System and method controlling access to digital works using a network
First Claim
1. In an insecure communications network comprising a client and server communicating through said insecure communications network, a method of providing controlled access to digital works over said insecure network, said method comprising:
- employing a client identification code that uniquely identifies said client to said server, employing a content identification code to identify said digital work;
transmitting from said client to said server said client identification code; and
evaluating access rights of said client to said digital work at said server by checking said client identification against a database comprising access rights for a plurality of clients for said digital work; and
if said access is authorized, transmitting to said client a secret or authorization code used to gain access to said digital work.
3 Assignments
0 Petitions
Accused Products
Abstract
Controlled access to digital works using a network employs a dynamically updated client identification code to uniquely identify the client to a server, a content identification code to identify digital work, and a client software module as an agent of the server. An encrypted secret or unencrypted authorization code allowing access to the data content is transmitted to the client. Transmitting an encrypted secret to the client over an insecure communications network supports encryption of the digital work. A database association provides for a software license environment for copies of different digital works and at least one machine. Distributing supplemental data content (e.g. advertising) from one or many servers to a client involves contacting an authentication server to determine whether access to the primary digital work should be provided to the client, retrieving from a data content server the supplemental data content and transmitting the supplemental data content to the client for display.
-
Citations
11 Claims
-
1. In an insecure communications network comprising a client and server communicating through said insecure communications network, a method of providing controlled access to digital works over said insecure network, said method comprising:
-
employing a client identification code that uniquely identifies said client to said server, employing a content identification code to identify said digital work;
transmitting from said client to said server said client identification code; and
evaluating access rights of said client to said digital work at said server by checking said client identification against a database comprising access rights for a plurality of clients for said digital work; and
if said access is authorized, transmitting to said client a secret or authorization code used to gain access to said digital work. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
2. A method for creating a client identification code by:
-
composing the identification code as a concatenation of a fixed identifier unique to a server, a changeable sequence number incremented by the server, and a changeable pseudo-random number; and
at every authorization contact of a client with the server, updating the client and server database with a modified identification code.
-
-
3. In an insecure communications network comprising a client and server communicating through said insecure communications network, a method of transmitting in encrypted fashion to said client a secret, said method comprising:
-
establishing a composite session key common to both said client and said server where said client and said server each provide one portion towards construction of the composite key, where said composite key cannot be constructed by any other party not knowing one of the two provided portions;
encrypting said secret with said composite session key to form an encrypted secret;
transmitting from said client to said server an authentication message, where said authentication message is known only to said client and said server within a time limit, and to no other party within said time limit;
transmitting said encrypted secret from said server to said client if and only if said authentication message is valid and is received by said server within said time limit; and
decrypting said encrypted secret at said client using said session key to recover said secret.
-
-
4. In a software license environment for multiple copies of different digital works and at least one machine, a database association comprising
a first record for a digital content license owner; -
a second record for digital works licensed by said owner which have not yet been assigned to a machine;
a third set of records for machines controlled by said owner;
for each machine in said third set, a set of records of installed digital works associated with said each machine; and
for each record in said set of records of installed digital works a record for a license relating to said installed digital works, wherein said database allows manipulation and access of records therein when (i) a record for said owner does exist in said database and a query is being made regarding status of said owner to said database;
(ii) a record for said owner exists in said database and said owner is attempting to access a digital work for which a record is not in said database; and
(iii) a record for said owner exists in said database and said owner is attempting to access a digital work for which there is a record in said database.
-
-
5. In a communications network where a client communicates with a plurality of types of servers, a method of distributing supplemental data content from said server to said client or other clients in said network, said method comprising:
-
when said client is executing a program, contacting an authentication server to determine as part of the license terms whether said supplemental data content should be provided to said client; and
retrieving from a data content server said data content and transmitting said data content to said client for display on said client.
-
Specification