WO2002035324A2 - System and method for managing digital content - Google Patents

System and method for managing digital content Download PDF

Info

Publication number
WO2002035324A2
WO2002035324A2 PCT/CA2001/001514 CA0101514W WO0235324A2 WO 2002035324 A2 WO2002035324 A2 WO 2002035324A2 CA 0101514 W CA0101514 W CA 0101514W WO 0235324 A2 WO0235324 A2 WO 0235324A2
Authority
WO
WIPO (PCT)
Prior art keywords
content
audience management
secondary content
authenticable
primary content
Prior art date
Application number
PCT/CA2001/001514
Other languages
French (fr)
Other versions
WO2002035324A3 (en
Inventor
Scott Alan Thomson
Gordon Edward Larose
Original Assignee
Netactive Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netactive Inc filed Critical Netactive Inc
Priority to AU2002213711A priority Critical patent/AU2002213711A1/en
Publication of WO2002035324A2 publication Critical patent/WO2002035324A2/en
Publication of WO2002035324A3 publication Critical patent/WO2002035324A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to a system and method for managing digital content, and in particular to a system and method for controlling the presentation of digital content to a user.
  • Digital content is expensive to produce.
  • One means that the producers of such content have to recoup their development and distribution costs is through the association of primary content with secondary content such as advertising.
  • the expectation is that the revenues from advertising will recoup the costs of creating and distributing the primary content desired by users.
  • the association of secondary content with primary content can take on a number of forms, including the following: (i) the incorporation of advertising in the form of banner ads or otherwise, into World Wide Web (WWW) pages requested by a user; (ii) software applications, such as the Microsoft Outlook Express (when accessing Hotmail) and the Qualcomm Eudora e-mail programs, with built-in advertising capabilities; and (iii) a user agreeing to receive advertising in the form of e-mail as a condition for using an Internet service.
  • WWW World Wide Web
  • a major drawback of these forms of advertising is that the advertising is only loosely coupled, if it is coupled at all, to the primary content desired by the user.
  • HTML Hypertext Transfer Protocol
  • filtering software that accomplishes this task is GuidescopeTM.
  • This software installs a proxy server on a personal computer that blocks the receipt of messages from known advertising servers.
  • Another method of blocking advertising is to enter the address of the advertising server in the "hosts" file (in the "Windows” directory in the Microsoft WindowsTM 95/98 operating system) and equating it to address 127._0.0.1.
  • e-mail program filters can easily filter out advertising in e-mail messages.
  • Most e-mail programs allow users to set up "Message Rules." These allow users to specify e-mail messages that are to be deleted without being read, based on their origin or specific terms in the title of the e-mail. Alternatively, e-mail messages can be deleted by a user before being read, or simply ignored altogether.
  • This invention relates to a method and system for controlling the presentation of primary content on a computing device (which can be a general-purpose personal computer, hand-held computer, or a specialized computing appliance, such as a games console or cellular phone Internet appliance) such that secondary content, including advertising, is always presented to a user in the manner that is intended for the presentation of said secondary content .
  • a computing device which can be a general-purpose personal computer, hand-held computer, or a specialized computing appliance, such as a games console or cellular phone Internet appliance
  • secondary content including advertising
  • a user acquires primary content and secondary content through the Internet, via CD-ROM, DVD or otherwise.
  • the primary content is delivered to a user in encrypted form to prevent uncontrolled access thereto.
  • the user is also provided with the secondary content, audience management metadata specifying rules for the presentation of the primary content and the secondary content at the user's computer, and audience management software that authenticates all the aforesaid components.
  • the audience management metadata can be in any format, but it is anticipated that it will be based on an accepted industry standard such as extensible markup " language (XML) .
  • the audience management software in conjunction with the audience management metadata, ensures that the primary content and the secondary content are presented (i.e.
  • the exact method used by the audience management software to ensure that secondary content is displayed to the user as intended may vary in different embodiments, but the process will typically, but not necessarily, include encryption/decryption of the primary content and authentication of the secondary content and the audience management metadata. Decryption of the primary content with a public decryption key will produce a useable result only if the encrypted primary content is valid. Authentication of the secondary content and the audience management metadata can be accomplished through the use of a locally-computed digital signature which is compared to an expected value in order to detect any corruption of the components.
  • the audience management software ensures that both the primary content and the secondary content are displayed to the user as specified by the rules listed in the audience management metadata. It is therefore not possible for the user to be presented with the primary content without also being presented with the secondary content, as specified by the audience management metadata. It is not necessary for the primary content and the secondary content to be presented to a user on the same computing device.
  • Digital rights management may also form part of the feature set of the audience management software. Targeting of secondary content is also possible. Countermeasures against attacks by hackers to corrupt the primary content, secondary content and/or the audience management metadata are also described.
  • the audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices .
  • the method comprising the steps of: (i) encrypting primary content; (ii) rendering the secondary content authenticable; (iii) rendering the audience management metadata authenticable; and (iv) upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the computing devices in accordance with rules listed in the audience management metadata.
  • a method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software .
  • the audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices.
  • the method comprises the steps of: (i) receiving encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software; (ii) decrypting the encrypted primary content with a decryption key Kl; (iii) authenticating the authenticable secondary content, authenticable audience management metadata; and (iv) if the primary content, secondary content, the audience management metadata are valid, presenting the primary content and the secondary content at the computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
  • Figure 1 is a schematic diagram of a prior art computer network showing how primary content and secondary content are delivered via the Internet to a user;
  • Figure 2 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via the Internet in accordance with one embodiment of the present invention
  • Figure 3 is an example of audience management metadata that specifies the relationship between primary content and secondary content
  • Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM in accordance with a second embodiment of the present invention.
  • Figure 5 is a flowchart illustrating the binding of secondary content to primary content through the use of a watermark in the secondary content that is used in the decryption of the primary content.
  • FIG. 1 is a schematic diagram showing how primary content and secondary content such as advertisements are typically delivered to a user via the Internet . Components shown in dotted outline are optional.
  • Client 102 which is a computer or other Internet capable device, operates an Internet web browser application such as Netscape Communicator or Internet Explorer to access web content stored on primary content server 122. To access such web content, a request specifying a Universal Resource Locator (URL) of such web content is generated by client 102 using the hypertext transfer protocol (HTTP) .
  • HTTP hypertext transfer protocol
  • the response from primary content server 122 typically contains a description of the structure of the web page for display of the primary content, text information to be rendered on the web page, and additional links for graphics and multi-media to be rendered on the web page.
  • the response from primary content server 122 may or may not include associated secondary content (e.g. one or more advertisements) , either embedded directly into the forwarded web page or included in an accompanying pop-up window. If such secondary content is included, it is typically implemented by advertisement links that point to an advertisement server, such as secondary content server 125. Secondary content server 125 could be on-site or off-site with primary content server 122. Where secondary content server 125 is off-site, it may be operated by a third party different from the operator of primary content server 122, for example an advertising service provider such as the Doubleclick Corporation. The user's browser automatically retrieves the secondary content 106 and renders it on the user's Internet browser together with the primary content 104.
  • secondary content server 125 could be on-site or off-site with primary content server 122. Where secondary content server 125 is off-site, it may be operated by a third party different from the operator of primary content server 122, for example an advertising service provider such as the Doubleclick Corporation.
  • the user's browser automatically retrieves the secondary content
  • secondary content filter 110 When a secondary content filter 110 is used, secondary content 106 may not be rendered with the primary content 104 on the user's Internet browser as intended.
  • secondary content filter 110 is shown exterior to client 102 though it is typically a software process executing on client 102 along with the user's browser.
  • secondary content filters There are many kinds of secondary content filters known in the art, all of which are designed to suppress secondary content from being displayed on the user's Internet browser along with primary content.
  • secondary content filter 150 is a HTTP proxy server that monitors data flowing between the proxy server and the user's Internet browser to delete any unwanted WWW data stream such as an advertisement, a cookie and/or a popup window.
  • the user's browser may be configured by the user to show only primary content 104.
  • FIG. 2 is a schematic diagram of a computer network showing how primary content and secondary content is delivered to a user via the Internet in accordance with one embodiment of the present invention.
  • client 102 can be a general-purpose personal computer, or a specialized computing appliance, such as a games console or an Internet appliance, or a terminal device for a wireless network.
  • embodiments of the present invention can be distributed to users in a number of different ways, such as via CD-ROM, DVD, or by wireless or wireline networks other than the Internet such as a digital cellular telephone network (e.g. a 3G cellular telephone network) , or a combination of these or other distribution media.
  • a digital cellular telephone network e.g. a 3G cellular telephone network
  • FIG. 4 An embodiment of the present invention utilizing CD-ROM as the distribution medium for primary content and secondary content is described by reference to Figure 4.
  • the creation, distribution, activation, and refreshing of primary content and secondary content in accordance with the embodiment shown in Figure 2 is as follows.
  • the four basic components of the present invention are as follows: (i) primary content, which is desired by a user at client 102; (ii) secondary content, such as advertising, intended by a content distributor or producer to be presented with the primary content; (iii) audience management metadata that includes rules for the presentation of the primary content and the secondary content; and (iv) audience management software that controls the presentation (e.g. display, audio, etc.) of the primary content and the secondary content to the user as intended by the content distributor or producer.
  • primary content which is desired by a user at client 102
  • secondary content such as advertising, intended by a content distributor or producer to be presented with the primary content
