3B. The amalgamator 72 and content protection modules 76 are collectively called the “protection agent”.
  • This integration process, however, does not stop once the content processor application begins running. Other events, such as the delay loading of a DLL or the explicit loading of a DLL by code in the content processor, may require that some portion of the integration process run again to ensure that the content protection modules are properly integrated with the current state of the content processor. Similarly, the launching of another content processor application by this content processor requires the amalgamator 72 to act as an integration agent and propagate itself as described above to this new content processor.
  • In general, the integration process as performed by the amalgamator module 72 begins in its initialization routine 309 and proceeds as shown in the flowchart in FIG. 4. Recall that this integration process begins as part of step 309 of FIG. 3A, once the content processor application 121 (that is, its EXE and dependent DLL files) and amalgamator module 72 (but not the content protection modules) have been loaded.
  • Referring to FIG. 4, at step 401, the amalgamator 72 determines the type and location of the content protection modules to load and loads them. The first part of this step may be accomplished, for example, by having the amalgamator 72 read part of the header area of a protected content file 107 to determine the associated content protection module 103 for the file. Alternatively, the integration agent 52 may have specified the location of the content protection modules to load by encoding that information in the shared byte store 56.
  • A content protection module can be shipped separately by the content publisher, or some or all of it can optionally be embedded into the protected content file itself. In all cases, the entire contents of each protection module are copied into the address space of the content processor application.
  • At step 402, the amalgamator 72 identifies each module (EXE or DLL) that is part of the content processor application's loaded memory image. Using this list, the amalgamator performs steps 403 and 404.
  • At step 403, the amalgamator 72 examines the module to identify any file I/O-related operating system calls that can be made by the content processor application while executing this module. I/O functions, or system calls, are those involved in input and output to the file system, including operations such as read and write, as well as cut and paste operations. Such an analysis may be performed, for example, by the amalgamator 72 examining the import table of the module looking for addresses of known file I/O-related functions.
  • At step 404, the identified calls are rewritten by the amalgamator 72 so that control flows not to the I/O related function on such calls but to a corresponding function defined in a content protection module. Again, there are many ways to accomplish this redirecting of control flow.
  • One such method that is appropriate for the example given above involves the replacement of the I/O-related function call entries in the module's import table with the addresses of corresponding functions defined in the content protection module. The original address inserted by the Win32 loader into that import table entry is also noted in a separate table that is accessible by the content protection module code. This “patching” of the import table ensures that when the application makes the I/O call, the content protection module gets control first, allowing it to perform any authentication or decryption actions before redirecting the call to the original function address.
  • Other methods exist for achieving this redirection of control that could be used in alternative embodiments of the present invention. An early article by Peter Kessler (Peter B. Kessler, “Fast breakpoints: Design and implementation,” Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation (PLDI), pages 78-84, White Plains, N.Y., 20-22 Jun. 1990. SIGPLAN Notices 25(6), June 1990) describes the basic mechanisms and issues involved in patching code for the purpose of control flow redirection. A more recent article by Galen Hunt and Doug Brubacher (Galen Hunt and Doug Brubacher, “Detours: Binary Interception of Win32 Functions”, Proceedings of the 1999 Usenix Windows NT Symposium, USENIX Association, 1999) describes such a system explicitly for the binary interception of Win32 functions.
  • Any function calls used to explicitly load another DLL or executable into memory (such as the “LoadLibrary” call in the Windows operating system) are also handled by steps 402 and 403 as described above. For example, a call to “LoadLibrary” by customized content processor application during its execution will cause the amalgamator 72 to execute steps 403 and 404 for each newly loaded DLL. This ensures that any DLL or executable that is explicitly loaded by the content processor application at execution time will also have its import table entries patched appropriately.
  • It is important to note that a facility is provided by the amalgamator 72 for the routines in the amalgamator and content protection modules to access the functions protected in steps 403 and 404 above. For example, the “patching” mentioned above occurs only on import tables of modules belonging to the original application and not to modules associated with the amalgamator or the content protection modules.
