Repositing for digital content access control

US 7,240,365 B2
Filed: 09/13/2002
Issued: 07/03/2007
Est. Priority Date: 09/13/2002
Status: Active Grant

First Claim

Patent Images

1. A method for digital content access control, the method comprising:

receiving, by a content repository, an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;

validating, by said content repository, said authenticated digital content request, said validating comprising;

indicating said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and

indicating said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content,wherein said validating further comprises;

receiving a token;

indicating said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content; and

updating the offset entry associated with said token and indicating said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window;

synchronizing by said content repository with a content provisioner when said synchronizing is enabled wherein said content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and

said synchronizing comprises;

synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and

providing, by said content repository, said digital content when said authenticated digital content request is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for digital content access control comprises receiving an authenticated digital content request based at least in part on a digital content request comprising a request for digital content, validating the authenticated digital content request and providing the digital content if the authenticated digital content request is valid. The validating comprises indicating the authenticated digital content request is valid if the authenticated digital content request is validly associated with the digital content and if the authenticated digital content request authenticates the digital content request, and indicating the authenticated digital content request is invalid if the authenticated digital content request is not validly associated with the digital content.

Citations

40 Claims

1. A method for digital content access control, the method comprising:
- receiving, by a content repository, an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;
  
  validating, by said content repository, said authenticated digital content request, said validating comprising;
  
  indicating said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and
  
  indicating said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content,wherein said validating further comprises;
  
  receiving a token;
  
  indicating said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content; and
  
  updating the offset entry associated with said token and indicating said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window;
  
  synchronizing by said content repository with a content provisioner when said synchronizing is enabled wherein said content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and
  
  said synchronizing comprises;
  
  synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and
  
  providing, by said content repository, said digital content when said authenticated digital content request is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 whereinsaid digital content request comprises a Universal Resource Locator (URL);
    - andsaid authenticated digital content request comprises a tokenized URL.
  - 3. The method of claim 2 wherein said tokenized URL further comprises a token comprising a cryptogram based at least in part on an identifier that describes the location of said digital content.
  - 4. The method of claim 3 wherein said token is from a token pool associated with the location of digital content for which access is authorized.
  - 5. The method of claim 1 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed, said token being fully redeemed when the number of token redemptions equals a predetermined amount; and
      
      incrementing a token redemption count associated with said token and indicating said token is valid when said token is found within said token pool and said token has not been fully redeemed.
  - 6. The method of claim 1 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been redeemed, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      invalidating tokens in said token chain that were generated after said received token.
  - 7. The method of claim 1 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a portion of a token pool comprising unredeemed tokens, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      reordering tokens in said token pool after said indicating said token is valid, said reordering based at least in part on whether the tokens have been redeemed.
  - 8. The method of claim 1 wherein said validating further comprises:
    - initializing a current token to said received token;
      
      applying a cryptographic one-way function to said current token to create a result;
      
      assigning said result to said current token;
      
      repeating said applying until said current token matches a last redeemed token or until all tokens in said pool generated after said received token have been examined;
      
      indicating said token is valid when said current token matches said last redeemed token; and
      
      indicating said token is invalid when said current token does not match said last redeemed token and when all tokens in said pool generated after said received token have been examined.

9. A method for digital content access control, the method comprising:
- step for receiving, by a content repository, an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;
  
  step for validating, by said content repository, said authenticated digital content request, said validating comprising;
  
  step for indicating said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and
  
  step for indicating said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content,wherein said step for validating further comprises;
  
  step for receiving a token;
  
  step for indicating said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content; and
  
  step for updating the offset entry associated with said token and indicating said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window;
  
  step for synchronizing by said content repository with a content provisioner when said synchronizing is enabled whereinsaid content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and
  
  said step for synchronizing comprises;
  
  synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and
  
  step for providing, by said content repository, said digital content when said authenticated digital content request is valid.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 whereinsaid digital content request comprises a Universal Resource Locator (URL);
    - andsaid authenticated digital content request comprises a tokenized URL.
  - 11. The method of claim 10 wherein said tokenized URL further comprises a token comprising a cryptogram based at least in part on an identifier that describes the location of said digital content.
  - 12. The method of claim 11 wherein said token is from a token pool associated with the location of digital content for which access is authorized.
  - 13. The method of claim 9 wherein said step for validating further comprises:
    - step for indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed, said token being fully redeemed when the number of token redemptions equals a predetermined amount; and
      
      step for incrementing a token redemption count associated with said token and indicating said token is valid when said token is found within said token pool and said token has not been fully redeemed.
  - 14. The method of claim 9 wherein said step for validating further comprises:
    - step for indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been redeemed, said token pool formed from successive applications of a cryptographic one-way function;
      
      step for indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      step for invalidating tokens in said token chain that were generated after said received token.
  - 15. The method of claim 9 wherein said step for validating further comprises:
    - step for indicating said token is invalid when said token is not found within a portion of a token pool comprising unredeemed tokens, said token pool formed from successive applications of a cryptographic one-way function;
      
