Concept of Efficiently Distributing Access Authorization Information

US 20110093930A1
Filed: 04/21/2009
Published: 04/21/2011
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising:

a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device,wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration,and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for controlling a service access authorization for a user device with regard to an access-restricted service includes a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device.

49 Citations

View as Search Results

33 Claims

1. A device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising:
- a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device,wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration,and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device in accordance with claim 1, wherein the service access authorization provider is configured to disable the authorization for extending or reactivating using the previous service-dependent user identifier such that an old user is prevented from accessing again contents after re-allocating the service-dependent user identifier to another user.
  - 3. The device in accordance with claim 1, wherein the service access authorization provider is configured to provide the service access authorization for an audio service, video service, multimedia service or data service for a pay video system or for a driving assistance system on a mobile or fixedly installed apparatus or for a data service on a mobile phone or for a chargeable and/or access-restricted service on a portable or stationary computer with or without Internet access.
  - 4. The device in accordance with claim 1, wherein the service access authorization provider is configured to disable, responsive to the device being switched on, an authorization of extending or reactivating the service access authorization using the previous service-dependent user identifier when, at a time when the device is switched on, at least the predetermined duration has passed since the end of the last authorization time interval for which a service access authorization was determined by the device.
  - 5. The device in accordance with claim 1, wherein the service access authorization provider is configured to determine, from a received enabling message or extending message which comprises an apparatus identifier and a service-dependent user identifier, when the apparatus identifier matches an apparatus identifier of the device, an authorization time interval and to enable the service access authorization when an end time of the authorization time interval is temporally after the current time, and when the duration between the start time of the authorization time interval and the end time of the previous authorization time interval for which a service access authorization was determined by the device is shorter than the predetermined duration.
  - 6. The device in accordance with claim 5, wherein the service access authorization provider is configured to extend, by the predetermined duration, the authorization of extending or reactivating the service access authorization using the previous service-dependent user identifier when a service access authorization is determined by the device due to an enabling message or extending message.
  - 7. The device in accordance with claim 1, wherein the service access authorization provider is configured to disable the service access authorization after expiry of the end time of the authorization time interval, when no new service access authorization was determined by the device at the end time.
  - 8. The device in accordance with claim 1, wherein the service access authorization provider is configured to cause disabling of the authorization of extending or reactivating the service access authorization using the previous service-dependent user identifier by means of clearing or making unreadable or blocking the parameters or keys associated to the service access authorization or the previous service-dependent user identifier.
  - 9. The device in accordance with claim 1, wherein the service access authorization provider is implemented to be an electronic circuit.

10. A device for providing an authorization message for a user device with regard to an access-restricted service, comprising:
- an authorization message creator; and
  
  an identifier manager,wherein the authorization message creator is configured to generate an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, the enabling message or the extending message being provided with a service-dependent user identifier provided by the identifier manager;
  
  wherein the identifier manager comprises a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running, a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, anda third block of service-dependent user identifiers released for being used again;
  
  and wherein the identifier manager is configured to leave a service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last, and to release the service-dependent user identifier for being used again by the authorization message creator after expiry of the predetermined duration.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The device in accordance with claim 10, wherein the authorization message creator is configured to create a message for enabling or extending an audio service, video service, multimedia service or data service for a pay video system or for a driving assistance system on a mobile or fixedly installed apparatus or for a data service on a mobile phone or for a chargeable and/or access-restricted service on a portable or stationary computer with or without Internet access.
  - 12. The device in accordance with claim 10, wherein the authorization message creator is configured to create the authorization message comprising one or several service-dependent user identifiers, wherein the service-dependent user identifiers are represented by a sequence of bits, and wherein the authorization message creator is implemented to be an electronic circuit, and wherein the authorization message creator is configured to transmit the message comprising the service-dependent user identifier via a message channel of limited bandwidth, and wherein the identifier manager is implemented to be an electronic circuit.
  - 13. The device in accordance with claim 10, wherein the identifier manager is configured to release the service-dependent user identifier for being used again by another user or another peripheral after expiry of the predetermined duration.
  - 14. The device in accordance with claim 10, wherein the identifier manager is configured to use, after a subscription of a user of a user device to which the service-dependent user identifier was associated last has ended, the service-dependent user identifier again for a new subscription of another user or the same user after expiry of the predetermined duration since the subscription has ended.
  - 15. The device in accordance with claim 10, wherein the identifier manager is configured to allocate a value in the range of three days to three months to the predetermined duration.
  - 16. The device in accordance with claim 10, wherein the authorization message creator is configured to generate a message directed to a plurality of receivers.
  - 17. The device in accordance with claim 10, wherein the authorization message creator is configured to personalize the enabling message or extending message such that the service-dependent user identifier depends on the apparatus identification of the apparatus on which the service runs and on a service identification, and wherein the authorization message creator is configured to group several enabling messages or extending messages in a manner such that messages to users comprising the same authorization time interval are united in one group.
  - 18. The device in accordance with claim 10, wherein the authorization time interval is specified by means of a start time and an end time or is specified by means of a start time and a duration.