  • Finally, in step 405, the initialization routine 309 of the amalgamator accesses the shared byte store 56, replaces the code and data for integrator generator with the content processor's original application code, and then in step 406 signals to the integration agent 63 that it is done with the shared byte store 56. As described in step 309 of FIG. 3A, the initialization routine 309 of the amalgamator returns so that the suspended application can resume execution. When the integration agent 52 receives notification from the amalgamator 72 that injection is complete, it terminates (or returns control to the Windows Explorer for the example scenario).
  • What is left is a single content processor application process 74 (FIG. 3B), which to the end user appears no different from the original content processor application had it been launched normally. In actual fact, the executing content processor application has one or more tightly integrated content protection modules embedded in it.
  • To the end user, this entire process is transparent. It appears as though double-clicking on (or otherwise selecting) a protected content “.DOC” file directly invoked the content processor application. Assuming no authentication check fails in the protection module, the protected content looks no different to the content processor application than the equivalent clear-text “.DOC” Word file—all viewing and editing operations work normally.
  • A content protection module 103 can prevent the export of any part of the protected document by simply ensuring that any I/O operations that target an unprotected file or memory buffer only write out encrypted data. That is, “cut/paste” operations can be prevented from being used to copy the contents of the protected document to an unprotected document. Thus, the protection associated with the document (content) continues to persist, independent of the content processor application used to process it.
  • The invention provides a very practical way to deploy digital content protection solutions in the market. Consider a secure enterprise email solution as an example to illustrate this point. Many current secure email solutions allow an email sender to encrypt an outgoing email, and require the recipient to connect to a trusted server to download an authorization key that will allow the recipient user to decrypt the message. The message itself is never decrypted to disk, so the clear text form of the original message never persists on the recipient's machine.
  • However, the problem with existing solutions arises in the case of attachments that are sent with the encrypted message. Attachments can also be encrypted using the same key, but unless the application used to read the attachment on the recipient's machine understands the content encryption format, the attachment cannot be read directly.
  • Thus, if the attachment is a Word document that was encrypted on send, the attachment has to be first decrypted back to the original Word document on the recipient's machine before the Microsoft Word application on the recipient's machine can read it. Unfortunately this creates a security hole, since the original Word document now persists in clear-text form on the recipient's machine, allowing the recipient to copy it illegally, or distribute it to unauthorized persons in an unprotected (unencrypted) form.
  • With an embodiment of the present invention, when the recipient opens the encrypted attachment, the integration agent is invoked transparently (to the recipient), launching the Microsoft Word application and dynamically integrating the appropriate content protection module with the application in memory. Finally, the modified application may read the protected Word attachment directly.
  • Because the content protection module intercepts all I/O traffic between the Microsoft Word application and the content file, the fact that the attachment is an encrypted Word document is also transparent to the Word application. The end user never experiences the integration agent or the integration process, and is unaware that the attachment is actually an encrypted document, unless he or she attempts to make an unauthorized access.
  • When the content protection module discovers an unauthorized access, it can display a message indicating authorization failure, and terminate the Microsoft Word application. The content protection module could also be used to automatically maintain an audit trail.
  • Those of ordinary skill in the art should recognize that methods involved in protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent may be embodied in a computer program product that includes a computer usable medium. For example, such a computer usable medium can include a readable memory device, such as a solid state memory device, a hard drive device, a CD-ROM, a DVD-ROM, or a computer diskette, having stored computer-readable program code segments. The computer readable medium can also include a communications or transmission medium, such as a bus or a communications link, either optical, wired, or wireless, carrying program code segments as digital or analog data signals.
  • While the system has been particularly shown and described with references to particular embodiments, it will be understood by those of ordinary skill in the art that various changes in form and details may be made without departing from the scope of the invention encompassed by the appended claims. For example, the methods of the invention can be applied to various environments, and are not limited to the described environment.
  • While this invention has been particularly shown and described with references to example embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims (1)

