Systems and methods for governing content rendering, protection, and management applications

US 20070033407A1
Filed: 08/25/2006
Published: 02/08/2007
Est. Priority Date: 06/04/2000
Status: Abandoned Application

First Claim

Patent Images

1-18. -18. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and methods are disclosed for governing digital rights management systems and other applications through the use of supervisory governance applications and keying mechanisms. Governance is provided by enabling the supervisory applications to revoke access keys and/or to block certain file system calls, thus preventing governed applications from accessing protected electronic content.

Citations

33 Claims

1-18. -18. (canceled)

19. A method of controlling access to electronic content by an application program running on a host computer system, the method including:
- generating a request to access a piece of electronic content, the request being generated by the application program and comprising, at least in part, a call to a conformance library running on the host computer system; and
  
  in response to the call to the conformance library, connecting the conformance library to a governance engine on the host computer system, the governance engine being operable to govern, at least in part, the operation of the application program, the governance engine performing the following steps;
  
  (i) performing an integrity check on the application program, the integrity check being operable to (a) detect improper modifications to at least part of the application program and (b) deny access to the piece of electronic content if an improper modification is detected; and
  
  (ii) performing an authorization check, the authorization check being operable to (a) determine if the application program is authorized to access electronic content and (b) deny access to the piece of electronic content if authorization is not detected; and
  
  retrieving the piece of electronic content from a file system of the host computer system if permitted by the governance engine.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. A method as in claim 19, wherein the application program comprises a content rendering application.
  - 21. A method as in claim 19, wherein the application program comprises a digital rights management program, the digital rights management program being operable to manage the use of the piece of electronic content in accordance with one or more rules with which the piece of electronic content is associated.
  - 22. A method as in claim 19, wherein performing the authorization check includes examining one or more digital certificates associated with the application program, the one or more digital certificates specifying, at least in part, the nature of the application program'"'"'s authorization to access electronic content.
  - 23. A method as in claim 22, wherein one or more of the digital certificates is operable to expire at a predefined time, and wherein the application program'"'"'s authorization to access electronic content expires when said one or more digital certificates expire.
  - 24. A method as in claim 23, wherein the governance engine is operable to receive one or more new digital certificates to replace one or more expired digital certificates, and wherein the application program'"'"'s authorization to access electronic content is renewed when said one or more new digital certificates are received by the governance engine.
  - 25. A method as in claim 19, wherein performing the integrity check includes generating a cryptographic hash of at least part of the application program, and comparing the generated cryptographic hash to a previously generated cryptographic hash.

26. A method of controlling access to electronic content, the method comprising:
- receiving, at a conformance library running on a computer system, a request from a governed application running on the computer system to access a piece of electronic content, wherein the conformance library implements one or more interfaces that the governed application calls to access the electronic content, and wherein the request to access the piece of electronic content comprises at least a first call to at least a first interface of said one or more interfaces that the conformance library implements;
  
  connecting to a supervisory application, the supervisory application being operable to check a credential associated with the governed application, the supervisory application being further operable to disable access to the piece of electronic content by the governed application if the credential check fails; and
  
  enabling access to the piece of electronic content by the governed application after completion of a successful credential check, wherein said enabling step includes making at least a second call to at least a second interface, and wherein the second interface comprises a file input/output interface of the computer system that corresponds to said first interface implemented by the conformance library.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, further comprising invoking the supervisory application prior to the step of connecting to the supervisory application.
  - 28. The method of claim 26, wherein the credential check comprises an integrity check on the governed application, the integrity check being operable to (a) detect improper modifications to at least part of the governed application and (b) deny access to the piece of electronic content if an improper modification is detected.
  - 29. The method of claim 26, wherein the supervisory application is further operable to perform an authorization check, the authorization check being operable to (a) determine if the governed application is authorized to access the piece of electronic content and (b) deny access to the piece of electronic content if authorization is not detected.

30. A computer-readable storage medium storing instructions that, when executed by a computer, cause the computer to perform steps comprising:
- receiving a request from a governed application running on the computer to access a piece of electronic content, wherein the request to access the piece of electronic content comprises at least a first call to at least a first interface;
  
  connecting to a supervisory application running on the computer, the supervisory application being operable to check a credential associated with the governed application, the supervisory application being further operable to disable access to the piece of electronic content by the governed application if the credential check fails; and
  
  enabling access to the piece of electronic content by the governed application upon completion of a successful credential check, wherein said enabling includes making at least a second call to at least a second interface, and wherein the second interface comprises a file input/output interface of the computer that corresponds to said first interface.
- View Dependent Claims (31, 32, 33)
- - 31. The medium of claim 30, further comprising instructions that, when executed by the computer, cause the computer to invoke the supervisory application prior to connecting to the supervisory application.
  - 32. The medium of claim 30, wherein the credential check comprises an integrity check, the integrity check being operable to (a) detect improper modifications to at least part of the governed application and (b) deny access to the piece of electronic content if an improper modification is detected.
  - 33. The medium of claim 30, further comprising instructions that, when executed by the computer, cause the computer to perform an authorization check, the authorization check being operable to (a) determine if the governed application is authorized to access the piece of electronic content, and (b) deny access to the piece of electronic content if authorization is not detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Maher, David, MacKay, Michael

Application Number

US11/509,867
Publication Number

US 20070033407A1
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/60   Protecting data

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0822   using key encryption key

H04L 9/0877   using additional device, e....

H04L 9/0891   Revocation or update of sec...

Systems and methods for governing content rendering, protection, and management applications

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for governing content rendering, protection, and management applications

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links