Methods and apparatus for premises content distribution

US 20080112405A1
Filed: 11/01/2006
Published: 05/15/2008
Est. Priority Date: 11/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method of sharing protected digital content between two devices associated with a network, comprising:

storing digital content at a first of said two devices;

authenticating a second of said devices requesting access to the digital content from the first device;

selectively providing access to the requesting device for browsing the digital content;

receiving a request for transmission of at least a portion of said content; and

selectively transmitting said at least portion of said content to the requesting device while maintaining said content protection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

407 Citations

45 Claims

1. A method of sharing protected digital content between two devices associated with a network, comprising:
- storing digital content at a first of said two devices;
  
  authenticating a second of said devices requesting access to the digital content from the first device;
  
  selectively providing access to the requesting device for browsing the digital content;
  
  receiving a request for transmission of at least a portion of said content; and
  
  selectively transmitting said at least portion of said content to the requesting device while maintaining said content protection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein at least said acts of authenticating, providing access, and transmitting are performed without access to a remote network agent.
  - 3. The method of claim 2, wherein said network comprises a premises local area network (LAN), and said remote agent comprises a head-end process of a cable television network with which at least a portion of said LAN is in communication.
  - 4. The method of claim 1, wherein said stored digital content comprises a plurality of media files each having a respective substantially unique title, and said act of selecting providing access for browsing comprises providing access to at least said titles.
  - 5. The method of claim 1, further comprising verifying that said second device comprises adequate security provisions for protecting said content before said act of transferring is commenced.
  - 6. The method of claim 1, wherein said first and second devices comprise a authorized service domain (ASD) for maintaining the protection of said protected content.
  - 7. The method of claim 1, further comprising placing said first and second devices in data communication with one another via a substantially standardized communications interface.
  - 8. The method of claim 7, wherein said communications interface comprises a Universal Plug and Play (UPnP) interface, and said first device completes said authentication using a substantially standardized security architecture.

9. Premises content server apparatus configured for data communication with one or more devices over a premises network, the server apparatus comprising:
- storage apparatus configured to store a plurality of digital content;
  
  authentication apparatus configured to authenticate at least one device requesting content from said server apparatus;
  
  browsing apparatus adapted to provide browsing of said plurality of content by said at least one requesting device; and
  
  security apparatus adapted to control access to said content by said browsing apparatus based at least in part on successful authentication of said at least one requesting device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The server apparatus of claim 9, further comprising transmission apparatus, said transmission apparatus adapted to transfer at least a portion of said plurality of content to said requesting device based at least in part on said successful authentication thereof.
  - 11. The server apparatus of claim 10, wherein said transmission apparatus comprises a plug-and-play operable data interface, and said transfer of said at least portion of content is further based on said security apparatus determining that said requesting device possesses suitable security apparatus to protect at least one aspect of said at least portion of content to be transferred.
  - 12. The server apparatus of claim 9, wherein said authentication apparatus and security apparatus comprise at least one computer program disposed on said server apparatus within a security architecture.
  - 13. The server apparatus of claim 12, wherein said security architecture comprises a secure microprocessor, and said server apparatus comprises at least a portion of a trusted domain (TD).
  - 14. The server apparatus of claim 9, wherein said server apparatus is granted access to said digital content based at least in part on cryptographic elements and encrypted software downloaded from a network operator entity to a secure microprocessor resident on said server apparatus.
  - 15. The server apparatus of claim 9, wherein said server apparatus further comprises:
    - a first interface capable of at least receiving said content from a content-based network;
      
      a coaxial cable interface configured to provide networking throughout at least a portion of said premises over coaxial cable present therein; and
      
      a wireless access interface adapted to support at least one wireless network substantially within said premises;
      
      wherein said content is accessible to users on both said coaxial cable network and said at least one wireless network.

16. Premises content rendering apparatus configured for data communication with a content providing device over a premises network, the rendering apparatus comprising:
- content rendering apparatus configured to render or cause rendering of digital content;
  
  authentication apparatus configured to facilitate authentication of said renderer apparatus with said providing device; and
  
  content selection apparatus adapted to browse and select at least one of a plurality of digital content associated with said providing device for transmission to said rendering apparatus.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The rendering apparatus of claim 16, further comprising scanning apparatus, said scanning apparatus configured to locate one or more content servers on said network.
  - 18. The rendering apparatus of claim 16, further comprising a hardware and software adaptive data interface, said hardware adaptation allowing for said rendering apparatus to function to at least receive data when a wired communications link has been established between said rendering apparatus and said providing device, said software adaptation allowing for said rendering apparatus and said providing device to communicate without manual installation of a device driver;
    - andwherein said transmission to said rendering apparatus is performed over said data interface.
  - 19. The rendering apparatus of claim 18, wherein said interface is adapted for communication via a high-speed serialized bus protocol capable of at least 800 Mbps data transfer rate.
  - 20. The rendering apparatus of claim 16, further comprising a software security architecture adapted to protect at least portions of said digital content after it is transferred to said rendering apparatus.
  - 21. The rendering apparatus of claim 20, wherein said content is encrypted before said transfer to said renderer apparatus, and said security architecture comprises at least one decryption algorithm and at least a portion of a public-private key pair used for decrypting said content.

22. A method of sharing protected content within an ad hoc network, comprising:
- establishing ad hoc a communication channel between first and second entities, at least said first and second entities forming said network when said channel is established;
  
  authenticating at least one of;
  
  (i) said first entity to said second entity, or (ii) said second entity to said first entity;
  
  selectively allowing at least one of said first and second entities to browse protected content stored on the other of said entities based at least in part on said authenticating; and
  
  selectively transferring at least a portion of said protected content from at least one of said entities to the other of said entities based at least in part on;
  
  (i) said authenticating and (ii) a request for said at least portion of said protected content issued by one of said entities to the other.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The method of claim 22, wherein said act of establishing comprises causing said first and second entities to be placed in data communication via at least a plug-and-play data interface.
  - 24. The method of claim 23, wherein said act of authenticating is performed by the same one of said entities performing said act of selectively allowing browsing.
  - 25. The method of claim 24, wherein said act of selectively transferring comprises transferring said at least portion of said content requested by said entity allowed to browse from said authenticating entity to said browsing entity over said data interface.
  - 26. The method of claim 23, wherein said data interface is adapted for communication via a high-speed serialized bus protocol capable of at least 800 Mbps data transfer rate.
  - 27. The method of claim 22, wherein said act of establishing comprises causing said first and second entities to be placed in data communication via a wireless interface wherein one of said first and second entities assumes a first role and said second entity assumes a second role with respect to said communication channel.
  - 28. The method of claim 27, wherein said first role comprises a master station, and said second role comprises a slave station.
  - 29. The method of claim 27, wherein said first role comprises an access point (AP), and said second role comprises a station (STA), said AP providing data connectivity to at least one other entity other than said STA.
  - 30. The method of claim 22, wherein at least one of said first and second entities is in data communication with a cable television network, and said act of authenticating is performed based at least in part on information obtained from said cable television network.

31. A method of transfer of protected content between first and second media capable devices, comprising:
- causing at least one of said first and second devices to discover the other of said devices;
  
  determining security parameters associated with one of said devices;
  
  authenticating said one device with which said security parameters are associated;
  
  requesting via said authenticated device that said protected content be transferred; and
  
  transferring said protected content from the one of said first and second devices on which it is stored.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The method of claim 31, wherein said act of authenticating is performed substantially independent of an external authentication entity.
  - 33. The method of claim 31, wherein said first and second devices are in communication with a premises network, said premises network in communication with a cable television network, and said act of authenticating further comprises determining whether said device being authenticated can be granted access to said protected content based at least in part on a conditional access scheme.
  - 34. The method of claim 31, further comprising permitting access by said one authenticated device to descriptive information relating to the protected content stored on the other device.
  - 35. The method of claim 31, further comprising transferring security capabilities information between said first and second devices.
  - 36. The method of claim 35, wherein said capabilities information comprises information relating to at least one of:
    - (i) a public-private key pair, and (ii) an encryption algorithm.

37. A multi-state content server device for use in a premises network, comprising:
- a storage medium for storing protected content;
  
  a digital processor comprising at least one computer program configured for authenticating a content-requesting entity; and
  
  a state machine adapted to operate said server device in one or more of a plurality of states;
  
  wherein said server device operates in a first state; and
  
  wherein said server device is configured to;
  
  receive a request for authentication from said content-requesting entity; and
  
  receive a request for delivery of content from said entity;
  
  said requests for authentication and for delivery of content not causing said server device to change from said first state to another state.
- View Dependent Claims (38, 39)
- - 38. The content server device of claim 37, wherein said state machine comprises a virtual finite state machine (FSM).
  - 39. The content server device of claim 37, wherein said state machine comprises a deterministic state machine.

40. A method of doing business over a content-based network, comprising:
- making commercially valuable protected content selectively available to at least one user of said network in exchange for consideration;
  
  permitting transfer of said content to a protected domain within a premises of said user;
  
  configuring said protected domain such that it can;
  
  authenticate a device communicating with said protected domain;
  
  determine the security capabilities of said device; and
  
  selectively transfer said protected content to said devices if (i) said device is authenticated, and (ii) said security capabilities are adequate to maintain protection of said content.

41. A system for sharing protected digital content over a premises network, said system comprising at least a first device in communication with said network, said first device adapted to:
- receive said protected content over an interface to a cable television network;
  
  store said content on said first device;
  
  authenticate a second device in communication with said premises network when said second device requests access to the digital content from the first device;
  
  selectively provide access to the second device for browsing the stored digital content;
  
  receive a request for transmission of at least a portion of said content; and
  
  selectively transmit said at least portion of said content to the second device while maintaining said content protection.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The system of claim 41, further comprising said second device.
  - 43. The system of claim 41, wherein said first device comprises a plug-and-play interface over which at least said protected content can be transmitted.
  - 44. The system of claim 41, wherein said first device comprises a storage device having a plurality of security-related information stored therein, at least a portion of said security-related information being used to perform said authentication.
  - 45. The system of claim 41, wherein said first device comprises a substantially secure microprocessor having a plurality of security-related information stored therein, said information being received from said cable television network according to a downloadable conditional access protocol, at least a portion of said security-related information being used to perform said authentication of said second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Carlucci, John B., Cholas, Chris, Helms, William L., Markley, Jeffrey P.

Granted Patent

US 8,732,854 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/06   specially adapted for file ...

H04L 67/51   Discovery or management the...

Methods and apparatus for premises content distribution

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

407 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for premises content distribution

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

407 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links