Digital Rights Management (DRM)-Enabled Policy Management For An Identity Provider In A Federated Environment

US 20100100925A1
Filed: 10/16/2008
Published: 04/22/2010
Est. Priority Date: 10/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method, operative at an identity provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the identity provider entity together with a service provider entity participate in a federation, comprising:

obtaining and evaluating against a DRM policy a set of one or more DRM privileges associated with the end user requesting access to the piece of content;

based on the evaluation, generating a message that includes a reference to the set of one or more DRM privileges associated with an end user requesting access to the piece of content; and

forwarding the message to the service provider entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method operative at an identity provider enforces a digital rights management (DRM) scheme associated with a piece of content. The identity provider is an entity that participates in a “federation” with one or more other entities including, for example, an service provider (e.g., a content provider), a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins by having the identity provider obtain and evaluate against a DRM policy a set of DRM privileges associated with the end user requesting access to the piece of content. Based on the evaluation, the identity provider generates a single sign on (SSO) message that includes a reference to the set of DRM privileges. The message is then forward to the service provider entity, which provides the end user a response.

Citations

25 Claims

1. A method, operative at an identity provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the identity provider entity together with a service provider entity participate in a federation, comprising:
- obtaining and evaluating against a DRM policy a set of one or more DRM privileges associated with the end user requesting access to the piece of content;
  
  based on the evaluation, generating a message that includes a reference to the set of one or more DRM privileges associated with an end user requesting access to the piece of content; and
  
  forwarding the message to the service provider entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method as described in claim 1 wherein the message is a single sign-on (SSO) message generated by the identity provider entity upon authentication of the end user by the identity provider entity.
  - 3. The method as described in claim 1 further including authenticating the end user.
  - 4. The method as described in claim 1 wherein the DRM policy is available locally at the identity provider entity.
  - 5. The method as described in claim 1 wherein, when the DRM policy is not available locally at the identity provider entity, the method further includes the steps of:
    - generating a DRM policy evaluation request that includes the set of one or more DRM privileges;
      
      forwarding the DRM policy evaluation request to an entity in the federation; and
      
      receiving a response to the DRM policy evaluation request.
  - 6. The method as described in claim 5 wherein the response to DRM policy evaluation request indicates that access to the given piece of content is permitted.
  - 7. The method as described in claim 1 wherein the set of one or more DRM privileges are available locally at the identity provider entity.
  - 8. The method as described in claim 1 wherein, when the set of one or more DRM privileges are not available locally at the identity provider entity, the method further includes obtaining the set of one or more DRM privileges from an entity in the federation.
  - 9. The method as described in claim 1 wherein, when the set of one or more DRM privileges are not available locally at the identity provider entity, the method further includes obtaining the set of one or more DRM privileges from the user.
  - 10. The method as described in claim 9 wherein the set of one of more DRM privileges are obtained from the user directly.
  - 11. The method as described in claim 9 wherein the set of one or more DRM privileges are obtained by having user cause a third entity to provide the set of one or more DRM privileges to the identity provider.
  - 12. The method as described in claim 1 further including:
    - receiving the set of one or more DRM privileges from a third entity in the federation;
      
      generating a DRM policy evaluation request that includes the set of one or more DRM privileges;
      
      forwarding the DRM policy evaluation request to a fourth entity in the federation; and
      
      receiving a response to the DRM policy evaluation request from the fourth entity.
  - 13. The method as described in claim 12 wherein the third entity provides a service of managing the set of one or more DRM privileges on behalf of users within the federation.
  - 14. The method as described in claim 12 wherein the fourth entity provides a service of managing DRM policy within the federation.
  - 15. The method as described in claim 12 wherein the third and fourth entity are a single entity within the federation that manages the set of one or more DRM privileges on behalf of users and also manages DRM policy within the federation.
  - 16. The method as described in claim 1 wherein the message includes a pointer to an assertion containing the set of one or more DRM privileges associated with the end user, and wherein the identity provider requests an exchange of the pointer for the assertion to obtain the set of one or more DRM privileges.

17. A method, operative at an identity provider, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the identity provider participates in a federation that also includes a service provider, a DRM privileges provider, and a DRM policy provider, comprising:
- upon a given occurrence, determining whether a set of one or more DRM privileges are available for evaluation, the set of one or more DRM privileges associated with the end user requesting access to the piece of content;
  
  if the set of one or more DRM privileges are not available for evaluation, retrieving the set of one or more DRM privileges from the DRM privileges provider;
  
  determining whether a DRM policy is to be evaluated and is available;
  
  if the DRM policy is to be evaluated and is not available, retrieving the DRM policy from the DRM policy provider;
  
  evaluating the set of one or more DRM privileges against the DRM policy; and
  
  based on the evaluation, generating a message that includes a reference to the set of one or more DRM privileges associated with an end user requesting access to the piece of content; and
  
  forwarding the message to the service provider entity.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method as described in claim 17 wherein the DRM privileges provider and the DRM policy provider are a single service provider within the federation.
  - 19. The method as described in claim 17 wherein the identity provider and the DRM privileges provider are a single service provider within the federation.
  - 20. The method as described in claim 17 wherein the service provider and the DRM privileges provider are a single service provider within the federation.
  - 21. The method as described in claim 17 wherein the identity provider and the DRM policy provider are a single service provider within the federation.
  - 22. The method as described in claim 17 wherein the service provider and the DRM policy provider are a single service provider within the federation.

23. A data processing system for enforcing a digital rights management (DRM) scheme associated with a piece of content;
- a processor;
  
  code executable by the processor for determining whether a set of one or more DRM privileges are available for evaluation, the set of one or more DRM privileges associated with the end user requesting access to the piece of content;
  
  code executable by the processor for retrieving the set of one or more DRM privileges from a DRM privileges provider if the set of one or more DRM privileges are not available for evaluation;
  
  code executable by the processor for determining whether a DRM policy is to be evaluated and is available;
  
  code executable by the processor for retrieving the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and
  
  code executable by the processor for evaluating the set of one or more DRM privileges against the DRM policy.
- View Dependent Claims (24)
- - 24. The data processing system as described in claim 23 further including:
    - code executable by the processor and responsive to the evaluating for generating a message that includes a reference to the set of one or more DRM privileges associated with an end user requesting access to the piece of content; and
      
      code executable by the processor for forwarding the message to a service provider entity.

25. A computer program product stored in a computer-readable medium and executable in a processor for enforcing a digital rights management (DRM) scheme associated with a piece of content, comprising:
- code executable by the processor for determining whether a set of one or more DRM privileges are available for evaluation, the set of one or more DRM privileges associated with the end user requesting access to the piece of content;
  
  code executable by the processor for retrieving the set of one or more DRM privileges from a DRM privileges provider if the set of one or more DRM privileges are not available for evaluation;
  
  code executable by the processor for determining whether a DRM policy is to be evaluated and is available;
  
  code executable by the processor for retrieving the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and
  
  code executable by the processor for evaluating the set of one or more DRM privileges against the DRM policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria

Granted Patent

US 9,836,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

G06Q 10/00   Administration; Management

Digital Rights Management (DRM)-Enabled Policy Management For An Identity Provider In A Federated Environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Digital Rights Management (DRM)-Enabled Policy Management For An Identity Provider In A Federated Environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links