  • audience management metadata that includes rules for the presentation of the primary content and the secondary content
  • audience management software that controls the presentation (e.g. display, audio, etc.) of the primary content and the secondary content to the user as intended by the content distributor or producer.
  • the primary content is encrypted, and the secondary content and audience management metadata are rendered authenticable by the use of embedded digital signatures.
  • the audience management software can be protected as well.
  • Suitable oneway hash functions include MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) .
  • MD5 Message Digest 5
  • SHA Secure Hash Algorithm
  • hash functions also known as cryptographic hash functions, take a variable-length input and create a fixed-length output, known as a hash value, which is usually much shorter than the input.
  • An example of a hash function is the Secure Hash Algorithm (SHA) .
  • the SHA uses a series of iterative mathematical operations to create a 160-bit hash value from any input that is less than 2 64 (approximately l. ⁇ xlO 19 ) bits in length.
  • the SHA has the characteristics that it is computationally infeasible to recover the input from the hash value, and it is also infeasible to find two different inputs that hash to the same digital signature.
  • a digital signature is obtained when the result of the hash function is put through a one-way encryption function, such as RSA, using a private key known only to the content producer or distributor.
  • the result can be decrypted using a public key to yield the correct hash value for the data.
  • An attacker who does not know the private key cannot generate a correctly encrypted version of the result of the hash function for false content.
  • the primary content should never be capable of being presented to a user independent of the secondary content.
  • the primary content will generally have a native format that is usable by many software applications, such as MPEG-4 video.
  • a user can use a third-party multimedia software application in violation of any rules listed in the audience management metadata if the primary content is not encrypted. Therefore, primary content must be encrypted in its entirety so as to not be usable by applications other than prescribed by the audience management software and the audience management metadata as described herein.
  • the primary content and secondary content always be presented primarily on the same device at the same time.
  • the primary content comprises stock quotations
  • a user might reasonably expect this content to be displayed on cellular phone 175, perhaps on an unsolicited real-time basis, using the Wireless Application Protocol (WAP) through wireless connection 176.
  • WAP Wireless Application Protocol
  • a cellular phone using WAP is a very poor environment for the delivery of secondary content such advertising, so associated secondary content can be delivered to a more highly capable device operated by the user such as a personal computer or personal digital assistant .
  • the secondary content can be presented at a different time than the primary content, e.g. when the user updates a list of stocks to be tracked. While this creates greater opportunity to view primary content in the absence of secondary content, at least for a period of time, such capability can be limited as desired by the content producer or distributor, and can make the secondary content more effective.
  • All of the above components could be stored at one server in a computer network before delivery to a user, though they could also be stored at any combination of separate servers such as primary content server 122, secondary content server 125, and audience management server 127.
  • servers such as primary content server 122, secondary content server 125, and audience management server 127.
  • the packaging of the above four items can vary.
  • the primary content and audience management software could be distributed to a user on a CD-ROM, with the secondary content and audience management metadata delivered over the Internet.
  • the entire package could be contained in one distribution medium, such as a CD-ROM (see the description of Figure 4) .
  • a user would typically click a hyperlink in a web page to initiate a download of the package of required components over the Internet.
  • the user's download request is forwarded across ' network communication link 150, Internet 120 and network communication links 159, 160 and/or 161 to the one or more servers where the required components (i) - (iv) described above are located.
  • the user's download request could be forwarded to primary content server 122 where the primary content is stored.
  • the user's download request may also be forwarded to secondary content server 125 where the secondary content is stored, and to audience management server 127 where the audience management metadata and the audience management software are stored.
  • Retrieval of the above components could be implemented in a number of ways.
  • the initial data retrieved from primary content server 122 could include an active Web control that initiates download of the other components from the other servers to client 102.
  • the overall objective is to ensure that the primary content, the secondary content and the audience management metadata have not been tampered with by encrypting the primary content, and rendering the secondary content and the audience management metadata authenticable by one of the means described below.
  • client 102 is delivered the following four components: (i) a version of the primary content fully encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm; (ii) digitally signed but unencrypted secondary content; (iii) digitally signed but unencrypted audience management metadata; and (iv) unencrypted audience management software.
  • a version of the primary content fully encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm
  • digitally signed but unencrypted secondary content (iii) digitally signed but unencrypted audience management metadata; and (iv) unencrypted audience management software.
  • the audience management software can authenticate the primary content in a number of ways.
  • the audience management software can calculate a digital signature using a one-way hashing function.
  • This locally-computed cryptographic signature of the encrypted primary content can then be transmitted across communications link 158, through Internet 120 and communications link 159 to primary content server 122 where a pre-calculated digital signature of the encrypted primary content is stored.
  • the primary content server 122 can then compare the locally-computed digital signature with the pre- calculated digital signature of the encrypted primary content. If the digital signatures match, primary content server 122 would then transmit an enabling message to the audience management software at client 102.
  • the audience management software Upon receipt of the enabling message, the audience management software would then decrypt the primary content using a public decryption key Kl that could be built-in to the audience management software, or alternatively could be retrieved from primary content server 122.
  • the server could then retransmit an encrypted version of the primary content to client 102, and the validity check would be performed again. If there is still a mismatch, the audience management software could display an error message to the user and terminate.
  • the encrypted primary content could be authenticated locally, without the intervention of primary content server 122.
  • This mode of local authentication which involves the storing of an digital signature of the encrypted primary content within the encrypted primary content, is described below by reference to the authentication of the secondary content .
  • the audience management software can validate the secondary content through local verification of authentication data such as a digital signature.
  • the audience management software would parse the secondary content and extract a digital signature embedded therein by the content producer, distributor or some third party.
  • the audience management software would decrypt the digital signature using a public decryption key K2 that could be built-in to the audience management software, or alternatively could be retrieved from secondary content server 125. This produces a hash result of the secondary content excluding the digital signature first retrieved by the audience management software.
  • the audience management software Using the secondary content (minus the digital signature) as an input, the audience management software would then perform its own independent calculation of the hash result which is then compared to the hash result retrieved from the secondary content. Only if the two hash values match would the secondary content be deemed valid. ' In the case of a mismatch, the audience management software would abort or, if network resources were available, attempt to retrieve an updated version of the secondary content from secondary content server 127 so that the above validity check can be performed again. Note that the use of public key K2 in the decryption of the digital signature ensures that an attacker cannot insert an incorrect digital signature and thus allow for a false positive validity check.
  • the secondary content and the audience management metadata in their entirety can be encrypted, so that they are not easily subject to any kind of inspection and modification such as by a text editor.
  • Multiple levels of decryption with chains of keys from various sources can also be used.
  • public decryption keys Kl, K2 and K3 can be used for multiple unrelated purposes by the audience management software. For example, they can be used to decrypt some of the audience management software itself, or to decrypt the primary content.
  • audience management software simply does not function as intended or at all.
  • the audience management software may also perform integrity checks on itself to ensure that it has not been tampered with and that a software debugger is not in use.
  • the audience management software is then executed at client 102 with its behavior mediated by the audience management metadata.
  • Figure 3 is an example of audience management metadata that specifies the relationship between the primary content and the secondary content.
  • the XML-based audience management metadata specifies that, to run successfully, the audience management software must be version 1.2 (or higher) . This is necessary to ensure that the audience management software is capable of supporting all of the features implicit in the audience management metadata. If the version of the audience management software is not version 1.2 or higher, the audience management software can retrieve a newer version automatically over the Internet.
  • the audience management metadata then hierarchically describes one or more business campaigns each of which has one or more items of primary content and secondary content.
  • business campaign "NetActive_publisherl” is described.
  • the secondary content includes an item “af iliate_ad_l” that includes a graphic in the GIF format, 120 by 320 pixels in size, that is associated with the primary content item "rock__video_l” , and is always displayed, in the same screen window as the primary content, on all presentations of that primary content, before the primary content is displayed. It has an associated action, which is a standard click-through.
  • the audience management metadata set is defined first at the business level - designated a "campaign" here - and that any number of items of primary content and secondary content with arbitrary relationships between them, can be specified by such a structure.
  • the primary content could include stock market quotations that are periodically updated.
  • a parameter that uniquely identifies the user to the stock quote supplier is referenced in the audience management metadata and will be sent to the server (such as primary content server 122) storing the stock market quotations.
  • the audience management metadata also provides for an audio advertisement (i.e. the secondary content) to be presented along with the stock quotes.
  • the advertisement is in the MP3 audio format and is retrieved from a local file, which is updated on a hourly basis from a specified server path.
  • the primary content and the secondary content can be targeted to separate computing devices.
  • primary stock quotes can be presented at a WAP cellular phone, with the secondary content such as advertising being presented at a personal computer. This would be done only as allowed by the metadata.
