Method of providing adaptive security

US 20030191944A1
Filed: 04/04/2002
Published: 10/09/2003
Est. Priority Date: 04/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method of providing adaptive security for access to content on a system comprising:

determining if a user has rights to access the content according to a content license associated with the content; and

when the user has rights to play the content;

reading a data structure in the content license defining at least one security factor ID and an associated factor value;

setting a security factor value for a security factor, the security factor corresponding to the security factor ID, to the associated factor value from the data structure;

allowing access to the content; and

performing security processing by the system at a level based at least in part on the security factor value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing adaptive security for access to content on a system may be accomplished by determining if a user has rights to access the content according to a content license associated with the content, and when the user has rights to play the content, performing the following actions. The system reads a data structure in the content license defining at least one security factor ID and an associated factor value, sets a security factor value for a security factor, the security factor corresponding to the security factor ID, to the associated factor value from the data structure, allows access to the content, and performs security processing by the system at a level based at least in part on the security factor value. In one embodiment, the security factor IDs and associated factor values are set by a content owner or distributor at the time of manufacturing or distributing the content.

67 Citations

View as Search Results

30 Claims

1. A method of providing adaptive security for access to content on a system comprising:
- determining if a user has rights to access the content according to a content license associated with the content; and
  
  when the user has rights to play the content;
  
  reading a data structure in the content license defining at least one security factor ID and an associated factor value;
  
  setting a security factor value for a security factor, the security factor corresponding to the security factor ID, to the associated factor value from the data structure;
  
  allowing access to the content; and
  
  performing security processing by the system at a level based at least in part on the security factor value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - establishing a ceiling value for each security factor ID;
      
      wherein setting the security factor value for the security factor corresponding to the security factor ID to the associated factor value from the data structure comprises setting the security factor value only when the ceiling value is not exceeded by the associated factor value.
  - 3. The method of claim 1, further comprising performing signature verification of the content license prior to determining if the user has rights to access the content.
  - 4. The method of claim 1, wherein the associated factor values are set by at least one of a content owner and an authorized content distributor.
  - 5. The method of claim 1, wherein performing security processing comprises performing continuous integrity verification of program modules accessing the content based at least in part on the security factor value.
  - 6. The method of claim 5, further comprising continuously verifying the integrity of the program modules within an integrity verified execution environment.
  - 7. The method of claim 5, wherein one of the program modules being continuously verified comprises a player application and accessing the content comprises playing the content by the player application.
  - 8. The method of claim 7, further comprising decrypting and decoding the content by the player application.
  - 9. The method of claim 1, further comprising setting the ceiling value based on dynamic measured performance of the system.
  - 10. The method of claim 1, wherein the content license comprises playback rights information, and further comprising accessing the playback rights information in the content license when determining if the user has rights to access the content.
  - 11. The method of claim 1, wherein determining, reading, establishing, setting, allowing and performing occur within a hidden execution mode.
  - 12. The method of claim 1, comprising obtaining the data structure from a token received via a secure authenticated channel (SAC) communication instead of from the content license.
  - 13. The method of claim 1, further comprising storing the security factor value in a secure storage.

14. An article comprising:
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for adaptive security for access to content on a system by determining if a user has rights to access the content according to a content license associated with the content; and
  
  when the user has rights to play the content;
  
  by reading a data structure in the content license defining at least one security factor ID and an associated factor value;
  
  by setting a security factor value for a security factor, the security factor corresponding to the security factor ID, to the associated factor value from the data structure;
  
  by allowing access to the content; and
  
  by performing security processing by the system at a level based at least in part on the security factor value.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The article of claim 14, further comprising instructions for establishing a ceiling value for each security factor ID;
    - wherein instructions for setting the security factor value for the security factor corresponding to the security factor ID to the associated factor value from the data structure comprise instructions for setting the security factor value only when the ceiling value is not exceeded by the associated factor value.
  - 16. The article of claim 14, further comprising instructions for performing signature verification of the content license prior to determining if the user has rights to access the content.
  - 17. The article of claim 14, wherein instructions for performing security processing comprise instructions for performing continuous integrity verification of program modules accessing the content based at least in part on the security factor value.
  - 18. The article of claim 17, further comprising instructions for continuously verifying the integrity of the program modules within an integrity verified execution environment.
  - 19. The article of claim 17, wherein one of the program modules being continuously verified comprises a player application and accessing the content comprises playing the content by the player application.
  - 20. The article of claim 19, further comprising instructions for decrypting and decoding the content by the player application.
  - 21. The article of claim 14, further comprising instructions for setting the ceiling value based on dynamic measured performance of the system.
  - 22. The article of claim 14, wherein the content license comprises playback rights information, and further comprising instructions for accessing the playback rights information in the content license when determining if the user has rights to access the content.
  - 23. The article of claim 14, wherein instructions for determining, reading, establishing, setting, allowing and performing are executed within a hidden execution mode.
  - 24. The article of claim 14, further comprising instructions for storing the security factor value in a secure storage.

25. A system for providing adaptive security processing during access to content comprising:
- a content license associated with the content, the content license comprising a data structure specifying at least one security factor ID and an associated factor value;
  
  a player application to play the content as permitted by the content license; and
  
  an agent to continuously verify the integrity of the player application, the agent including an adaptive security component to read the at least one security factor ID and an associated factor value, to set a security factor value for a security factor, the security factor corresponding to the security factor ID, to the associated factor value from the data structure, to allow access to the content by the player application, and to perform security processing at a level based at least in part on the security factor value.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system of claim 25, wherein adaptive security component establishes a ceiling value for each security factor ID and sets the security factor value for the security factor, corresponding to the security factor ID, to the associated factor value from the data structure only when the ceiling value is not exceeded by the associated factor value.
  - 27. The system of claim 25, wherein the player application and the agent operate within an integrity verified execution environment.
  - 28. The system of claim 27, wherein the agent operates within a hidden execution mode.
  - 29. The system of claim 25, wherein the agent is tamper resistant.
  - 30. The system of claim 25, wherein the agent sets the ceiling value based on dynamic measured performance of the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Rothrock, Lewis V.

Granted Patent

US 7,174,320 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 30/02   Marketing; Price estimation...

Method of providing adaptive security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method of providing adaptive security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links