Method and system for enabling content security in a distributed system

US 20030172270A1
Filed: 12/11/2002
Published: 09/11/2003
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. A system for securing content over a network, comprising:

a data store that is configured to store content;

an update manager that is coupled to the data store and configured to change content in the data store at a pre-set rate, and to tag a portion of the content as exclusively memory resident at a client; and

a content manager coupled to the update manager and the data store that is configured to determine if the client is authentic, and if the client is authentic, to provide content to the client at a predetermined rate, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are directed towards enabling content security in a distributed environment. The system includes a data store for content associated with an application that may be tagged as exclusively memory resident at a client. The content may also be encrypted and digitally signed. When an authenticated client requests the content, it is provided at a constrained rate that enables a portion of the content to start execution on the client before the application associated with the content is completely downloaded. Additional portions of the content are provided to the client when the additional portions are required for execution by the application.

75 Citations

View as Search Results

27 Claims

1. A system for securing content over a network, comprising:
- a data store that is configured to store content;
  
  an update manager that is coupled to the data store and configured to change content in the data store at a pre-set rate, and to tag a portion of the content as exclusively memory resident at a client; and
  
  a content manager coupled to the update manager and the data store that is configured to determine if the client is authentic, and if the client is authentic, to provide content to the client at a predetermined rate, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the content manager is configured to further enable an application to start execution on the client before the content associated with the application is completely provided.
  - 3. The system of claim 1, wherein a portion of content associated with an application is absent from the client during execution of the application on the client.
  - 4. The system of claim 1, wherein the content manager is further configured to receive a request for content from the client that includes at least one of a client'"'"'s local IP address, client'"'"'s remote IP addresses, a user'"'"'s account, a user name, a lifetime parameter, a portion of application content, a version identifier associated with an application, and a session key.
  - 5. The system of claim 1, further comprising an authentication manager that is coupled to the content manager and is configured to provide a message that includes at least one of an instruction to cancel a client'"'"'s authentication and to modify a flow of content to an unauthentic client.
  - 6. The system of claim 1, wherein the content further comprises a checksum block that is digitally signed.
  - 7. The system of claim 1, wherein the content in the data store further comprises content that is obfuscated.
  - 8. The system of claim 1, wherein the content manager is further configured to provide a stream of bits that include at least one of a pseudo-random number, a decryption key, and a signature verification key.
  - 9. The system of claim 1, wherein the content further comprises a block of content that is configured to cross validate another block of content.
  - 10. The system of claim 1, wherein the pre-set rate to change the content includes at least one of a periodic rate and a non-periodic rate.
  - 11. The system of claim 7, wherein the content is encrypted and digitally signed.

12. A method of securing content over a network, comprising:
- (a) receiving a request from a client for content associated with an application;
  
  (b) tagging a portion of the content as exclusively memory resident on the client;
  
  (c) determining if the client is authentic, and if the client is authentic, (i) providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided; and
  
  (ii) enabling the tagged portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, further comprising changing the content at a pre-set rate.
  - 14. The method of claim 12, wherein determining if the client is authentic further comprises:
    - determining a remote address and a local address associated with the client; and
      
      employing the remote address and local address to authenticate the client.
  - 15. The method of claim 12, further comprising ensuring that the client stores only a portion of content that is associated with the application.
  - 16. The method of claim 12, wherein receiving the request from the client further comprises receiving a content ticket from the client that includes at least one of a client'"'"'s local IP address, client'"'"'s remote IP addresses, a user'"'"'s account, a user name, a lifetime parameter, a portion of application content, a version identifier associated with an application, and a session key.
  - 17. The method of claim 16, wherein the content is encrypted and digitally signed.
  - 18. The method of claim 12, wherein the content further comprises at least one checksum block that is digitally signed and encrypted.
  - 19. The method of claim 12, wherein the content associated with the application further comprises content that is obfuscated.
  - 20. The method of claim 12, further comprising if the client is authentic providing a stream of bits that include at least one of a pseudo-random number, a decryption key, and a signature verification key.
  - 21. The method of claim 12, wherein the requested content further comprises a block of content that is configured to cross validate another block of content.

22. An apparatus for securing content over a network, comprising:
- (a) an interface configured to send the content and to receive a request for content associated with an application; and
  
  (b) coupled to the interface, a server configured to perform acts, comprising;
  
  (i) receiving the request from a client for content associated with the application;
  
  (ii) tagging a portion of the content as exclusively memory resident on the client;
  
  (iii) determining if the client is authentic, and if the client is authentic, (1) providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided; and
  
  (2) enabling the tagged portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The apparatus of claim 22, further comprising changing the content at a pre-set rate.
  - 24. The apparatus of claim 22, wherein the server is further configured to provide a message that includes at least one of an instruction to cancel a client'"'"'s authentication and to modify a flow of content to an unauthentic client.
  - 25. The apparatus of claim 22, further comprising ensuring that the client store only a portion of the content associated with the application.
  - 26. The apparatus of claim 22, wherein receiving a request from the client further comprises receiving a content ticket from the client that includes at least one of a client'"'"'s local IP address, client'"'"'s remote IP addresses, a user'"'"'s account, a user name, a lifetime parameter, a portion of application content, a version identifier associated with an application, and a session key.

27. An apparatus securing content over a network, comprising:
- (a) a means for receiving a request from a client for content associated with an application;
  
  (b) a means for determining if the client is authentic, and if the client is authentic, (i) a means for tagging a portion of the content as exclusively memory resident on the client;
  
  (ii) a means for providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided;
  
  (iii) a means for enabling the portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content; and
  
  (iv) a means for ensuring that the client stores only a portion of content that is associated with the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valve Corporation
Original Assignee
Valve Corporation
Inventors
Jones, Paul David, Newcombe, Christopher Richard, Birum, Derrick Jason, Ellis, Richard Donald

Granted Patent

US 7,243,226 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2463/101   applying security measures ...

H04L 41/0896   Bandwidth or capacity manag...

H04L 61/2514   between local and global IP...

H04L 63/045   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/06   specially adapted for file ...

H04L 67/1001   for accessing one among a p...

H04L 67/306   User profiles

H04L 67/34   involving the movement of s...

H04L 67/51   Discovery or management the...

H04L 67/53   using third party service p...

H04L 67/55   Push-based network services

H04L 67/62   Establishing a time schedul...

Method and system for enabling content security in a distributed system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling content security in a distributed system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links