ATTESTED CONTENT PROTECTION
First Claim
1. At a computer system including an operating system and one or more applications, a method for protecting content, the method comprising:
- an act of establishing a protection policy to protect content, the protection policy manageable by a rights management system that includes a separate rights management server, the protection policy including;
a list of users that are authorized to access the content and computing environments that are permitted to access the content;
an act of determining that a user is attempting to access the protected content through an application at the computer system;
prior to allowing the application to access the protected content;
an act of the computer system exchanging information with the rights management server about the identity of the user so as to validate that the user is authorized to access the content; and
an act of the operating system attesting to a set of information indicating a computing environment that is permitted to access the content; and
an act of the computer system allowing the application to access to protected content in response to the operating system attesting to a computing environment that is permit to access the content and validating that the user is authorized to access the content.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for protecting content. Embodiments of the invention permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
42 Citations
20 Claims
-
1. At a computer system including an operating system and one or more applications, a method for protecting content, the method comprising:
-
an act of establishing a protection policy to protect content, the protection policy manageable by a rights management system that includes a separate rights management server, the protection policy including;
a list of users that are authorized to access the content and computing environments that are permitted to access the content;an act of determining that a user is attempting to access the protected content through an application at the computer system; prior to allowing the application to access the protected content; an act of the computer system exchanging information with the rights management server about the identity of the user so as to validate that the user is authorized to access the content; and an act of the operating system attesting to a set of information indicating a computing environment that is permitted to access the content; and an act of the computer system allowing the application to access to protected content in response to the operating system attesting to a computing environment that is permit to access the content and validating that the user is authorized to access the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. At a computer system including an operating system and one or more applications, a method for protecting content, the method comprising:
-
an act of establishing a protection policy to protect content, the protection policy including;
a list of users that are authorized to access the content, operations that authorized users are permitted to perform with respect to the protected content, and computing environments that are permitted to access the content;an act of determining that a user is attempting to access protected content through an application at the computer system; an act of sending user identity information for the user to a rights management server; an act of the operating system attesting to a set of information indicating a computing environment at the computer system to the rights management server; an act of receiving a user key from the content protection server, the user key usable by the user to access the protected content, the user key being returned to the computer system from the rights management server in response to the rights management server authenticating the user and determining that the attested computing environment is permitted to access the content; an act of the operating system of the computer system permitting the application to use the user key to access the protected content; and an act of the application controlling the user'"'"'s access to the protected content in accordance with operations that the users is permitted to perform as indicated in the protection policy. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer system, the computer system comprising:
-
one or more processors; system memory; and one or more physical storage media having stored thereon computer-executable instructions that, when executed by one of the processors, cause the computer system to regulate access to protected content, including the following; establish a protection policy for protecting content, the protection policy manageable by a rights management system that includes a separate rights management server, the protection policy including list of users that are authorized to access the content and computing environments that are permitted to access the content; determine that a user is attempting to access protected content through an application at the computer system; send user identity information to a rights management server; attest to information about the computing environment of the computer system to the rights management server; receive a user key from the rights management server, reception of the user key indicative of; the rights management server having authenticated the user; and the rights management server determining that the attested information portrayed a computing environment that is permitted to access the content such that the operating system is trusted to regulate the user'"'"'s access to the protected content in accordance with the protection policy. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification