Inter-server communication using request with encrypted parameter
First Claim
1. A method of communicating with a first computing device, said method comprising the acts of:
- encrypting information destined for said first computing device;
creating an HTTP request which includes an address of said first device and the encrypted information; and
transmitting a web page comprising said HTTP request to a second computing device different from said first computing device,wherein said second computing device is associated with a purchaser of content, wherein said first computing device provides said content, and wherein the encrypted information includes a public portion of a key pair associated with said purchaser, said key pair having been issued to said purchaser for use on said second computing device upon condition of said purchaser tendering authenticatable credentials and upon further condition of said key pair not having been previously been issued for use by said purchaser on a number of devices that exceeds a limit.
3 Assignments
0 Petitions
Accused Products
Abstract
A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information. Upon following the link, the fulfillment site downloads the ordered content to the consumer, preparing the content if necessary in accordance with the type of security to be carried with the content. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.
168 Citations
46 Claims
-
1. A method of communicating with a first computing device, said method comprising the acts of:
-
encrypting information destined for said first computing device; creating an HTTP request which includes an address of said first device and the encrypted information; and transmitting a web page comprising said HTTP request to a second computing device different from said first computing device, wherein said second computing device is associated with a purchaser of content, wherein said first computing device provides said content, and wherein the encrypted information includes a public portion of a key pair associated with said purchaser, said key pair having been issued to said purchaser for use on said second computing device upon condition of said purchaser tendering authenticatable credentials and upon further condition of said key pair not having been previously been issued for use by said purchaser on a number of devices that exceeds a limit. - View Dependent Claims (2)
-
-
3. A method of communicating with a first computing device through a second computing device, said method comprising the acts of:
-
encrypting information such that the encrypted information is decryptable by a secret; transmitting the encrypted information to said second computing device, said encrypted information being transmittable to said first computing device upon instruction from a user operating said second computing device, wherein said secret is not accessible to either said second computing device or said user; and sharing said secret, wherein the encrypted information comprises a public portion of a key pair associated with a user of said second computing device, said key pair having been issued to said user and bound to said second computing device, a private portion of said key pair being usable only on devices to which said key pair is bound, said key pair having been bound to said second computing device on condition of said key pair not having previously been bound to a number of devices that exceeds a predefined or determinable limit.
-
-
4. A method of communicating with a first computing device through a second computing device, said method comprising the acts of:
-
encrypting information such that the encrypted information is decryptable by a secret; transmitting the encrypted information to said second computing device, said encrypted information being transmittable to said first computing device upon instruction from a user operating said second computing device, wherein said secret is not accessible to either said second computing device or said user, and wherein said encrypted information comprises a public portion of a key pair associated with said user, said key pair being bound to said second computing device, a private portion of said key pair not being usable on devices to which said key pair has not been bound, said key pair having been bound to said second device after satisfying a condition that said key pair has not previously been bound to a number of devices that exceeds a limit, and after satisfying a further condition that said user provide authenticatable credentials to an entity that binds said key pair to said second device; and sharing said secret by performing either of the following acts; providing said secret to said first computing device or to a party associated with said first computing device;
orreceiving said secret from said first computing device or from a party associated with said first computing device, wherein said secret comprises a symmetric key, and wherein said encrypting act comprises encrypting said information with said symmetric key. - View Dependent Claims (5)
-
-
6. A method of facilitating electronic content distribution comprising the acts of:
-
providing, to a first party for use on a first computing device, a first set of computer-executable instructions which encrypts information based on a unique id that maps into a shared secret, the encrypted information being includable in an HTTP request which includes a network address of a second computing device; and providing, to a second party for use on said second computing device, a second set of computer-executable instructions which decrypts the encrypted information, said encrypted information comprising a public portion of a key pair, said key pair being associated with a third party who is distinct from both said first party and said second party, said key pair having been issued to said third party and bound to a third computing device that is distinct from both said first computing device and said second computing device, a private portion of said key pair being usable only on devices to which said key pair is bound, said key pair having been bound to said third computing device on condition of the number of devices to which said key pair has been previously bound not exceeding a limit. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of building a client-server request, said method comprising the acts of:
-
encrypting first information so as to be decryptable by a secret accessible to a first server; including an address associated with said first server in said client-server request; including the encrypted information in said client-server request; and transmitting said client-server request to a client on which said client-server request is executable to contact said first server and to transmit said encrypted information to said first server, wherein the encrypted information comprises a public portion of a key pair bound to said client, said key pair being bindable to a number of devices not in excess of a pre-defined or determinable limit, a private portion of said public key not being usable on devices to which said key pair is not bound, said key pair having been bound to said client upon determination that binding said key pair to said client would not cause the number of devices to which said key pair is bound to exceed said limit. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of distributing electronic content, said method comprising the acts of:
-
receiving, at a first computing device from a second computing device, an order for a content item; and providing, from said first computing device to said second computing device, data comprising; a network address of a third computing device; and encrypted information that comprises a public portion of a key pair associated with an entity that placed said order, said key pair being bound to one or more devices including said second computing device, said key pair being bindable to a number of devices not in excess of a limit, said key pair having been bound to said second computing device conditioned upon a determination that binding said key pair to said second computing device would not cause the number of devices to which said key pair is bound to exceed said limit; wherein said third computing device processes said order by using at least some of said encrypted information. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer-readable medium having computer-executable instructions for performing steps comprising:
-
receiving parameters that identify characteristics of a first transaction between a first client and a first server, said first transaction being a purchase transaction; encrypting one or more of said parameters, said one or more parameters including a public portion of a key pair bound to said first client, said key pair being bindable to a number of clients not in excess of a limit, a private portion of said key pair not being usable on clients to which said key pair is not bound, said key pair having been bound to said first client upon condition that binding said key pair to said first client would not cause the number of devices to which said key pair is bound to exceed said limit; returning said encrypted parameters to said first client in a format such that a second server may receive said encrypted parameters from said first client, validate said first transaction, and initiate a second transaction without any interaction with said first server. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification