Managing access to set-top box objects using television conditional access system

US 6,745,245 B1
Filed: 04/07/1999
Issued: 06/01/2004
Est. Priority Date: 04/09/1998
Status: Expired due to Fees

First Claim

Patent Images

1. In a networked system including a client system and a conditional access system, a method of controlling the ability of scripts to access resources at the client system, comprising:

maintaining at the client system an access control data structure for regulating the accessibility of one or more resources, the access control data structure comprising (i) a resource identifier field representing a particular resource for which access is to be controlled, (ii) a script source identifier field representing a script source whose access to the particular resource is to be controlled, and (iii) a permission identifier field representing a permission that is to be applied to one or more scripts from an authorized script source when one or more scripts that are received from the authorized script source request access to the particular resource;

at the client system, receiving from the conditional access system, a scripted command to modify the access control data from a script source; and

upon determining that the script sources is authorized to modify the access control data structure, as determined by the script source identifier field, resource identifier field and permission identifier field, modifying the access control data structure as specified by the received command.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for using a conditional access system to modify access control information maintained at a set-top box or another client system. The access control information regulates the availability of information or entertainment services at the client or controls the ability of scripts executed at the client to access objects defined at the client. The conditional access system can be a conventional conditional access, such as those used by cable television providers, that has been adapted to modify the access control information. The access control information includes multiple entries, each being referenced by a token identifier. The conditional access system transmits a command and an accompanying token to the client to instruct the client how to modify the access control information. The entry that is to be modified is identified by comparing the token with the token identifiers. By modifying access control information in this manner, the entity that operates the conditional access system is capable of regulating the availability of resources or services at the client. For example, a selected level of a tiered information service can be made available to the client.

202 Citations

20 Claims

1. In a networked system including a client system and a conditional access system, a method of controlling the ability of scripts to access resources at the client system, comprising:
- maintaining at the client system an access control data structure for regulating the accessibility of one or more resources, the access control data structure comprising (i) a resource identifier field representing a particular resource for which access is to be controlled, (ii) a script source identifier field representing a script source whose access to the particular resource is to be controlled, and (iii) a permission identifier field representing a permission that is to be applied to one or more scripts from an authorized script source when one or more scripts that are received from the authorized script source request access to the particular resource;
  
  at the client system, receiving from the conditional access system, a scripted command to modify the access control data from a script source; and
  
  upon determining that the script sources is authorized to modify the access control data structure, as determined by the script source identifier field, resource identifier field and permission identifier field, modifying the access control data structure as specified by the received command.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as defined in claim 1, wherein the particular resource is an object encoded in a computer-readable medium at the client system.
  - 3. A method as defined in claim 1, wherein the step of modifying the access control data structure is conducted such that the modified access control information regulates access by the client system to selected Internet resources.
  - 4. A method as defined in claim 1, wherein the step of modifying the access control data structure is conducted such that the modified access control information regulates access by a script at the client system to an object defined at the client system.
  - 5. A method as defined in claim 1, wherein the step of modifying the access control data structure comprises the step of modifying the permission.
  - 6. A method as defined in claim 1, wherein the step of modifying the access control information comprises the step of turning on or turning off an entry or the access control data structure according to the command.
  - 7. A method as defined in claim 1, wherein the step of modifying the access control data structure comprises the step of adding a new entry to the access control structure comprising a new resource identifier field, a script source identifier field, and a new permission identifier field.
  - 8. A method as defined in claim 1, wherein the access control data structure further comprises a token field, and wherein the token field is formatted according to a television channel naming convention associated with the conditional access system.
  - 9. A method as defined in claim 1, wherein modifying the access control data structure comprises adding new information to the access control data structure.
  - 10. A method as defined in claim 1, wherein the particular resource for which access is to be controlled comprises a level of Internet access to be granted to the client system.
  - 11. A method as recited in claim 1, wherein the data control data structure further includes a level of service field defining a level of service of a plurality of levels of service of a tiered information service that are available to the client system, and wherein the command includes instructions to modify the level of service having been selected according to designated criteria.
  - 12. A method as defined in claim 11, wherein the selected level of service enabled by the step of modifying the access control data structure grants the client system access only to specified Internet resources.
  - 13. A method as defined in claim 11, wherein the token is formatted according to a television channel naming convention associated with the conditional access system.
  - 14. A method as defined in claim 11, wherein the step of modifying the access control data structure comprises the step of identifying an entry of an access control data structure stored at the client system, the entry being selected based on the identity of the token.

15. A computer-readable medium having stored thereon a plurality of entries that collectively represent an access control data structure that controls access to computing resources at a client system, wherein the access control data structure is capable of being modified in response to a request generated by a conditional access system, each entry comprising:
- a first data field containing data representing a token that may be included in the request generated by the conditional access system and received by the client system to indicate which portion of the access control data structure is to be modified;
  
  a second data field containing data specifying a computing resource at the client system for which access is to be controlled by the access control data structure;
  
  a third data field containing data representing a script source whose access to the computing resource is to be controlled; and
  
  a fourth field containing data representing a permission that is to be applied to one or more scripts from an authorized script source when one or more scripts that are received from the authorized script source request access to the computing resource, the data fields being configured to determine whether the one or more scripts received from a script source are authorized to modify the access control data structure.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A computer-readable medium as defined in claim 15, wherein the data contained by the second data field represents an object that is defined at the client system and relates to the computing resource.
  - 17. A computer-readable medium as defined in claim 16, wherein a plurality of objects are defined at the client system, the data contained by the second data field representing fewer than all of the plurality of objects.
  - 18. A computer-readable medium as defined in claim 15, further comprising another data field containing data specifying whether the computing resource specified by the data contained by the second data field is enabled or disabled.
  - 19. A computer-readable medium as defined in claim 15, wherein the computing resource represents a selected level of service in a tiered information service.
  - 20. A computer-readable medium as defined in claim 15, wherein the data contained by the first data field is in a format compatible with a television channel naming convention associated with the conditional access system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
WebTV Networks Inc. (Microsoft Corporation)
Inventors
Carpenter, Wiltse J.
Primary Examiner(s)
Chin, Wellington
Assistant Examiner(s)
HO, CHUONG T

Application Number

US09/287,247
Time in Patent Office

1,882 Days
Field of Search

713/200, 713/201, 713/202, 713/170, 713/166-172, 713/155-156, 709/229, 709/227, 709/228, 709/225, 725/86, 725/25, 725/27, 725/28, 725/31, 725/110, 725/118-119, 380/239-242, 380/240, 380/241, 380/210, 380/229, 380/259, 380/279, 380/278
US Class Current

709/229
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 61/00   Network arrangements, proto...

H04L 61/30   Managing network names, e.g...

H04L 61/301   Name conversion

H04L 63/101   Access control lists [ACL]

H04L 65/103   in the network

H04L 65/1101   Session protocols

H04L 65/764   at the destination reforma...

H04L 67/02   based on web technology, e....

Managing access to set-top box objects using television conditional access system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing access to set-top box objects using television conditional access system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links