METHOD AND SYSTEM FOR SECURELY DISTRIBUTING CONTENT

US 20100115253A1
Filed: 10/16/2009
Published: 05/06/2010
Est. Priority Date: 06/15/2004
Status: Active Grant

First Claim

Patent Images

1-45. -45. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securely distributing content is provided. A distribution system includes a content server that distributes content to content clients via a communications link or a tangible medium. The distribution system uses passwords to encrypt and decrypt content and to control access to sensitive information stored on the content clients. The distribution system initially receives various passwords from a user and encrypts each password. Some of the encrypted passwords are “identification passwords” and others are “encryption passwords.” The identification passwords are used to control access to sensitive information stored on the content clients, and the encryption passwords are used to encrypt and decrypt content that is distributed to the content clients. The distribution system configures each content client to contain the identification passwords and encryption passwords in a secure folder.

Citations

96 Claims

1-45. -45. (canceled)

46. A method for configuring a computer system to securely launch applications, the method comprising:
- configuring, by the distribution system a plurality of client computer systems, wherein the configuring of a client computer system comprises;
  
  creating a client-specific password based on at least one of a plurality of identification passwords and at least one persistent attribute of the client computer system;
  
  storing a copy of the client-specific password on the client computer system;
  
  creating an administrative account on the client computer system, the administrative account being accessible using the client-specific password;
  
  storing the plurality of identification passwords and a plurality of encryption keys in a secure folder of the client computer system, the secure folder being accessible via the administrative account;
  
  installing on the client computer system a startup application, the startup application programmed to;
  
  recreate the client-specific password based on the at least one of the identification passwords stored in the secure folder and the at least one persistent attribute of the client computer system, andlaunch other applications in the administrative account using the recreated client-specific password, the encryption keys stored in the secure folder being accessible to the other applications; and
  
  programming the client computer system so that at initialization of the client computer system the startup application is launched under the administrative account using the stored copy of the client-specific password.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53)
- - 47. The method of claim 46, further comprising:
    - sending encrypted content to the client computer systems, the encrypted content being encrypted using at least one of the plurality of encryption keys.
  - 48. The method of claim 46 wherein the copy of the client-specific password is stored using a security mechanism of an operating system of the client computer system.
  - 49. The method of claim 46 wherein the at least one persistent attribute of the client computer system includes an identifier of a processor of the client computer system.
  - 50. The method of claim 46 wherein the at least one persistent attribute of the client computer system includes an identifier of a network card of the client computer system.
  - 51. The method of claim 46 wherein the at least one persistent attribute of the client computer system includes an identifier derived from a hardware configuration of the client computer system.
  - 52. The method of claim 46 wherein the identification passwords are received from a user.
  - 53. The method of claim 46 wherein the client computer systems are image display systems.

54. A tangible computer-readable medium having stored thereon instructions for controlling a computer system to distribute content, the instructions comprising:
- instructions for creating an administrative account on a content client;
  
  instructions for storing encryption keys in a secure folder of the content client, the secure folder being accessible via the administrative account;
  
  instructions for installing on the content client a startup application, the startup application programmed to launch a decryption application, the decryption application programmed to decrypt the encryption keys stored in the secure folder and to decrypt encrypted content sent to the content client using at least one of the decrypted encryption keys; and
  
  instructions for programming the content client so that at initialization of the content client the startup application is launched under the administrative account.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 55. The computer-readable medium of claim 54 wherein the instructions further comprise:
    - instructions for sending the encrypted content to the content client, the encrypted content being encrypted using at least one of the encryption keys.
  - 56. The computer-readable medium of claim 54 wherein the instructions further comprise instructions for creating a client-specific password that is used to access the administrative account.
  - 57. The computer-readable medium of claim 56 wherein the client-specific password is based on an identification password and at least one persistent attribute of the content client.
  - 58. The computer-readable medium of claim 57 wherein the at least one persistent attribute of the content client includes an identifier of a processor of the content client.
  - 59. The computer-readable medium of claim 57 wherein the at least one persistent attribute of the content client includes an identifier of a network card of the content client.
  - 60. The computer-readable medium of claim 57 wherein the at least one persistent attribute of the content client includes an identifier derived from a hardware configuration of the content client.
  - 61. The computer-readable medium of claim 57 wherein the startup application is further programmed to recreate the client-specific password from an identification password stored in the secure folder and the at least one persistent attribute of the content client.
  - 62. The computer-readable medium of claim 61 wherein the startup application is further programmed to use the recreated client-specific password to launch the decryption application.
  - 63. The computer-readable medium of claim 54 wherein the encrypted content is encrypted by serially applying the at least one of the encryption keys.
  - 64. The computer-readable medium of claim 63 wherein the content client decrypts the encrypted content by serially applying the at least one of the decrypted encryption keys in reverse order of encryption.
  - 65. The computer-readable medium of claim 54 wherein the content is a package of images to be displayed by the content client.
  - 66. The computer-readable medium of claim 54 wherein an encryption key is an asymmetrical pair of keys, one of the keys being stored in the secure folder and the other of the keys being used to encrypt the encrypted content.