      step for indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      step for reordering tokens in said token pool after said indicating said token is valid, said reordering based at least in part on whether the tokens have been redeemed.
  - 16. The method of claim 9 wherein said step for validating further comprises:
    - step for initializing a current token to said received token;
      
      step for applying a cryptographic one-way function to said current token to create a result;
      
      step for assigning said result to said current token;
      
      step for repeating said applying until said current token matches a last redeemed token or until all tokens in said pool generated after said received token have been examined;
      
      step for indicating said token is valid when said current token matches said last redeemed token; and
      
      step for indicating said token is invalid when said current token does not match said last redeemed token and when all tokens in said pool generated after said received token have been examined.

17. A tangible program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for digital content access control, the method comprising:
- receiving, by a content repository, an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;
  
  validating, by said content repository, said authenticated digital content request, said validating comprising;
  
  indicating said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and
  
  indicating said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content,wherein said validating further comprises;
  
  receiving a token;
  
  indicating said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content; and
  
  updating the offset entry associated with said token and indicating said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window;
  
  synchronizing by said content repository with a content provisioner when said synchronizing is enabled whereinsaid content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and
  
  said synchronizing comprises;
  
  synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and
  
  providing, by said content repository, said digital content when said authenticated digital content request is valid.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The program storage device of claim 17 whereinsaid digital content request comprises a Universal Resource Locator (URL);
    - andsaid authenticated digital content request comprises a tokenized URL.
  - 19. The program storage device of claim 18 wherein said tokenized URL further comprises a token comprising a cryptogram based at least in part on an identifier that describes the location of said digital content.
  - 20. The program storage device of claim 19 wherein said token is from a token pool associated with the location of digital content for which access is authorized.
  - 21. The program storage device of claim 17 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed,said token being fully redeemed when the number of token redemptions equals a predetermined amount; and
      
      incrementing a token redemption count associated with said token and indicating said token is valid when said token is found within said token pool and said token has not been fully redeemed.
  - 22. The program storage device of claim 17 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been redeemed, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      invalidating tokens in said token chain that were generated after said received token.
  - 23. The program storage device of claim 17 wherein said validating further comprises:
    - indicating said token is invalid when said token is not found within a portion of a token pool comprising unredeemed tokens, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      reordering tokens in said token pool after said indicating said token is valid, said reordering based at least in part on whether the tokens have been redeemed.
  - 24. The program storage device of claim 17 wherein said validating further comprises:
    - initializing a current token to said received token;
      
      applying a cryptographic one-way function to said current token to create a result;
      
      assigning said result to said current token;
      
      repeating said applying until said current token matches a last redeemed token or until all tokens in said pool generated after said received token have been examined;
      
      indicating said token is valid when said current token matches said last redeemed token; and
      
      indicating said token is invalid when said current token does not match said last redeemed token and when all tokens in said pool generated after said received token have been examined.

25. An apparatus for digital content access control, the apparatus comprising:
- means for receiving, by a content repository, an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;
  
  means for validating, by said content repository, said authenticated digital content request, said validating comprising;
  
  indicating said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and
  
  indicating said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content,wherein said means for validating further comprises;
  
  means for receiving a token;
  
  means for indicating said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying. a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content; and
  
  means for updating the offset entry associated with said token and indicating said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window;
  
  means for synchronizing by said content repository with a content provisioner when said synchronizing is enabled whereinsaid content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and
  
  said synchronizing comprises;
  
  synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and
  
  means for providing, by said content repository, said digital content when said authenticated digital content request is valid.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The apparatus of claim 25 whereinsaid digital content request comprises a Universal Resource Locator (URL);
    - andsaid authenticated digital content request comprises a tokenized URL.
  - 27. The apparatus of claim 26 wherein said tokenized URL further comprises a token comprising a cryptogram based at least in part on an identifier that describes the location of said digital content.
  - 28. The apparatus of claim 27 wherein said token is from a token pool associated with the location of digital content for which access is authorized.
  - 29. The apparatus of claim 25 wherein said means for validating further comprises:
    - means for indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed, said token being fully redeemed when the number of token redemptions equals a predetermined amount; and
      
      means for incrementing a token redemption count associated with said token and indicating said token is valid when said token is found within said token pool and said token has not been fully redeemed.
  - 30. The apparatus of claim 25 wherein said means for validating further comprises:
    - means for indicating said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been redeemed, said token pool formed from successive applications of a cryptographic one-way function;
      
      means for indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      means for invalidating tokens in said token chain that were generated after said received token.
  - 31. The apparatus of claim 25 wherein said means for validating further comprises:
    - means for indicating said token is invalid when said token is not found within a portion of a token pool comprising unredeemed tokens, said token pool formed from successive applications of a cryptographic one-way function;
      
      means for indicating said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      means for reordering tokens in said token pool after said indicating said token is valid, said reordering based at least in part on whether the tokens have been redeemed.
  - 32. The apparatus of claim 25 wherein said means for validating further comprises:
    - means for initializing a current token to said received token;
      
      means for applying a cryptographic one-way function to said current token to create a result;
      
      means for assigning said result to said current token;
      
      means for repeating said applying until said current token matches a last redeemed token or until all tokens in said pool generated after said received token have been examined;
      
      means for indicating said token is valid when said current token matches said last redeemed token; and
      
      means for indicating said token is invalid when said current token does not match said last redeemed token and when all tokens in said pool generated after said received token have been examined.

