Transparent digital rights management for extendible content viewers
First Claim
1. A digital rights management system for controlling the distribution of digital content to player applications including a core rendering application and an extension mechanism, the system comprising:
- a verification system to validate the integrity of the player applications, and including a certificate generator for generating a certificate after inspecting the player application code and determining that a certain required property has been met by said code;
a trusted content handler to decrypt content and to transmit the decrypted content to the player applications, using the extension mechanism of the player application, and to enforce usage rights associated with the content; and
a user interface control module to ensure that the user interaction with the player applications does not violate the usage rights by intercepting and filtering messages sent from the user to the player application in accordance with a user rights set obtained by the user;
wherein components of the verification system, the trusted content handler, and user interface control module of the digital rights management system operate independently from the player application, reside locally in an end-user device having said player applications, and are dynamically linked to the applications at run-time; and
wherein the digital rights management system uses the extension mechanism of the player applications to implement the functions of the digital rights management system without modifying the core rendering applications of the player applications.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital rights management system for controlling the distribution of digital content to player applications. The system comprises a verification system, a trusted content handler, and a user interface control. The verification system is provided to validate the integrity of the player applications; and the trusted content handler is used to decrypt content and to transmit the decrypted content to the player applications, and to enforce usage rights associated with the content. The user interface control module is provided to ensure that users of the player applications are not exposed to actions that violate the usage rights. The preferred embodiment of the present invention provides a system that enables existing content viewers, such as Web browsers, document viewers, and Java Virtual Machines running content-viewing applications, with digital rights management capabilities, in a manner that is transparent to the viewer. Extending content viewers with such capabilities enables and facilitates the free exchange of digital content over open networks, such as the Internet, while protecting the rights of content owners, authors, and distributors. This protection is achieved by controlling access to the content and constraining it according to the rights and privileges granted to the user during the content acquisition phase.
-
Citations
21 Claims
-
1. A digital rights management system for controlling the distribution of digital content to player applications including a core rendering application and an extension mechanism, the system comprising:
-
a verification system to validate the integrity of the player applications, and including a certificate generator for generating a certificate after inspecting the player application code and determining that a certain required property has been met by said code; a trusted content handler to decrypt content and to transmit the decrypted content to the player applications, using the extension mechanism of the player application, and to enforce usage rights associated with the content; and a user interface control module to ensure that the user interaction with the player applications does not violate the usage rights by intercepting and filtering messages sent from the user to the player application in accordance with a user rights set obtained by the user; wherein components of the verification system, the trusted content handler, and user interface control module of the digital rights management system operate independently from the player application, reside locally in an end-user device having said player applications, and are dynamically linked to the applications at run-time; and wherein the digital rights management system uses the extension mechanism of the player applications to implement the functions of the digital rights management system without modifying the core rendering applications of the player applications. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A digital rights management method for controlling the distribution of digital content to player applications including a core rendering application and an extension mechanism, the method comprising the steps:
-
providing a verification system to validate the integrity of the player applications, said verification system including a certificate generator for generating a certificate after inspecting the player application code and determining that a certain required property has been met by said code; using a trusted content handler to decrypt content and to transmit the decrypted content to the player applications, using the extension mechanism of the player applications, and to enforce usage rights associated with the content; and providing a user interface control module to ensure that the user interaction with player applications does not violate the usage rights by intercepting and filtering messages sent from the user to the player application in accordance with a user rights set obtained by the user; wherein components of the verification system, the trusted content handler, and user interface control module of the digital rights management system operate independently from the player application, reside locally in an end-user device having said player applications, and are dynamically linked to the application at run-time; and wherein the digital rights management system uses the extension mechanism of the player applications to implement the functions of the digital rights management system without modifying the core rendering applications of the player applications. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method for controlling the distribution of digital content to player applications including a core rendering application and an extension mechanism, the method steps comprising:
-
using a verification system to validate the integrity of the player applications, said verification system including a certificate generator for generating a certificate after inspecting the player application code and determining that a certain required property has been met by said code; using a trusted content handler to decrypt content and to transmit the decrypted content to the player applications, using the extension mechanism of the player applications, and to enforce usage rights associated with the content by intercepting and filtering messages sent from the user to the player application in accordance with a user rights set obtained by the user; and using a user interface control module to ensure that the user interaction with player applications does not violate the usage rights; wherein components of said verification system, the trusted content handler, and user interface control module operate independently from the player applications and reside locally in an end-user device having said player applications, and are dynamically linked to the applications at run-time; and wherein the digital rights management system uses the extension mechanism of the player applications to implement the functions of the digital rights management system without modifying the core rendering applications of the player applications. - View Dependent Claims (12, 13, 14)
-
-
15. A code identity and integrity verification system for verifying the integrity or code of player applications including a core rendering application and an extension mechanism, comprising:
-
a certificate generator for receiving the player applications, for inspecting the player applications code to determine if the player applications code exhibit a predefined property, and for issuing a trust certificate for each of the player applications that exhibits the predefined property; a certificate repository for receiving and storing trust certificates issued by the certificate generator; an off-line code verifier for to analyze program code of a particular player application to determine whether said particular player application is certified as a trusted application before digital content is transmitted to said particular player application; and an authenticator for receiving requests, using the extension mechanism of one of the player applications, to verify that said one player application that requests protected content has been authorized by the verification system to access the requested, protected content, wherein the authenticator operates independently from said applications, resides locally in an end-user device having said applications, and is dynamically linked to said applications at run-time; and wherein the authentication uses the extension mechanism of said one player application to implement the functions of the authenticator without modifying the core rendering application of said one player application. - View Dependent Claims (16, 17, 18)
-
-
19. A method for verifying the identity and integrity of code of player applications including a core rendering application and an extension mechanism, the method comprising the steps:
-
using a certificate generator for receiving the player applications, for inspecting the player applications code to determine if the player applications code exhibit a predefined property, and for issuing a trust certificate for each of the player applications that exhibits the predefined property; receiving and storing in a certificate repository trust certificates issued by the certificate generator; using an off-line code verifier to analyze program code of a particular player application to determine whether said particular player application is certified as a trusted application before digital content is transmitted to said particular player application; and using an authenticator for receiving requests, using the extension mechanism of one of the player application, to verify that said one player application that requests protected content has been authorized by the verification system to access the requested, protected content, wherein the authenticator operates independently from said applications, resides locally in an end-user device having said applications, and is dynamically linked to said applications at run-time; and wherein the authentication uses the extension mechanism of said one player application to implement the functions of the authenticator without modifying the core rendering application of said one player application. - View Dependent Claims (20)
-
-
21. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for verifying, out of process, the identity of code of player applications including a core rendering application and an extension mechanism, said method steps comprising:
-
using a certificate generator for receiving the player applications, for determining if the player applications exhibit a predefined property, and for issuing a trust certificate for each of the player applications that exhibits the predefined property; receiving and storing in a certificate repository trust certificates issued by the certificate generator; using an off-line code verifier to analyze program code of a particular player application to determine whether said particular player application is certified as a trusted application before digital content is transmitted to said particular player application; and using an authenticator for receiving requests, using the extension mechanism of one of the player application, to verify that said one player application that requests protected content has been authorized by the verification system to access the requested, protected content, wherein the authenticator operates independently from said applications, resides locally in an end-user device having said applications, and is dynamically linked to said applications at run-time; and wherein the authentication uses the extension mechanism of said one player application to implement the functions of the authenticator without modifying the core rendering application of said one player application.
-
Specification