Method and system for binding enhanced software features to a persona
1 Assignment
0 Petitions
Accused Products
Abstract
A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information. Upon following the link, the fulfillment site downloads the ordered content to the consumer, preparing the content if necessary in accordance with the type of security to be carried with the content. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona
-
Citations
49 Claims
-
1. (cancelled).
-
2. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
-
receiving, from a first computing device, a user'"'"'s credentials;
authenticating said credentials by querving a namespace authority;
providing a first activation certificate to said first computing device, and persisting an association between said credentials and at least some information included in said first activation certificate, wherein said computing device stores software having an activated state and a non-activated state, wherein said first activation certificate transforms said software to said activated state, wherein said software renders a second digital work regardless of whether it is in the activated state, and wherein said software renders said first digital work only if said software is in the activated state. - View Dependent Claims (11)
-
-
3-5. -5. (cancelled).
-
6. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
-
receiving from a first computing device, a user'"'"'s credentials;
authenticating said credentials by querying a namespace authority;
providing a first activation certificate to said first computing device; and
persisting an association between said credentials and at least some information included in said first activation certificate, wherein said first activation certificate comprises a first cryptographic key, wherein said first digital work comprises encrypted content and a decryption key which decrypts said encrypted content, said decryption key being included in said first digital work in an encrypted or sealed form decryptable or unsealable by said first cryptographic key. - View Dependent Claims (7, 46)
-
-
8-9. -9. (cancelled).
-
10. A method of enabling the use of a first digital work on plural computing devices, said method comprising the acts of:
-
receiving, from a first computing device, a user'"'"'s credentials;
authenticating said credentials by querving a namespace authority;
providing a first activation certificate to said first computing device; and
persisting an association between said credentials and at least some information included in said first activation certificate, further comprising the acts of;
receiving, from a second computing device, said credentials;
determining whether a first limit has been reached; and
if said first limit has not been reached, providing to said second computing device a second activation certificate based at least in part on the persisted information associated with said credentials. - View Dependent Claims (45, 47)
-
-
12. A method of using a digital work on plural computing devices, said method comprising the acts of:
-
on a first computing device, transmitting credentials to an activation arrangement;
receiving, from said activation arrangement, a first activation certificate comprising a first cryptographic key;
on a second computing device, transmitting said credentials to said activation arrangement; and
receiving, from said activation arrangement, a second activation certificate comprising said first cryptographic key, without said first activation certificate being revoked;
wherein said digital work requires said first cryptographic key for its proper use. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of enabling the use of an item on plural computing devices, said method comprising the act of:
-
providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, without revoking said first data so that said first data continues to allow use of said item on said first computing device subsequent to provision of said second data to said second computing device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 35, 36, 37, 38)
-
-
31. (cancelled).
-
39-42. -42. (cancelled).
-
43. A method of activating software on a remote computing device for use by an individual user, the method comprising:
-
receiving the individual user'"'"'s credentials;
authenticating the individual user'"'"'s credentials by querying a namespace authority;
requesting first information from the remote computing device;
generating an activation certificate that includes second information related to the user'"'"'s credentials; and
downloading said activation certificate to the remote computing device to activate the software residing on the remote computing device such that at least some aspect of operation of the software is associated with the individual user'"'"'s credentials, wherein said software renders a first class of digital works without regard to whether said activation certificate is present on said remote computing device, and wherein said software renders a second class of digital works only if said activation certificate is present on said remote computing device. - View Dependent Claims (44)
-
-
48. A method of enabling the use of an item on plural computing devices, said method comprising the acts of:
-
providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data differs in at least some respect from said second data, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said second data comprises said first cryptographic key in a form encrypted by a third cryptographic key different from said second cryptographic key, wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key, wherein said decryption key is included in said item in a form encrypted by a fourth cryptographic key, wherein said first and fourth cryptographic keys are the private and public keys, respectively, of an asymmetric key pair, and wherein the method further comprises the acts of;
providing to said first computing device a first set of computer-executable instructions which applies said second cryptographic key; and
providing to said second computing device a second set of computer-executable instructions which applies said third cryptographic key.
-
-
49. A method of enabling the use of an item on plural computing devices, said method comprising the act of:
-
providing, to a first computing device associated with a persona, first data which enables the use of said item on said first computing device; and
determining that a second computing device is associated with said persona; and
providing to said second computing device second data which enables the use of said item on said second computing device, wherein said first data comprises a first cryptographic key which enables the use of said item, said first cryptographic key being included in said first data in a form encrypted by a second cryptographic key, and wherein said item comprises encrypted content and a decryption key which decrypts said encrypted content, and wherein said decryption key is encrypted so as to be decryptable by said first cryptographic key.
-
Specification