HYBRID DEVICE AND PERSON BASED AUTHORIZATION DOMAIN ARCHITECTURE

US 20150172279A1
Filed: 02/27/2015
Published: 06/18/2015
Est. Priority Date: 07/24/2003
Status: Active Grant

First Claim

Patent Images

1. A server comprising:

a receiving system receiving, over the network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device;

a processing system;

determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;

determining whether at least a personal identification is received;

identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification associated with the received personal identification is provided in a person rights certificate associated with the personal identification;

determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification;

proving an indication of a favorable determination when the domain identifications are comparable;

determining a location of the protected content; and

a transmitting system transmitting to the device associated with the device identification upon receiving the indication of favorable determination,one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a system and a method of generating an Authorized Domain (AD) by selecting a domain identifier, and binding at least one person (P1, P2, . . . , PN₁), at least one device (D1, D2, . . . , DM), and at least one content item (C1, C2, . . . , CN₂) to the Authorized Domain (AD) given by the domain identifier (Domain_ID).

Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN₁) that is authorized to access a content item of the Authorized Domain (100) is obtained.

In this way, access to a content item of an authorized domain by a person operating a device is obtained either by verifying that the content item and the person are linked to the same domain or by verifying that the device and the content item are linked to the same domain. Thereby, enhanced flexibility for one or more persons when accessing content in an authorized domain is obtained while security of the content is still maintaining. This is further done in a simple, secure, and reliable way.

Citations

35 Claims

1. A server comprising:
- a receiving system receiving, over the network, a request for a protected content, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with a person and the device identification is associated with a device;
  
  a processing system;
  
  determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;
  
  determining whether at least a personal identification is received;
  
  identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification associated with the received personal identification is provided in a person rights certificate associated with the personal identification;
  
  determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification;
  
  proving an indication of a favorable determination when the domain identifications are comparable;
  
  determining a location of the protected content; and
  
  a transmitting system transmitting to the device associated with the device identification upon receiving the indication of favorable determination,one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification.
- View Dependent Claims (2, 3, 4, 5, 28)
- - 2. The server of claim 1, the processing system:
    - determining whether at least a device identification is received;
      
      identifying, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification;
      
      determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and
      
      providing the indication of a favorable determination when the domain identifications are comparable.
  - 3. The server of claim 1, the processing system decrypting the protected content based on a decryption key associated with the protected content, the decryption key being provided in the content container.
  - 4. The server of claim 1, the transmitting system transmitting a decryption key associated with the protected content.
  - 5. The server of claim 1, wherein the device identification is unique for each device.
  - 28. A system comprising:
    - at least one device in a network; and
      
      the server of claim 1.

6. A server comprising:
- a receiving system receiving over a network a request for a protected content, the request including a content identification of the protected content and at least one of;
  
  a personal identification of a person having access to the network and a device identification of a device in the network, wherein the personal identification is associated with the person and the device identification is associated with the device;
  
  a processing system;
  
  determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;
  
  determining whether at least a device identification is received;
  
  identifying, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification associated with the received device identification is provided in a device rights certificate associated with the device identification;
  
  determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and
  
  providing an indication of a favorable determination when the domain identifications are comparable; and
  
  a transmitting system transmitting, over the network, to the device associated with the device identification one of the protected content and an indication of allowable access upon receiving the favorable indication.
- View Dependent Claims (7, 8, 9, 10, 29)
- - 7. The server of claim 6, the processing system:
    - determining whether at least a personal identification is received;
      
      determining, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification associated with the received personal identification is provided in a personal rights certificate associated with the device identification;
      
      determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification; and
      
      providing the indication of a favorable determination when the domain identifications are comparable.
  - 8. The server of claim 6, the processing system decrypting the protected content based on a decryption key associated with the protected content.
  - 9. The server of claim 6, the transmitting system transmitting a decryption key associated with the protected content.
  - 10. The server of claim 6, wherein the device identification is unique for each device.
  - 29. A system comprising:
    - at least one device in a network; and
      
      the server of claim 6.

11. A server comprising:
- a receiving system receiving a request for the protected content, the request including at least a content identification associated with the protected content and at least one of;
  
  a personal identification and a device identification, wherein the personal identification is associated with a person making the request and the device identification is associated with a device from which the request is made;
  
  a processing system in communication with the receiving system, the processing system;
  
  determining a domain identification associated with the protected content; and
  
  determining whether a domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and
  
  generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the personal identification and the device identification; and
  
  a transmitting system transmitting to a device associated with the device identification one of;
  
  the protected content and an indication of access upon receiving the favorable indication.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 30)
- - 12. The server of claim 11, the processing system:
    - formulating an authorized domain, identified by the domain identification, the authorized domain comprising;
      
      at least one of a plurality of persons accessing a network, each of the plurality of persons being identified by a corresponding personal identification wherein the corresponding personal identification is associated with the domain identification;
      
      at least one of at least one device accessing the network, the device identification associated with each of the at least one of the at least one device being unique and being associated with the domain identification; and
      
      a plurality of protected content associated with the domain identification.
  - 13. The server of claim 11, the processing system decrypting the protected content.
  - 14. The server of claim 11, the transmitting system transmitting a decryption key associated with the protected content:
  - 15. The server of claim 11, wherein the personal identification is obtained from at least one of:
    - a smart card, a mobile phone, and a biometric sensor.
  - 16. The server of claim 11, the processing system receiving information regarding the domain identification associated with the personal identification, the information contained in the request.
  - 17. The server of claim 11, the processing system receiving information regarding the domain identification associated with the device identification, the information contained in the request.
  - 30. A system comprising:
    - at least one device in a network; and
      
      the server of claim 11.

