Rights locker for digital content access control

US 20040083215A1
Filed: 10/15/2003
Published: 04/29/2004
Est. Priority Date: 09/13/2002
Status: Active Grant

First Claim

Patent Images

1. A method for digital content access control, comprising:

receiving a rights locker enrollment request from a user device associated with a user, said rights locker enrollment request comprising a digital content request and enrollment authentication data;

determining whether said user is authorized, said determining comprising determining the rights of said user to access said rights locker and the rights of said user to digital content specified by said digital content request; and

if said user is authorized, initializing said rights locker with rights to said digital content;

if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;

creating an authenticated rights locker access request based at least in part on said new token; and

sending said authenticated rights locker access request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to digital content may be controlled by receiving a rights locker enrollment request from a user device associated with a user, where the rights locker enrollment request comprises a digital content request and enrollment authentication data. A determination of whether the user is authorized comprises determining the rights of the user to access the rights locker and the rights of the user to digital content specified by the digital content request. If the user is authorized, the rights locker is initialized with rights to the digital content. If a first token used to create the authenticated rights locker access request has been fully redeemed, a new token that authenticates future access to a rights locker corresponding to the digital content is obtained. An authenticated rights locker access request that is based at least in part on the new token is created and then sent.

184 Citations

View as Search Results

90 Claims

1. A method for digital content access control, comprising:
- receiving a rights locker enrollment request from a user device associated with a user, said rights locker enrollment request comprising a digital content request and enrollment authentication data;
  
  determining whether said user is authorized, said determining comprising determining the rights of said user to access said rights locker and the rights of said user to digital content specified by said digital content request; and
  
  if said user is authorized, initializing said rights locker with rights to said digital content;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating an authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated rights locker access request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein said digital content request comprises a request for initializing said rights locker with rights to specified digital content.
  - 3. The method of claim 1 wherein said enrollment authentication data comprises:
    - rights locker access authentication data for determining what rights, if any, said user has to access said rights locker; and
      
      rights content access authentication data for determining what rights, if any, said user has to digital content associated with said rights locker.
  - 4. The method of claim 3 wherein said rights locker access authentication data comprises payment for use of a rights locker service.
  - 5. The method of claim 3 wherein said rights content access authentication data comprises payment for rights deposited in said rights locker.
  - 6. The method of claim 1 wherein said enrollment authentication data comprises a reenrollment key determined in a previous enrollment request for said rights locker, said reenrollment key for supplementing or replacing enrollment authentication data of said previous enrollment request.
  - 7. The method of claim 1 wherein said determining comprises determining whether said user is entitled to become an enrolled user based at least in part on whether payment for use of the rights locker service succeeds.
  - 8. The method of claim 1 wherein said determining comprises determining whether an enrolled user is entitled to populate said rights locker with rights to said digital content based at least in part on whether payment for said rights succeeds.
  - 9. The method of claim 1 wherein said new token is for storage in a bookmark on said user device.
  - 10. The method of claim 1 wherein said sending further comprises embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 11. The method of claim 1 wherein said sending further comprises encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

12. A method for digital content access control, comprising:
- receiving a first authenticated rights locker access request and a digital content specification;
  
  validating said first authenticated rights locker access request;
  
  if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 wherein said receiving further comprises receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 14. The method of claim 12 wherein said new token is for storage in a bookmark on a user device.
  - 15. The method of claim 12, further comprising embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 16. The method of claim 12, further comprising encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

17. A method for digital content access control, comprising:
- receiving a first authenticated rights locker access request and a digital content specification;
  
  validating said first authenticated rights locker access request;
  
  if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  sending said authenticated digital content request to a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 wherein said receiving further comprises receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 19. The method of claim 17 wherein said new token is for storage in a bookmark on a user device.
  - 20. The method of claim 17, further comprising embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 21. The method of claim 17, further comprising encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

22. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for digital content access control, the method comprising:
- receiving a rights locker enrollment request from a user device associated with a user, said rights locker enrollment request comprising a digital content request and enrollment authentication data;
  
  determining whether said user is authorized, said determining comprising determining the rights of said user to access said rights locker and the rights of said user to digital content specified by said digital content request; and
  
  if said user is authorized, initializing said rights locker with rights to said digital content;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating an authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated rights locker access request.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. The program storage device of claim 22 wherein said digital content request comprises a request for initializing said rights locker with rights to specified digital content.
  - 24. The program storage device of claim 22 wherein said enrollment authentication data comprises:
    - rights locker access authentication data for determining what rights, if any, said user has to access said rights locker; and
      
      rights content access authentication data for determining what rights, if any, said user has to digital content associated with said rights locker.
  - 25. The program storage device of claim 24 wherein said rights locker access authentication data comprises payment for use of a rights locker service.
  - 26. The program storage device of claim 24 wherein said rights content access authentication data comprises payment for rights deposited in said rights locker.
  - 27. The program storage device of claim 22 wherein said enrollment authentication data comprises a reenrollment key determined in a previous enrollment request for said rights locker, said reenrollment key for supplementing or replacing enrollment authentication data of said previous enrollment request.
  - 28. The program storage device of claim 22 wherein said determining comprises determining whether said user is entitled to become an enrolled user based at least in part on whether payment for use of the rights locker service succeeds.
  - 29. The program storage device of claim 22 wherein said determining comprises determining whether an enrolled user is entitled to populate said rights locker with rights to said digital content based at least in part on whether payment for said rights succeeds.
  - 30. The program storage device of claim 22 wherein said new token is for storage in a bookmark on said user device.
  - 31. The program storage device of claim 22, said method further comprising embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 32. The program storage device of claim 22, said method further comprising encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

33. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for digital content access control, the method comprising:
- receiving a first authenticated rights locker access request and a digital content specification;
  
  validating said first authenticated rights locker access request;
  
  if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The program storage device of claim 33 wherein said receiving further comprises receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 35. The program storage device of claim 33 wherein said new token is for storage in a bookmark on a user device.
  - 36. The program storage device of claim 33, said method further comprising embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 37. The program storage device of claim 33, said method further comprising encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

38. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for digital content access control, the method comprising:
- receiving a first authenticated rights locker access request and a digital content specification;
  
  validating said first authenticated rights locker access request;
  
  if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  sending said authenticated digital content request to a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (39, 40, 41, 42)
- - 39. The program storage device of claim 38 wherein said receiving further comprises receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 40. The program storage device of claim 38 wherein said new token is for storage in a bookmark on a user device.
  - 41. The program storage device of claim 38, said method further comprising embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 42. The program storage device of claim 38, said method further comprising encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

43. An apparatus for digital content access control, comprising:
- means for receiving a rights locker enrollment request from a user device associated with a user, said rights locker enrollment request comprising a digital content request and enrollment authentication data;
  
  means for determining whether said user is authorized, said determining comprising determining the rights of said user to access said rights locker and the rights of said user to digital content specified by said digital content request; and
  
  means for if said user is authorized, initializing said rights locker with rights to said digital content;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating an authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated rights locker access request.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 44. The apparatus of claim 43 wherein said digital content request comprises a request for initializing said rights locker with rights to specified digital content.
  - 45. The apparatus of claim 43 wherein said enrollment authentication data comprises:
    - rights locker access authentication data for determining what rights, if any, said user has to access said rights locker; and
      
      rights content access authentication data for determining what rights, if any, said user has to digital content associated with said rights locker.
  - 46. The apparatus of claim 45 wherein said rights locker access authentication data comprises payment for use of a rights locker service.
  - 47. The apparatus of claim 45 wherein said rights content access authentication data comprises payment for rights deposited in said rights locker.
  - 48. The apparatus of claim 43 wherein said enrollment authentication data comprises a reenrollment key determined in a previous enrollment request for said rights locker, said reenrollment key for supplementing or replacing enrollment authentication data of said previous enrollment request.
  - 49. The apparatus of claim 43 wherein said means for determining comprises means for determining whether said user is entitled to become an enrolled user based at least in part on whether payment for use of the rights locker service succeeds.
  - 50. The apparatus of claim 43 wherein said means for determining comprises means for determining whether an enrolled user is entitled to populate said rights locker with rights to said digital content based at least in part on whether payment for said rights succeeds.
  - 51. The apparatus of claim 43 wherein said new token is for storage in a bookmark on said user device.
  - 52. The apparatus of claim 43, further comprising means for embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 53. The apparatus of claim 43, further comprising mans for encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

