System And Method For Transparently Authenticating A User To A Digital Rights Management Entity

US 20130125223A1
Filed: 08/28/2009
Published: 05/16/2013
Est. Priority Date: 08/28/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a digital rights management provider, an authentication token from a first remote computer system of a particular user in regard to content to be accessed by the user on the first remote computer system, wherein the authentication token indicates that the particular user of the first remote computer system was previously authenticated by a first content provider of one or more content providers, wherein the first content provider is a provider of the content to the first remote computer system, wherein each of the one or more content providers was previously issued respective authentication information, wherein issuance of authentication information indicates the respective content provider is trusted by the digital rights management provider to authenticate users;

verifying, by the digital rights management provider, the authentication token, wherein said verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the authentication token were generated based on the respective authentication information issued to the first content provider to confirm that the authentication of the first user by the first content provider is trusted by the digital rights management provider; and

in response to verification of the authentication token, issuing, by the digital rights management provider, to the first remote computer system one or more credentials for performing one or more of;

communication with said one or more content providers, communication with the digital rights management provider, or decryption of content received from said one or more content providers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials.

71 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving, by a digital rights management provider, an authentication token from a first remote computer system of a particular user in regard to content to be accessed by the user on the first remote computer system, wherein the authentication token indicates that the particular user of the first remote computer system was previously authenticated by a first content provider of one or more content providers, wherein the first content provider is a provider of the content to the first remote computer system, wherein each of the one or more content providers was previously issued respective authentication information, wherein issuance of authentication information indicates the respective content provider is trusted by the digital rights management provider to authenticate users;
  
  verifying, by the digital rights management provider, the authentication token, wherein said verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the authentication token were generated based on the respective authentication information issued to the first content provider to confirm that the authentication of the first user by the first content provider is trusted by the digital rights management provider; and
  
  in response to verification of the authentication token, issuing, by the digital rights management provider, to the first remote computer system one or more credentials for performing one or more of;
  
  communication with said one or more content providers, communication with the digital rights management provider, or decryption of content received from said one or more content providers.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising, in response to verifying the authentication token, generating, by the digital rights management provider, a stored identifier of a digital rights management account associated with that particular user.
  - 3. The computer implemented method of claim 2, wherein the authentication token indicates a first user identifier identifying the user, wherein said first user identifier is specific to said first content provider;
    - wherein the method comprises, generating, by the digital rights management provider, a stored mapping of said digital rights management account to the first user identifier.
  - 4. The computer-implemented method of claim 3, further comprising:
    - receiving, by the digital rights management provider, a second authentication token from the first remote computer system of the particular user in regard to content to be accessed by the user on the first remote computer system, wherein the second authentication token indicates the particular user of the first remote computer system was previously authenticated by a second content provider of the one or more content providers, wherein the second content provider is a provider of content to the first remote computer system;
      
      verifying, by the digital rights management provider, the second authentication token, wherein that verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the second authentication token were generated based on the respective authentication information issued to the second content provider to confirm that the authentication of the first user by the second content provider is trusted by the digital rights management provider; and
      
      in response to verification of the second authentication token;
      
      determining, by the digital rights management provider, a second user identifier for the particular user from information of the second authentication token, wherein the second user identifier is specific to the second content provider; and
      
      generating, by the digital rights management provider, a stored mapping of the second user identifier to the stored identifier of the digital rights management account such that the digital rights management account is mapped to both the first user identifier and the second user identifier.
  - 5. The computer-implemented method of claim 1, wherein said particular user is associated with a second remote computer system, wherein the method further comprises:
    - receiving, by the digital rights management provider, a second authentication token from a second remote computer system of the particular user in regard to content to be accessed by the user on the second remote computer system, wherein the second authentication token indicates the particular user was previously authenticated by the first content provider of the one or more content providers;
      
      verifying by the digital rights management provider, the second authentication token, wherein that verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the authentication token were generated based on the respective authentication information issued to the first content provider to confirm that the authentication of the first user by the first content provider is trusted by the digital rights management provider; and
      
      in response to verification of the second authentication token;
      
      issuing, by the digital rights management provider, to the second remote computer system one or more credentials for performing one or more of;
      