  • audience management software and audience management metadata are logically partitioned between both computing devices and a central server which knows the association of the computing devices with the user, as well as the user's primary content and secondary content status. Periodic communication between the computing device used for the presentation of secondary content and the central server would ensure that continued access to the primary content depended on regular exposure to the secondary content .
  • Network interactions to/from client 102 could also include information that is gathered about user behavior. For example, in a given campaign, a publisher could offer access to a certain class of primary content and secondary content only if the user agreed to allow the publisher to collect statistical data on the user's viewing habits. Even though both the primary content and secondary content might all be stored locally, the audience management software could gather information about when and how often the content is consumed, about which primary content items are most effective in triggering click-throughs on a given secondary- content advertisement, and so forth.
  • the audience management metadata may also specify rights that a user has to the use of the primary content, which may be independent of the secondary content . For example, a user may be allowed to use the primary content for a fixed period of time, pay to use the content for a longer period of time, or to purchase it outright. If a user does not have any rights to use the primary content, a digital rights management component of the audience management software will start an Internet browser session to allow the user to obtain permission to use the primary content.
  • the protection of overall system integrity, including secondary content, can be persistent in time. While the audience management software is running, an inspection thread periodically runs and scans the secondary content to determine its integrity.
  • the audience management software can initiate a connection to primary content server 122 and secondary content server 125 to periodically refresh the primary content, the secondary content and/or the audience management metadata.
  • the audience management software itself can also be similarly updated. Validation checks as described above could then be performed on these refreshed components .
  • Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM 300 in accordance with a second embodiment of the present invention.
  • the CD-ROM 300 is a computer readable medium that stores processor executable instructions.
  • a distributor of primary content and secondary content can create a package of processor executable instructions consisting of: (i) an encrypted version of the primary content 302 desired by the user; (ii) digitally signed but unencrypted secondary content 306 (such as advertising) desired by the content distributor to be presented with the primary content; (iii) digitally signed but unencrypted audience management metadata 304 that governs the relationship between the primary content and the secondary content; and (iv) audience management software 305 that controls the presentation of the primary content and the secondary content to the user as dictated by the audience management metadata. All of the above elements of a package are stored on CD-ROM 300.
  • a user would typically insert the CD-ROM 300 into client 102 which would then automatically execute the audience management software 305 with no user action required.
  • the audience management software 305 would then perform integrity checks of at least the primary content, the secondary content and the audience management metadata similar to those performed in connection with Figure 2.
  • This embodiment is designed to function without a requirement for an Internet connection.
  • the audience management software would therefore perform the necessary integrity checks by creating locally-generated hash values of the primary content and secondary content, as described previously, and comparing them with hash values contained in the digital signatures embedded in the primary content and secondary content .
  • the content distributor can specify, through the audience management metadata, whether an Internet connection to the audience management server 127 is desired, or required, in order for the user to view the primary content and secondary content .
  • an Internet connection is " available "
  • the necessary " integrity checks can be accomplished through use of Internet communications to primary content server 122, secondary content server 125 and audience management server 127 as described in the embodiment shown in Figure 2.
  • digital rights management for the primary content may also form part of the feature set of the audience management software.
  • the audience management software can be used as an intermediary between client 102 and the primary content server 122 to negotiate arbitrary license terms with the user, display an End-User License Agreement (EULA) , confirm acceptance of that agreement, and automatically perform on-line registration of the primary content based on the specific license terms.
  • EULA End-User License Agreement
  • the identity of the user could be verified by the primary content server 122 through use of a confirmation e-mail sent to an e-mail address or a smart card or an X.509 certificate.
  • the primary content server 122 could offer different pricing and license terms, and possibly different executable versions of the primary content, to users in different countries, for example.
  • Single use licenses for the primary content can also be negotiated with primary content server 122.
  • Audience management software can also have the ability to arrange for the targeting of secondary content.
  • the choice of primary content itself provides very useful targeting information.
  • Additional targeting could be based on one or more parameters that include behavior profiling parameters and/or registration-based targeting parameters.
  • Behavior profiling parameters often, but not necessarily, relate to the use of cookies, which are small pieces of data sent by a web server and stored on a user's computer in association with a web browser so they can later be read back from that browser. Cookies are useful for having the browser remember some specific information about a user. Cookies can be used to build a profile of which web sites have been visited by a user and which advertisements have been selected by the user. This information can then be used to target secondary content to a user.
  • Registration-based targeting parameters target advertisements at users based on registration information inputted by a user. For example, a user who signs up for a particular online service may be first asked to provide a home address, and other information including income, profession, home ownership status, etc. before being allowed access to primary content . The operator of primary content server 122 can then use the registration information to tailor secondary content specifically to the interests of the user.
  • secondary content may comprise an advertisement with an expiry date.
  • secondary content server 125 could use digital rights management logic to determine that the particular secondary content had expired, and cause an on-line upgrade of the secondary content.
  • the audience management software stored on client 102 may have no knowledge of this. In such a case, it would simply performs on-line checks and upgrades as instructed by the audience management metadata and directives from one or more of the primary content server 122, secondary content server 125 and audience management server 127. It is also possible to include countermeasures against attack by hackers to prevent corruption of the primary content, the secondary content and/or the audience management metadata.
  • the design of the secondary content may also help to defeat any attempts at modifying it.
  • the secondary content can contain parts of the primary content, so that the primary content is incomplete if the secondary content is tampered with.
  • the secondary content contains a watermark that is an encrypted partial key for the primary content, which, through the use of asymmetric encryption, is extremely difficult to ascertain.
  • the audience management software reads the secondary content.
  • the audience management software reads a digital watermark from the secondary content.
  • the audience management software decrypts the digital watermark using the public decryption key K2 to produce a partial primary content public decryption key K4.
  • the audience management software performs an exclusive OR (XOR) operation for this partial primary content public decryption key K4 and a stored public decryption key K5. The end result is the true primary content public decryption key Kl .
  • the audience management software decrypts the primary content using the true primary content public decryption key, and then proceeds to present the primary content in the normal manner under the control of the audience management metadata as described above. If at any time the secondary content has been tampered with or removed, the partial primary content decryption key will be incorrect, thereby denying access to the user.
  • the above-described mechanism can be applied in a case where the secondary content watermark contained several decryption keys, e.g. different keys for different items of primary content.
  • such watermarks can be generated dynamically, so as to enable any item of secondary content to contain the relevant keys to allow for the presentation any item of primary content, without the requirement for pre-generating a large number of content/watermark pairs.
  • a hacker could replace components of the audience management software, such as Dynamic Link Libraries (DLLs) in a Microsoft Windows environment, with versions that are either non-operational stubs or that return false data.
  • the components could be designed to return a result that was unpredictable, and required for subsequent execution. In this case, if fake stub components were injected, they would not return correct values, and subsequent execution would terminate.
  • the original components could perform system-level functions essential to the audience management software - such as file input/output - in addition to their security functions so that, again, simply replacing them with modified versions would "break" the program.
  • the audience management software could receive checksum data from one or more of the servers such as primary content server 122, secondary content server 125, and audience management server 127 and, without explicitly calculating its own version of the checksum, use the received checksum data as part of a self-inspecting calculation that would yield a "fail” result if any of the four components had been modified.
  • the servers 122, 125, and 127 could subject the audience management software to a pseudo-random hashing inspection, where it could not be known in advance what parts of the program were to be hashed and thus the results could not be precompiled as part of an attack. Logic of this type is applied in the music domain, using the "beam-it" protocol from MP3.com.
  • VxDs virtual device drivers
  • One of the countermeasures relates to an attacker executing a software debugger, such as Softlce from Numega Corporation, in order to inspect the processes of the audience management software while it is running, with a view to reverse-engineering its behavior in order to understand which parts of the code to modify.
  • a software debugger such as Softlce from Numega Corporation
  • Such an attack could be countered by including code in the audience management software to test for a running debugger and terminate execution if one is found.
  • code could be included which explicitly interfered with the operation of known debuggers, without explicitly detecting their operation. For instance, on an Intel x86 family microprocessor, code could be included that wrote specific binary patterns, known to deactivate hardware debug support features, into the CPU's debug registers. Even in the absence of such detection and termination, in order for a hacker to succeed in producing a redistributable crack, it would be necessary to modify executable code - and such modifications, once in place, would be detected by self-check
  • the audience management software described herein could include a data- driven inspection thread, which would periodically wake up, hash the code space of the various internal components of the audience management logic and supporting functions, and compare the values obtained to stored correct values .
  • a data- driven inspection thread which would periodically wake up, hash the code space of the various internal components of the audience management logic and supporting functions, and compare the values obtained to stored correct values .
  • such values could be used in implicit computations rather than being the subject of explicit comparison instructions. The objective of this is that there is no single place to attack code for fraudulent purposes.