67. A system including a processor and memory for configuring a computer system to securely launch applications, the system comprising:
- a password store configured to store identification passwords;
  
  a component configured to;
  
  create a client-specific password based on at least one of the identification passwords stored in the password store and at least one persistent attribute of the computer system;
  
  store a copy of the client-specific password on the computer system;
  
  create an administrative account on the computer system, the administrative account being accessible using the client-specific password;
  
  store the identification passwords in a secure folder of the computer system, is the secure folder being accessible via the administrative account;
  
  install on the computer system a startup application, the startup application programmed to;
  
  recreate the client-specific password based on the at least one of the identification passwords stored in the secure folder and the at least one persistent attribute of the computer system, andlaunch other applications in the administrative account using the recreated client-specific password, wherein data stored in the secure folder is accessible to the other applications; and
  
  program the computer system so that at initialization of the computer system the startup application is launched under the administrative account using the stored copy of the client-specific password,wherein the component is implemented as instructions stored in the memory and executed by the processor.
- View Dependent Claims (68, 69, 70, 71, 72)
- - 68. The system of claim 67 wherein the copy of the client-specific password is stored using a security mechanism of an operating system of the computer system.
  - 69. The system of claim 67 wherein the identification passwords stored in the secure folder are encrypted.
  - 70. The system of claim 67 wherein encryption keys are stored in the secure folder for use by a launched application programmed to decrypt content.
  - 71. The system of claim 70 wherein the component is further configured to:
    - send encrypted content to the computer system, the encrypted content being encrypted using at least one of the encryption keys.
  - 72. The system of claim 67 wherein the content comprises images distributed by a distribution server.

73. A tangible computer-readable medium having stored thereon instructions for controlling a computer system to distribute content, the instructions comprising:
- instructions for creating an administrative account on a content client;
  
  instructions for storing encryption keys in a secure folder of the content client, the secure folder being accessible via the administrative account;
  
  instructions for installing on the content client a decryption application, the decryption application programmed to decrypt encrypted content sent to the content client using at least one of the encryption keys; and
  
  instructions for programming the content client so that at initialization of the content client the decryption application is launched under the administrative account.
- View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
- - 74. The computer-readable medium of claim 73 wherein the instructions further comprise:
    - instructions for sending the encrypted content to the content client, the encrypted content being encrypted using at least one of the encryption keys.
  - 75. The computer-readable medium of claim 73 wherein the encryption keys are encrypted.
  - 76. The computer-readable medium of claim 73 wherein the instructions further comprise instructions for creating a client-specific password that is used to access the administrative account.
  - 77. The computer-readable medium of claim 76 wherein the client-specific password is based on an identification password and at least one persistent attribute of the content client.
  - 78. The computer-readable medium of claim 77 wherein a startup application is programmed to recreate the client-specific password from an identification password stored in the secure folder and from the at least one persistent attribute of the content client.
  - 79. The computer-readable medium of claim 78 wherein the startup application uses the recreated client-specific password to launch the decryption application.
  - 80. The computer-readable medium of claim 73 wherein the encrypted content is encrypted by serially applying the at least one of the encryption keys.
  - 81. The computer-readable medium of claim 80 wherein the content client decrypts the encrypted content by serially applying the at least one of the decrypted encryption keys in reverse order of encryption.
  - 82. The computer-readable medium of claim 73 wherein the content is a package of images to be displayed by the content client.
  - 83. The computer-readable medium of claim 73 wherein an encryption key is an asymmetrical pair of keys, one of the keys being stored in the secure folder and the other of the keys being used to encrypt the encrypted content.

