Impulse pay per use method and system for data and multimedia services
First Claim
1. A method of providing secure impulse pay-per-use (IPPU) services to a subscriber over a communication network, comprising the steps of:
- sending a subscriber IPPU selection from the subscriber to an access controller;
generating at the access controller an encrypted message having a service identifier and associated authorization settings related to the subscriber IPPU selection;
communicating said encrypted message from the access controller to a subscriber terminal together with the cost of the IPPU service selected by the subscriber;
verifying that said cost is within a credit entitlement of said subscriber, and if such verification is successful, generating a secure entitlement token for use by a client application residing in the subscriber terminal;
securely sending the entitlement token from the client application to a server for determining the status of the subscriber'"'"'s entitlement; and
processing the IPPU selection at said server for enabling the selection to be used by the subscriber upon processing of the selection and associated entitlement.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system are provided for impulse purchasing of services over a communication network, such as a cable or satellite television network. Such services can include games or information accompanying television programming, home-shopping, e-mail services, streaming media and the like. Security is provided through entitlements generated by the access controller 14 and entitlement tokens generated by a secure processor. The secure processor is located at a subscriber terminal 16 through which a subscriber orders and obtains the services. A token is generated when the subscriber either selects the service, if pre-authorized, or when the service is purchased on impulse. The token is secure and signed, and may be used by a policy/proxy server 18 subtending to the Network Operator'"'"'s ISP and associated services to further facilitate offering these services to the subscribers.
88 Citations
32 Claims
-
1. A method of providing secure impulse pay-per-use (IPPU) services to a subscriber over a communication network, comprising the steps of:
-
sending a subscriber IPPU selection from the subscriber to an access controller;
generating at the access controller an encrypted message having a service identifier and associated authorization settings related to the subscriber IPPU selection;
communicating said encrypted message from the access controller to a subscriber terminal together with the cost of the IPPU service selected by the subscriber;
verifying that said cost is within a credit entitlement of said subscriber, and if such verification is successful, generating a secure entitlement token for use by a client application residing in the subscriber terminal;
securely sending the entitlement token from the client application to a server for determining the status of the subscriber'"'"'s entitlement; and
processing the IPPU selection at said server for enabling the selection to be used by the subscriber upon processing of the selection and associated entitlement. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
sending the subscriber IPPU selection to a billing system;
conveying the IPPU selection from the billing system to the access controller; and
billing the subscriber for the IPPU service provided.
-
-
4. A method in accordance with claim 3, wherein the subscriber IPPU selection is sent to the billing system using a web browser associated with the subscriber terminal and a web server associated with the billing system.
-
5. A method in accordance with claim 3, wherein:
-
as part of said communication to said access controller, the billing system actuates the access controller to add the service referred to by the subscriber IPPU selection; and
the step of adding said service is a separate process from that which tells the access controller which subscribers are entitled to access the service.
-
-
6. A method in accordance with claim 1, wherein the secure entitlement token is a signed and encrypted entitlement token, which signed and encrypted entitlement token is securely sent from the client application to the server for authentication and decryption.
-
7. A method in accordance with claim 6, wherein the entitlement token is encrypted using at least one of:
- (i) private key/public key encryption methods; and
(ii) symmetric key encryption methods.
- (i) private key/public key encryption methods; and
-
8. A method in accordance with claim 1, wherein the service identifier is associated with one or more service related codes and data objects which are sent periodically from the access controller to the subscriber terminal.
-
9. A method in accordance with claim 1, wherein the access controller is a local access controller.
-
10. A method in accordance with claim 1, wherein the access controller is a national access controller.
-
11. A method in accordance with claim 1, wherein the services comprise at least one of accessing certain sites, streaming media from the sites, downloading multimedia applications from the sites, accessing content resident on the sites, shopping, email, and video mail.
-
12. A method in accordance with claim 1, wherein the subscriber terminal is one of a cable television set-top box, a digital television or host with point of deployment capability, or a personal computer.
-
13. A method in accordance with claim 1, wherein the subscriber IPPU selection is pre-authorized at the subscriber terminal for a predetermined credit amount.
-
14. A method in accordance with claim 13, wherein a cost associated with the subscriber IPPU selection is subtracted from the credit amount.
-
15. A method in accordance with claim 1, further comprising the step of securely reporting the subscriber IPPU selection from the subscriber terminal back to the access controller.
-
16. A method in accordance with claim 1, wherein the entitlement token is generated at one of the access controller or the subscriber terminal.
-
17. A system for providing secure impulse pay-per-use (IPPU) services to a subscriber over a communication network, comprising:
-
a subscriber terminal having a client application;
an access controller for receiving a subscriber IPPU selection; and
a server, wherein;
the subscriber conveys the subscriber IPPU selection to the access controller;
the access controller generates an encrypted message having a service identifier and associated authorization settings related to the subscriber IPPU selection;
the access controller communicates the encrypted message to the subscriber terminal together with the cost of the IPPU service selected by the subscriber;
the subscriber terminal verifies that said cost is within a credit entitlement of said subscriber, and if such verification is successful, the subscriber terminal generates a secure entitlement token for use by the client application residing in the subscriber terminal;
the client application securely sends the entitlement token to the server for determining the status of the subscriber'"'"'s entitlement; and
the server processes the IPPU selection to enable the selection to be used by the subscriber upon processing of the selection and associated entitlement. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
the subscriber sends the subscriber IPPU selection to a billing system;
the billing system conveys the subscriber IPPU selection to the access controller; and
the subscriber is billed for the IPPU service provided.
-
-
20. A system in accordance with claim 19, further comprising:
-
a web browser associated with the subscriber terminal for forwarding the subscriber IPPU selection to the billing system; and
a web server associated with the billing system for receiving the subscriber IPPU selection from the web browser.
-
-
21. A system in accordance with claim 19, wherein:
-
as part of conveying the subscriber IPPU selection to the access controller, the billing system actuates the access controller to add the service referred to by the subscriber IPPU selection; and
the step of adding said service is a separate process from that which tells the access controller which subscribers are entitled to access the service.
-
-
22. A system in accordance with claim 17, wherein the secure entitlement token is a signed and encrypted entitlement token, which signed and encrypted entitlement token is securely sent from the client application to the server for authentication and decryption.
-
23. A system in accordance with claim 22, wherein the entitlement token is encrypted using at least one of:
- (i) private key/public key encryption methods; and
(ii) symmetric key encryption methods.
- (i) private key/public key encryption methods; and
-
24. A system in accordance with claim 17, wherein the service identifier is associated with one or more service related codes and data objects which are sent periodically from the access controller to the subscriber terminal.
-
25. A system in accordance with claim 17, wherein the access controller is a local access controller.
-
26. A system in accordance with claim 17, wherein the access controller is a national access controller.
-
27. A system in accordance with claim 17, wherein the services comprise at least one of accessing certain sites, streaming media from the sites, downloading multimedia applications from the sites, accessing content resident on the sites, shopping, email, and video mail.
-
28. A system in accordance with claim 17, wherein the subscriber terminal is one of a cable television set-top box, a digital television or host with point of deployment capability, or a personal computer.
-
29. A system in accordance with claim 17, wherein the subscriber IPPU selection is pre-authorized at the subscriber terminal for a predetermined credit amount.
-
30. A system in accordance with claim 29, wherein a cost associated with the subscriber IPPU selection is subtracted from the credit amount.
-
31. A system in accordance with claim 17, wherein the subscriber terminal securely reports the subscriber IPPU selection back to the access controller.
-
32. A system in accordance with claim 17, wherein the entitlement token is generated at one of the access controller or the subscriber terminal.
Specification