NON-BLOCKING OF HEAD END INITIATED REVOCATION AND DELIVERY OF ENTITLEMENTS IN A NON-ADDRESSABLE DIGITAL MEDIA NETWORK

US 20080294786A1
Filed: 05/21/2008
Published: 11/27/2008
Est. Priority Date: 05/21/2007
Status: Active Grant

First Claim

Patent Images

1. A network device for managing access to content over a network, comprising:

a transceiver for receiving and sending information over the network;

a processor in communication with the display and the transceiver; and

a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including;

sending a notification to a client device indicating an availability of an entitlement or revocation message;

if the client device initiates a connection, sending the entitlement or revocation message to the client device, and disconnecting from the client device;

if the client device fails to initiate a connection to receive the message within a time period, performing at least one retry attempt comprising sending another request for a connection; and

if after the at least one retry attempt the client device fails to initiate a connection within at least another time period, performing a revocation failure action.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, and method are directed towards managing entitlement/right revocation and delivery to be performed within a non-addressable media network. Such networks may include for example a client device behind a network address translation (NAT) device, employs non-addressable satellite components, or so forth. A server notifies clients that entitlements, revocations, or the like are available by sending a request for communications with the client. The client initiates a connection to receive the entitlements, or the like, and then disconnects from the server. If the client fails to initiate a connection, the server may continue to send a request for a connection, or even change encryption keys to the content to prevent access by the client. In one embodiment, failure to receive an acknowledgement response from the server of a connection with the client, or from the client, may result in invocation of a revocation failure action.

137 Citations

20 Claims

1. A network device for managing access to content over a network, comprising:
- a transceiver for receiving and sending information over the network;
  
  a processor in communication with the display and the transceiver; and
  
  a memory in communication with the processor and for use in storing data and machine instructions that causes the processor to perform a plurality of actions, including;
  
  sending a notification to a client device indicating an availability of an entitlement or revocation message;
  
  if the client device initiates a connection, sending the entitlement or revocation message to the client device, and disconnecting from the client device;
  
  if the client device fails to initiate a connection to receive the message within a time period, performing at least one retry attempt comprising sending another request for a connection; and
  
  if after the at least one retry attempt the client device fails to initiate a connection within at least another time period, performing a revocation failure action.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network device of claim 1, wherein the revocation failure action further comprises performing at least one of changing an encryption/decryption key associated with the secure content, or a service key.
  - 3. The network device of claim 1, wherein sending the notification further comprises sending a notification using a broadcasting protocol.
  - 4. The network device of claim 1, wherein the revocation failure action further comprises performing a network failure detection analysis.
  - 5. The network device of claim 1, wherein the entitlement message or the revocation message is sent within an Entitlement Management Message (EMM).
  - 6. The network device of claim 1, wherein the client device resides behind a network address translation device (NAT).
  - 7. The network device of claim 1, wherein historical acknowledgment failure data is used to adjust at least one of the time period or the other time period.

8. A computer-readable storage medium that includes data and instructions, wherein the execution of the instructions on a computing device provides for managing access to content over a network by enabling actions, comprising:
- broadcasting a notification over a network indicating an availability of an entitlement message for at least one client device;
  
  if the at least one client device initiates a connection, sending the entitlement message to the at least one client device over the client initiated connection;
  
  if the client device fails to initiate a connection and receive the entitlement message within a time period, performing at least one retry attempt comprising sending another request for a connection; and
  
  if after the at least one retry attempt the client device fails to receive the entitlement message within at least another time period, performing a revocation failure action.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer-readable storage medium of claim 8, wherein failure to receive the entitlement message is determined based on failure to receive an acknowledgment message.
  - 10. The computer-readable storage medium of claim 8, wherein receipt of the entitlement message is determined based on receipt of an acknowledgement message.
  - 11. The computer-readable storage medium of claim 10, wherein the acknowledgement message further comprises at least one of a nonce, a hash value, or a digital authentication message.
  - 12. The computer-readable storage medium of claim 8, wherein the failure action further comprises at least one of performing a network analysis to determine if a network failure is detected.

13. A method for managing access to content over a network, comprising:
- sending by a network device a notification over the network indicating an availability of an entitlement message for the client device, wherein the client device is situated on one side of a network address translation (NAT) device, and network device is on another side of the NAT, and wherein the entitlement message is associated with access to content;
  
  if the client device initiates a connection with the network device, sending the entitlement message to the client device;
  
  if the client device fails to receive the entitlement message within a time period, performing at least one retry attempt comprising sending another request for a connection by the network device; and
  
  if after the at least one retry attempt an acknowledgement message is undetected from the client device within at least another time period, performing a revocation failure action.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein sending the notification further comprising using a multicasting protocol to send the notification.
  - 15. The method of claim 13, wherein the revocation failure action farther comprises employing a different encryption key to encrypt the content.
  - 16. The method of claim 13, wherein upon receiving the entitlement message over the client initiated connection, terminating the client initiated connection.

17. A system for managing access to content over a network, comprising:
- a network device that is configured to send encrypted content to over the network to a client device; and
  
  another network device that is configured and arranged to perform actions, including;
  
  broadcasting a notification over a network indicating an availability of an entitlement message for the client device;
  
  if the client device initiates a connection, sending the entitlement message to the client device over the client initiated connection;
  
  if the client device fails to receive the entitlement message within a time period, performing at least one retry attempt comprising sending another request for a connection; and
  
  if after the at least one retry attempt an acknowledgement message is undetected from the client device within at least another time period, performing a revocation failure action.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the time period or the other time period are determined, in part, based on analysis of historical acknowledgement failure data for the client device.
  - 19. The system of claim 17, wherein the acknowledgement message further comprises data useable to determine if the acknowledgement message is from the client device.
  - 20. The system of claim 17, wherein the network device and the other network device are the same network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Widevine Technologies Incorporated (Alphabet Inc.)
Inventors
Morten, Glenn A., MacLean, Charles Duncan, Tinker, Jeffrey Lee, Rutman, Michael, Hiar, Edward Charles, Ali, Hamid Shaheed

Granted Patent

US 8,621,093 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 61/256   NAT traversal

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

NON-BLOCKING OF HEAD END INITIATED REVOCATION AND DELIVERY OF ENTITLEMENTS IN A NON-ADDRESSABLE DIGITAL MEDIA NETWORK

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NON-BLOCKING OF HEAD END INITIATED REVOCATION AND DELIVERY OF ENTITLEMENTS IN A NON-ADDRESSABLE DIGITAL MEDIA NETWORK

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links