1. A method for extending a content processor application, comprising:
loading a content processor application into memory from a master image to form a runtime content processor application image;
suspending execution of the runtime content processor application image;
dynamically integrating a protection agent into the runtime content processor application image to form a customized content processor application with extended functionality by (i) identifying file input/output related operating system calls of the runtime content processor application image that can be made by the application, and (ii) overwriting the identified file input/output related operating system calls of the runtime content processor application image to point to corresponding functions which extend functionality, only the runtime content processor application image being altered and extended with the protection agent, the master image being unaltered; and
resuming execution of the customized runtime content processor application image.
US11/986,984 2001-07-13 2007-11-26 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent Abandoned US20080155702A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/986,984 US20080155702A1 (en) 2001-07-13 2007-11-26 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US30558901P 2001-07-13 2001-07-13
US10/194,655 US7313824B1 (en) 2001-07-13 2002-07-11 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent
US11/986,984 US20080155702A1 (en) 2001-07-13 2007-11-26 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/194,655 Continuation US7313824B1 (en) 2001-07-13 2002-07-11 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent

Publications (1)

Publication Number Publication Date
US20080155702A1 true US20080155702A1 (en) 2008-06-26

Family

ID=38863406

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/194,655 Active 2024-12-15 US7313824B1 (en) 2001-07-13 2002-07-11 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent
US11/986,984 Abandoned US20080155702A1 (en) 2001-07-13 2007-11-26 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/194,655 Active 2024-12-15 US7313824B1 (en) 2001-07-13 2002-07-11 Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent

Country Status (1)

Country Link
US (2) US7313824B1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070061889A1 (en) * 2005-09-12 2007-03-15 Sand Box Technologies Inc. System and method for controlling distribution of electronic information
US20100071076A1 (en) * 2008-08-13 2010-03-18 Sling Media Pvt Ltd Systems, methods, and program applications for selectively restricting the placeshifting of copy protected digital media content
US7971255B1 (en) * 2004-07-15 2011-06-28 The Trustees Of Columbia University In The City Of New York Detecting and preventing malcode execution
US20110197144A1 (en) * 2010-01-06 2011-08-11 Terry Coatta Method And System Of Providing A Viewing Experience With Respect To A Document Having Read-only Content
US8667279B2 (en) 2008-07-01 2014-03-04 Sling Media, Inc. Systems and methods for securely place shifting media content
US8667394B1 (en) * 2007-06-19 2014-03-04 William C. Spencer System for generating an intelligent cross-platform document
US9160974B2 (en) 2009-08-26 2015-10-13 Sling Media, Inc. Systems and methods for transcoding and place shifting media content
US9218464B2 (en) * 2006-10-20 2015-12-22 Adobe Systems Incorporated Interception of controlled functions
US9235707B2 (en) 2006-09-26 2016-01-12 Intel Corporation Methods and arrangements to launch trusted, coexisting environments
WO2016063276A1 (en) * 2014-10-22 2016-04-28 Secure Islands Technologies Ltd. Enabling classification and irm in software applications