Abstract

A method, device and computer readable medium for controlling the presentation of primary content (such as an e-mail message, web page, computer game or other executable program) is described such that secondary content, including advertising, is always presented to a user in the manner that is intended. An audience management system, through the use of audience management software and audience management metadata, ensures that it is not possible for a user to be presented with primary content without also being presented with secondary content as it was intended to be presented. The primary content is delivered to a user in encrypted form to prevent unauthorized access. The user is also provided with the secondary content, audience management metadata specifying rules for the presentation of the primary content and the secondary content at the user's computer, and audience management software that authenticates all the aforesaid components.

Description

SYSTEM AND METHOD FOR MANAGING DIGITAL CONTENT
FIELD OF THE INVENTION
The present invention relates to a system and method for managing digital content, and in particular to a system and method for controlling the presentation of digital content to a user.
BACKGROUND OF THE INVENTION
Over the past few years, personal computers and other digital computing devices have increasingly been used as a medium for the presentation to users of digital content, be it text, sound, still or moving images, or compilations of such works. The popularity of the Internet is due at least in part to its vast holdings of digital content, and its ability to delivery such content to users quickly and efficiently. Books, magazines, music, videos, software, and games (referred to as "primary content" herein) are all available for mass distribution to users in digital form, either by way of diskette, CD-ROM, Internet transmission, or other distribution channel.
Digital content is expensive to produce. One means that the producers of such content have to recoup their development and distribution costs is through the association of primary content with secondary content such as advertising. The expectation is that the revenues from advertising will recoup the costs of creating and distributing the primary content desired by users.
The association of secondary content with primary content can take on a number of forms, including the following: (i) the incorporation of advertising in the form of banner ads or otherwise, into World Wide Web (WWW) pages requested by a user; (ii) software applications, such as the Microsoft Outlook Express (when accessing Hotmail) and the Qualcomm Eudora e-mail programs, with built-in advertising capabilities; and (iii) a user agreeing to receive advertising in the form of e-mail as a condition for using an Internet service.
A major drawback of these forms of advertising is that the advertising is only loosely coupled, if it is coupled at all, to the primary content desired by the user.
Most WWW advertising originates from a handful of advertising servers and is transmitted to a user's Internet browser using the Hypertext Transfer Protocol (HTTP) . This fact, along with readily identifiable features of Web advertising, such as the use of standard sizes for advertisement graphic images (such as 468-by-60 pixels for most banner ads) makes it relatively simple for most advertising to be suppressed before it is displayed on a user's Internet browser. This can be accomplished using readily available filtering software, or by simply adjusting the Internet settings of the user's personal computer or Internet browser, or both.
An example of filtering software that accomplishes this task is Guidescope™. This software installs a proxy server on a personal computer that blocks the receipt of messages from known advertising servers. Another method of blocking advertising is to enter the address of the advertising server in the "hosts" file (in the "Windows" directory in the Microsoft Windows™ 95/98 operating system) and equating it to address 127._0.0.1.
Similarly, e-mail program filters can easily filter out advertising in e-mail messages. Most e-mail programs allow users to set up "Message Rules." These allow users to specify e-mail messages that are to be deleted without being read, based on their origin or specific terms in the title of the e-mail. Alternatively, e-mail messages can be deleted by a user before being read, or simply ignored altogether.
Accordingly, advertisers cannot be assured that their advertising is actually being presented to a user along with primary content, or whether a user is suppressing its appearance. Without such assurance, advertisers may be reluctant to pay maximum rates for the delivery of advertising to users. As a result, the association of advertising with primary content in the manner described above is not a very effective way of recovering the cost of developing and distributing primary content.
While there exist digital rights management systems that aim to control unauthorized copying and distribution of primary content, to date such systems have not been employed to assure that secondary content such as advertising is presented to users along with primary content and thus allowing for maximum revenue to be gained for the presentation of such secondary content. What is needed is a method and system that makes conspicuous, unavoidable presentation to users of secondary content along with primary content in the manner intended by the producer of the primary content . Digital rights management can be one component of this larger capability set, which is called "audience management" herein.
SUMMARY OF THE INVENTION
This invention relates to a method and system for controlling the presentation of primary content on a computing device (which can be a general-purpose personal computer, hand-held computer, or a specialized computing appliance, such as a games console or cellular phone Internet appliance) such that secondary content, including advertising, is always presented to a user in the manner that is intended for the presentation of said secondary content . This is accomplished through the use of an audience management system that monitors and controls all aspects of the user's interaction with the primary content and the secondary content. In accordance with the present invention, it is not possible for a user to be presented with primary content without also being presented with secondary content in the manner intended by the content distributor.
In accordance with the method and system of the present invention, a user acquires primary content and secondary content through the Internet, via CD-ROM, DVD or otherwise. The primary content is delivered to a user in encrypted form to prevent uncontrolled access thereto. The user is also provided with the secondary content, audience management metadata specifying rules for the presentation of the primary content and the secondary content at the user's computer, and audience management software that authenticates all the aforesaid components. The audience management metadata can be in any format, but it is anticipated that it will be based on an accepted industry standard such as extensible markup" language (XML) . The audience management software, in conjunction with the audience management metadata, ensures that the primary content and the secondary content are presented (i.e. displayed, heard, etc.) at the user's computer as they are intended by the content producer (s) to be presented. The exact method used by the audience management software to ensure that secondary content is displayed to the user as intended may vary in different embodiments, but the process will typically, but not necessarily, include encryption/decryption of the primary content and authentication of the secondary content and the audience management metadata. Decryption of the primary content with a public decryption key will produce a useable result only if the encrypted primary content is valid. Authentication of the secondary content and the audience management metadata can be accomplished through the use of a locally-computed digital signature which is compared to an expected value in order to detect any corruption of the components. Next, the audience management software ensures that both the primary content and the secondary content are displayed to the user as specified by the rules listed in the audience management metadata. It is therefore not possible for the user to be presented with the primary content without also being presented with the secondary content, as specified by the audience management metadata. It is not necessary for the primary content and the secondary content to be presented to a user on the same computing device.
Digital rights management may also form part of the feature set of the audience management software. Targeting of secondary content is also possible. Countermeasures against attacks by hackers to corrupt the primary content, secondary content and/or the audience management metadata are also described.
In accordance with an aspect of the present invention there is provided a method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software . The audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices . The method comprising the steps of: (i) encrypting primary content; (ii) rendering the secondary content authenticable; (iii) rendering the audience management metadata authenticable; and (iv) upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the computing devices in accordance with rules listed in the audience management metadata.
In accordance with another aspect of the present invention there is provided a method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software . The audience management metadata specifies rules for the presentation of the primary content and the secondary content at the computing devices. The method comprises the steps of: (i) receiving encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software; (ii) decrypting the encrypted primary content with a decryption key Kl; (iii) authenticating the authenticable secondary content, authenticable audience management metadata; and (iv) if the primary content, secondary content, the audience management metadata are valid, presenting the primary content and the secondary content at the computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
Other aspects and features of the present invention will become apparent to those of ordinary skill in the art, upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
BRIEF DESCRIPTION OF THE DRAWINGS
In figures which illustrate, by way of example only, embodiments of the present invention,
Figure 1 is a schematic diagram of a prior art computer network showing how primary content and secondary content are delivered via the Internet to a user;
Figure 2 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via the Internet in accordance with one embodiment of the present invention;
Figure 3 is an example of audience management metadata that specifies the relationship between primary content and secondary content;
Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM in accordance with a second embodiment of the present invention; and
Figure 5 is a flowchart illustrating the binding of secondary content to primary content through the use of a watermark in the secondary content that is used in the decryption of the primary content.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Figure 1 is a schematic diagram showing how primary content and secondary content such as advertisements are typically delivered to a user via the Internet . Components shown in dotted outline are optional. Client 102, which is a computer or other Internet capable device, operates an Internet web browser application such as Netscape Communicator or Internet Explorer to access web content stored on primary content server 122. To access such web content, a request specifying a Universal Resource Locator (URL) of such web content is generated by client 102 using the hypertext transfer protocol (HTTP) .
The response from primary content server 122 typically contains a description of the structure of the web page for display of the primary content, text information to be rendered on the web page, and additional links for graphics and multi-media to be rendered on the web page.
The response from primary content server 122 may or may not include associated secondary content (e.g. one or more advertisements) , either embedded directly into the forwarded web page or included in an accompanying pop-up window. If such secondary content is included, it is typically implemented by advertisement links that point to an advertisement server, such as secondary content server 125. Secondary content server 125 could be on-site or off-site with primary content server 122. Where secondary content server 125 is off-site, it may be operated by a third party different from the operator of primary content server 122, for example an advertising service provider such as the Doubleclick Corporation. The user's browser automatically retrieves the secondary content 106 and renders it on the user's Internet browser together with the primary content 104.
However, many users do not wish to be exposed to the secondary content, and it is technologically straightforward to add software to the system that "filters out" the secondary content. When a secondary content filter 110 is used, secondary content 106 may not be rendered with the primary content 104 on the user's Internet browser as intended. For illustration purposes only, secondary content filter 110 is shown exterior to client 102 though it is typically a software process executing on client 102 along with the user's browser. There are many kinds of secondary content filters known in the art, all of which are designed to suppress secondary content from being displayed on the user's Internet browser along with primary content. One example of secondary content filter 150 is a HTTP proxy server that monitors data flowing between the proxy server and the user's Internet browser to delete any unwanted WWW data stream such as an advertisement, a cookie and/or a popup window. When such a secondary content filter 110 is utilized, the user's browser may be configured by the user to show only primary content 104.
Figure 2 is a schematic diagram of a computer network showing how primary content and secondary content is delivered to a user via the Internet in accordance with one embodiment of the present invention. In Figure 2, client 102 can be a general-purpose personal computer, or a specialized computing appliance, such as a games console or an Internet appliance, or a terminal device for a wireless network.
Though the embodiment of the invention illustrated in Figure 2 includes the Internet as a means for distribution of primary content and secondary content, embodiments of the present invention can be distributed to users in a number of different ways, such as via CD-ROM, DVD, or by wireless or wireline networks other than the Internet such as a digital cellular telephone network (e.g. a 3G cellular telephone network) , or a combination of these or other distribution media. For example, an embodiment of the present invention utilizing CD-ROM as the distribution medium for primary content and secondary content is described by reference to Figure 4. The creation, distribution, activation, and refreshing of primary content and secondary content in accordance with the embodiment shown in Figure 2 is as follows.
The four basic components of the present invention are as follows: (i) primary content, which is desired by a user at client 102; (ii) secondary content, such as advertising, intended by a content distributor or producer to be presented with the primary content; (iii) audience management metadata that includes rules for the presentation of the primary content and the secondary content; and (iv) audience management software that controls the presentation (e.g. display, audio, etc.) of the primary content and the secondary content to the user as intended by the content distributor or producer.
