Hybrid device and person based authorized domain architecture

US 20060190621A1
Filed: 07/14/2004
Published: 08/24/2006
Est. Priority Date: 07/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method of generating an Authorized Domain (AD), the method comprising the steps of selecting a domain identifier (Domain_ID) uniquely identifying the Authorized Domain (100), binding at least one user (P1, P2, . . . , PN₁) to the domain identifier (Domain_ID), and binding at least one device (D1, D2, . . . , DM) to the domain identifier (Domain_ID), and thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of persons (P1, P2, . . . , PN₁) that is authorized to access a content item of said Authorized Domain (100).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one user (P1, P, PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CNZ) to the Authorized Domain (AD) given by the domain identifier (Domain ID). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of said Authorized Domain (100) is obtained. In this way, access to a content item of an authorized domain by a user operating a device is obtained either by verifying that the content item and the user is linked the same domain or by verifying that the device and the content item is linked to the same domain. Thereby, enhanced flexibility for one or more users when accessing content in an authorized domain is obtained while security of the content is still maintaining. This is further done in a simple, secure and reliable way.

76 Citations

View as Search Results

23 Claims

1. A method of generating an Authorized Domain (AD), the method comprising the steps of selecting a domain identifier (Domain_ID) uniquely identifying the Authorized Domain (100), binding at least one user (P1, P2, . . . , PN₁) to the domain identifier (Domain_ID), and binding at least one device (D1, D2, . . . , DM) to the domain identifier (Domain_ID), and thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of persons (P1, P2, . . . , PN₁) that is authorized to access a content item of said Authorized Domain (100).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 16, 17, 23)
- - 2. A method according to claim 1, characterized in that the method further comprises the step of:
    - binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (AD) given by the domain identifier (Domain_ID).
  - 3. A method according to claim 1, characterized in that the step of binding at least one user (P1, P2, . . . , PN₁) to the domain identifier (Domain_ID) comprises:
    - obtaining or generating a Domain Users List (DUC) comprising the domain identifier (Domain_ID) and a unique identifier (Pers_ID1, Pers_ID2, . . . , Pers_IDN₁) for a user (P1, P2, . . . , PN₁) thereby defining that the user is bound to the Authorized Domain (100), and/or in that the step of binding at least one device (D1, D2, . . . , DM) to the domain identifier (Domain_ID) comprises;
      
