Controlling access to content based on certificates and access predicates

US 20050060549A1
Filed: 10/25/2004
Published: 03/17/2005
Est. Priority Date: 10/26/1998
Status: Abandoned Application

First Claim

Patent Images

1. A system for enforcing digital rights on content downloaded from a provider comprising:

means for downloading the content from the provider encrypted for a particular combination of an operating system and a central processing unit (CPU) of the computer;

means for downloading an access predicate, for the content, that specifies properties an application running on a computer is to have in order to process the content;

means for checking the access predicate against a rights manager certificate for the application requesting access to the content;

means for checking the access predicate against a certificate for the operating system running on the computer;

means for permitting access to the content only if both the rights manager certificate and the certificate for the operating system satisfy the access predicate wherein accessing the content comprises decrypting the content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.

Citations

17 Claims

1. A system for enforcing digital rights on content downloaded from a provider comprising:
- means for downloading the content from the provider encrypted for a particular combination of an operating system and a central processing unit (CPU) of the computer;
  
  means for downloading an access predicate, for the content, that specifies properties an application running on a computer is to have in order to process the content;
  
  means for checking the access predicate against a rights manager certificate for the application requesting access to the content;
  
  means for checking the access predicate against a certificate for the operating system running on the computer;
  
  means for permitting access to the content only if both the rights manager certificate and the certificate for the operating system satisfy the access predicate wherein accessing the content comprises decrypting the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, further comprising:
    - means for downloading a license for the content; and
      
      means for monitoring the application accessing the content to determine if the license is being violated.
  - 3. The system method of claim 1, further comprising:
    - means for terminating the access by the application if the license is violated.
  - 4. The system of claim 1, further comprising:
    - means for downloading a license for the content; and
      
      means for providing the license to the application accessing the content to enforce the license.
  - 5. The system of claim 4, further comprising:
    - means for storing the content on persistent storage; and
      
      means for storing the license for the content on the persistent storage in an encrypted form.
  - 6. The system of claim 1, further comprising:
    - means for storing the content on persistent storage; and
      
      means for storing the access predicate for the content on the persistent storage in an encrypted form.
  - 7. The system of claim 1, wherein the access predicate specifies that the application must allow only reading of the content.
  - 8. The system of claim 1, wherein the access predicate specifies that the application must render the content at no greater than a maximum resolution.
  - 9. The system of claim 1, wherein the access predicate specifies that the application must not allow the content to be copied.
  - 10. The system of claim 1, wherein the access predicate specifies that the application must not allow the content to be copied in greater than a maximum resolution.
  - 11. The system of claim 1, wherein the access predicate specifies that the application must not allow the content to be copied unless the content is accompanied by a particular license.
  - 12. The system of claim 1, wherein the access predicate specifies that the application must not allow the content to be stored unless the content is encrypted for storage.
  - 13. The system of claim 1, wherein the access predicate specifies that the application must restrict the ability to store the content to only certain devices.
  - 14. The system of claim 1, wherein the content comprises media content, and further comprising means for checking the access predicate against a certificate for the CPU of the computer, and wherein the means for permitting comprises means for permitting access to the content only if each of the rights manager certificate, the certificate for the operating system, and the certificate for the CPU satisfies the access predicate.
  - 15. The system of claim 14, wherein the media content comprises audio content.
  - 16. The system of claim 14, wherein the media content comprises video content.
  - 17. The system of claim 1, further comprising:
    - means for submitting the rights manager certificate to the provider; and
      
      wherein the means for downloading the content comprises means for downloading the content from the provider only if the provider determines, based at least in part on the rights manager certificate, that the provider should establish a trust relationship with the operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Lampson, Butler W., DeTreville, John D.

Application Number

US10/972,507
Publication Number

US 20050060549A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2209/603   Digital right managament [DRM]

H04L 9/3263   involving certificates, e.g...

Controlling access to content based on certificates and access predicates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to content based on certificates and access predicates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links