In order to provide the integrity that is required to maintain a robust yet flexible relationship between the primary content and the secondary content, there must be at least some form of software protection applied to the primary content, the secondary content and the audience management metadata. In one embodiment, the primary content is encrypted, and the secondary content and audience management metadata are rendered authenticable by the use of embedded digital signatures. Optionally, the audience management software can be protected as well.
The specific methods by which this software protection is accomplished are largely immaterial to the invention. The methods described herein generally make use of established cryptographic techniques, since such techniques are generally the most powerful techniques in this domain. However, proprietary alternative implementations using ad-hoc techniques and/or unpublished cryptographic algorithms can accomplish most of the same objectives. In particular, there is no requirement that all of the components be protected in the same way. Indeed, different software protection schemes may be appropriate. For example, while the secondary content needs to be protected in as much as that only the specific secondary content is presented along with the primary content, there is generally no need to prevent the secondary content from being accessed separately from the primary content. While the present invention will ensure that the user is always presented with the correct secondary content along with primary content, there is no practical reason to prevent a user from being presented with the secondary content by itself apart from the primary content. For this reason, unlike the primary content, it is not necessary to fully encrypt the secondary content. Techniques such as digital signatures that limit use of the secondary content only within the audience management framework described in this disclosure give rise to sufficient protection.
There are a number of cryptographic algorithms that can be used to generate the digital signatures described herein. These algorithms make use of both a one-way hash function and an asymmetric encryption function. Suitable oneway hash functions include MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) . Other one-way hashing functions may also be employed. Such hash functions, also known as cryptographic hash functions, take a variable-length input and create a fixed-length output, known as a hash value, which is usually much shorter than the input. An example of a hash function is the Secure Hash Algorithm (SHA) . The SHA uses a series of iterative mathematical operations to create a 160-bit hash value from any input that is less than 264 (approximately l.δxlO19) bits in length. The SHA has the characteristics that it is computationally infeasible to recover the input from the hash value, and it is also infeasible to find two different inputs that hash to the same digital signature. A representative example of an equation using SHA is as follows: apply the one-way hash function "hf" to content "epc" producing a hash result "ecph", where ecph = hf (epc) .
A digital signature is obtained when the result of the hash function is put through a one-way encryption function, such as RSA, using a private key known only to the content producer or distributor. The result can be decrypted using a public key to yield the correct hash value for the data. An attacker who does not know the private key cannot generate a correctly encrypted version of the result of the hash function for false content.
The primary content, on the other hand, should never be capable of being presented to a user independent of the secondary content. The primary content will generally have a native format that is usable by many software applications, such as MPEG-4 video. Thus, a user can use a third-party multimedia software application in violation of any rules listed in the audience management metadata if the primary content is not encrypted. Therefore, primary content must be encrypted in its entirety so as to not be usable by applications other than prescribed by the audience management software and the audience management metadata as described herein.
Note that it is not necessary that the primary content and secondary content always be presented primarily on the same device at the same time. For example, if the primary content comprises stock quotations, a user might reasonably expect this content to be displayed on cellular phone 175, perhaps on an unsolicited real-time basis, using the Wireless Application Protocol (WAP) through wireless connection 176. However, a cellular phone using WAP is a very poor environment for the delivery of secondary content such advertising, so associated secondary content can be delivered to a more highly capable device operated by the user such as a personal computer or personal digital assistant . The secondary content can be presented at a different time than the primary content, e.g. when the user updates a list of stocks to be tracked. While this creates greater opportunity to view primary content in the absence of secondary content, at least for a period of time, such capability can be limited as desired by the content producer or distributor, and can make the secondary content more effective.
All of the above components could be stored at one server in a computer network before delivery to a user, though they could also be stored at any combination of separate servers such as primary content server 122, secondary content server 125, and audience management server 127. However, persons skilled in the art will appreciate that the packaging of the above four items can vary. For example, the primary content and audience management software could be distributed to a user on a CD-ROM, with the secondary content and audience management metadata delivered over the Internet. Alternatively, the entire package could be contained in one distribution medium, such as a CD-ROM (see the description of Figure 4) .
To activate, a user would typically click a hyperlink in a web page to initiate a download of the package of required components over the Internet. The user's download request is forwarded across 'network communication link 150, Internet 120 and network communication links 159, 160 and/or 161 to the one or more servers where the required components (i) - (iv) described above are located. For example, the user's download request could be forwarded to primary content server 122 where the primary content is stored. The user's download request may also be forwarded to secondary content server 125 where the secondary content is stored, and to audience management server 127 where the audience management metadata and the audience management software are stored. Retrieval of the above components could be implemented in a number of ways. For example, the initial data retrieved from primary content server 122 could include an active Web control that initiates download of the other components from the other servers to client 102.
As set out above, there are a number of ways to provide software protection in order to achieve the desired result of enforcing the presentation of the secondary content together with the primary content. The overall objective is to ensure that the primary content, the secondary content and the audience management metadata have not been tampered with by encrypting the primary content, and rendering the secondary content and the audience management metadata authenticable by one of the means described below.
One method of authentication (i.e. validating the integrity) of the components of the present invention to ensure that the primary content and the secondary content are presented as intended is as follows. Following the user's download request, client 102 is delivered the following four components: (i) a version of the primary content fully encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm; (ii) digitally signed but unencrypted secondary content; (iii) digitally signed but unencrypted audience management metadata; and (iv) unencrypted audience management software. Of course, other alternative data protection schemes could be employed to achieve the same desired result. In the case of fully encrypted primary content, the audience management software can authenticate the primary content in a number of ways. The most obvious means is via use of an asymmetric encryption algorithm such as RSA. In this case, since only the content producer or distributor possesses the private encryption key, only they can produce primary content that will decrypt correctly when the audience management software applies its corresponding public decryption key.
As another example, using the encrypted primary content as an input, the audience management software can calculate a digital signature using a one-way hashing function. This locally-computed cryptographic signature of the encrypted primary content can then be transmitted across communications link 158, through Internet 120 and communications link 159 to primary content server 122 where a pre-calculated digital signature of the encrypted primary content is stored. The primary content server 122 can then compare the locally-computed digital signature with the pre- calculated digital signature of the encrypted primary content. If the digital signatures match, primary content server 122 would then transmit an enabling message to the audience management software at client 102. Upon receipt of the enabling message, the audience management software would then decrypt the primary content using a public decryption key Kl that could be built-in to the audience management software, or alternatively could be retrieved from primary content server 122.
If the locally-computed digital signature" for the encrypted primary content does not match the pre-calculated digital signature stored at primary content server 122, the server could then retransmit an encrypted version of the primary content to client 102, and the validity check would be performed again. If there is still a mismatch, the audience management software could display an error message to the user and terminate.
Alternatively, the encrypted primary content could be authenticated locally, without the intervention of primary content server 122. This mode of local authentication, which involves the storing of an digital signature of the encrypted primary content within the encrypted primary content, is described below by reference to the authentication of the secondary content .
In the case of digitally signed but unencrypted secondary content, the audience management software can validate the secondary content through local verification of authentication data such as a digital signature. First, the audience management software would parse the secondary content and extract a digital signature embedded therein by the content producer, distributor or some third party. Second, the audience management software would decrypt the digital signature using a public decryption key K2 that could be built-in to the audience management software, or alternatively could be retrieved from secondary content server 125. This produces a hash result of the secondary content excluding the digital signature first retrieved by the audience management software. Using the secondary content (minus the digital signature) as an input, the audience management software would then perform its own independent calculation of the hash result which is then compared to the hash result retrieved from the secondary content. Only if the two hash values match would the secondary content be deemed valid. ' In the case of a mismatch, the audience management software would abort or, if network resources were available, attempt to retrieve an updated version of the secondary content from secondary content server 127 so that the above validity check can be performed again. Note that the use of public key K2 in the decryption of the digital signature ensures that an attacker cannot insert an incorrect digital signature and thus allow for a false positive validity check. This is because the attacker will not know the private key corresponding to public key K2 and so any data inserted by the attacker would be garbled once decrypted with public key K2. As well, the nature of a cryptographic one-way hashing function prevents an attacker from creating false secondary content that coincidentally produces the same hash result as the true secondary content .
Using public decryption key K3 , a similar procedure as described above for the secondary content can be used to verify the integrity of the audience management metadata. Of course, the procedure described above by reference to the authentication of the encrypted primary content can also be applied to the authentication of the secondary content and the audience management metadata.
There are many variations on these techniques known to those skilled in the art that can increase the level of protection beyond the level just described. For example, the secondary content and the audience management metadata in their entirety can be encrypted, so that they are not easily subject to any kind of inspection and modification such as by a text editor. Multiple levels of decryption with chains of keys from various sources can also be used. To protect against an attack that seeks to replace the public key with one that is pre-computed to match an attacker's private key, public decryption keys Kl, K2 and K3 can be used for multiple unrelated purposes by the audience management software. For example, they can be used to decrypt some of the audience management software itself, or to decrypt the primary content. In this way if an attacker modifies public keys Kl, K2 and K3 in an attempt to make false secondary content and/or audience management metadata pass validation, the attacker will find that the audience management software simply does not function as intended or at all. The audience management software may also perform integrity checks on itself to ensure that it has not been tampered with and that a software debugger is not in use.
Once the primary content, the secondary content and the audience management metadata are validated, the audience management software is then executed at client 102 with its behavior mediated by the audience management metadata.
Figure 3 is an example of audience management metadata that specifies the relationship between the primary content and the secondary content. In this example, the XML-based audience management metadata specifies that, to run successfully, the audience management software must be version 1.2 (or higher) . This is necessary to ensure that the audience management software is capable of supporting all of the features implicit in the audience management metadata. If the version of the audience management software is not version 1.2 or higher, the audience management software can retrieve a newer version automatically over the Internet.
In the example shown in Figure 3 , the audience management metadata then hierarchically describes one or more business campaigns each of which has one or more items of primary content and secondary content. In this example, business campaign "NetActive_publisherl" is described. The secondary content includes an item "af iliate_ad_l" that includes a graphic in the GIF format, 120 by 320 pixels in size, that is associated with the primary content item "rock__video_l" , and is always displayed, in the same screen window as the primary content, on all presentations of that primary content, before the primary content is displayed. It has an associated action, which is a standard click-through. Note that the audience management metadata set is defined first at the business level - designated a "campaign" here - and that any number of items of primary content and secondary content with arbitrary relationships between them, can be specified by such a structure.
As shown in the audience management metadata example in Figure 3, the primary content could include stock market quotations that are periodically updated. In this case, a parameter that uniquely identifies the user to the stock quote supplier is referenced in the audience management metadata and will be sent to the server (such as primary content server 122) storing the stock market quotations. In this case, the audience management metadata also provides for an audio advertisement (i.e. the secondary content) to be presented along with the stock quotes. The advertisement is in the MP3 audio format and is retrieved from a local file, which is updated on a hourly basis from a specified server path.
