Patexia seeks prior art for US Patent 7,079,649 (US ‘649) which allegedly describes a method of implementing a digital rights management system (DRM) by cryptographically protecting desired data through a server-client relationship facilitated over the Internet, and restricting copy and save functions at the client as to that data.

With the advent of broadband internet, it has never been easier to distribute creative content to an artist’s fans (and future fans) wherever they might be. However, because digital content is easily copied and transferred, the old content assumptions (where copyright protection was designed to protect against physically copying and financially benefiting from someone else’s work) no longer apply.

Digital rights management was developed as a way of ensuring that content creators are protected from those who might exploit their digital content. The main challenge of DRM is to balance between making sure that illegitimate users cannot steal digital content, while not impeding legitimate users and still making it easy to distribute content to future fans.

The patent in this Contest allegedly implements a DRM system by cryptographically securing data on a server, distributing a program to run on a client computer to decrypt the content, and restricting the client’s ability to copy or save the decrypted data.

The patent describes this DRM system as:

• encrypting data in a cryptographic scheme
• generating a program on the server that will facilitate this DRM system
• when the client wants to access the protected content, downloading the program onto the client
• once installed, using the program to request from the server the cryptographically protected data
• downloading the protected data
• once the program is fully running and the download is complete, using the program to decrypt the data
• restricting or outright preventing the client computer’s ability to copy or save the decrypted data

Additionally, the patent describes an authentication method where:

• the server and the client both independently store a cryptographic key and a unique identifier for the client
• when the server needs to authenticate the client, the server sends a request to the client
• in response, the client prepares a signed hash created from the cryptographic key and the unique identifier, and send the signed hash back to the server
• meanwhile, the server independently creates a signed hash from its version of the cryptographic key and a unique identifier for the client
• to authenticate the client, the server compares the received signed hash with the signed hash it created
• if the hashes match, the server has authenticated the client and it will use the cryptographic key to encrypt the data and transmit it to the client
• if the hashes do not match, the server knows the client is not authenticated and does not have permission to access the client

Finally, the patent describes a process of steganographically marking the data as protected; steganography being a method of encrypting data in plain sight so that the encryption would not be obvious to a typical observer.

Figure 3. A basic overview of the server-client relationship.