Secure 3D printing
11263296 · 2022-03-01
Assignee
Inventors
Cpc classification
G06F2221/2143
PHYSICS
G05B19/4099
PHYSICS
G06F21/10
PHYSICS
B33Y30/00
PERFORMING OPERATIONS; TRANSPORTING
G05B2219/36542
PHYSICS
B33Y50/02
PERFORMING OPERATIONS; TRANSPORTING
G05B2219/35533
PHYSICS
B29C64/393
PERFORMING OPERATIONS; TRANSPORTING
G06Q30/0641
PHYSICS
G06F21/14
PHYSICS
International classification
B33Y50/02
PERFORMING OPERATIONS; TRANSPORTING
B33Y30/00
PERFORMING OPERATIONS; TRANSPORTING
G06F21/14
PHYSICS
B29C64/393
PERFORMING OPERATIONS; TRANSPORTING
Abstract
A computer-implemented method for controlling reproduction of an item represented by a digital asset stored in a trusted computing environment using a reproduction device in an untrusted computing environment, in which a succession of data seg¬ments is transmitted from the trusted computing environment to the untrusted computing environment, the succession of data segments comprising segments of reproduction data, each of which includes at least one instruction for controlling the reproduction device to reproduce a portion of the item, and at least one segment of obfuscation data which has a structure identical the reproduction data but is incapable of controlling the reproduction device to reproduce a portion of the item, the method comprising: a) determining whether the next segment of data in the succession should be a segment of reproduction data or a segment of obfuscation data; b) where the next segment of data should be a segment of reproduction data, selecting and extracting an unprocessed segment of data from the digital asset to form the next segment of data; c) where the next segment of data should be a segment of obfuscation data, providing a segment of obfuscation data to form the next segment of data; d) generating a unique encryption key and encrypting the next segment of data using the unique encryption key; e) transmitting the encrypted next segment of data from the trusted computing environment; f) decrypting the encrypted next segment of data received at the untrusted computing environment; g) attempting to control the reproduction device using the decrypted data segment such that where the next segment of data is reproduction data, the reproduction device reproduces the portion of the item at the untrusted computing environment in accordance with the instructions included with the data segment, and where the next segment of data is obfuscation data, the reproduction device is unresponsive; and h) iterating steps (a) to (g) until the entire digital asset, or a desired portion of it, has been processed.
Claims
1. A computer-implemented method for controlling reproduction of an item represented by a digital asset stored in a trusted computing environment using a reproduction device associated with an untrusted computing environment, in which a succession of data segments is transmitted from the trusted computing environment to the untrusted computing environment, the succession of data segments comprising segments of reproduction data, including at least one instruction for controlling the reproduction device to reproduce a portion of the item corresponding to a segment of the reproduction data, and at least one segment of obfuscation data, which has a structure identical to the reproduction data but is incapable of controlling the reproduction device to reproduce a portion of the item, the method comprising: a) determining, at the trusted computing environment, whether a next segment of data in the succession of data segments should be a segment of reproduction data or a segment of obfuscation data; b) when it is determined the next segment of data should be a segment of reproduction data, selecting and extracting, at the trusted computing environment, an unprocessed segment of data from the digital asset as the next segment of data; c) when it is determined the next segment of data should be a segment of obfuscation data, obtaining, at the trusted computing environment, a segment of obfuscation data as the next segment of data; d) generating, at the trusted computing environment, a unique encryption key and encrypting, at the trusted computing environment, the next segment of data using the unique encryption key; e) transmitting the encrypted next segment of data from the trusted computing environment to the untrusted computing environment; f) decrypting, upon receipt at the untrusted computing environment, the encrypted next segment of data; g) controlling, at the untrusted computing environment, the reproduction device by, when the next segment of data is reproduction data, instructing the reproduction device associated with the untrusted computing environment to reproduce the portion of the item in accordance with the at least one instruction included with the data segment, the at least one instruction being a computer numerical control, and when the next segment of data is obfuscation data, instructing the reproduction device to standby; and h) iterating steps (a) to (g) until an entirety of the digital asset, or a desired portion of the digital asset, has been processed.
2. A computer-implemented method according to claim 1, wherein the reproduction device is a three-dimensional printer.
3. A computer-implemented method according to claim 1, wherein the digital asset is a file containing two-dimensional data instructions in a computer numerical control programming language.
4. A computer-implemented method according to claim 1, wherein step (c) comprises obtaining the obfuscation data by extracting the obfuscation data from a pre-populated database.