Note that since the user is unambiguously identified in this case, it is possible to associate more than one computing device with the user. It is therefore also possible to target the primary content and the secondary content to separate computing devices. For example, primary stock quotes can be presented at a WAP cellular phone, with the secondary content such as advertising being presented at a personal computer. This would be done only as allowed by the metadata. In this case the audience management software and audience management metadata are logically partitioned between both computing devices and a central server which knows the association of the computing devices with the user, as well as the user's primary content and secondary content status. Periodic communication between the computing device used for the presentation of secondary content and the central server would ensure that continued access to the primary content depended on regular exposure to the secondary content .
Network interactions to/from client 102 could also include information that is gathered about user behavior. For example, in a given campaign, a publisher could offer access to a certain class of primary content and secondary content only if the user agreed to allow the publisher to collect statistical data on the user's viewing habits. Even though both the primary content and secondary content might all be stored locally, the audience management software could gather information about when and how often the content is consumed, about which primary content items are most effective in triggering click-throughs on a given secondary- content advertisement, and so forth.
The example shown in Figure 3 is not intended to be limiting and many other approaches are possible. For example, a hierarchical set of audience management metadata files, as opposed to a single large file, would provide more flexibility for updating. Implicit in this particular example is that the rights to the primary content and secondary content are permanent as long as they are associated as specified. Other limitations on user rights, such as time limits, could also be reflected in the audience management metadata.
The audience management metadata may also specify rights that a user has to the use of the primary content, which may be independent of the secondary content . For example, a user may be allowed to use the primary content for a fixed period of time, pay to use the content for a longer period of time, or to purchase it outright. If a user does not have any rights to use the primary content, a digital rights management component of the audience management software will start an Internet browser session to allow the user to obtain permission to use the primary content.
The protection of overall system integrity, including secondary content, can be persistent in time. While the audience management software is running, an inspection thread periodically runs and scans the secondary content to determine its integrity.
The audience management software can initiate a connection to primary content server 122 and secondary content server 125 to periodically refresh the primary content, the secondary content and/or the audience management metadata. The audience management software itself can also be similarly updated. Validation checks as described above could then be performed on these refreshed components .
Figure 4 is a schematic diagram of a computer network showing how primary content and secondary content are delivered to a user via a CD-ROM 300 in accordance with a second embodiment of the present invention. The CD-ROM 300 is a computer readable medium that stores processor executable instructions.
In this example, a distributor of primary content and secondary content can create a package of processor executable instructions consisting of: (i) an encrypted version of the primary content 302 desired by the user; (ii) digitally signed but unencrypted secondary content 306 (such as advertising) desired by the content distributor to be presented with the primary content; (iii) digitally signed but unencrypted audience management metadata 304 that governs the relationship between the primary content and the secondary content; and (iv) audience management software 305 that controls the presentation of the primary content and the secondary content to the user as dictated by the audience management metadata. All of the above elements of a package are stored on CD-ROM 300.
To activate the package described above, a user would typically insert the CD-ROM 300 into client 102 which would then automatically execute the audience management software 305 with no user action required. The audience management software 305 would then perform integrity checks of at least the primary content, the secondary content and the audience management metadata similar to those performed in connection with Figure 2. This embodiment is designed to function without a requirement for an Internet connection. In this embodiment, the audience management software would therefore perform the necessary integrity checks by creating locally-generated hash values of the primary content and secondary content, as described previously, and comparing them with hash values contained in the digital signatures embedded in the primary content and secondary content .
However, the content distributor can specify, through the audience management metadata, whether an Internet connection to the audience management server 127 is desired, or required, in order for the user to view the primary content and secondary content . This gives the content distributor the flexibility to offer two-tier use of the primary content and the secondary content, i.e. if the user has an Internet connection, the primary content and/or secondary content can be refreshed and otherwise, only the primary content and the secondary content stored on CD-ROM 300 would be displayed to a user without any updating. If an Internet connection is" available", the necessary" integrity checks can be accomplished through use of Internet communications to primary content server 122, secondary content server 125 and audience management server 127 as described in the embodiment shown in Figure 2. In all embodiments of the present invention, digital rights management for the primary content may also form part of the feature set of the audience management software. For example, the audience management software can be used as an intermediary between client 102 and the primary content server 122 to negotiate arbitrary license terms with the user, display an End-User License Agreement (EULA) , confirm acceptance of that agreement, and automatically perform on-line registration of the primary content based on the specific license terms. The identity of the user could be verified by the primary content server 122 through use of a confirmation e-mail sent to an e-mail address or a smart card or an X.509 certificate. Subject to commercial and legal considerations, the primary content server 122 could offer different pricing and license terms, and possibly different executable versions of the primary content, to users in different countries, for example. Single use licenses for the primary content can also be negotiated with primary content server 122.
Audience management software can also have the ability to arrange for the targeting of secondary content. At a minimum, the choice of primary content itself provides very useful targeting information. For example a rock video with a 12-to-18-year old male demographic would be a good place to inject secondary content advertising skateboards - but not disposable diapers. Additional targeting could be based on one or more parameters that include behavior profiling parameters and/or registration-based targeting parameters. Behavior profiling parameters often, but not necessarily, relate to the use of cookies, which are small pieces of data sent by a web server and stored on a user's computer in association with a web browser so they can later be read back from that browser. Cookies are useful for having the browser remember some specific information about a user. Cookies can be used to build a profile of which web sites have been visited by a user and which advertisements have been selected by the user. This information can then be used to target secondary content to a user.
Registration-based targeting parameters target advertisements at users based on registration information inputted by a user. For example, a user who signs up for a particular online service may be first asked to provide a home address, and other information including income, profession, home ownership status, etc. before being allowed access to primary content . The operator of primary content server 122 can then use the registration information to tailor secondary content specifically to the interests of the user.
It may also be known that the user has accessed several other specific pieces of primary content . This knowledge could also be used to target secondary content at a user. For example, intermediary analysis by a collaborative filter could be performed before updating secondary content.
Note that the relationship between the primary content and the secondary content as set out in the audience management metadata does not have to be one-to-one. For example, secondary content may comprise an advertisement with an expiry date. After a period of time, secondary content server 125 could use digital rights management logic to determine that the particular secondary content had expired, and cause an on-line upgrade of the secondary content. Note that the audience management software stored on client 102 may have no knowledge of this. In such a case, it would simply performs on-line checks and upgrades as instructed by the audience management metadata and directives from one or more of the primary content server 122, secondary content server 125 and audience management server 127. It is also possible to include countermeasures against attack by hackers to prevent corruption of the primary content, the secondary content and/or the audience management metadata. For example, the design of the secondary content may also help to defeat any attempts at modifying it. The secondary content can contain parts of the primary content, so that the primary content is incomplete if the secondary content is tampered with. In this example, as illustrated in the flowchart of Figure 5, the secondary content contains a watermark that is an encrypted partial key for the primary content, which, through the use of asymmetric encryption, is extremely difficult to ascertain.
At step 510, the audience management software reads the secondary content. At step 520, the audience management software reads a digital watermark from the secondary content. At step 530, the audience management software decrypts the digital watermark using the public decryption key K2 to produce a partial primary content public decryption key K4. At step 540, the audience management software performs an exclusive OR (XOR) operation for this partial primary content public decryption key K4 and a stored public decryption key K5. The end result is the true primary content public decryption key Kl . At step 550, the audience management software decrypts the primary content using the true primary content public decryption key, and then proceeds to present the primary content in the normal manner under the control of the audience management metadata as described above. If at any time the secondary content has been tampered with or removed, the partial primary content decryption key will be incorrect, thereby denying access to the user.
Note that the above-described mechanism can be applied in a case where the secondary content watermark contained several decryption keys, e.g. different keys for different items of primary content. In the case of on-line delivery, such watermarks can be generated dynamically, so as to enable any item of secondary content to contain the relevant keys to allow for the presentation any item of primary content, without the requirement for pre-generating a large number of content/watermark pairs.
Other methods of attack, and relevant exemplary countermeasures, are explained below.
A hacker could replace components of the audience management software, such as Dynamic Link Libraries (DLLs) in a Microsoft Windows environment, with versions that are either non-operational stubs or that return false data. To guard against this, the components could be designed to return a result that was unpredictable, and required for subsequent execution. In this case, if fake stub components were injected, they would not return correct values, and subsequent execution would terminate. Alternatively, the original components could perform system-level functions essential to the audience management software - such as file input/output - in addition to their security functions so that, again, simply replacing them with modified versions would "break" the program.
There are many variations of these techniques that provide additional resistance to attack. For example, the audience management software could receive checksum data from one or more of the servers such as primary content server 122, secondary content server 125, and audience management server 127 and, without explicitly calculating its own version of the checksum, use the received checksum data as part of a self-inspecting calculation that would yield a "fail" result if any of the four components had been modified. As another example, one or more of the servers 122, 125, and 127 could subject the audience management software to a pseudo-random hashing inspection, where it could not be known in advance what parts of the program were to be hashed and thus the results could not be precompiled as part of an attack. Logic of this type is applied in the music domain, using the "beam-it" protocol from MP3.com.
Similarly, a hacker could replace other software components such as system drivers (e.g. virtual device drivers (VxDs) in the Microsoft Windows environment) with modified versions that return false data. This can be guarded against in a similar fashion as described above.
One of the countermeasures relates to an attacker executing a software debugger, such as Softlce from Numega Corporation, in order to inspect the processes of the audience management software while it is running, with a view to reverse-engineering its behavior in order to understand which parts of the code to modify. Such an attack could be countered by including code in the audience management software to test for a running debugger and terminate execution if one is found. Also, code could be included which explicitly interfered with the operation of known debuggers, without explicitly detecting their operation. For instance, on an Intel x86 family microprocessor, code could be included that wrote specific binary patterns, known to deactivate hardware debug support features, into the CPU's debug registers. Even in the absence of such detection and termination, in order for a hacker to succeed in producing a redistributable crack, it would be necessary to modify executable code - and such modifications, once in place, would be detected by self-check methods such as the following.
To monitor its own integrity, the audience management software described herein could include a data- driven inspection thread, which would periodically wake up, hash the code space of the various internal components of the audience management logic and supporting functions, and compare the values obtained to stored correct values . Alternatively, for additional attack resistance, such values could be used in implicit computations rather than being the subject of explicit comparison instructions. The objective of this is that there is no single place to attack code for fraudulent purposes.
The above description of a preferred embodiment should not be interpreted in any limiting manner since variations and refinements can be made without departing from the spirit of the invention. The scope of the invention is defined by the appended claims and their equivalents .