      communication with said one or more content providers, or decryption of content received from said one or more content providers.
  - 6. The computer-implemented method of claim 1, further comprising:
    - receiving, by the digital rights management provider, a second authentication token from a second remote computer system of the particular user in regard to content to be accessed by the user on the second remote computer system, wherein the second authentication token indicates that the particular user of the first remote computer system was previously authenticated by a second content provider of the one or more content providers;
      
      receiving, by the digital rights management provider, a message indicating an identifier of a digital rights management account associated with the particular user; and
      
      in response to verifying the authentication token and the identifier of the digital rights management account, issuing, by the digital rights management provider, to the second remote computer system one or more credentials for performing one or more of;
      
      communication with said one or more content providers, or decryption of content received from said one or more content providers.

7. A computer-implemented method, comprising:
- receiving, by a client device, an authentication token from a first content provider of one or more content providers, wherein the authentication token indicates a particular user was previously authenticated by the first content provider to access content on the client device, wherein the first content provider is a provider of the content to the client device;
  
  wherein each of the one or more content providers was previously issued respective authentication information, wherein issuance of authentication information indicates the respective content provider is trusted by a digital rights management provider to authenticate users, wherein said authentication token comprises at least some information generated based on authentication information issued to the first content provider to confirm that the authentication of the particular user by the first content provider is trusted by the digital rights management provider;
  
  providing, by the client device, the authentication token to the digital rights management provider; and
  
  subsequent to the digital rights management provider verifying the authentication token in a manner that is transparent to the user, receiving, by the client device, from the digital rights management provider one or more credentials for performing one or more of;
  
  communication with said one or more content providers, or decryption of content received from said one or more content providers.
- View Dependent Claims (8, 9, 10)
- - 8. The computer-implemented method of claim 7, wherein the authentication information comprises a public key and a corresponding private key, wherein the method comprises:
    - providing the public key to the first content provider;
      
      receiving encrypted content that is encrypted based on said public key; and
      
      using the private key to perform decryption of the encrypted content.
  - 9. The computer-implemented method of claim 7, wherein the method comprisesreceiving, by the client device, a second authentication token from a second content provider of one or more content providers, wherein the authentication token indicates the particular user was previously authenticated by the second content provider to access content on the client device, wherein the second content provider is a provider of the content to the client device;
    - providing, by the client device, the second authentication token to the digital rights management provider; and
      
      subsequent to the digital rights management provider verifying the second authentication token, receiving, by the client device, from the digital rights management provider an indication that a mapping has been successfully generated between a digital rights management account associated with the particular user and a content provider account associated with the particular user, wherein that content provider account is provided by the second content provider.
  - 10. The computer-implemented method of claim 9, wherein the method comprises, in response to the indication that the mapping has been successfully generated, submitting, by the client device, a request for content to the second content provider.

11. A system, wherein said system is a digital rights management provider comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to;
  
  receive an authentication token from a first remote computer system of a particular user in regard to content to be accessed by the user on the first remote computer system, wherein the authentication token indicates that the particular user of the first remote computer system was previously authenticated by a first content provider of one or more content providers, wherein the first content provider is a provider of the content to the first remote computer system;
  
  wherein each of the one or more content providers was previously issued respective authentication information, wherein issuance of authentication information indicates the respective content provider is trusted by the digital rights management provider to authenticate users;
  
  verify the authentication token, wherein said verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the authentication token were generated based on the respective authentication information issued to the first content provider to confirm that the authentication of the first user by the first content provider is trusted by the digital rights management provider; and
  
  in response to verification of the authentication token, issue to the first remote computer system one or more credentials for performing one or more of;
  
  communication with said one or more content providers, communication with the digital rights management provider, or decryption of content received from said one or more content providers.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the program instructions are further executable by the one or more processors to, in response to verifying the authentication token, generate a stored identifier of a digital rights management account associated with that particular user.
  - 13. The system of claim 12, wherein the authentication token indicates a first user identifier identifying the user, wherein said first user identifier is specific to said first content provider;
    - wherein the program instructions are further executable by the one or more processors to generate a stored mapping of said digital rights management account to the first user identifier.
  - 14. The system of claim 13, wherein the program instructions are further executable by the one or more processors to:
    - receive a second authentication token from the first remote computer system of the particular user on the first remote computer system, wherein the second authentication token indicates the particular user of the first remote computer system was previously authenticated by a second content provider of the one or more content providers, wherein the second content provider is a provider of content to the first remote computer system;
      