5. A computer-implemented method according to claim 1, wherein step (c) comprises obtaining the obfuscation data by generating the obfuscation data in accordance with a set of rules.
6. A computer-implemented method according to claim 1, wherein step (g) includes verifying completion of the reproduction of the portion of the item without error by receiving, at the trusted computing environment and from the untrusted computing environment, a notification of successful reproduction.
7. A computer-implemented method according to claim 1, wherein the data decrypted in step (f) are stored in protected memory at the untrusted computing environment.
8. A computer-implemented method according to claim 7, wherein the data stored in protected memory are erased after step (g) has been completed.
9. A computer-implemented method according to claim 1, wherein step (e) comprises transmitting the encrypted segment of data from the trusted computing environment to the untrusted computing environment via an intermediate server.
10. A computer-implemented method according to claim 9, wherein the unique encryption key is generated by the intermediate server and transmitted to a digital asset storage server on which the digital asset is stored in the trusted computing environment.
11. A computer-implemented method according to claim 1, wherein the next segment of reproduction data selected in step (a) is contiguous with already-processed segments of data in the digital asset, when iterating steps (a) to (g).
12. A computer-implemented method according to claim 1, wherein the location of the segment of reproduction data selected in step (a) and the location of the next segment of reproduction data selected in step (a) within the digital asset are random, when iterating steps (a) to (g).
13. A computer-implemented method according to claim 1, further comprising translating a source data structure in a first format into the digital asset.
14. A computer-implemented method according to claim 1, wherein the method is initiated by selection and/or purchase of the item from an online source.
15. A computer-implemented method according to claim 1, wherein firmware is provided on the reproduction device, such that the data segment is decrypted at the reproduction device.
16. A computer-implemented method for reproducing an item represented by a digital asset stored in a trusted computing environment using a reproduction device associated with an untrusted computing environment, in which a succession of data segments is transmitted from the trusted computing environment to the untrusted computing environment, the succession of data segments comprising segments of reproduction data, including at least one instruction for controlling the reproduction device to reproduce a portion of the item corresponding to a segment of the reproduction data, and at least one segment of obfuscation data which has a structure identical to the reproduction data but is incapable of controlling the reproduction device to reproduce a portion of the item, the method comprising: (a) receiving, at the untrusted computing environment and as an encrypted segment of data, either reproduction data extracted from the digital asset at the trusted computing environment or obfuscation data; (b) decrypting, at the untrusted computing environment, the received encrypted segment of data, the decrypted encrypted segment of data being a data segment; (c) controlling, at the untrusted computing environment, the reproduction device by, when the data segment is reproduction data, instructing the reproduction device associated with the untrusted computing environment to reproduce the portion of the item in accordance with the at least one instruction included with the data segment, the at least one instruction being a computer numerical control, and when the data segment is obfuscation data, instructing the reproduction device to standby; and (d) iterating steps (a) to (c) until an entirety of the digital asset, or a desired portion of the digital asset, has been reproduced.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) In order that the present invention may be more readily understood, embodiments thereof will now be described, by way of example, with reference to the accompanying drawings, in which:
(2)
(3)
(4)
DETAILED DESCRIPTION
(5) A computer system suitable for implementing the invention is shown in
(6) Together, the servers and other hardware depicted in
(7) The digital asset storage server 1 and digital asset storage space 7 are situated within a trusted computing environment. They are connected to the Internet 2 via a firewall 3 to prevent unpermitted, third party access to data within the trusted computing environment. The owner of intel lectual property in digital assets stored on the digital asset storage space 7 can trust that no unpermitted copying of digital assets or transfer of digital assets beyond the firewall 3 can occur; the trusted computing environment is defined thus from the viewpoint of the owner of the intellectual property in the digital assets. The personal computer 5 is within the untrusted computing environment. Although the digital asset storage server 1 may be hosted in a cloud computing environment (such as Amazon Web Services ECC, or Microsoft Azure, for example), many users (i.e. the owners of the intellectual property in the digital assets) will prefer to retain physical control of the server in their own premises for utmost security.
(8) The stream management server 4 is provided by a supplier of a service for implementing the method of the invention. Its functionality will be explained below. It may be hosted in a cloud computing environment (such as Amazon Web Services ECC, or Microsoft Azure, for example).