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7669051B2 (en) * 2000-11-13 2010-02-23 DigitalDoors, Inc. Data security system and method with multiple independent levels of security
US9311499B2 (en) * 2000-11-13 2016-04-12 Ron M. Redlich Data security system and with territorial, geographic and triggering event protocol
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
USRE41546E1 (en) 2001-12-12 2010-08-17 Klimenty Vainstein Method and system for managing security tiers
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7178033B1 (en) 2001-12-12 2007-02-13 Pss Systems, Inc. Method and apparatus for securing digital assets
US7380120B1 (en) 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7681034B1 (en) 2001-12-12 2010-03-16 Chang-Ping Lee Method and apparatus for securing electronic data
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US7565683B1 (en) 2001-12-12 2009-07-21 Weiqing Huang Method and system for implementing changes to security policies in a distributed security system
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US7950066B1 (en) * 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
US7748045B2 (en) 2004-03-30 2010-06-29 Michael Frederick Kenrich Method and system for providing cryptographic document retention with off-line access
US8613102B2 (en) 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
US7512810B1 (en) 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7836310B1 (en) 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
US20040201647A1 (en) * 2002-12-02 2004-10-14 Mark Jackson Pulver Stitching of integrated circuit components
US7890990B1 (en) 2002-12-20 2011-02-15 Klimenty Vainstein Security system with staging capabilities
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US20050021947A1 (en) * 2003-06-05 2005-01-27 International Business Machines Corporation Method, system and program product for limiting insertion of content between computer programs
US7730543B1 (en) 2003-06-30 2010-06-01 Satyajit Nath Method and system for enabling users of a group shared across multiple file security systems to access secured files
US7703140B2 (en) 2003-09-30 2010-04-20 Guardian Data Storage, Llc Method and system for securing digital assets using process-driven security policies
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US20050144109A1 (en) * 2003-12-31 2005-06-30 Michael Boni Electronic trading data integration and protection system
US7707427B1 (en) 2004-07-19 2010-04-27 Michael Frederick Kenrich Multi-level file digests
US7577809B2 (en) * 2005-11-02 2009-08-18 Promethean Storage Llc Content control systems and methods
US7571368B1 (en) 2006-01-26 2009-08-04 Promethean Storage Llc Digital content protection systems and methods
US7996899B1 (en) 2006-02-24 2011-08-09 Hitachi Global Storage Technologies Netherlands B.V. Communication systems and methods for digital content modification and protection
US8243922B1 (en) * 2006-02-24 2012-08-14 Hitachi Global Storage Technologies Netherlands B.V. Digital content modification for content protection
GB2443005A (en) * 2006-07-19 2008-04-23 Chronicle Solutions Analysing network traffic by decoding a wide variety of protocols (or object types) of each packet
US11201868B2 (en) * 2006-10-23 2021-12-14 Nokia Technologies Oy System and method for adjusting the behavior of an application based on the DRM status of the application
EP2193474A4 (en) * 2007-08-29 2011-10-05 Cdnetworks Co Ltd Protection against unauthorized copying of digital media content
US8281390B1 (en) * 2007-11-26 2012-10-02 Adobe Systems Incorporated Remotely defining security data for authorization of local application activity
GB2458568B (en) * 2008-03-27 2012-09-19 Covertix Ltd System and method for dynamically enforcing security policies on electronic files
US20090307622A1 (en) * 2008-06-06 2009-12-10 Julien Jalon Browsing or searching user interfaces and other aspects
US10534931B2 (en) * 2011-03-17 2020-01-14 Attachmate Corporation Systems, devices and methods for automatic detection and masking of private data
US8695060B2 (en) * 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US10192199B2 (en) * 2011-11-16 2019-01-29 Microsoft Technology Licensing, Llc Enabling service features within productivity applications
US8775877B2 (en) 2011-12-28 2014-07-08 Roche Diagnostics Operations, Inc. Dynamic link library integrity checking for handheld medical devices

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5594903A (en) * 1991-02-26 1997-01-14 Lynx Real-Time Systems, Inc. Operating System architecture with reserved memory space resident program code identified in file system name space
US5596718A (en) * 1992-07-10 1997-01-21 Secure Computing Corporation Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
US5953534A (en) * 1997-12-23 1999-09-14 University Of Washington Environment manipulation for executing modified executable and dynamically-loaded library files
US5960080A (en) * 1997-11-07 1999-09-28 Justsystem Pittsburgh Research Center Method for transforming message containing sensitive information
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
US6138239A (en) * 1998-11-13 2000-10-24 N★Able Technologies, Inc. Method and system for authenticating and utilizing secure resources in a computer system
US6199095B1 (en) * 1996-01-29 2001-03-06 Compaq Computer Corporation System and method for achieving object method transparency in a multi-code execution environment
US6240500B1 (en) * 1998-06-08 2001-05-29 Compaq Computer Corporation Method for dynamically placing procedures of a program in a memory
US20010004736A1 (en) * 1999-12-16 2001-06-21 Hideyuki Hirano Method for facilitating legitimate use of digital content
US6317868B1 (en) * 1997-10-24 2001-11-13 University Of Washington Process for transparently enforcing protection domains and access control as well as auditing operations in software components
US20020016918A1 (en) * 2000-05-12 2002-02-07 David Tucker Information security method and system
US20020083318A1 (en) * 2000-12-26 2002-06-27 Larose Gordon Edward Method and system for software integrity control using secure hardware assist
US20020141582A1 (en) * 2001-03-28 2002-10-03 Kocher Paul C. Content security layer providing long-term renewable security
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20030009542A1 (en) * 2001-06-14 2003-01-09 Kasal Alpay O. Digital entertainment solution
US20030070065A1 (en) * 1999-03-31 2003-04-10 Fleming Bruce L. Suspending to nonvolatile storage
US6615350B1 (en) * 1998-03-23 2003-09-02 Novell, Inc. Module authentication and binding library extensions
US6668325B1 (en) * 1997-06-09 2003-12-23 Intertrust Technologies Obfuscation techniques for enhancing software security
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US6681212B1 (en) * 1999-04-23 2004-01-20 Nianning Zeng Internet-based automated system and a method for software copyright protection and sales
US6801999B1 (en) * 1999-05-20 2004-10-05 Microsoft Corporation Passive and active software objects containing bore resistant watermarking
US6802006B1 (en) * 1999-01-15 2004-10-05 Macrovision Corporation System and method of verifying the authenticity of dynamically connectable executable images
US20070159648A1 (en) * 2005-09-13 2007-07-12 Sony Corporation Information processing device, information recording medium manufacturing device, information recording medium, methods therefore, and computer program
US7415704B2 (en) * 2004-05-20 2008-08-19 Sap Ag Sharing objects in runtime systems
US7587721B2 (en) * 2004-05-20 2009-09-08 Sap Ag Sharing objects in runtime systems

