Remote access authorization of local content

US 7,089,425 B2
Filed: 03/18/2003
Issued: 08/08/2006
Est. Priority Date: 03/18/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media, the executable program generating a configuration identifier that is unique to the current instance of the executable program;

creating, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location within the directory structure that depends upon the configuration identifier and which has a corresponding path;

communicating with a remote server for access authorization by said user;

providing to the user information on selectable content and the corresponding path of such content; and

providing to the user from said remote server a decryption key for decrypting selected content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network users are authorized individual access during a log-on session to encrypted content on content media at the user without the necessity of individualizing the content media for the particular user. The content may comprise multimedia data. The content media, which may be mass produced and distributed, includes a computer program which generates a unique configuration identifier upon instantiation of the program to begin a user access session. The program creates a virtual directory structure for the content that is uniquely determined for that session by the configuration identifier. The configuration identifier is uploaded to a remote server which uses the configuration identifier with other information identifying the content media and the user authorize user access. The remote server creates and downloads to a browser of the user an encrypted message containing URLs for accessing the content in the virtual directory structure and containing transformations of a decryption algorithm and decryption keys for the encrypted content. Encrypted multimedia content selected by the user is stored in a temporary file, decrypted in a moving time window, and rendered After rendering, the decrypted portion of the temporary file is scrambled to preclude further access.

Citations

45 Claims

1. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media, the executable program generating a configuration identifier that is unique to the current instance of the executable program;
- creating, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location within the directory structure that depends upon the configuration identifier and which has a corresponding path;
  
  communicating with a remote server for access authorization by said user;
  
  providing to the user information on selectable content and the corresponding path of such content; and
  
  providing to the user from said remote server a decryption key for decrypting selected content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said content comprises a plurality of content files, each file having a separate location within the directory structure and a separate corresponding path.
  - 3. The method of claim 1, wherein said providing to the user information on selectable content comprises providing encrypted information on said content and on said corresponding path, the information on said corresponding paths comprising a URL identifying a location within the directory structure of said content.
  - 4. The method of claim 1 further comprising encrypting at the remote server said information provided to the user using a first encrypting process and a first encryption key;
    - and downloading to a browser at the user a page containing said encrypted information.
  - 5. The method of claim 4 further comprising downloading to said executable program a first transformation of a decryption program and a second transformation of said encryption key for decrypting the encrypted information on said page.
  - 6. The method of claim 5, wherein said first and second transformations are different transformation processes and are unique to a current access session.
  - 7. The method of claim 6, wherein said second transformation process comprises combining said first key with a number to form a combination, and encrypting said combination using a second encryption process to produce said second transformation of said encryption key, and wherein said first transformation process of the decryption program comprises decrypting the encrypted combination to recover the first encryption key, and decrypting using a different decryption process and said decrypted key the encrypted information on said page.
  - 8. The method of claim 1, wherein said executable program comprises a local server, and said communicating with said remote server comprises communicating with said local server via a browser at the user.
  - 9. The method of claim 1, wherein said generating a configuration identifier comprises generating with the executable program a random number;
    - and said step of creating a virtual directory structure comprises creating a location within the directory structure for said content using said random number.
  - 10. The method of claim 9 further comprising providing said configuration identifier to the remote server, and forming at said remote server a path corresponding to the location in the directory structure of said content using said configuration identifier;
    - and wherein said providing of information to a user on selectable content comprises providing to the user a description of said content and the corresponding path.
  - 11. The method of claim 10 further comprising encrypting said information at said remote server, and decrypting said information in the executable program to recover the content description and path.
  - 12. The method of claim 1, wherein said instantiating comprises running a first portion of the executable program which creates a local server;
    - and said generating a configuration identifier comprises running a second portion of the executable program to produce an unpredictable number, said configuration identifier comprising said unpredictable number.
  - 13. The method of claim 12, wherein said remote server comprises one or more content servers and an authorization server, and the method further comprises authorizing, in a content server, access by the user during a current access session to encrypted content on the content media;
    - and supplying to the user a session identifier identifying said access session, and wherein said providing to the user information on selectable content comprises uploading from the user to the authorization server the session identifier and a content media identifier; and
      
      downloading from the authorization server in response to said identifiers information on selectable content.
  - 14. The method of claim 1, wherein said content comprises multimedia data, and said content media comprises a data storage device.
  - 15. The method of claim 14 further comprising storing encrypted multimedia data content selected by the user in a temporary file;
    - decrypting the encrypted data in said temporary file in a moving time window; and
      
      scrambling the decrypted data in said temporary file following rendering.

