System for digital rights management using distributed provisioning and authentication
First Claim
1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a human user, the method comprising operating a ticket granting service at a first administrative domain;
- operating a first authentication service at a second administrative domain;
operating a second authentication service at a third administrative domain; and
provisioning each authentication service with a common key that accessible to the ticket granting service.
4 Assignments
0 Petitions
Accused Products
Abstract
A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations. Synchronization among the different PSs is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system via an appropriate protocol. The requests can be made from a single, dedicated authentication service, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.
209 Citations
26 Claims
-
1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a human user, the method comprising
operating a ticket granting service at a first administrative domain; -
operating a first authentication service at a second administrative domain;
operating a second authentication service at a third administrative domain; and
provisioning each authentication service with a common key that accessible to the ticket granting service. - View Dependent Claims (2)
-
-
3. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user and an authentication service for verifying the identity of a DRM client, the method comprising
operating a ticket granting service at a first location; -
operating a first authentication service at a second location;
operating a second authentication service at a third location;
provisioning each authentication service with a different key; and
communicating the different keys to the ticket granting service. - View Dependent Claims (4)
-
-
5. A method for provisioning clients in a secure digital content distribution system, the method comprising
operating multiple, distributed provisioning services for allocating rights to a human user; -
operating an authentication service for verifying the identity of a human user; and
providing synchronization among two or more of the multiple, distributed provisioning services to verify uniqueness of user IDs. - View Dependent Claims (6, 7, 8)
-
-
9. A secure digital content distribution system comprising
a first plurality of entities for providing authentication services; - and
a second plurality of entities for providing provisioning services based on information provided by one or more of the plurality of entities for providing authentication services. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- and
-
26. A method for providing secure digital content distribution over a network, the method comprising
providing ticket-granting services using a plurality of TGS entities, wherein two or more TGS entities may be under control of different administrative domains; -
using a plurality of servers to provide content; and
provisioning first and second of the plurality of servers with different of the plurality of TGS entities.
-
Specification