      obtaining or generating a Domain Devices List (DDC) comprising the domain identifier (Domain_ID) and a unique identifier (Dev.ID1, Dev.ID2, . . . , Dev.IDM) for a device (D1, D2, . . . , DM) thereby defining that the device is bound to the domain (100).
  - 4. A method according to claim 2, characterized in that the step of binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (AD) comprises:
    - binding a content item (C1, C2, . . . , CN₂) to a User Right (URC1, URC2, . . . URCN₂), where said User Right (URC1, URC2, . . . URCN₂) is bound to a user (P1, P2, . . . , PN₁) bound to the Authorized Domain (100), and/or binding a content item (C1, C2, . . . , CN₂) to a Device Right (DevRC), where said Device Right (DevRC) is bound to a device (D1, D2, . . . , DM) bound to the Authorized Domain (100).
  - 5. A method according to claim 2, characterized in that the step of binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (100) comprises:
    - binding a content item (C1, C2, . . . , CN₃) to a Domain Right (DRC1, DRC2, . . . DRCN₂), where said Domain Right (DRC1, DRC2, . . . DRCN₂) is bound to the Authorized Domain (100).
  - 6. A method according to claim 4, characterized in that the User Right (URC) or the Device Right (DevRC) or the Domain Rights (DRC) comprises rights data (Rghts Dat) representing which rights exists in relation to the at least one content item (C1, C2, . . . , CN₂) bound to the User Right (URC) or the Device Right (DevRC) or the Domain Rights (DRC).
  - 7. A method according to claim 1, characterized in that the method further comprises the step of controlling access to a given content item bound to the Authorized Domain (100) by a given device being operated by a given user, the step comprising:
    - checking if the given user is bound to the same Authorized Domain (100) as the given content item, or checking if the given device is bound to the same Authorized Domain (100) as the given content item, and allowing access for the given user via the given device and/or other devices to the content item if the given user is bound to the same Authorized Domain (100), or allowing access for the given user and/or other users via the given device to the content item if the given device is part of the same Authorized Domain (100).
  - 8. A method according to claim 1, characterized in that the method further comprises the step of controlling access to a given content item (C1, C2, . . . , CN₂), being bound to the Authorized Domain (100) and having a unique content identifier (Cont_ID), by a given device being operated by a given user comprising:
    - checking if the Domain Devices List (DDC) of the Authorized Domain (100) comprises an identifier (Dev.ID) of the given device, thereby checking if the given device is bound to the same Authorized Domain (100) as the content item, and/or checking if the Domain User List (DUC) of the Authorized Domain (100) comprises an identifier (Pers_ID) of the given user (P1, P2, . . . , PN₁) thereby checking if the given user is bound to the same Authorized Domain (100) as the content item, and allowing access to the given content item (C1, C2, . . . , CN₂) by the given device (D1, D2, . . . , DM) for any user if the given device is bound to the same Authorized Domain (100) as the content item being accessed, and/or allowing access to the given content item (C1, C2, . . . , CN₂) by any device including the given device for the given user if the given user is bound to the same Authorized Domain (100) as the content item being accessed.
  - 9. A method according to claim 7, characterized in that the step of controlling access of a given content item further comprises:
    - checking that the User Right (URC) for the given content item specifies that the given user (P1, P2, . . . , PN₁) has the right to access the given content item (C1, C2, . . . , CN₂) and only allowing access to the given content item (C1, C2, . . . , CN₂) in the affirmative.
  - 10. A method according to claim 1, characterized in that every content item is encrypted and that a content right (CR) is bound to each content item and to a User Right (URC) or a Device Rights (DevRC) or a Domain Rights (DRC), and that the content right (CR) of a given content item comprises an decryption key for decrypting the given content item.
  - 11. A method according to claim 3, characterized in that the Domain Users List (DUC) is implemented as or included in a Domain Users Certificate, and/or the Domain Devices List (DDC) is implemented as or included in a Domain Devices Certificate, and/or the User Right (URC1, URC2, . . . , URCN₂) is implemented as or included in a User Right Certificate, and/or the Device Right (DevRC) is implemented as or included in a Device Right Certificate, and/or the Domain Rights (DRC1, DRC2, . . . , DRCN₂) is implemented/included in a Domain Rights Certificate.
  - 13. A system according to claim 1, characterized in that the system further comprises:
    - means for binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (AD) given by the domain identifier (Domain_ID).
  - 15. A system according to claim 13, characterized in that the means for binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (AD) is adapted to:
    - bind a content item (C1, C2, . . . , CN₂) to a User Right (URC1, URC2, . . . URCN₂), where said User Right (URC1, URC2, . . . URCN₂) is bound to a user (P1, P2, . . . , PN₁) bound to the Authorized Domain (100), and/or bind a content item (C1, C2, . . . , CN₂) to a Device Right (DevRC), where said Device Right (DevRC) is bound to a device (D1, D2, . . . , DM) bound to the Authorized Domain (100).
  - 16. A system according to claim 13, characterized in that the means for binding at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (100) is adapted to:
    - bind a content item (C1, C2, . . . , CN₃) to a Domain Right (DRC1, DRC2, . . . DRCN₂), where said Domain Right (DRC1, DRC2, . . . DRCN₂) is bound to the Authorized Domain (100).
  - 17. A system according to claim 15, characterized in that the User Right (URC) or the Device Right (DevRC) or the Domain Rights (DRC) comprises rights data (Rghts Dat) representing which rights exists in relation to the at least one content item (C1, C2, . . . , CN₂) bound to the User Right (URC) or the Device Right (DevRC) or the Domain Rights (DRC).
  - 23. A computer readable medium having stored thereon instructions for causing one or more processing units to execute the method according to claim 1.