(9) The e-commerce server 6 will typically be provided by another party than the owners of the intellectual property in digital assets and the supplier of stream management server 4. Its purpose is to enable end users to view items available for reproduction using the method described herein, to enable the purchase of the rights to reproduce the items and to take payment for such purchases over the Internet 2.
(10) The personal computer 5 is just a conventional personal computer owned by an end user. It may be a desktop computer (as shown) or a tablet or mobile phone or any other computing device capable of accessing the Internet 2 and communicating with the 3D printer 9.
(11) Although not shown in
(12) The example shown in
(13) Another possibility is where the digital asset is a 3D computer model of a spare part (such as a spare part for a car or domestic appliance, for example) and the reproduction device could be a CNC machine tool, such as a mill or lathe. In this case, the reproduction facility would usually be in a commercial or industrial facility rather than a domestic environment.
(14) The process by which the system depicted in
(15) In
(16) A standalone process is run on the digital asset storage server 1 to import digital assets into the digital asset storage space 7. In this process, a user uploads or imports one or more source data files in step 20. In this example, the items represented by the digital assets are models for reproduction using a 3D printer. The source data files are therefore typically CAD files or STL files or similar files that can be used to represent a 3D object. The source data files are converted into digital assets, for example, in G-code or FLP format (which represents the 3D object as a number of 2D slices and contains instructions for controlling a 3D printer to reproduce each slice) in step 21 and then stored in the digital asset storage space 7. If the source data files are already in G-code format, no conversion is necessary and the uploaded or imported G-code files may be directly stored in the digital asset storage space 7.
(17) Once the digital asset or digital assets have been stored in the digital asset storage space 7, they are published on the e-commerce server 6 in step 22. This will make the item represented by the digital asset available on a webpage for selection and purchase by an end user. In addition, various metadata relating to the item and digital asset that represents it may be made available to the stream management server 4 for storage in the stream management data base 8. These metadata may include details of the materials and the quantities of materials required to reproduce the item, for example, so that the stream management server 4 is able to verify that an end user's equipment is capable of reproducing the item.
(18) The stream management database 8 may also store account profiles for the owner of the digital assets stored on digital asset storage server 1 and the end user. It may also store metadata relating to the end user's 3D printer (for use in verifying its capabilities as described above) and it may store statistics relating to printing by end users and their payment history as well as printing tokens issued to end users, the purpose of which will be explained later.
(19) To reproduce an item that an end user has seen on the e-commerce website provided by e-commerce server 6, for example by browsing on the website using personal computer 5, the end user has to select the item from the website and usually pay a fee. The e-commerce server 6 handles the transaction and notifies the stream management server 4 of the transaction in step 23 which then proceeds to carry out the processing necessary to reproduce the item purchased at the end user's 3D printer 9.
(20) In response to the confirmation of the transaction received in step 23, the stream management server generates a print token in step 24 and sends it to the end user's personal computer 5. The print token is a unique data token that is associated with the transaction and with the end user's profile in stream management data base 8. The end user's personal computer 5 receives the print token in step 25.
(21) Once the 3D printer 9 has been initialised and is online and ready for printing, the end user's personal computer 5 sends a request to process the token in step 26 to the stream management server 4. In step 27, the stream management server 4 checks the request against the details stored in the stream management database 8. In particular, it ensures that the details of the token included in the request sent in step 26 match those of the token stored in the stream management database 8 and associated with the profile of the end user who owns personal computer 5. The issue of the token and waiting for receipt of a request relating to process the token before carrying on processing as described ensures that the end user's personal computer 5 and 3D printer 9 are available for printing before any data relating to the digital asset representing the item are transmitted from the digital asset storage server 1.
(22) Once the details of the request received in step 27 have been verified to relate to a valid token, the stream management server 4 generates a key pair in step 28. An encryption key is sent to the digital asset storage server 1 along with a request for the next (at present, the first) segment of data from the digital asset representing the item to be reproduced. A decryption key corresponding to the encryption key is sent to the end user's personal computer 5 and received in step 29 by the personal computer 5 which stores the key securely until it is needed.
(23) Since cryptographic keys are being distributed from the stream management server 4 to the digital asset storage server 1 and personal computer 5, the communication channels between these devices will be protected by way of a suitable communications protocol such as Transport Layer Security (TLS).
(24) The encryption and decryption keys are unique and are only used once in respect of each segment of data from the digital asset. After use, they may be destroyed. In one embodiment, a dynamic encryption process is used such that not only are unique keys used for each segment but the encryption algorithm that is used may be changed for each segment. The encryption algorithm used for any segment may be randomly selected from a list of available algorithms or each algorithm in the list may be cyclically selected. Suitable algorithms include AES-256, Twofish, Serpent and Salsa20.
(25) The distribution of the keys and the request for the next segment of data from the digital asset by the stream management server 4 to the digital asset server 1 and the personal computer 5 are depicted by arrows 50 and 51 in
(26) The size of the segments 12a-12n and the segments of obfuscation data are to a certain extent arbitrary. They may be dynamically adjusted to suit the size of the digital asset 1 and/or the bandwidth of the communications channel to the stream management server 4. Where the digital asset 10 comprises a file containing 2D data instructions, such as a G-code file, a PNG file, a SVG file or any other suitable intermediary file type for controlling a 3D printer to reproduce an item then the size of the segments 12a-12n or the segments of obfuscation data may be adjusted to correspond to one layer of the item. Thus, as shown in
(27) In step 31, the digital asset storage server 1 encrypts the segment extracted in step 30 with the encryption key. If dynamic encryption is being used, the encryption technique is selected as described above. The encrypted segment of data is then sent to the stream management server 4 (arrow 52 in
(28) In step 33, the end user's personal computer 5 decrypts the received encrypted segment of data from the digital asset 10 using the decryption key received in step 29 and stores the result in protected memory. As will be known to those skilled in the art, protected memory is a section of memory in which the access rights are control led by the operating system to prevent a process from accessing memory that has not been allocated to it. Thus, no other processes can access the decrypted data and obtain the segment of the digital asset 10. As an additional step, a segment of obfuscated data may be generated on the end user's personal computer and stored in protected memory. This segment of obfuscated data may be extracted from a data base that is stored on the end user's personal computer 5 or generated in accordance with a set of rules. This segment of obfuscated data may be sent to the 3D printer instead of the received encrypted segment of data.
(29) In step 34, the 3D printer is control led using the instructions in the segment of data of the digital asset 10 decrypted in step 33. If the received segment is obfuscation data, then the reproduction device will be unresponsive. In step 35, the process running on personal computer 5 verifies whether the 3D printer was successful in printing the portion of the item represented by the segment of data. If it was unsuccessful, a notification of the print error is sent in step 36 to the stream management server 4 (arrow 53 in
(30) Step 38 causes the stream management server 4 to await the notification sent by the personal computer 5 in step 36 or 37. If printing was unsuccessful, then step 39 handles the print error. This step might instruct the personal computer 5 to retry processing the instructions in the segment of data of the digital asset 10 decrypted in step 33, if appropriate. Alternatively, it might send a message to the personal computer 5 instructing the end user to vacate the 3D printer of an aborted attempt to reproduce the item represented by digital asset 10 and to restart the process. If the segment of data was obfuscation data, step 39 might comprise reverting to step 28 as described below.
(31) However, if printing was successful then step 40 checks whether notification has been received from the digital asset storage server 1 that the final segment of data from the digital asset 10 has been sent. This notification is sent in step 41 when the digital asset storage server 1 extracts the final segment 12n from the digital asset 10. If the final segment has been sent, the process ends. If it has not yet been sent, processing reverts to step 28 and new keys are generated and the next segment requested. The process then continues in the manner already described with subsequent segments of data until the final segment of data is processed and notification of this is received by the stream management server 4 from the digital asset storage server 1.
(32) In other embodiments, firmware may be provided on the reproduction device itself, so that when the instructions are streamed from a user's device to a reproduction device, the data may be encrypted right up to the point that it is received by the reproduction device and the decryption of the data may take place on the reproduction device rather than on the user's device. This provides an additional layer of security as an adversary cannot inspect the data that is transferred between the user's device and the reproduction device.
(33) In some embodiments, the stream management server may track each transaction or transferred data segment via unique identifiers, such as a hash or a digital watermark, and utilize a blockchain to track the transactions. This provides an advantage in that there is a secure record made of each transaction and that any breach of security (for example unauthorized sharing of a digital asset or streamed segment) can be traced back to an individual user.
(34) By way of the system and method described above, the invention allows an end user to reproduce an item in away that prevents the end user from making an uncontrolled number of reproductions and from sharing instructions for reproducing the item with other users in an uncontrolled manner. Owners of intellectual property in digital assets can therefore enable reproduction of the items represented by the digital assets without fear that they will lose control of their intellectual property.