19. A system for controlling a service access authorization with regard to an access-restricted service, comprising:
- a device for providing an authorization message for a user device with regard to an access-restricted service, comprising;
  
  an authorization message creator; and
  
  an identifier manager, wherein the authorization message creator is configured to generate an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, the enabling message or the extending message being provided with a service-dependent user identifier provided by the identifier manager;
  
  wherein the identifier manager comprises a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running, a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, and a third block of service-dependent user identifiers released for being used again; and
  
  wherein the identifier manager is configured to leave a service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last, and to release the service-dependent user identifier for being used again by the authorization message creator after expiry of the predetermined duration;
  
  a first device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising;
  
  a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device, wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration, and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration; and
  
  a second device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising;
  
  a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device, wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration, and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration,wherein the system is configured to associate a predetermined service-dependent user identifier at first to the first device for controlling a service access authorization, and to associate the predetermined service-dependent user identifier, after being released for being used again, to the second device for controlling a service access authorization,and wherein the system is configured such that the authorization for extending or reactivating the service access authorization using a predetermined service-dependent user identifier is active in at most one of the first device for controlling a service access authorization and the second device for controlling a service access authorization, and wherein the first device for controlling a service access authorization and the second device for controlling a service access authorization are coupled to the device for providing an authorization message so as to receive the authorization message.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. The system in accordance with claim 19, wherein the system is configured to transmit the authorization message via a digital video broadcast system or audio broadcast system, via a mobile radio system, via a line-switched or package-switched voice network or data network, an Internet protocol system, a GSM system or UMTS system or CDMA system, a GPS system or a DSL system in a conducted or wireless manner.
  - 21. The system in accordance with claim 19, wherein the system is configured to use the same predetermined duration for the device for providing an authorization message, for the first device for controlling a service access authorization and for the second device for controlling a service access authorization, and wherein the system is configured to transmit the predetermined duration when enabling the service or to consider same to be a fixed quantity of the system or to determine same from known parameters of the system.
  - 22. The system in accordance with claim 19, wherein the device for providing an authorization message is configured to provide a service-dependent user identifier which comprises a range of values smaller than the product of a number of users registered in the system and a number of services registered in the system.
  - 23. The system in accordance with claim 19, wherein the identifier manager of the device for providing an authorization message is configured to allocate the service-dependent user identifier temporarily, and wherein the system is configured to block the service-dependent user identifier for the user of the user device to which the service-dependent user identifier was associated last after expiry of the service access authorization to the expiry of the predetermined duration.
  - 24. The system in accordance with claim 19, wherein the system is configured to partly or completely encrypt the authorization message with a cryptographic key using an encryption algorithm and to transmit same in a partly or completely encrypted manner.
  - 25. The system in accordance with claim 24, wherein the system is configured to transmit the authorization message in a partly or completely encrypted manner using an encryption method.
  - 26. The system in accordance with claim 19, wherein the system is configured to identify the authorization message using an electronic authentication method or an electronic signature.
  - 27. The system in accordance with claim 26, wherein the system is configured to transmit the authorization message together with a message authentication code.
  - 28. The system in accordance with claim 19, wherein the authorization message is specified in accordance with one of the OMA DRM, ETSI EUROCRYPT or ISMA standards.
  - 29. The system in accordance with claim 19, wherein a user comprising an expired service access authorization is prevented from being able to access, by means of access data still present, the service access authorization of another user transmitted after expiry of the service access authorization using the same service-dependent user identifier.

30. A method for controlling a service access authorization with regard to an access-restricted service, the method comprising:
- determining a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier; and
  
  disabling an authorization of extending or reactivating the service access authorization using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which there was a service access authorization,wherein the duration having passed is determined, and wherein the authorization for extending or reactivating using the previous service-dependent user identifier is disabled when the duration having passed is greater than or equal to the predetermined duration.

31. A method for providing an authorization message with regard to an access-restricted service, the method comprising:
- generating an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, wherein the enabling message or the extending message is provided with a service-dependent user identifier;
  
  not using the service-dependent user identifier for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last; and
  
  after expiry of the predetermined duration, releasing the service-dependent user identifier for generating a new enabling message or a new extending message.

32. A computer program comprising program code for executing a method for controlling a service access authorization with regard to an access-restricted service, the method comprising:
- determining a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier; and
  
  disabling an authorization of extending or reactivating the service access authorization using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which there was a service access authorization, wherein the duration having passed is determined, and wherein the authorization for extending or reactivating using the previous service-dependent user identifier is disabled when the duration having passed is greater than or equal to the predetermined duration, when the computer program runs on a computer.

33. A computer program comprising program code for executing a method for providing an authorization message with regard to an access-restricted service, the method comprising:
- generating an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, wherein the enabling message or the extending message is provided with a service-dependent user identifier;
  
  not using the service-dependent user identifier for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last; and
  
  after expiry of the predetermined duration, releasing the service-dependent user identifier for generating a new enabling message or a new extending message, when the computer program runs on a computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forsching E.V.
Original Assignee
Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forsching E.V.
Inventors
Zeh, Rinat, Bartel-Kurz, Birgit, Kraegeloh, Stefan, Prosch, Markus

Granted Patent

US 9,165,121 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/1073 Conversion

Concept of Efficiently Distributing Access Authorization Information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Concept of Efficiently Distributing Access Authorization Information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others