Method and system for binding enhanced software features to a persona

US 20040255115A1
Filed: 06/18/2004
Published: 12/16/2004
Est. Priority Date: 06/27/2000
Status: Active Grant

First Claim

Patent Images

1. (cancelled).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information. Upon following the link, the fulfillment site downloads the ordered content to the consumer, preparing the content if necessary in accordance with the type of security to be carried with the content. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona

Citations

49 Claims

1. (cancelled).

2. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
- receiving, from a first computing device, a user'"'"'s credentials;
  
  authenticating said credentials by querving a namespace authority;
  
  providing a first activation certificate to said first computing device, and persisting an association between said credentials and at least some information included in said first activation certificate, wherein said computing device stores software having an activated state and a non-activated state, wherein said first activation certificate transforms said software to said activated state, wherein said software renders a second digital work regardless of whether it is in the activated state, and wherein said software renders said first digital work only if said software is in the activated state.
- View Dependent Claims (11)
- - 11. A computer-readable medium having computer-executable instructions to perform the method of claim 2.

3-5. -5. (cancelled).

6. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
- receiving from a first computing device, a user'"'"'s credentials;
  
  authenticating said credentials by querying a namespace authority;
  
  providing a first activation certificate to said first computing device; and
  
  persisting an association between said credentials and at least some information included in said first activation certificate, wherein said first activation certificate comprises a first cryptographic key, wherein said first digital work comprises encrypted content and a decryption key which decrypts said encrypted content, said decryption key being included in said first digital work in an encrypted or sealed form decryptable or unsealable by said first cryptographic key.
- View Dependent Claims (7, 46)
- - 7. The method of claim 6, wherein said first activation certificate further comprises a second cryptographic key, wherein said first and second cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein said decryption key is included in said first digital work in a form encrypted by said second cryptographic key.
  - 46. A computer readable medium having computer-executable instructions to perform the method of claim 6.

8-9. -9. (cancelled).

10. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
- receiving, from a first computing device, a user'"'"'s credentials;
  
  authenticating said credentials by querving a namespace authority;
  
  providing a first activation certificate to said first computing device; and
  
  persisting an association between said credentials and at least some information included in said first activation certificate, further comprising the acts of;
  
  receiving, from a second computing device, said credentials;
  
  determining whether a first limit has been reached; and
  
  if said first limit has not been reached, providing to said second computing device a second activation certificate based at least in part on the persisted information associated with said credentials.
- View Dependent Claims (45, 47)
- - 45. The method of claim 10, wherein said second activation certificate is provided to said second computing device without revoking said first activation certificate at said first computing device.
  - 47. A computer readable medium having computer-executable instructions to perform the method of claim 10.

12. A method of using a digital work on plural computing devices, said method comprising the acts of:
- on a first computing device, transmitting credentials to an activation arrangement;
  
  receiving, from said activation arrangement, a first activation certificate comprising a first cryptographic key;
  
  on a second computing device, transmitting said credentials to said activation arrangement; and
  
  receiving, from said activation arrangement, a second activation certificate comprising said first cryptographic key, without said first activation certificate being revoked;
  
  wherein said digital work requires said first cryptographic key for its proper use.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein said credentials comprise a username and a password.
  - 14. The method of claim 12, further comprising the act of authenticating said credentials.
  - 15. The method of claim 12, wherein said first cryptographic key is included in said first activation certificate in a first form, and wherein said first cryptographic key is included in said second activation certificate in a second form different from said first form.
  - 16. The method of claim 12, wherein said activation arrangement comprises one or more server computing devices.
  - 17. The method of claim 12, wherein said digital work comprises encrypted content and a second cryptographic key which decrypts said encrypted content, said second cryptographic key being included in said digital work in an encrypted form decryptable by said first cryptographic key.
  - 18. The method of claim 12, further comprising the acts of:
    - transmitting, to a content provider, at least some information included in said first activation certificate; and
      
      receiving, from said content provider, said digital work.
  - 19. The method of claim 12, wherein said first activation certificate is at least partly resistant to being used on a computing device other than said first computing device, and wherein said second activation certificate is at least partly resistant to being used on a computing device other than said second computing device.
  - 20. The method of claim 12, wherein each of said first and second activation certificates includes information indicative of said credentials.