84. A client system including a processor and memory, the client system comprising:
- an administrative account accessible with a client-specific password derived from an identification password and at least one persistent attribute of the client system;
  
  a secure folder accessible via the administrative account, the secure folder storing the identification password and a plurality of encryption keys; and
  
  a startup application programmed to;
  
  recreate the client-specific password based on the identification password stored in the secure folder and the at least one persistent attribute of the client system, andlaunch a decryption application in the administrative account using the recreated client-specific password, the encryption keys stored in the secure folder being accessible to the decryption application for decrypting content sent to the client system, wherein the client system is configured so that at initialization of the client system the startup application is launched under the administrative account, andwherein the administrative account, the secure folder, and the startup application are implemented as instructions stored in the memory and executed by the processor.
- View Dependent Claims (85, 86)
- - 85. The client system of claim 84 wherein the identification password stored in the secure folder is encrypted.
  - 86. The client system of claim 84 wherein the content includes images distributed by a distribution server.

87. A system for securely distributing content, the system comprising:
- means for receiving a plurality of encryption keys and a plurality of identification passwords;
  
  means for configuring a plurality of content clients, the configuring of a content client comprising;
  
  means for creating a client-specific password based on at least one of the identification passwords and at least one persistent attribute of the content client;
  
  means for storing a copy of the client-specific password on the content client;
  
  means for creating an administrative account on the content client, the administrative account being accessible using the client-specific password;
  
  means for storing the identification passwords and the encryption keys in a secure folder of the content client, the secure folder being accessible via the administrative account;
  
  means for installing on the content client a startup application, the startup application programmed to;
  
  recreate the client-specific password based on the at least one of the identification passwords stored in the secure folder and the at least one persistent attribute of the content client; and
  
  launch other applications in the administrative account using the recreated client-specific password, wherein at least one of the launched applications is a decrypt content component, the decrypt content component programmed to decrypt content sent to the content client using at least one of the stored encryption keys; and
  
  means for programming the content client so that at initialization of the content client the startup application is launched under the administrative account using the stored copy of the client-specific password.
- View Dependent Claims (88, 89, 90, 91, 92, 93, 94, 95, 96)
- - 88. The system of claim 87, further comprising:
    - means for sending encrypted content to the content clients, the encrypted content being encrypted using at least one of the plurality of encryption keys.
  - 89. The system of claim 87 wherein the encrypted content is encrypted by serially applying at least one of the encryption keys.
  - 90. The system of claim 89 wherein the content client includes means for decrypting the encrypted content by serially applying the at least one of the encryption keys in reverse order of encryption.
  - 91. The system of claim 87 wherein the means for receiving comprises means for receiving the plurality of encryption keys and the plurality of identification passwords from a user.
  - 92. The system of claim 87 wherein the encryption keys each comprise a pair of asymmetrical keys, one of the asymmetrical keys of each pair being stored in the secure folder and the other of the asymmetrical keys of each pair being used to encrypt the encrypted content.
  - 93. The system of claim 87 wherein the at least one persistent attribute of the content client includes an identifier of a processor of the content client.
  - 94. The system of claim 87 wherein the at least one persistent attribute of the content client includes an identifier of a network card of the content client.
  - 95. The system of claim 87 wherein the at least one persistent attribute of the content client includes an identifier derived from a hardware configuration of the content client.
  - 96. The system of claim 87 wherein the content is a package of images to be displayed by the content client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OL Security LLC (Intellectual Ventures LLC)
Original Assignee
Eqapez Foundation LLC (Intellectual Ventures LLC)
Inventors
Brownlow, Paul, Lipsky, Scott E.

Granted Patent

US 8,260,710 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04N 1/00244   with a server, e.g. an inte...

H04N 1/4413   involving the use of passwo...

H04N 1/4486   using digital data encryption

H04N 2201/0089   Image display device

METHOD AND SYSTEM FOR SECURELY DISTRIBUTING CONTENT

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

96 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURELY DISTRIBUTING CONTENT

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

96 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links