      verify the second authentication token, wherein that verification is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the second authentication token were generated based on the respective authentication information issued to the second content provider to confirm that the authentication of the first user by the second content provider is trusted by the digital rights management provider; and
      
      in response to verification of the second authentication token;
      
      determine a second user identifier for the particular user from information of the second authentication token, wherein the second user identifier is specific to the second content provider; and
      
      generate a stored mapping of the second user identifier to the stored identifier of the digital rights management account such that the digital rights management account is mapped to both the first user identifier and the second user identifier.
  - 15. The system of claim 11, wherein said particular user is associated with a second remote computer system, wherein the program instructions are further executable by the one or more processors to:
    - receive a second authentication token from a second remote computer system of the particular user in regard to content to be accessed by the user on the second remote computer system, wherein the second authentication token indicates the particular user was previously authenticated by the first content provider of the one or more content providers;
      
      verify the second authentication token, wherein that verifying is carried out in a manner that is transparent to the user and comprises determining that one or more portions of the authentication token were generated based on the respective authentication information issued to the first content provider to confirm that the authentication of the first user by the first content provider is trusted by the digital rights management provider; and
      
      in response to verification of the second authentication token;
      
      issue to the second remote computer system one or more credentials for performing one or more of;
      
      communication with said one or more content providers or decryption of content received from said one or more content providers.
  - 16. The system of claim 11, wherein the program instructions are further executable by the one or more processors to:
    - receive a second authentication token from a second remote computer system that is also utilized by the user of the first remote computer system, wherein the second authentication token indicates that the particular user of the first and second remote computer systems was previously authenticated by the first content provider of the one or more content providers;
      
      the second authentication token further comprising information indicating an identifier of a digital rights management account associated with the particular user; and
      
      in response to verifying the authentication token including the identifier of the digital rights management account, issue to the second remote computer system one or more credentials for performing one or more of;
      
      communication with said one or more content providers, or decryption of content received from said one or more content providers.

17. A system, wherein said system is a client device comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to;
  
  receive an authentication token from a first content provider of one or more content providers, wherein the authentication token indicates a particular user was previously authenticated by the first content provider to access content on the client device, wherein the first content provider is a provider of the content to the client device;
  
  wherein each of the one or more content providers was previously issued respective authentication information, wherein issuance of authentication information indicates the respective content provider is trusted by a digital rights management provider to authenticate users, wherein said authentication token comprises at least some information generated based on authentication information issued to the first content provider to confirm that the authentication of the particular user by the first content provider is trusted by the digital rights management provider;
  
  provide the authentication token to the digital rights management provider; and
  
  subsequent to the digital rights management provider verifying the authentication token in a manner that is transparent to the user, receiving from the digital rights management provider one or more credentials for performing one or more of;
  
  communication with said one or more content providers, or decryption of content received from said one or more content providers.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the authentication information comprises a public key and a corresponding private key, wherein the program instructions are further executable by the one or more processors to:
    - provide the public key to the first content provider;
      
      receive encrypted content that is encrypted based on said public key; and
      
      utilize the private key to perform decryption of the encrypted content.
  - 19. The system of claim 17, wherein the program instructions are further executable by the one or more processors to:
    - receive a second authentication token from a second content provider of one or more content providers, wherein the authentication token indicates the particular user was previously authenticated by the second content provider to access content on the client device, wherein the second content provider is a provider of the content to the client device;
      
      provide the second authentication token to the digital rights management provider; and
      
      subsequent to the digital rights management provider verifying the second authentication token, receive from the digital rights management provider an indication that a mapping has been successfully generated between a digital rights management account associated with the particular user and a content provider account associated with the particular user, wherein that content provider account is provided by the second content provider.
  - 20. The system of claim 19, wherein the program instructions are further executable by the one or more processors configured to, in response to the indication that the mapping has been successfully generated, submit a request for content to the second content provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Sorotokin, Peter, Lester, James L., Agrawal, Sunil C., Sheretov, Andrei

Granted Patent

US 8,707,404 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

System And Method For Transparently Authenticating A User To A Digital Rights Management Entity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For Transparently Authenticating A User To A Digital Rights Management Entity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links