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5206951A (en) * 1987-08-21 1993-04-27 Wang Laboratories, Inc. Integration of data between typed objects by mutual, direct invocation between object managers corresponding to object types
US5485600A (en) * 1992-11-09 1996-01-16 Virtual Prototypes, Inc. Computer modelling system and method for specifying the behavior of graphical operator interfaces
US5539920A (en) * 1994-04-28 1996-07-23 Thomson Consumer Electronics, Inc. Method and apparatus for processing an audio video interactive signal
US5563648A (en) * 1994-04-28 1996-10-08 Thomson Consumer Electronics, Inc. Method for controlling execution of an audio video interactive program
KR100332743B1 (en) 1994-11-26 2002-11-07 엘지전자주식회사 Device and method for preventing illegal copy or unauthorized watching of digital image
EP1431864B2 (en) * 1995-02-13 2012-08-22 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US5805800A (en) * 1995-11-07 1998-09-08 Fujitsu Limited Apparatus and method for controlling storage medium using security capabilities
US6330691B1 (en) * 1996-02-23 2001-12-11 Institute For The Development Of Emerging Architectures Llc Use of dynamic translation to provide breakpoints in non-writeable object code
US5925100A (en) * 1996-03-21 1999-07-20 Sybase, Inc. Client/server system with methods for prefetching and managing semantic objects based on object-based prefetch primitive present in client's executing application
US6141698A (en) * 1997-01-29 2000-10-31 Network Commerce Inc. Method and system for injecting new code into existing application code
DE69724947T2 (en) * 1997-07-31 2004-05-19 Siemens Ag Computer system and method for backing up a file
US20010010046A1 (en) * 1997-09-11 2001-07-26 Muyres Matthew R. Client content management and distribution system
KR100269258B1 (en) * 1997-10-21 2000-10-16 정선종 Integrated CASE Information Repository Metamodel System for Process Methodology and its Integration Support Method
US6247127B1 (en) * 1997-12-19 2001-06-12 Entrust Technologies Ltd. Method and apparatus for providing off-line secure communications
US6173283B1 (en) * 1998-02-27 2001-01-09 Sun Microsystems, Inc. Method, apparatus, and product for linking a user to records of a database
US6532451B1 (en) * 1998-03-23 2003-03-11 Novell, Inc. Nested strong loader apparatus and method
US6298446B1 (en) * 1998-06-14 2001-10-02 Alchemedia Ltd. Method and system for copyright protection of digital images transmitted over networks
US6158049A (en) * 1998-08-11 2000-12-05 Compaq Computer Corporation User transparent mechanism for profile feedback optimization
EP1105798B1 (en) * 1998-08-19 2004-01-07 Siemens Aktiengesellschaft Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process
US6988271B2 (en) * 1998-10-02 2006-01-17 Microsoft Corporation Heavyweight and lightweight instrumentation
US6629123B1 (en) * 1998-10-02 2003-09-30 Microsoft Corporation Interception of unit creation requests by an automatic distributed partitioning system
US6499137B1 (en) * 1998-10-02 2002-12-24 Microsoft Corporation Reversible load-time dynamic linking
US6263491B1 (en) * 1998-10-02 2001-07-17 Microsoft Corporation Heavyweight and lightweight instrumentation
US6381735B1 (en) * 1998-10-02 2002-04-30 Microsoft Corporation Dynamic classification of sections of software
US6519700B1 (en) * 1998-10-23 2003-02-11 Contentguard Holdings, Inc. Self-protecting documents
US20030061566A1 (en) * 1998-10-30 2003-03-27 Rubstein Laila J. Dynamic integration of digital files for transmission over a network and file usage control
JP2000148276A (en) * 1998-11-05 2000-05-26 Fujitsu Ltd Device and method for monitoring security and securithy monitoring program recording medium
US7103574B1 (en) * 1999-03-27 2006-09-05 Microsoft Corporation Enforcement architecture and method for digital rights management
US6920567B1 (en) * 1999-04-07 2005-07-19 Viatech Technologies Inc. System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files
US6550060B1 (en) * 1999-04-08 2003-04-15 Novadigm, Inc. Method and system for dynamic injection of dynamic link libraries into a windowed operating system
US6456725B1 (en) * 1999-06-24 2002-09-24 Signafy, Inc. Method for increasing the functionality of a media player/recorder device or an application program
WO2001014959A2 (en) * 1999-08-16 2001-03-01 Z-Force Corporation System of reusable software parts and methods of use
US6952800B1 (en) * 1999-09-03 2005-10-04 Cisco Technology, Inc. Arrangement for controlling and logging voice enabled web applications using extensible markup language documents
US6885748B1 (en) * 1999-10-23 2005-04-26 Contentguard Holdings, Inc. System and method for protection of digital works
US6430561B1 (en) * 1999-10-29 2002-08-06 International Business Machines Corporation Security policy for protection of files on a storage device
US7089583B2 (en) * 2000-01-14 2006-08-08 Saba Software, Inc. Method and apparatus for a business applications server
US6779154B1 (en) * 2000-02-01 2004-08-17 Cisco Technology, Inc. Arrangement for reversibly converting extensible markup language documents to hypertext markup language documents
US6658658B1 (en) * 2000-02-17 2003-12-02 International Business Machines Corporation Implicit forwarding and resolving of a reference made by an importing module to an exporting module for a specified export
US6487646B1 (en) * 2000-02-29 2002-11-26 Maxtor Corporation Apparatus and method capable of restricting access to a data storage device
US6874139B2 (en) * 2000-05-15 2005-03-29 Interfuse Technology Corporation Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program
WO2001095175A2 (en) * 2000-06-05 2001-12-13 Sealedmedia Limited Digital rights management
WO2002005065A2 (en) * 2000-07-11 2002-01-17 Juice Software, Inc. A method and system for integrating network-based functionality into productivity applications and documents
US6918126B1 (en) * 2000-09-08 2005-07-12 International Business Machines Corporation Method and apparatus for creating and enforcing protected system level Java code
US6895444B1 (en) * 2000-09-15 2005-05-17 Motorola, Inc. Service framework with local proxy for representing remote services
US7099849B1 (en) * 2000-12-28 2006-08-29 Rightsline, Inc. Integrated media management and rights distribution apparatus
US20040205690A1 (en) * 2001-01-19 2004-10-14 Friedrich Pieper Integrated dynamic control flow and functionality generation for network computing environments
US20020141584A1 (en) * 2001-01-26 2002-10-03 Ravi Razdan Clearinghouse for enabling real-time remote digital rights management, copyright protection and distribution auditing
US20040205720A1 (en) * 2001-04-30 2004-10-14 Robert Hundt Augmenting debuggers
US8180871B2 (en) * 2001-05-23 2012-05-15 International Business Machines Corporation Dynamic redeployment of services in a computing network
US6976249B1 (en) * 2001-11-12 2005-12-13 Apple Computer, Inc. Method for embedding object codes in source codes

