System for digital rights management using distributed provisioning and authentication

US 20040128499A1
Filed: 12/30/2002
Published: 07/01/2004
Est. Priority Date: 12/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a human user, the method comprising operating a ticket granting service at a first administrative domain;

operating a first authentication service at a second administrative domain;

operating a second authentication service at a third administrative domain; and

provisioning each authentication service with a common key that accessible to the ticket granting service.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations. Synchronization among the different PSs is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system via an appropriate protocol. The requests can be made from a single, dedicated authentication service, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.

209 Citations

26 Claims

1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a human user, the method comprising operating a ticket granting service at a first administrative domain;
- operating a first authentication service at a second administrative domain;
  
  operating a second authentication service at a third administrative domain; and
  
  provisioning each authentication service with a common key that accessible to the ticket granting service.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the secure digital content distribution system includes one or more of the following entities:
    - an authenticating central company, content providers, broadband operators;
      
      wherein each entity is associated with one or more physical locations, wherein the first, second and third locations are each at one of the administrative domains.

3. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a DRM client, the method comprising operating a ticket granting service at a first location;
- operating a first authentication service at a second location;
  
  operating a second authentication service at a third location;
  
  provisioning each authentication service with a different key; and
  
  communicating the different keys to the ticket granting service.
- View Dependent Claims (4)
- - 4. The method of claim 3, wherein the secure digital content distribution system includes one or more of the following entities:
    - an authenticating central company, content providers, broadband operators;
      
      wherein each entity is associated with one or more administrative domains, wherein the first, second and third locations are each at one of the administrative domains.

5. A method for provisioning clients in a secure digital content distribution system, the method comprising operating multiple, distributed provisioning services for allocating rights to a human user;
- operating an authentication service for verifying the identity of a human user; and
  
  providing synchronization among two or more of the multiple, distributed provisioning services to verify uniqueness of user IDs.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the step of operating an authentication service includes performing an authentication request with a single, dedicated authentication service.
  - 7. The method of claim 5, wherein the step of operating an authentication service includes performing an authentication request with an authentication service that is associated with a given provisioning service.
  - 8. The method of claim 5, wherein the step of operating an authentication service includes performing an authentication request with one or more authentication services.

9. A secure digital content distribution system comprising a first plurality of entities for providing authentication services;
- and a second plurality of entities for providing provisioning services based on information provided by one or more of the plurality of entities for providing authentication services.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 10. The secure digital content distribution system of claim 9, further comprising a session rights service process for restricting client access to content based on one or more rules.
  - 11. The content distribution system of claim 10, wherein the rules are static.
  - 12. The content distribution system of claim 10, wherein the rules are dynamic.
  - 13. The content distribution system of claim 9, further comprising one or more entities for providing entitlement services to assign authorization data to a client.
  - 14. The content distribution system of claim 13, wherein the authorization data is used by a rights evaluation service to grant or deny access to content.
  - 15. The content distribution system of claim 13, wherein an entity for providing entitlement services is associated with a provisioning service.
  - 16. The content distribution system of claim 13, wherein an entity for providing entitlement services is associated with an authentication service.
  - 17. The content distribution system of claim 13, wherein a single, centralized entity for providing entitlement services is used.
  - 18. The content distribution system of claim 13, wherein first and second entitlement services assign different authorization data to a client.
  - 19. The content distribution system of claim 13, further comprising a ticket granting process for providing a ticket granting ticket, the ticket granting ticket including a set of authorization data.
  - 20. The content distribution system of claim 14, wherein authorization data is included in a ticket-granting ticket.
  - 21. The content distribution system of claim 14, wherein a ticket-granting service contacts an entity for providing entitlement services to obtain authorization data.
  - 22. The content distribution system of claim 9, wherein an entity includes a local entity, the content distribution system further comprising an authentication portal associated with the local entity;
    - and a process for authenticating a client during initial provisioning.
  - 23. The content distribution system of claim 15, wherein a local entity includes a content provider.
  - 24. The content distribution system of claim 15, wherein a local entity includes a broadband operator.
  - 25. The content distribution system of claim 9, wherein an authentication service produces a ticket granting ticket, the ticket granting ticket including a client host identification.

26. A method for providing secure digital content distribution over a network, the method comprising providing ticket-granting services using a plurality of TGS entities, wherein two or more TGS entities may be under control of different administrative domains;
- using a plurality of servers to provide content; and
  
  provisioning first and second of the plurality of servers with different of the plurality of TGS entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander, Peterka, Petr

Granted Patent

US 8,364,951 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

System for digital rights management using distributed provisioning and authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

System for digital rights management using distributed provisioning and authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others