18. A server comprising:
- a receiving system receiving a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network;
  
  a processor system;
  
  identifying a domain identification associated with the protected content;
  
  identifying a domain identification associated with the at least one of the received personal identification and the device identification,determining whether the domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and
  
  generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one received personal identification and the device identification.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 31)
- - 19. The server of claim 18 comprising a transmission system transmitting the protected content to a device associated with the device identification upon receiving the favorable indication.
  - 20. The server of claim 19, the processing system decrypting the protected content.
  - 21. The server of claim 18, a transmission system transmitting an indication of access to the protected contention to a device associated with the device identification upon receiving the favorable indication.
  - 22. The server of claim 21, wherein the indication represents a decrypting key.
  - 23. The server of claim 18, comprising a memory system wherein the protected content is stored on the device associated with the device identification.
  - 24. The server of claim 18, the receiving system receiving the domain information associated with the personal identification and the device identification.
  - 25. The server of claim 18, comprising:
    - a storage system storing an authorized domain, identified by a domain identification, the authorized domain comprising;
      
      a personal identification identifying each person of a plurality of persons accessing the network, the personal identification being associated with the domain identification;
      
      a device identification associated with each of at least one device accessing the network, the device identification being associated with the domain identification; and
      
      a plurality of protected content associated with the domain identification.
  - 26. The server of claim 25;
    - a transmission system transmitting the domain identification to each of the plurality of persons and each of the at least one devices within the authorized domain.
  - 27. The server of claim 25, the processor further:
    - associating each of the at least one of the devices with the domain identification; and
      
      associating each of the plurality of persons with the domain identification.
  - 31. A system comprising:
    - at least one device in a network; and
      
      the server of claim 18.

32. A method for operating a server, the method comprising:
- a receiving system of a server, receiving over a network, a request for a protected content, the network being accessable by a person, the request including a content identification of the protected content and at least one of a personal identification and a device identification, wherein the personal identification is associated with the person and the device identification is associated with a device;
  
  a processing system of the server;
  
  determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;
  
  determining whether at least a personal identification is received;
  
  identifying, when a personal identification is received, a domain identification associated with the received personal identification, wherein the domain identification is associated with the received personal identification is provided in a person rights certificate associated with the personal identification;
  
  determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received personal identification;
  
  proving an indication of a favorable determination when the domain identifications are comparable;
  
  determining a location of the protected content; and
  
  a transmitting system of the server, transmitting to the device associated with the device identification upon receiving the indication of favorable determination, one of the protected content when the protected content is remote from the device associated with the device identification and an indication allowing access to the protected content when the protected content is local to the device associated with the device identification.

33. A method of operating a server, the method comprising:
- a receiving system receiving over a network a request for a protected content, the request including a content identification of the protected content and at least one of;
  
  a personal identification of a person having access to the network and a device identification of a device in the network;
  
  a processing system;
  
  determining a domain identification associated with the protected content, wherein the domain identification associated with the protected content is provided in a content container associated with the protected content;
  
  determining whether at least a device identification is received;
  
  identifying, when a device identification is received, a domain identification associated with the received device identification, wherein the domain identification is associated with the received device identification is provided in a device rights certificate associated with the device identification;
  
  determining whether the domain identification associated with the protected content is comparable to the domain identification associated with the received device identification; and
  
  providing an indication of a favorable determination when the domain identifications are comparable; and
  
  a transmitting system transmitting, over the network, to the device associated with the device identification one of the protected content and an indication of allowable access upon receiving the favorable indication.

34. A method of operating a server, the method comprising:
- a receiving system receiving a request for the protected content, the request including at least a content identification associated with the protected content and one of;
  
  a personal identification and a device identification, wherein the personal identification is associated with a person making the request and the device identification is associated with a device from which the request is made;
  
  a processing system in communication with the receiving system, the processing system;
  
  determining a domain identification associated with the protected content;
  
  determining whether a domain identification associated with one of the at least one of the received personal identification and the device identification is comparable to the domain identification associated with the protected content; and
  
  generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification; and
  
  a transmitting system transmitting to a device associated with the device identification one of;
  
  the protected content and an indication of access upon receiving the favorable indication.

35. A method of operating a server, the method comprising:
- a receiving system receiving a request for protected content, the request including an identification of the content and at least one of a personal identification of a person and a device identification of a device in a network;
  
  a processor system;
  
  identifying a domain identification associated with the protected content;
  
  identifying a domain identification associated with the at least one of a received personal identification and a device identification,determining whether the domain identification associated with at least one of the at least one received personal identification and the device identification is comparable to the domain identification associated with the protected content; and
  
  generating a favorable indication indicating a domain identification associated with the protected content is comparable to the domain identification associated with one of the at least one personal identification and the device identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Media Content Protection LLC
Original Assignee
Koninklijke Philips N.V.
Inventors
KAMPERMAN, Franciscus L.A.J., KOSTER, Robert Paul, SCHRIJEN, Geert Jan

Granted Patent

US 10,038,686 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/1012   to domains

G06F 21/31   User authentication

G06F 2221/2129   Authenticate client device ...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00731   involving a digital rights ...

G11B 20/00855   involving a step of exchang...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

HYBRID DEVICE AND PERSON BASED AUTHORIZATION DOMAIN ARCHITECTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

HYBRID DEVICE AND PERSON BASED AUTHORIZATION DOMAIN ARCHITECTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links