33. An apparatus for digital content access control, the apparatus comprising:
- a memory for storing validation information for use in validating an authenticated digital content request that is based at least in part on a digital content request comprising a request for digital content; and
  
  a content repository configured to;
  
  receive an authenticated digital content request based at least in part on a digital content request comprising a request for digital content;
  
  validate said authenticated digital content request, said content repository further configured to;
  
  indicate said authenticated digital content request is valid when said authenticated digital content request is validly associated with said digital content and when said authenticated digital content request authenticates said digital content request; and
  
  indicate said authenticated digital content request is invalid when said authenticated digital content request is not validly associated with said digital content;
  
  synchronize with a content provisioner when said synchronizing is enabled whereinsaid content provisioner is configured to send said authenticated digital content request to a user device when a user associated with said digital content request is authorized to access and use said digital content; and
  
  said synchronizing comprises;
  
  synchronization of information used by said content provisioner to create said authenticated digital content request with information used by said content repository to validate said authenticated digital content request; and
  
  provide said digital content when said authenticated digital content request is valid,wherein said content repository is further configured to;
  
  receive a token;
  
  indicate said token is invalid when said token is not associated with an partially redeemed or unredeemed offset within a token offset window, said token offset window comprising one or more offset entries identified by a base number and an offset from said base number, said one or more offset entries associated with a token in a token pool formed by applying a cryptographic process to the sum of said base number and said offset from said base number, together with a token chain key, said token pool associated with said digital content;
  
  andupdate the offset entry associated with said token and indicate said received token is valid when said token is associated with a partially redeemed offset or unredeemed offset within said token offset window.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The apparatus of claim 33 whereinsaid digital content request comprises a Universal Resource Locator (URL);
    - andsaid authenticated digital content request comprises a tokenized URL.
  - 35. The apparatus of claim 34 wherein said tokenized URL further comprises a token comprising a cryptogram based at least in part on an identifier that describes the location of said digital content.
  - 36. The apparatus of claim 35 wherein said token is from a token pool associated with the location of digital content for which access is authorized.
  - 37. The apparatus of claim 33 wherein said content repository is further configured to:
    - indicate said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed, said token being fully redeemed when the number of token redemptions equals a predetermined amount; and
      
      increment a token redemption count associated with said token and indicate said token is valid when said token is found within said token pool and said token has not been fully redeemed.
  - 38. The apparatus of claim 33 wherein said content repository is further configured to:
    - indicate said token is invalid when said token is not found within a token pool associated with said digital content or when said token has been fully redeemed, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicate said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      invalidate tokens in said token chain that were generated after said received token.
  - 39. The apparatus of claim 33 wherein said content repository is further configured to:
    - indicate said token is invalid when said token is not found within a portion of a token pool comprising unredeemed tokens, said token pool formed from successive applications of a cryptographic one-way function;
      
      indicate said token is valid when said token is found within said token pool and said token has not been redeemed; and
      
      reorder tokens in said token pool after said indicate said token is valid, said reordering based at least in part on whether the tokens have been redeemed.
  - 40. The apparatus of claim 33 wherein said content repository is further configured to:
    - initialize a current token to said received token;
      
      apply a cryptographic one-way function to said current token to create a result;
      
      assign said result to said current token;
      
      repeat said applying until said current token matches a last redeemed token or until all tokens in said pool generated after said received token have been examined;
      
      indicate said token is valid when said current token matches said last redeemed token; and
      
      indicate said token is invalid when said current token does not match said last redeemed token and when all tokens in said pool generated after said received token have been examined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
de Jong, Eduard, Bostrom, Jon, Cooley, Aaron
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
Nirav; Patel

Application Number

US10/243,474
Publication Number

US 20040054915A1
Time in Patent Office

1,754 Days
Field of Search

713/155, 713/182, 713/161, 713/170, 713/172, 713/175, 713/185, 713/159, 713/193, 713/375, 726/2, 726/9, 726/10, 726/20, 726 26- 31, 705/65, 705/51, 705/53, 705/55, 705/57, 705/50, 707/9, 707/10, 709/226, 709/237, 709/201, 709/248, 709/225, 709/219, 380/201, 380/278, 380/231, 380/200, 380/229, 380/232, 725/25, 725/31
US Class Current

726/9
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

H04L 2463/101   applying security measures ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Repositing for digital content access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Repositing for digital content access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links