Hybrid device and person based authorization domain architecture
First Claim
1. A server comprising:
- a receiving system configured to receive, over a network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device;
a processing system configured to;
identify a domain identification associated with the received identification, wherein the domain identification associated with the received identification is provided in a corresponding rights certificate;
determine a second domain identification associated with the protected content, wherein the second domain identification is associated with at least one of;
a personal identification and a device identification;
determine whether the domain identification associated with the protected content is comparable to the second domain identification;
provide an indication of a favorable determination when the domain identification and the second domain identifications are comparable;
determine a location of the protected content; and
a transmitting system configured to;
transmit to the device requesting the protected content upon receiving the indication of favorable determination, one of;
the protected content when the protected content is remote from the device and an indication allowing access to the protected content when the protected content is local to the device.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P2, . . . , PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CN2) to the Authorized Domain (AD) given by the domain identifier (Domain_ID).
Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of the Authorized Domain (100) is obtained.
In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining. This is further done in a simple, secure, and reliable way.
-
Citations
34 Claims
-
1. A server comprising:
-
a receiving system configured to receive, over a network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device; a processing system configured to; identify a domain identification associated with the received identification, wherein the domain identification associated with the received identification is provided in a corresponding rights certificate; determine a second domain identification associated with the protected content, wherein the second domain identification is associated with at least one of;
a personal identification and a device identification;determine whether the domain identification associated with the protected content is comparable to the second domain identification; provide an indication of a favorable determination when the domain identification and the second domain identifications are comparable; determine a location of the protected content; and a transmitting system configured to; transmit to the device requesting the protected content upon receiving the indication of favorable determination, one of;
the protected content when the protected content is remote from the device and an indication allowing access to the protected content when the protected content is local to the device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A server comprising:
-
a receiving system configured to; receive over a network a request for a protected content, the request including a content identification of the protected content and at least one of;
a personal identification of a person having access to the protected content and a device identification of a device in the network, wherein the personal identification is associated with the person and the device identification is associated with the device;a processing system configured to; determine whether at least a device identification is received; identify, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification; determine a second domain identification associated with the protected content, wherein the second domain identification is associated with at least one of;
a personal identification and a device identification;determine whether the second domain identification is comparable to the domain identification associated with the received device identification; and provide an indication of a favorable determination when the domain identifications are comparable; and a transmitting system configured to; transmit, over the network, to the device associated with the device identification one of;
the protected content and an indication of allowable access upon receiving the favorable indication. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A server comprising:
-
a receiving system configured to; receive a request for a protected content, the request including at least a content identification associated with the protected content and at least one of;
a personal identification and a device identification, wherein the personal identification is associated with a person making the request and the device identification is associated with a device from which the request is made;a processing system in communication with the receiving system, the processing system configured to; determine a domain identification based on at least one of;
a personal identification and a device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification; anddetermine whether the domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to a domain identification associated with the protected content; and generate a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with the received identification; and a transmitting system configured to; transmit to a device providing the request the protected content and an indication of access upon receiving the favorable indication. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A server comprising:
-
a receiving system configured to; receive a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network; a processor system configured to; identify a domain identification associated with the protected content; identify a domain identification associated with the at least one of;
the received personal identification and the device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification;determine whether the domain identification associated with one of the received identification is comparable to the domain identification associated with the protected content; and generate a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one received personal identification and the device identification. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for operating a server, the method comprising:
-
receiving over a network, by a receiving system of a server, a request for a protected content, the network being accessible by a person, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with the person and the device identification is associated with a device; a processing system of the server; determining a domain identification associated with the protected content; identifying a domain identification associated with the received identification, wherein the domain identification is provided in a corresponding rights certificate associated with at least one of;
at least one personal identification and at least one device identification;determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received identification; providing an indication of a favorable determination when the domain identifications are comparable; determining a location of the protected content; and transmitting, by a transmitting system of the server, to a device providing the request, upon receiving the indication of favorable determination, one of;
the protected content when the protected content is remote from the device and an indication allowing access to the protected content when the protected content is local to the device.
-
-
32. A method of operating a server, the method comprising:
-
receiving over a network, by a receiving system, a request for a protected content, the request including a content identification of the protected content and at least one of;
a personal identification of a person having access to the network and a device identification of a device in the network;determining, by a processing system; a domain identification associated with the protected content; identifying a domain identification associated with the received identification, provided in a corresponding rights certificate associated with corresponding ones of said at least personal identification and said at least one device identification; determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and providing an indication of a favorable determination when the domain identifications are comparable; and transmitting, by a transmitting system, upon receiving the favorable indication to a device providing said request one of;
the protected content and an indication of allowable access.
-
-
33. A method of operating a server, the method comprising:
-
receiving, by a receiving system, a request for a protected content, the request including at least a content identification associated with the protected content and at least one of;
a personal identification and a device identification;determining, by a processing system in communication with the receiving system, a domain identification associated with the protected content, determining, by the processing system in communication with the receiving system, whether a domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification; and generating, by processing system in communication with the receiving system, a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification; and transmitting, by a transmitting system, to a device associated the request one of;
the protected content and an indication of access.
-
-
34. A method of operating a server, the method comprising:
receiving, by a receiving system, a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network; identifying, by a processor system, a domain identification associated with the protected content; identifying, by the processor system, a domain identification associated with the at least one of a received personal identification and a device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification; determining whether the domain identification associated with at least one of the at least one received personal identification and the device identification is comparable to the domain identification associated with the protected content; and generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification.
Specification