12. A system for generating an Authorized Domain (AD), the system comprising:
- means for obtaining a domain identifier (Domain_ID) uniquely identifying the Authorized Domain (100), means for binding at least one user (P1, P2, . . . , PN₁) to the domain identifier (Domain_ID), and means for binding at least one device (D1, D2, . . . , DM) to the domain identifier (Domain_ID), and thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of persons (P1, P2, . . . , PN₁) that is authorized to access a content item of said Authorized Domain (100).
- View Dependent Claims (14, 18, 19, 20, 21)
- - 14. A system according to claim 12, characterized in that the means for binding at least one user (P1, P2, . . . , PN₁) to the domain identifier (Domain_ID) is adapted to:
    - obtain or generate a Domain Users List (DUC) comprising the domain identifier (Domain_ID) and a unique identifier (Pers_ID1, Pers_ID2, . . . , Pers_IDN₁) for a user (P1, P2, . . . , PN₁) thereby defining that the user is bound to the Authorized Domain (100), and/or in that the means for binding at least one device (D1, D2, . . . , DM) to the domain identifier (Domain_ID) is adapted to;
      
      obtain or generate a Domain Devices List (DDC) comprising the domain identifier (Domain_ID) and a unique identifier (Dev.ID1, Dev.ID2, . . . , Dev.IDM) for a device (D1, D2, . . . , DM) thereby defining that the device is bound to the domain (100).
  - 18. A system according to claim 12, characterized in that the system further comprises means for controlling access to a given content item bound to the Authorized Domain (100) by a given device being operated by a given user, where the means is adapted to:
    - check if the given user is bound to the same Authorized Domain (100) as the given content item, or check if the given device is bound to the same Authorized Domain (100) as the given content item, and allow access for the given user via the given device and/or other devices to the content item if the given user is bound to the same Authorized Domain (100), or allow access for the given user and/or other users via the given device to the content item if the given device is part of the same Authorized Domain (100).
  - 19. A system according to claim 12, characterized in that the system further comprises means for controlling access to a given content item (C1, C2, . . . , CN₂), being bound to the Authorized Domain (100) and having a unique content identifier (Cont_ID), by a given device being operated by a given user, where the means is adapted to:
    - check if the Domain Devices List (DDC) of the Authorized Domain (100) comprises an identifier (Dev.ID) of the given device, thereby checking if the given device is bound to the same Authorized Domain (100) as the content item, and/or check if the Domain User List (DUC) of the Authorized Domain (100) comprises an identifier (Pers_ID) of the given user (P1, P2, . . . , PN₁) thereby checking if the given user is bound to the same Authorized Domain (100) as the content item, and allow access to the given content item (C1, C2, . . . , CN₂) by the given device (D1, D2, . . . , DM) for any user if the given device is bound to the same Authorized Domain (100) as the content item being accessed, and/or allow access to the given content item (C1, C2, . . . , CN₂) by any device including the given device for the given user if the given user is bound to the same Authorized Domain (100) as the content item being accessed.
  - 20. A system according to claim 18, characterized in that the means for controlling access of a given content item is further adapted to further:
    - check that the User Right (URC) for the given content item specifies that the given user (P1, P2, . . . , PN₁) has the right to access the given content item (C1, C2, . . . , CN₂) and only allowing access to the given content item (C1, C2, . . . , CN₂) in the affirmative.
  - 21. A system according to claim 12, characterized in that every content item is encrypted and that a content right (CR) is bound to each content item and to a User Right (URC) or a Device Rights (DevRC) or a Domain Rights (DRC), and that the content right (CR) of a given content item comprises an decryption key for decrypting the given content item.

22. A system according to claim 24, characterized in that the Domain Users List (DUC) is implemented as or included in a Domain Users Certificate, and/or the Domain Devices List (DDC) is implemented as or included in a Domain Devices Certificate, and/or the User Right (URC1, URC2, . . . , URCN₂) is implemented as or included in a User Right Certificate, and/or the Device Right (DevRC) is implemented as or included in a Device Right Certificate, and/or the Domain Rights (DRC1, DRC2, . . . , DRCN₂) is implemented/included in a Domain Rights Certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Koster, Robert Paul, Schrijen, Geert Jan, Kamperman, Franciscus L. A. J.

Granted Patent

US 9,009,308 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/245
CPC Class Codes

G06F 21/1012   to domains

G06F 21/31   User authentication

G06F 2221/2129   Authenticate client device ...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00731   involving a digital rights ...

G11B 20/00855   involving a step of exchang...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

Hybrid device and person based authorized domain architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid device and person based authorized domain architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links