Claims

We Claim :
1. A method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the one or more computing devices, the method comprising the steps of:
encrypting primary content;
rendering the secondary content authenticable;
rendering the audience management metadata authenticable; and
upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the one or more computing devices in accordance with rules listed in the audience management metadata.
2. The method of claim 1 wherein the primary content is encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm.
3. The method of claim 1 wherein the step of rendering the secondary content authenticable comprises the steps of:
applying a one-way hash function "hf" to the secondary content "sc" producing a hash result "sch", where sch = hf (sc) ;
encrypting the hash result "sch" using an assymetric cryptographic key to obtain a digital signature; and adding the digital signature to the secondary content .
4. The method of claim 3, wherein the one-way hash function is any one of a Message Digest 5 (MD5) algorithm and a Secure Hash Algorithm (SHA) algorithm.
5. The method of claim 3 wherein the hash result "sch" is encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm.
6. The method of claim 1 wherein the step of rendering the audience management metadata authenticable comprises the steps of:
applying a one-way hash function "hf" to the audience management metadata "am" producing a hash result "amh", where amh = hf (am) ;
encrypting the hash result "amh" using an assymetric cryptographic key to obtain a digital signature; and
adding the digital signature to the audience management metadata.
7. The method of claim 6, wherein the one-way hash function is any one of a Message Digest 5 (MD5) algorithm and a Secure Hash Algorithm (SHA) algorithm.
8. The method of claim 6 wherein the hash result "amh" is encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal- algorithm.
9. The method of claim 1 wherein the one or more computing devices comprise any one of a personal computer, a games console, a hand-held computer or a cellular phone.
10. The method of claim 1 wherein the one or more computing devices comprises a first computing device and a second computing device, the primary content being presented primarily at the first computing device and the secondary content being presented primarily at the second computing device.
11. The method of claim 1 further including the steps of forwarding the encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software to the one or more computing devices .
12. A method of controlling the presentation of primary content and secondary content at one or more computing devices through the use of audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the one or more computing devices, the method comprising the steps of:
receiving encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software;
decrypting the encrypted primary content with a decryption key Kl;
authenticating the authenticable secondary content and the authenticable audience management metadata; and
if the primary content, secondary content, the audience management metadata are valid, presenting the primary content and the secondary content at the one or more computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
13. The method of claim 12 wherein at least one of the encrypted primary content, the authenticable secondary content, the authenticable audience management metadata and the audience management software are received over the Internet .
14. The method of claim 12 wherein at least one of the encrypted primary content, the authenticable secondary content, the authenticable audience management metadata and the audience management software are received from a CD-ROM.
15. The method of claim 12 wherein at least one of the encrypted primary content, the authenticable secondary content, the authenticable audience management metadata and the audience management software are received over a wireless network.
16. The method of claim 15 wherein the wireless network is a digital cellular telephone network.
17. The method of claim 12 wherein the primary content is encrypted using any one of an RSA algorithm, a Rabin algorithm and an ElGamal algorithm.
18. The method of claim 12 wherein the step of decrypting the encrypted primary content includes the steps of:
reading a digital watermark embedded in the authenticable secondary content;
using a public decryption key K2 to decrypt said digital watermark to produce a partial primary content decryption key K4 ;
performing a binary-logic operation using the data decrypted from the digital watermark and a stored public decryption key K5 to produce decryption key Kl; using decryption key Kl to decrypt the encrypted primary content .
19. The method of claim 18 wherein the binary-logic operation is the XOR operation.
20. The method of claim 18 wherein the digital watermark embedded in the authenticable secondary content contains multiple partial decryption keys.
21. The method of claim 18 wherein the digital watermark, prior to being embedded in the authenticable secondary content, is created on demand.
22. The method of claim 12 wherein the step of authenticating the authenticable secondary content comprises the steps of:
receiving a digital signature for said authenticable secondary content;
decrypting said digital signature with a public decryption key K2 to yield a first cryptographic hash value for said secondary content;
calculating a second cryptographic hash value for said secondary content; and
comparing said first cryptographic hash value to said second cryptographic hash value; and
if said first cryptographic hash value matches said second cryptographic hash value, then validating said authenticable secondary content.
23. The method of claim 12 wherein the step of authenticating the authenticable audience management metadata comprises the steps of: receiving a digital signature for said authenticable audience management metadata;
decrypting said digital signature with a public decryption key K3 to yield a first cryptographic hash value for said audience management metadata;
calculating a second cryptographic hash value for said audience management metadata; and
comparing said first cryptographic hash value to said second cryptographic hash value; and
if said first cryptographic hash value matches said second cryptographic hash value, then validating said authenticable audience management metadata.
24. The method of claim 12 further comprising the steps of:
if the encrypted primary content is not valid, deleting the encrypted primary content;
receiving refreshed encrypted primary content;
decrypting the refreshed encrypted primary content with a public decryption key Kl;
if the authenticable secondary content and the authenticable audience management metadata are valid, presenting the decrypted refreshed primary content and the secondary content at the one or more computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
25. The method of claim 12 further including the steps of: associating the encrypted primary content with a demographic category; and
selecting authenticable secondary content based on the demographic category.
26. The method of claim 12 further comprising the steps of:
waiting a pre-determined period of time;
deleting the authenticable secondary content;
receiving refreshed authenticable secondary content;
authenticating the refreshed authenticable secondary content; and
if the refreshed authenticable secondary content is valid, presenting the decrypted primary content and the refreshed secondary content at the one or more computing devices under the control of the audience management software and in accordance with rules listed in the audience management metadata.
27. The method of claim 26 wherein the pre-determined period of time is listed in the audience management metadata.
28. The method of claim 26 further including the steps of:
receiving behavior profiling parameters;
selecting refreshed authenticable secondary content based on the behavior profiling parameters; and
forwarding the refreshed authenticable secondary content .
29. The method of claim 26 further including the steps of:
receiving registration-based targeting parameters from a user;
selecting refreshed authenticable secondary content based on one or more of the registration-based targeting parameters;
forwarding the refreshed authenticable secondary content .
30. The method of claim 12 further including the step of verifying the identity of a user at the computing device.
31. The method of claim 12 further including the steps of:
presenting the terms of an End User License Agreement to a user at the computing device;
confirming acceptance of the terms of the End User License Agreement ;
ceasing the presentation of the decrypted primary content and the secondary content at the one or more computing devices if the terms of the End User License Agreement are not complied with.
32. The method of claim 12 wherein the one or more computing devices comprise any one of a personal computer, a games console, a hand-held computer or a cellular phone.
33. The method of claim 12 wherein the one or more computing devices comprises a first computing device and a second computing device, the primary content being presented at only the first computing device and the secondary content being presented at only the second computing device.
34. A computer for use in controlling the presentation of primary content and secondary content at one or more client computing devices through the use of audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the one or more client computing devices, the computer comprising memory and a processor and being adapted to:
encrypt primary content;
render the secondary content authenticable;
render the audience management metadata authenticable ;
wherein upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the one or more client computing devices in accordance with rules listed in the audience management metadata.
35. Computer readable medium storing processor executable instructions for use in controlling the presentation of primary content and secondary content at one or more client computing devices through the use of audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the client computing device, the processor -executable instructions when loaded at a computer adapt said computer to :
encrypt primary content ; render the secondary content authenticable;
render the audience management metadata authenticable ;
wherein upon the decryption of the primary content and the authentication of the secondary content and the audience management metadata, the audience management software presenting the primary content and the secondary content at the one or more client computing devices in accordance with rules listed in the audience management metadata.
36. A computing device comprising memory and a processor, the computing device adapted to:
receive encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the computing device,
decrypt the encrypted primary content with a decryption key Kl;
authenticate the authenticable secondary content, authenticable audience management metadata; and
if the primary content, secondary content, the audience management metadata are valid, present the primary content and the secondary content under the control of the audience management software and in accordance with rules listed in the audience management metadata.
37. Computer readable medium storing processor executable instructions for use in controlling the presentation of primary content and secondary content at a computing device through the use of audience management metadata and audience management software, the audience management metadata specifying rules for the presentation of the primary content and the secondary content at the computing device, the processor executable instructions when loaded at the computing device adapt said computing device to:
receive encrypted primary content, authenticable secondary content, authenticable audience management metadata and audience management software;
decrypt the encrypted primary content with a decryption key Kl;
authenticate the authenticable secondary content, authenticable audience management metadata; and
if the primary content, secondary content, the audience management metadata are valid, present the primary content and the secondary content at the computing device under the control of the audience management software and in accordance with rules listed in the audience management metadata.
PCT/CA2001/001514 2000-10-26 2001-10-26 System and method for managing digital content WO2002035324A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002213711A AU2002213711A1 (en) 2000-10-26 2001-10-26 System and method for managing digital content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US69629500A 2000-10-26 2000-10-26
CA09/696,295 2000-10-26

