System and method for dynamically enforcing digital rights management rules
First Claim
1. A method for enforcing digital rights management (DRM) rules at a terminal, comprising:
- receiving content and at least one voucher identifying the DRM rules at the terminal;
providing on-demand authentication of an operating terminal application which is seeking access to the content, via secure communications between a DRM engine and an operating system augmented with a security manager adapted to conduct the secure communications;
if the terminal application is authenticated, applying the DRM rules to determine whether the terminal application may access the content; and
accessing the content by the terminal application if access is allowed in response to applying the DRM rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for enforcing digital rights management (DRM) rules in a terminal, even when the requesting rendering application is already operating. Content, which may be encrypted, is received at the terminal and securely stored. On-demand authorization is effected for the rendering application that is requesting access to the content, using secure communications between a DRM engine within the terminal and an operating system within the terminal that is augmented with a security manager adapted to engage in such secure communications. If the rendering application is found to be authorized, the DRM rules are applied to determine whether the rendering application may access the content, and if so, the content is made available to the rendering application.
110 Citations
50 Claims
-
1. A method for enforcing digital rights management (DRM) rules at a terminal, comprising:
-
receiving content and at least one voucher identifying the DRM rules at the terminal;
providing on-demand authentication of an operating terminal application which is seeking access to the content, via secure communications between a DRM engine and an operating system augmented with a security manager adapted to conduct the secure communications;
if the terminal application is authenticated, applying the DRM rules to determine whether the terminal application may access the content; and
accessing the content by the terminal application if access is allowed in response to applying the DRM rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for enforcing digital rights management (DRM) rules at a terminal when a rendering application operable within the terminal is already operating, comprising:
-
requesting access to content securely stored in the terminal;
requesting, by a DRM engine, at least a portion of program text of a process identified by an inter-process communication (IPC) connection opened in response to the request for content;
receiving the request for the program text by a security manager and identifying the process corresponding to the IPC connection;
providing the program text to the DRM engine from the security manager;
verifying, by the DRM engine, whether the rendering application is authorized to access the program text of the process, wherein the program text of the process and a certificate of the rendering application are used for the verification;
making an access control decision by the DRM engine if the rendering application is authorized to access the program text of the process; and
making the content accessible to the rendering application if the access control decision is positive. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A terminal capable of receiving content and at least one corresponding voucher including usage rights for the content, comprising:
-
a rendering application to provide a content request and to present the content upon access authorization;
a digital rights management (DRM) engine coupled to receive the content request and to invoke a request to authenticate the rendering application in response thereto, wherein the request to authenticate the rendering application includes at least an identifier of an inter-process communication (IPC) connection opened in response to the content request;
an operating system augmented with a security manager configured to receive the request to authenticate the rendering application and the IPC connection identifier, and in response to provide data uniquely associated with a process identified by the IPC connection; and
wherein the DRM engine further receives the data and verifies a certificate of the rendering application using the data, and if the rendering application is successfully verified, allowing the rendering application access to the content as dictated by the usage rights. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A content distribution system, comprising:
-
(a) at least one content sending terminal to dispatch content and an associated voucher including recipient usage rights;
(b) at least one content receiving terminal coupled to receive the content and the associated voucher, wherein the content receiving terminal comprises;
(i) a rendering application to provide a content request and to present the content upon access authorization;
(ii) a digital rights management (DRM) engine coupled to receive the content request and to invoke a request to authenticate the rendering application in response thereto, wherein the request to authenticate the rendering application includes at least an identifier of an inter-process communication (IPC) connection opened in response to the content request;
(iii) an operating system augmented with a security manager configured to receive the request to authenticate the rendering application and the IPC connection identifier, and in response to provide data uniquely associated with a process identified by the IPC connection; and
(iv) wherein the DRM engine further receives the data and verifies a certificate of the rendering application using the data, and if the rendering application is successfully verified, allowing the rendering application access to the content as dictated by the recipient usage rights. - View Dependent Claims (47, 48)
-
-
49. A method for distributing content for use on a plurality of terminals, comprising:
-
issuing a transfer request from a receiving terminal to a sending terminal having distributable content;
verifying a device certificate of the receiving terminal by the sending terminal to determine whether the receiving terminal is compliant;
creating a voucher including recipient usage rights at the sending terminal and transferring the content and the voucher to the receiving terminal if the receiving terminal is verified as compliant;
providing, at the receiving terminal, on-demand authentication of an operating terminal application which is seeking access to the content, via secure communications between a DRM engine and an operating system augmented with a security manager adapted to conduct the secure communications;
if the terminal application is authenticated, applying the recipient usage rights at the receiving terminal to determine whether the terminal application may access the content; and
accessing the content by the terminal application if access is allowed in response to applying the recipient usage rights. - View Dependent Claims (50)
-
Specification