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5594903A (en) * 1991-02-26 1997-01-14 Lynx Real-Time Systems, Inc. Operating System architecture with reserved memory space resident program code identified in file system name space
US5596718A (en) * 1992-07-10 1997-01-21 Secure Computing Corporation Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
US5822435A (en) * 1992-07-10 1998-10-13 Secure Computing Corporation Trusted path subsystem for workstations
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
US6199095B1 (en) * 1996-01-29 2001-03-06 Compaq Computer Corporation System and method for achieving object method transparency in a multi-code execution environment
US6668325B1 (en) * 1997-06-09 2003-12-23 Intertrust Technologies Obfuscation techniques for enhancing software security
US6317868B1 (en) * 1997-10-24 2001-11-13 University Of Washington Process for transparently enforcing protection domains and access control as well as auditing operations in software components
US5960080A (en) * 1997-11-07 1999-09-28 Justsystem Pittsburgh Research Center Method for transforming message containing sensitive information
US5953534A (en) * 1997-12-23 1999-09-14 University Of Washington Environment manipulation for executing modified executable and dynamically-loaded library files
US6615350B1 (en) * 1998-03-23 2003-09-02 Novell, Inc. Module authentication and binding library extensions
US6240500B1 (en) * 1998-06-08 2001-05-29 Compaq Computer Corporation Method for dynamically placing procedures of a program in a memory
US6138239A (en) * 1998-11-13 2000-10-24 N★Able Technologies, Inc. Method and system for authenticating and utilizing secure resources in a computer system
US6802006B1 (en) * 1999-01-15 2004-10-05 Macrovision Corporation System and method of verifying the authenticity of dynamically connectable executable images
US20030070065A1 (en) * 1999-03-31 2003-04-10 Fleming Bruce L. Suspending to nonvolatile storage
US6681212B1 (en) * 1999-04-23 2004-01-20 Nianning Zeng Internet-based automated system and a method for software copyright protection and sales
US6681331B1 (en) * 1999-05-11 2004-01-20 Cylant, Inc. Dynamic software system intrusion detection
US6801999B1 (en) * 1999-05-20 2004-10-05 Microsoft Corporation Passive and active software objects containing bore resistant watermarking
US20010004736A1 (en) * 1999-12-16 2001-06-21 Hideyuki Hirano Method for facilitating legitimate use of digital content
US20020016918A1 (en) * 2000-05-12 2002-02-07 David Tucker Information security method and system
US20020083318A1 (en) * 2000-12-26 2002-06-27 Larose Gordon Edward Method and system for software integrity control using secure hardware assist
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20020141582A1 (en) * 2001-03-28 2002-10-03 Kocher Paul C. Content security layer providing long-term renewable security
US20030009542A1 (en) * 2001-06-14 2003-01-09 Kasal Alpay O. Digital entertainment solution
US7415704B2 (en) * 2004-05-20 2008-08-19 Sap Ag Sharing objects in runtime systems
US7587721B2 (en) * 2004-05-20 2009-09-08 Sap Ag Sharing objects in runtime systems
US20070159648A1 (en) * 2005-09-13 2007-07-12 Sony Corporation Information processing device, information recording medium manufacturing device, information recording medium, methods therefore, and computer program