21. A method of enabling the use of an item on plural computing devices, said method comprising the act of:
- providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
  
  determining that a second computing device is associated with said persona; and
  
  providing to said second computing device second data which enables the use of said item on said second computing device, without revoking said first data so that said first data continues to allow use of said item on said first computing device subsequent to provision of said second data to said second computing device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 35, 36, 37, 38)
- - 22. The method of claim 21, wherein said item comprises digital content, and wherein use of said item comprises rendering said digital content.
  - 23. The method of claim 22, wherein said digital content comprises textual content, and wherein use of said item comprises displaying said textual content on a viewing device.
  - 24. The method of claim 22, wherein said digital content comprises multimedia content, and wherein use of said item comprises rendering said multimedia content on a device adapted to render said multimedia content.
  - 25. The method of claim 21, further comprising the acts of:
    - receiving, from said first computing device, third data indicative of said persona; and
      
      prior to providing said first data to said computing device, authenticating said third data.
  - 26. The method of claim 25, wherein said third data comprises a username and a password, and wherein said authenticating act comprises querying a namespace authority as to the validity of said username and said password.
  - 27. The method of claim 21, wherein said first data differs in at least some respect from said second data.
  - 28. The method of claim 27, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key.
  - 29. The method of claim 28, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key.
  - 30. The method of claim 29, wherein said first data further comprises a fourth cryptographic key, wherein said second data further comprises said fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein said decryption key is included in said item in a form encrypted by said fourth cryptographic key.
  - 32. The method of claim 27, further comprising the act of persisting an association between said persona and at least some of said first data.
  - 33. The method of claim 21, wherein said item does not reside on said first computing device at the time said first data is provided to said first computing device.
  - 34. The method of claim 33, wherein said item is created subsequent to the acts of providing said first and second data to said first and second computing devices respectively.
  - 35. The method of claim 21, further comprising the act of determining the number of computing devices on which use of said item is enabled.
  - 36. The method of claim 21, further comprising the act of determining, prior to providing said second data to said second computing device, the amount of time that has elapsed since use of said item was enabled on said first computing device.
  - 37. The method of claim 21, wherein said first and second data each include information indicative of said persona.
  - 38. A computer-readable medium having computer-executable instructions to perform the method of claim 21.

31. (cancelled).

39-42. -42. (cancelled).

43. A method of activating software on a remote computing device for use by an individual user, the method comprising:
- receiving the individual user'"'"'s credentials;
  
  authenticating the individual user'"'"'s credentials by querying a namespace authority;
  
  requesting first information from the remote computing device;
  
  generating an activation certificate that includes second information related to the user'"'"'s credentials; and
  
  downloading said activation certificate to the remote computing device to activate the software residing on the remote computing device such that at least some aspect of operation of the software is associated with the individual user'"'"'s credentials, wherein said software renders a first class of digital works without regard to whether said activation certificate is present on said remote computing device, and wherein said software renders a second class of digital works only if said activation certificate is present on said remote computing device.
- View Dependent Claims (44)
- - 44. A computer-readable medium having computer-executable instructions to perform the method of claim 43.

48. A method of enabling the use of an item on plural computing devices, said method comprising the acts of:
- providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
  
  determining that a second computing device is associated with said persona; and
  
  providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data differs in at least some respect from said second data, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key, wherein said decryption key is included in said item in a form encrypted by a fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein the method further comprises the acts of;
  
  providing to said first computing device a first set of computer-executable instructions which applies said second cryptographic key; and
  
  providing to said second computing device a second set of computer-executable instructions which applies said third cryptographic key.

49. A method of enabling the use of an item on plural computing devices, said method comprising the act of:
- providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
  
  determining that a second computing device is associated with said persona; and
  
  providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
DeMello, Marco A., Byrum, Frank D., Keely, Leroy B., Yaacovi, Yoram, Hughes, Kathryn E.

Granted Patent

US 7,823,208 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/109 by using specially-adapted ...

G06F 2221/2117 User registration

Method and system for binding enhanced software features to a persona

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for binding enhanced software features to a persona

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links