Method and apparatus for content protection in a secure content delivery system
First Claim
1. A server apparatus connectable through a computer network to one or more client processes comprising:
- a processor;
a server memory coupled to the processor, the server memory capable of storing a plurality of titles therein;
a network interface coupled to the server memory and processor;
authentication logic, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access logic, responsive to the token received from the client process, and configured to enable access to the server memory and a title uniquely identified by the token.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for secure delivery of on-demand content over broadband access networks utilizes of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user'"'"'s local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user'"'"'s local computer system.
-
Citations
12 Claims
-
1. A server apparatus connectable through a computer network to one or more client processes comprising:
-
a processor;
a server memory coupled to the processor, the server memory capable of storing a plurality of titles therein;
a network interface coupled to the server memory and processor;
authentication logic, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access logic, responsive to the token received from the client process, and configured to enable access to the server memory and a title uniquely identified by the token.
-
-
2. A computer program product for use with a server apparatus having a processor, a server memory and a network interface, the server apparatus connectable to one or more client processes over a computer network, the computer program product comprising a computer usable medium having computer usable program code embodied thereon, the computer program code comprising:
-
authentication program code responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access program code responsive to the token received from the client process, the token containing data uniquely identifying one of the titles stored in server memory, for accessing the server memory and a title uniquely identified by the token.
-
-
3. In a server apparatus comprising a processor, server memory and a network interface, the server apparatus connectable to one or more client process over a computer network, a method comprising:
-
(a) receiving a token from a client process through the network interface, the token containing data identifying a time period and data uniquely identifying a title;
(b) determining whether the client process is authorized to access the title at a specific time;
(c) if the client is authorized in step (b), accessing the server memory and a title uniquely identified by the token; and
(d) supplying to the client process at least a portion of the title identified by the token.
-
-
4. A computer data signal embodied in a carrier wave comprising:
-
authentication program code, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access a server memory at a specific time; and
access program code, responsive to the token received from the client process, the token containing data uniquely identifying a title stored in the server memory, and configured to access the server memory and the title uniquely identified by the token.
-
-
5. An access server connectable to one or more requestor processes and one or more content servers over a computer network, each content sever including server memory storing one or more content titles in an unexecutable form, the access server comprising:
-
conversion logic configured to convert a title identifier received from a requestor process into a location identifier, the title identifier corresponding to a title selected by the requestor process, the location identifier indicating an address on the network for the content server storing the selected title;
activator generator logic configured to generate an activator usable by the requestor process, the activator containing data necessary to process the requested title stored on the content server into executable form; and
token generating logic configured to generate a token containing data identifying the title requested by the requester process and data specifying a time period for accessing the requested title from the content server. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A content server connectable to a client system and an access server over a computer network, the content server comprising:
-
a processor, a server memory coupled to the processor, the server memory storing one or more content titles in an unexecutable form, a network interface coupled to the server memory and the processor, the network interface providing access to the computer network, and program logic responsive to a token received from the client system containing data identifying a content title stored on the content server, the program logic configured to authenticate the title identification data and, after authentication, enabling access to at least a portion of the title identified by the token. - View Dependent Claims (11, 12)
-
Specification