54. An apparatus for digital content access control, comprising:
- means for receiving a first authenticated rights locker access request and a digital content specification;
  
  means for validating said first authenticated rights locker access request;
  
  means for if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (55, 56, 57, 58)
- - 55. The apparatus of claim 54 wherein said means for receiving further comprises means for receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 56. The apparatus of claim 54 wherein said new token is for storage in a bookmark on a user device.
  - 57. The apparatus of claim 54, further comprising means for embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 58. The apparatus of claim 54, further comprising means for encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

59. An apparatus for digital content access control, comprising:
- means for receiving a first authenticated rights locker access request and a digital content specification;
  
  means for validating said first authenticated rights locker access request;
  
  means for if said validating indicates said first authenticated rights locker access request is valid, creating an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  sending said authenticated digital content request to a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtaining a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  creating a new authenticated rights locker access request based at least in part on said new token; and
  
  sending said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (60, 61, 62, 63)
- - 60. The apparatus of claim 59 wherein said means for receiving further comprises means for receiving one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 61. The apparatus of claim 59 wherein said new token is for storage in a bookmark on a user device.
  - 62. The apparatus of claim 59, further comprising means for embedding said authenticated rights locker access request in a Web cookie before said sending.
  - 63. The apparatus of claim 59, further comprising means for encapsulating said authenticated rights locker access request in an HTTP Response message before said sending.

64. An apparatus for digital content access control, comprising:
- a memory for storing one or more rights lockers that describe digital content access rights; and
  
  a processor configured to;
  
  receive a rights locker enrollment request from a user device associated with a user, said rights locker enrollment request comprising a digital content request and enrollment authentication data;
  
  determine whether said user is authorized, said determining comprising determining the rights of said user to access said rights locker and the rights of said user to digital content specified by said digital content request; and
  
  if said user is authorized, initialize said rights locker with rights to said digital content;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtain a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  create an authenticated rights locker access request based at least in part on said new token; and
  
  send said authenticated rights locker access request.
- View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
- - 65. The apparatus of claim 64 wherein said digital content request comprises a request for initializing said rights locker with rights to specified digital content.
  - 66. The apparatus of claim 64 wherein said enrollment authentication data comprises:
    - rights locker access authentication data for determining what rights, if any, said user has to access said rights locker; and
      
      rights content access authentication data for determining what rights, if any, said user has to digital content associated with said rights locker.
  - 67. The apparatus of claim 66 wherein said rights locker access authentication data comprises payment for use of a rights locker service.
  - 68. The apparatus of claim 66 wherein said rights content access authentication data comprises payment for rights deposited in said rights locker.
  - 69. The apparatus of claim 66 wherein said enrollment authentication data comprises a reenrollment key determined in a previous enrollment request for said rights locker, said reenrollment key for supplementing or replacing enrollment authentication data of said previous enrollment request.
  - 70. The apparatus of claim 64 wherein said determining comprises determining whether said user is entitled to become an enrolled user based at least in part on whether payment for use of the rights locker service succeeds.
  - 71. The apparatus of claim 64 wherein said determining comprises determining whether an enrolled user is entitled to populate said rights locker with rights to said digital content based at least in part on whether payment for said rights succeeds.
  - 72. The apparatus of claim 64 wherein said new token is for storage in a bookmark on said user device.
  - 73. The apparatus of claim 64 wherein said processor is further configured to embed said authenticated rights locker access request in a Web cookie before said sending.
  - 74. The apparatus of claim 64 wherein said processor is further configured to encapsulate said authenticated rights locker access request in an HTTP Response message before said sending.