16. A method of controlling access by a user to encrypted content on content media at the user, comprising storing on the content media encrypted content files, each file having an associated key;
- providing on the content media an executable program, the executable program comprising a first portion operating as a server, a second portion generating a unique identifier for each instantiation of the program, a third portion creating for each instance of the executable program a virtual directory structure for the content files on the content media, the content files in the directory structure having locations in said directory structure determined by the unique identifier and said locations having corresponding paths, and a fourth portion for decryption;
  
  authorizing by a remote server user access to the encrypted content; and
  
  communicating to the executable program after said authorizing an associated key for decrypting an encrypted content file selected by the user.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 17. The method of claim 16 further comprising providing a browser at said user for communicating between the first server portion of the executable program on the content media and the remote server;
    - and downloading to the browser a page having a main frame for displaying information to the user and having a hidden frame with a program for communicating with the server portion of the executable program.
  - 18. The method of claim 17 further comprising uploading from the user to the remote server said unique identifier and a content media identifier;
    - receiving from the remote server an encrypted message comprising a decryption program for use with said associated keys for decrypting encrypted content, and receiving a security key for decrypting communications between the remote server and the user during said access session.
  - 19. The method of claim 18 further comprising generating using said unique identifier in said executable program a decryption key for decrypting said encrypted message from the remote server.
  - 20. The method of claim 18, wherein said security key and said decryption program received from said remote server comprise a first transformation of a security key and a second transformation of an encryption program for encrypting communications between the remote server and the user, said transformations enabling decryption of communications only during the current access session.
  - 21. The method of claim 20, wherein said first transformation of the security key and the second transformation of said decryption algorithm comprise different transformations.
  - 22. The method of claim 16, wherein said remote server comprises one or more content servers and an authorization server, and wherein said authorizing user access comprises authorizing user access by a content server, and said communicating of said associated key for decrypting comprises communicating said key from the authorization server.
  - 23. The method of claim 22, wherein said authorizing user access by said content server comprises downloading to the user a vendor identifier;
    - communicating from the user to the authorization server said vendor identifier and said unique identifier generated for the current instance of the executable program; and
      
      receiving at the user from the authorization server transformations of associated keys for decrypting the encrypted content files on the content media and another transformation of a decryption program for said decrypting, said transformations being specific to the current instance of the executable program.
  - 24. The method of claim 23 further comprising receiving at said user from said content server a content selection page containing a description of selectable content files on the content media and the corresponding paths in said directory structure for said selectable content files.
  - 25. The method of claim 24, wherein said corresponding paths for content files comprise URLs which indicate said locations in the directory structure of said files, and said receiving comprises receiving said paths in an encrypted communication on a hidden frame in a browser of the user.
  - 26. The method of claim 25 further comprising uploading said encrypted communication from the browser to the first server portion of the executable program;
    - and decrypting the encrypted communication using the fourth portion of the executable program.
  - 27. The method of claim 22 further comprising receiving from the authorization server on a hidden frame of a browser URLs for the corresponding paths of said content files in the directory structure;
    - uploading said URLs to the executable program;
      
      constructing in the executable program a content page identifying selectable content and associated URLs; and
      
      downloading the content page from the server portion of the executable program to a main frame of the browser for display to the user.
  - 28. The method of claim 27, wherein said URLs are encrypted, and the method further comprises decrypting in the executable program an encrypted URL corresponding to a selected content file.
  - 29. The method of claim 22, wherein there are a plurality of content servers, each content server being identified by a vendor identifier and having a corresponding group of encrypted content files to which such content server grants user access;
    - and wherein said authorization server stores in a key file keys for the encrypted content files of said plurality of content servers.
  - 30. The method of claim 16, wherein said encrypted content files comprise multimedia data;
    - and wherein said executable program stores a content file selected by a user in a temporary file;
      
      decrypts a portion of the content file in the temporary file in a moving time window; and
      
      scrambles the decrypted portion of the content file in the temporary file following rendering.
  - 31. The method of claim 16, wherein said encrypted content is selected from the group consisting of digital data and executable programs.
  - 32. The method of claim 16, wherein said content media comprises storage media selected from the group consisting of optical storage, magnetic storage, and semiconductor memory.

33. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media;
- generating with the executable program upon instantiation a configuration identifier that is unique to the current instance of the executable program;
  
  communicating with a remote server for access authorization by said user, comprising providing said configuration identifier to the remote server;
  
  providing to the user information on selectable content; and
  
  providing to the user from said remote server in a message encrypted using said configuration identifier a decryption code and a decryption key for decrypting selected content.
- View Dependent Claims (34, 35)
- - 34. The method of claim 33 further comprising creating for the current instance, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location and a corresponding path within the directory structure which depend upon said configuration identifier.
  - 35. The method of claim 33, wherein said providing to the user information on selectable content comprises providing a path for said selectable content which is encrypted using said configuration identifier.

36. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media;
- communicating with a remote server for access authorization by said user;
  
  providing to the user information on selectable content; and
  
  providing to the user from said remote server a first transformation of a decryption code and a second transformation of a decryption key for decrypting selected content, said first and second transformations being unique to the current instance.

37. Content media for controlled access to encrypted content by a user, comprising a repository on the content media storing encrypted content files;
- an executable program on the content media executable by a computer of the user, said executable program comprising a local server for communicating with a browser of the user;
  
  a configuration identifier generator operable upon instantiation of the program to generate a unique configuration identifier corresponding to a current instance of the executable program;
  
  first program code for creating upon said instantiation of the executable program a virtual directory structure for the encrypted content files stored in said repository, the content files having locations within said directory structure during said current instance determined by the configuration identifier, and said locations having corresponding encrypted paths; and
  
  second program code for receiving from said browser keys for decrypting an encrypted content file selected by the user for access and the corresponding encrypted path.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
- - 38. The content media of claim 37, wherein said configuration identifier generator comprises a random number generator which generates a different random number for each instantiation of the program, and the first program code includes an encryption program for encrypting said random number, the encrypted random number being used for creating said virtual directory structure.
  - 39. The content media of claim 38, wherein said first program code assigns to each encrypted content file a location within said virtual directory structure that is determined by said encrypted random number, and wherein said encrypted path for such location comprises a URL formed using said encrypted random number.
  - 40. The content media of claim 39, wherein said executable program comprises a shell program and a library which is updatable via the browser to change the operations of the executable program.
  - 41. The content media of claim 37 further comprising a URL within the content media that indicates a network address for a remote server, and wherein the local server communicates with the remote server via the browser to authorize access to the content media by the user.
  - 42. The content media of claim 37, wherein said content media comprises a storage device, and the content media further includes a program that comprises a parameter file which cooperates with the user'"'"'s computer for automatically instantiating the executable program.
  - 43. The content media of claim 37, wherein said content media is selected from the group consisting of optical storage devices, magnetic storage devices, and semiconductor memory.
  - 44. The content media of claim 37, wherein said encrypted content files comprise multimedia data.
  - 45. The content media of claim 37, wherein said executable program further comprises program code having a first portion for writing an encrypted content file to a temporary file;
    - a second portion for accessing the temporary file in a non-exclusive access mode;
      
      a third portion for decrypting preselected parts of the encrypted temporary file in a moving time window; and
      
      a fourth portion for scrambling the decrypted parts of the temporary file at a predetermined time following decryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CI4 Technologies Incorporated
Original Assignee
CI4 Technologies Incorporated
Inventors
Chan, Man
Primary Examiner(s)
Song, Hosuk
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US10/392,591
Publication Number

US 20040187027A1
Time in Patent Office

1,239 Days
Field of Search

713/165, 713/191, 713/156, 713/189, 707/10, 709/203, 380200-201, 380/243, 726 26- 30, 715/500, 715/501.1
US Class Current

713/189
CPC Class Codes

G06F 21/1077   Recurrent authorisation

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Remote access authorization of local content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Remote access authorization of local content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links