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7971255B1 (en) * 2004-07-15 2011-06-28 The Trustees Of Columbia University In The City Of New York Detecting and preventing malcode execution
US8925090B2 (en) 2004-07-15 2014-12-30 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for detecting and preventing malcode execution
US20070061889A1 (en) * 2005-09-12 2007-03-15 Sand Box Technologies Inc. System and method for controlling distribution of electronic information
US9235707B2 (en) 2006-09-26 2016-01-12 Intel Corporation Methods and arrangements to launch trusted, coexisting environments
US9218464B2 (en) * 2006-10-20 2015-12-22 Adobe Systems Incorporated Interception of controlled functions
US8667394B1 (en) * 2007-06-19 2014-03-04 William C. Spencer System for generating an intelligent cross-platform document
US9510035B2 (en) 2008-07-01 2016-11-29 Sling Media, Inc. Systems and methods for securely streaming media content
US9143827B2 (en) 2008-07-01 2015-09-22 Sling Media, Inc. Systems and methods for securely place shifting media content
US9942587B2 (en) 2008-07-01 2018-04-10 Sling Media L.L.C. Systems and methods for securely streaming media content
US8667279B2 (en) 2008-07-01 2014-03-04 Sling Media, Inc. Systems and methods for securely place shifting media content
US20100071076A1 (en) * 2008-08-13 2010-03-18 Sling Media Pvt Ltd Systems, methods, and program applications for selectively restricting the placeshifting of copy protected digital media content
US8966658B2 (en) * 2008-08-13 2015-02-24 Sling Media Pvt Ltd Systems, methods, and program applications for selectively restricting the placeshifting of copy protected digital media content
US20130160148A1 (en) * 2008-08-13 2013-06-20 Sling Media, Inc. Systems, methods, and program applications for selectively restricting the placeshifting of copy protected digital media content
US8381310B2 (en) * 2009-08-13 2013-02-19 Sling Media Pvt. Ltd. Systems, methods, and program applications for selectively restricting the placeshifting of copy protected digital media content
US9160974B2 (en) 2009-08-26 2015-10-13 Sling Media, Inc. Systems and methods for transcoding and place shifting media content
US10230923B2 (en) 2009-08-26 2019-03-12 Sling Media LLC Systems and methods for transcoding and place shifting media content
US20110197144A1 (en) * 2010-01-06 2011-08-11 Terry Coatta Method And System Of Providing A Viewing Experience With Respect To A Document Having Read-only Content
WO2016063276A1 (en) * 2014-10-22 2016-04-28 Secure Islands Technologies Ltd. Enabling classification and irm in software applications
CN107209841A (en) * 2014-10-22 2017-09-26 安岛科技有限公司 Classification and IRM are enabled in software application
US20170337383A1 (en) * 2014-10-22 2017-11-23 Secure Islands Technologies Ltd. Enabling classification and irm in software applications
JP2018501587A (en) * 2014-10-22 2018-01-18 セキュア・アイランズ・テクノロジーズ・リミテッド Classification and IRM implementation in software applications
RU2701111C2 (en) * 2014-10-22 2019-09-24 Майкрософт Израэл Рисерч Энд Дивелопмент (2002) Лтд. Enabling classification and control of access rights to information in software applications
US10579805B2 (en) 2014-10-22 2020-03-03 Microsoft Israel Research and Development (2002) Enabling classification and IRM in software applications