75. An apparatus for digital content access control, comprising:
- a memory for storing one or more rights lockers that describe digital content access rights; and
  
  a processor configured to;
  
  receive a first authenticated rights locker access request and a digital content specification;
  
  validate said first authenticated rights locker access request;
  
  if said validation indicates said first authenticated rights locker access request is valid, create an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtain a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  create a new authenticated rights locker access request based at least in part on said new token; and
  
  send said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (76, 77, 78, 79)
- - 76. The apparatus of claim 75 wherein said apparatus is further configured to receive one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 77. The apparatus of claim 75 wherein said new token is for storage in a bookmark on a user device.
  - 78. The apparatus of claim 75 wherein said processor is further configured to embed said authenticated rights locker access request in a Web cookie before said sending.
  - 79. The apparatus of claim 75 wherein said processor is further configured to encapsulate said authenticated rights locker access request in an HTTP Response message before said sending.

80. An apparatus for digital content access control, comprising:
- a memory for storing one or more rights lockers that describe digital content access rights; and
  
  a processor configured to;
  
  receive a first authenticated rights locker access request and a digital content specification;
  
  validate said first authenticated rights locker access request;
  
  if said validation indicates said first authenticated rights locker access request is valid, create an authenticated digital content request for use in accessing digital content stored by a digital content repository;
  
  send said authenticated digital content request to a digital content repository;
  
  if a first token used to create said authenticated rights locker access request has been fully redeemed, obtain a new token that authenticates future access to a rights locker corresponding to said digital content;
  
  create a new authenticated rights locker access request based at least in part on said new token; and
  
  send said authenticated digital content request and said new authenticated rights locker access request.
- View Dependent Claims (81, 82, 83, 84)
- - 81. The apparatus of claim 80 wherein said apparatus is further configured to receive one or more delivery parameters, said one or more delivery parameters indicating where said digital content should be sent, a delivery mechanism, or both.
  - 82. The apparatus of claim 80 wherein said new token is for storage in a bookmark on a user device.
  - 83. The apparatus of claim 80 wherein said processor is further configured to embed said authenticated rights locker access request in a Web cookie before said sending.
  - 84. The apparatus of claim 80 wherein said processor is further configured to encapsulate said authenticated rights locker access request in an HTTP Response message before said sending.

85. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to control access to digital content, said data structure comprising a user ID table comprising one or more elements, said one or more elements comprising a user ID and a reference to one or more rights lockers associated with said user ID, said one or more rights lockers describing a user'"'"'s access rights for digital content associated with said rights locker.
- View Dependent Claims (86)
- - 86. The memory of claim 85, said data structure further comprising a reenrollment key for use in identifying a user in a future enrollment request for a rights locker, said reenrollment key supplied in a previous enrollment request.

87. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to control access to digital content, said data structure comprising one or more rights lockers comprising one or more entries defining a digital content access rights description, said one or more entries comprising one or more access token or tokenized URL.
- View Dependent Claims (88, 89, 90)
- - 88. The memory of claim 87 wherein a maximum number of said rights lockers per user is based at least in part on a commercial relationship between said user and a rights locker provider.
  - 89. The memory of claim 88 wherein a first one or more rights lockers per user are allocated for personal use and a second one or more rights lockers per user are allocated for work-related use.
  - 90. The memory of claim 87, said one or more entries further comprising a rights description that describes the right indicated by said rights indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
de Jong, Eduard K.

Granted Patent

US 7,380,280 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/7
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 65/1101   Session protocols

H04L 65/612   for unicast

H04L 65/80   Responding to QoS

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

H04L 9/50   using hash chains, e.g. blo...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

H04W 12/08   Access security

Y10S 707/99937   Sorting

Rights locker for digital content access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

90 Claims

Specification

Solutions

Use Cases

Quick Links

Rights locker for digital content access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

90 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links