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/425,989 Continuation US7636459B2 (en) 2000-10-31 2003-04-30 High precision modeling of a body part using a 3D imaging system

Publications (2)

Publication Number Publication Date
WO2002035324A2 true WO2002035324A2 (en) 2002-05-02
WO2002035324A3 WO2002035324A3 (en) 2003-04-10

Family

ID=24796475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2001/001514 WO2002035324A2 (en) 2000-10-26 2001-10-26 System and method for managing digital content

Country Status (2)

Country Link
AU (1) AU2002213711A1 (en)
WO (1) WO2002035324A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005119537A1 (en) * 2004-05-25 2005-12-15 Lassad Toumi Method for downloading with an advertising insert and specific player
WO2006010950A2 (en) * 2004-07-29 2006-02-02 Radioscape Limited A method of storing and playing back digital media content
GB2445627A (en) * 2007-04-24 2008-07-16 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
GB2448792A (en) * 2007-04-24 2008-10-29 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
GB2451346A (en) * 2007-07-24 2009-01-28 Discretix Technologies Ltd Digital rights management (DRM) with forced presentation of advertisements
US7725876B2 (en) 2004-06-07 2010-05-25 Ntt Docomo, Inc. Original contents creation apparatus, derived contents creation apparatus, derived contents using apparatus, original contents creation method, derived contents creation method, and derived contents using method and verification method
US20100312771A1 (en) * 2005-04-25 2010-12-09 Microsoft Corporation Associating Information With An Electronic Document
US7920845B2 (en) 2003-09-11 2011-04-05 Cvon Innovations Limited Method and system for distributing data to mobile devices
FR2981182A1 (en) * 2011-10-10 2013-04-12 France Telecom Method for controlling access to quantified data contents in e.g. digital TV, involves receiving access criterion for data, verifying access criterion with verification module, and transmitting result of verification to security module
US8595851B2 (en) 2007-05-22 2013-11-26 Apple Inc. Message delivery management method and system
US8671000B2 (en) 2007-04-24 2014-03-11 Apple Inc. Method and arrangement for providing content to multimedia devices
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2435565B (en) 2006-08-09 2008-02-20 Cvon Services Oy Messaging system
US9367847B2 (en) 2010-05-28 2016-06-14 Apple Inc. Presenting content packages based on audience retargeting

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5995625A (en) * 1997-03-24 1999-11-30 Certco, Llc Electronic cryptographic packing
EP0999488A2 (en) * 1998-10-23 2000-05-10 Xerox Corporation Self-protecting documents
US6138119A (en) * 1997-02-25 2000-10-24 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6138119A (en) * 1997-02-25 2000-10-24 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
US5995625A (en) * 1997-03-24 1999-11-30 Certco, Llc Electronic cryptographic packing
EP0999488A2 (en) * 1998-10-23 2000-05-10 Xerox Corporation Self-protecting documents

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MARC A KAPLAN: "IBM Cryptolopes, SuperDistribution and Digital Rights Management" IBM RESEARCH, 30 December 1996 (1996-12-30), XP002132994 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8099079B2 (en) 2003-09-11 2012-01-17 Apple Inc. Method and system for distributing data to mobile devices
US8781449B2 (en) 2003-09-11 2014-07-15 Apple Inc. Method and system for distributing data to mobile devices
US8280416B2 (en) 2003-09-11 2012-10-02 Apple Inc. Method and system for distributing data to mobile devices
US7920845B2 (en) 2003-09-11 2011-04-05 Cvon Innovations Limited Method and system for distributing data to mobile devices
WO2005119537A1 (en) * 2004-05-25 2005-12-15 Lassad Toumi Method for downloading with an advertising insert and specific player
US7725876B2 (en) 2004-06-07 2010-05-25 Ntt Docomo, Inc. Original contents creation apparatus, derived contents creation apparatus, derived contents using apparatus, original contents creation method, derived contents creation method, and derived contents using method and verification method
WO2006010950A2 (en) * 2004-07-29 2006-02-02 Radioscape Limited A method of storing and playing back digital media content
WO2006010950A3 (en) * 2004-07-29 2006-04-27 Radioscape Ltd A method of storing and playing back digital media content
US20100312771A1 (en) * 2005-04-25 2010-12-09 Microsoft Corporation Associating Information With An Electronic Document
GB2448792A (en) * 2007-04-24 2008-10-29 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
US8671000B2 (en) 2007-04-24 2014-03-11 Apple Inc. Method and arrangement for providing content to multimedia devices
GB2445627A (en) * 2007-04-24 2008-07-16 Cvon Innovations Ltd Method and arrangement for providing content to multimedia devices
US8595851B2 (en) 2007-05-22 2013-11-26 Apple Inc. Message delivery management method and system
US8935718B2 (en) 2007-05-22 2015-01-13 Apple Inc. Advertising management method and system
US8201260B2 (en) 2007-07-24 2012-06-12 Discretix Technologies Ltd. Device, system, and method of digital rights management utilizing supplemental content
GB2451346A (en) * 2007-07-24 2009-01-28 Discretix Technologies Ltd Digital rights management (DRM) with forced presentation of advertisements
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information
FR2981182A1 (en) * 2011-10-10 2013-04-12 France Telecom Method for controlling access to quantified data contents in e.g. digital TV, involves receiving access criterion for data, verifying access criterion with verification module, and transmitting result of verification to security module

Also Published As

Publication number Publication date
WO2002035324A3 (en) 2003-04-10
AU2002213711A1 (en) 2002-05-06

Similar Documents

Publication Publication Date Title
AU2006252994B2 (en) Advertising in application programs
US6108420A (en) Method and system for networked installation of uniquely customized, authenticable, and traceable software application
US8327453B2 (en) Method and apparatus for protecting information and privacy
US20020053024A1 (en) Encrypted program distribution system using computer network
US20020095579A1 (en) Digital data authentication method
US20120036565A1 (en) Personal data protection suite
US20080133928A1 (en) A computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
US20110060688A1 (en) Apparatus and methods for the distribution of digital files
WO2002035324A2 (en) System and method for managing digital content
US8892894B2 (en) Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
US10756898B2 (en) Content delivery verification
EP3005207B1 (en) Digital content execution control mechanism
JP4972208B2 (en) Computer-implemented method and system enabling out-of-band tracking of digital distribution
KR101085365B1 (en) A computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
JP7250112B2 (en) Using crowdsourcing to combat disinformation
JP7098065B1 (en) Preventing data manipulation and protecting user privacy in telecommunications network measurements
CN116348874A (en) Security attribution using authentication tokens
JP2012142022A (en) Method and system to enable out-of-band tracking of digital distribution and to be performed by computer
Hiroshi HOSHINO 204 E-business: Key Issues, Applications and Technologies B. Stanford-Smith and PT Kidd (Eds.) IOS Press, 2000

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10425989

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC EPO FORM 1205A DATED 03.09.03

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP