Method and apparatus for content protection in a secure content delivery system
First Claim
Patent Images
1. A server apparatus connectable through a computer network to one or more client processes comprising:
- a processor;
a server memory coupled to the processor, the server memory capable of storing a plurality of titles therein;
a network interface coupled to the server memory and processor;
authentication logic, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access logic, responsive to the token received from the client process, and configured to enable access to the server memory and a title uniquely identified by the token.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for secure delivery of on-demand content over broadband access networks utilizes of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user'"'"'s local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user'"'"'s local computer system.
-
Citations
12 Claims
-
1. A server apparatus connectable through a computer network to one or more client processes comprising:
-
a processor;
a server memory coupled to the processor, the server memory capable of storing a plurality of titles therein;
a network interface coupled to the server memory and processor;
authentication logic, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access logic, responsive to the token received from the client process, and configured to enable access to the server memory and a title uniquely identified by the token.
-
-
2. A computer program product for use with a server apparatus having a processor, a server memory and a network interface, the server apparatus connectable to one or more client processes over a computer network, the computer program product comprising a computer usable medium having computer usable program code embodied thereon, the computer program code comprising:
-
authentication program code responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the server memory at a specific time; and
access program code responsive to the token received from the client process, the token containing data uniquely identifying one of the titles stored in server memory, for accessing the server memory and a title uniquely identified by the token.
-
-
3. In a server apparatus comprising a processor, server memory and a network interface, the server apparatus connectable to one or more client process over a computer network, a method comprising:
-
(a) receiving a token from a client process through the network interface, the token containing data identifying a time period and data uniquely identifying a title;
(b) determining whether the client process is authorized to access the title at a specific time;
(c) if the client is authorized in step (b), accessing the server memory and a title uniquely identified by the token; and
(d) supplying to the client process at least a portion of the title identified by the token.
-
-
4. A computer data signal embodied in a carrier wave comprising:
-
authentication program code, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access a server memory at a specific time; and
access program code, responsive to the token received from the client process, the token containing data uniquely identifying a title stored in the server memory, and configured to access the server memory and the title uniquely identified by the token.
-
-
5. An access server connectable to one or more requestor processes and one or more content servers over a computer network, each content sever including server memory storing one or more content titles in an unexecutable form, the access server comprising:
-
conversion logic configured to convert a title identifier received from a requestor process into a location identifier, the title identifier corresponding to a title selected by the requestor process, the location identifier indicating an address on the network for the content server storing the selected title;
activator generator logic configured to generate an activator usable by the requestor process, the activator containing data necessary to process the requested title stored on the content server into executable form; and
token generating logic configured to generate a token containing data identifying the title requested by the requester process and data specifying a time period for accessing the requested title from the content server. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A content server connectable to a client system and an access server over a computer network, the content server comprising:
-
a processor, a server memory coupled to the processor, the server memory storing one or more content titles in an unexecutable form, a network interface coupled to the server memory and the processor, the network interface providing access to the computer network, and program logic responsive to a token received from the client system containing data identifying a content title stored on the content server, the program logic configured to authenticate the title identification data and, after authentication, enabling access to at least a portion of the title identified by the token. - View Dependent Claims (11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFerco International Ferrures Serrures Batiment (Gretsch-Unitas GmbH), Microsoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeSoftricity Inc (Microsoft Corporation)
-
InventorsEichin, Mark W., Schmeidler, Yonah, Atkins, Derek, Rostcheck, David J.
-
Primary Examiner(s)Meky, Moustafa M.
-
Application NumberUS09/310,229Time in Patent Office1,889 DaysField of Search709/200, 709/201, 709/203, 709/217, 709/218, 709/219, 709/227, 709/228, 709/229, 709/245, 709/247US Class Current709/203CPC Class CodesG06F 21/10 Protecting distributed prog...G06F 2221/2137 Time limited access, e.g. t...G06Q 30/06 Buying, selling or leasing ...H04L 12/2801 Broadband local area networksH04L 12/2856 Access arrangements, e.g. I...H04L 12/2872 Termination of subscriber c...H04L 12/4633 Interconnection of networks...H04L 2463/102 applying security measure f...H04L 47/2408 for supporting different se...H04L 63/04 for providing a confidentia...H04L 63/062 for key distribution, e.g. ...H04L 63/123 received data contents, e.g...H04L 67/06 specially adapted for file ...H04L 67/34 involving the movement of s...H04L 67/62 Establishing a time schedul...H04N 21/23106 involving caching operation...H04N 21/2312 Data placement on disk arra...H04N 21/2347 involving video stream encr...H04N 21/2402 Monitoring of the downstrea...H04N 21/2408 Monitoring of the upstream ...View All
