HYBRID DEVICE AND PERSON BASED AUTHORIZATION DOMAIN ARCHITECTURE
First Claim
1. A server comprising:
- a receiving system receiving, over the network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device;
a processing system;
determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;
determining whether at least a personal identification is received;
identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification associated with the received personal identification is provided in a person rights certificate associated with the personal identification;
determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification;
proving an indication of a favorable determination when the domain identifications are comparable;
determining a location of the protected content; and
a transmitting system transmitting to the device associated with the device identification upon receiving the indication of favorable determination,one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P2, . . . , PN1), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CN2) to the Authorized Domain (AD) given by the domain identifier (Domain_ID).
Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of the Authorized Domain (100) is obtained.
In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining. This is further done in a simple, secure, and reliable way.
-
Citations
35 Claims
-
1. A server comprising:
-
a receiving system receiving, over the network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device; a processing system; determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content; determining whether at least a personal identification is received; identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification associated with the received personal identification is provided in a person rights certificate associated with the personal identification; determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification; proving an indication of a favorable determination when the domain identifications are comparable; determining a location of the protected content; and a transmitting system transmitting to the device associated with the device identification upon receiving the indication of favorable determination,one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification. - View Dependent Claims (2, 3, 4, 5, 28)
-
-
6. A server comprising:
-
a receiving system receiving over a network a request for a protected content, the request including a content identification of the protected content and at least one of;
a personal identification of a person having access to the network and a device identification of a device in the network, wherein the personal identification is associated with the person and the device identification is associated with the device;a processing system; determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content; determining whether at least a device identification is received; identifying, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification; determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and providing an indication of a favorable determination when the domain identifications are comparable; and a transmitting system transmitting, over the network, to the device associated with the device identification one of the protected content and an indication of allowable access upon receiving the favorable indication. - View Dependent Claims (7, 8, 9, 10, 29)
-
-
11. A server comprising:
-
a receiving system receiving a request for the protected content, the request including at least a content identification associated with the protected content and at least one of;
a personal identification and a device identification, wherein the personal identification is associated with a person making the request and the device identification is associated with a device from which the request is made;a processing system in communication with the receiving system, the processing system; determining a domain identification associated with the protected content; and determining whether a domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the personal identification and the device identification; and a transmitting system transmitting to a device associated with the device identification one of;
the protected content and an indication of access upon receiving the favorable indication. - View Dependent Claims (12, 13, 14, 15, 16, 17, 30)
-
-
18. A server comprising:
-
a receiving system receiving a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network; a processor system; identifying a domain identification associated with the protected content; identifying a domain identification associated with the at least one of the received personal identification and the device identification, determining whether the domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one received personal identification and the device identification. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 31)
-
-
32. A method for operating a server, the method comprising:
-
a receiving system of a server, receiving over a network, a request for a protected content, the network being accessable by a person, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with the person and the device identification is associated with a device; a processing system of the server; determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content; determining whether at least a personal identification is received; identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification is associated with the received personal identification is provided in a person rights certificate associated with the personal identification; determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification; proving an indication of a favorable determination when the domain identifications are comparable; determining a location of the protected content; and a transmitting system of the server, transmitting to the device associated with the device identification upon receiving the indication of favorable determination, one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification.
-
-
33. A method of operating a server, the method comprising:
-
a receiving system receiving over a network a request for a protected content, the request including a content identification of the protected content and at least one of;
a personal identification of a person having access to the network and a device identification of a device in the network;a processing system; determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content; determining whether at least a device identification is received; identifying, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification is associated with the received device identification is provided in a device rights certificate associated with the device identification; determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and providing an indication of a favorable determination when the domain identifications are comparable; and a transmitting system transmitting, over the network, to the device associated with the device identification one of the protected content and an indication of allowable access upon receiving the favorable indication.
-
-
34. A method of operating a server, the method comprising:
-
a receiving system receiving a request for the protected content, the request including at least a content identification associated with the protected content and one of;
a personal identification and a device identification, wherein the personal identification is associated with a person making the request and the device identification is associated with a device from which the request is made;a processing system in communication with the receiving system, the processing system; determining a domain identification associated with the protected content; determining whether a domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification; and a transmitting system transmitting to a device associated with the device identification one of;
the protected content and an indication of access upon receiving the favorable indication.
-
-
35. A method of operating a server, the method comprising:
-
a receiving system receiving a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network; a processor system; identifying a domain identification associated with the protected content; identifying a domain identification associated with the at least one of a received personal identification and a device identification, determining whether the domain identification associated with at least one of the at least one received personal identification and the device identification is comparable to the domain identification associated with the protected content; and generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification.
-
Specification