Patexia Contest




Patexia seeks prior art for US Patent 7,079,649 (US ‘649) which allegedly describes a method of implementing a digital rights management system (DRM) by cryptographically protecting desired data through a server-client relationship facilitated over the Internet, and restricting copy and save functions at the client as to that data.

With the advent of broadband internet, it has never been easier to distribute creative content to an artist’s fans (and future fans) wherever they might be. However, because digital content is easily copied and transferred, the old content assumptions (where copyright protection was designed to protect against physically copying and financially benefiting from someone else’s work) no longer apply.

Digital rights management was developed as a way of ensuring that content creators are protected from those who might exploit their digital content. The main challenge of DRM is to balance between making sure that illegitimate users cannot steal digital content, while not impeding legitimate users and still making it easy to distribute content to future fans.

The patent in this Contest allegedly implements a DRM system by cryptographically securing data on a server, distributing a program to run on a client computer to decrypt the content, and restricting the client’s ability to copy or save the decrypted data.

The patent describes this DRM system as:

  • encrypting data in a cryptographic scheme
  • generating a program on the server that will facilitate this DRM system
  • when the client wants to access the protected content, downloading the program onto the client
  • once installed, using the program to request from the server the cryptographically protected data
  • downloading the protected data
  • once the program is fully running and the download is complete, using the program to decrypt the data
  • restricting or outright preventing the client computer’s ability to copy or save the decrypted data

Additionally, the patent describes an authentication method where:

  • the server and the client both independently store a cryptographic key and a unique identifier for the client
  • when the server needs to authenticate the client, the server sends a request to the client
  • in response, the client prepares a signed hash created from the cryptographic key and the unique identifier, and send the signed hash back to the server
  • meanwhile, the server independently creates a signed hash from its version of the cryptographic key and a unique identifier for the client
  • to authenticate the client, the server compares the received signed hash with the signed hash it created
  • if the hashes match, the server has authenticated the client and it will use the cryptographic key to encrypt the data and transmit it to the client
  • if the hashes do not match, the server knows the client is not authenticated and does not have permission to access the client

Finally, the patent describes a process of steganographically marking the data as protected; steganography being a method of encrypting data in plain sight so that the encryption would not be obvious to a typical observer.

Figure 3. A basic overview of the server-client relationship.

Have a question about this contest? Ask a Question


1Was the reference filed or published before March 27th, 1997? T/F
2Does the reference describe a method of controlling access at a client to data downloaded from a web server? 5
3Is the data’s access controlled through a cryptographic protection scheme? 5
4In order to access this cryptographically protected data, does the client download and use a program that was created at the same server the data is stored on? 10
5Does this program then send request to and download the cryptographically protected data from the server? 10
6After the data has finished downloading, does the program use a cryptographic key to decrypt the data? 10
7Does the program also restrict or prohibit the client’s ability to copy or save the decrypted data? 15
8In order to strengthen the cryptographic protection scheme, do both the server and client independently store a cryptographic key and a unique identifier for the client? 15
9When preparing to send the data, does the server send a request to the client and receive in response a signed hash that was created as a function of the cryptographic key and unique identifier? 5
10Does the server also independently create a signed hash from its stored cryptographic key and unique identifier for the client? 5
11Does the server compare the received hash from the client and the server created hash to authenticate the client and use the newly authenticated cryptographic key to encrypt the data to send to the client? 15
12Does the server also use a steganographic method to mark the data as protected? 5

Additional Notes

Prior Art Search

This is a Prior Art Search contest aimed at determining if a patent idea was known and publicly available before a patent was filed.

This contest will close on Sunday, August 17th, 2014 at 11:59 PM PST.

Please review the Contest Rules. For more information on how to submit to this Contest type, please read the Intro to Prior Art Search page.

Please review the full list of known references.