Also Published As

Publication number Publication date
US7313824B1 (en) 2007-12-25

Similar Documents

Publication Publication Date Title
US7313824B1 (en) Method for protecting digital content from unauthorized use by automatically and dynamically integrating a content-protection agent
US7590863B2 (en) Methods of providing java tamperproofing
US7434263B2 (en) System and method for secure storage data using a key
US7827613B2 (en) System and method for supporting digital rights management in an enhanced Java™ 2 runtime environment
US6272636B1 (en) Digital product execution control and security
US6141698A (en) Method and system for injecting new code into existing application code
US7305553B2 (en) Manifest-based trusted agent management in a trusted operating system environment
US7577839B2 (en) Transferring application secrets in a trusted operating system environment
US6922782B1 (en) Apparatus and method for ensuring data integrity of unauthenticated code
US20020066022A1 (en) System and method for securing an application for execution on a computer
US20020065776A1 (en) Method and process for virtualizing file system interfaces
US20020092003A1 (en) Method and process for the rewriting of binaries to intercept system calls in a secure execution environment
WO2011114655A1 (en) Information processing device, virtual machine generation method, and application software distribution system
EP1031910A1 (en) Software program protection mechanism
US20020066021A1 (en) Method and process for securing an application program to execute in a remote environment
US20020065945A1 (en) System and method for communicating and controlling the behavior of an application executing on a computer
Sze et al. Provenance-based integrity protection for windows
US20020065876A1 (en) Method and process for the virtualization of system databases and stored information
US20020169976A1 (en) Enabling optional system features
US20020065869A1 (en) Method and process for virtualizing user interfaces
US7380269B2 (en) Changing code execution path using kernel mode redirection
US20020065874A1 (en) Method and process for virtualizing network interfaces
WO2002044850A2 (en) System and method for securing an application for execution on a computer

Legal Events

Date Code Title Description
AS Assignment

Owner name: LIQUID MACHINES, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BALA, VASANTH;SMITH, MICHAEL D.;REEL/FRAME:020412/0018

Effective date: 20020710

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION