Method and system for enabling content security in a distributed system

US 7,243,226 B2
Filed: 12/11/2002
Issued: 07/10/2007
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. A system for securing content over a network, comprising:

a data store that is configured to store content;

an update manager that is coupled to the data store and configured to change content in the data store at a pre-set rate, and to tag a portion of the content as exclusively memory resident at a client; and

a content manager coupled to the update manager and the data store that is configured to perform actions, including;

receiving a request for content from the client that includes an authenticator that is associated to the client through a concatenation of the client'"'"'s remote Internet Protocol (IP) address and the client'"'"'s local IP address, the concatenation being hashed to generate a digest and the digest being subsequently combined with a timestamp; and

determining if the client is authentic, and if the client is authentic, providing content from the data store to the client at a predetermined rate, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are directed towards enabling content security in a distributed environment. The system includes a data store for content associated with an application that may be tagged as exclusively memory resident at a client. The content may also be encrypted and digitally signed. When an authenticated client requests the content, it is provided at a constrained rate that enables a portion of the content to start execution on the client before the application associated with the content is completely downloaded. Additional portions of the content are provided to the client when the additional portions are required for execution by the application.

Citations

25 Claims

1. A system for securing content over a network, comprising:
- a data store that is configured to store content;
  
  an update manager that is coupled to the data store and configured to change content in the data store at a pre-set rate, and to tag a portion of the content as exclusively memory resident at a client; and
  
  a content manager coupled to the update manager and the data store that is configured to perform actions, including;
  
  receiving a request for content from the client that includes an authenticator that is associated to the client through a concatenation of the client'"'"'s remote Internet Protocol (IP) address and the client'"'"'s local IP address, the concatenation being hashed to generate a digest and the digest being subsequently combined with a timestamp; and
  
  determining if the client is authentic, and if the client is authentic, providing content from the data store to the client at a predetermined rate, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the content manager is configured to further enable an application to start execution on the client before the content associated with the application is completely provided.
  - 3. The system of claim 1, wherein a portion of content associated with an application is absent from the client during execution of the application on the client.
  - 4. The system of claim 1, further comprising an authentication manager that is coupled to the content manager and is configured to provide a message that includes at least one of an instruction to cancel a client'"'"'s authentication and to modify a flow of content to an unauthentic client.
  - 5. The system of claim 1, wherein the content further comprises a checksum block that is digitally signed.
  - 6. The system of claim 1, wherein the content in the data store further comprises content that is obfuscated.
  - 7. The system of claim 1, wherein the content manager is further configured to provide a stream of bits that include at least one of a pseudo-random number, a decryption key, and a signature verification key.
  - 8. The system of claim 1, wherein the content provided to the client further comprises a block of content that is configured to cross validate another block of content that is also provided to the client by, in part, validating a digital signature associated with the other block of content.
  - 9. The system of claim 1, wherein the pre-set rate to change the content includes at least one of a periodic rate and a non-periodic rate.
  - 10. The system of claim 1, wherein the content manager is configured to perform further actions, comprising:
    - providing a stream of bits to the client, wherein the stream of bits cause an application on the client to generate a hash, based in part on data extracted at a defined point in the stream of bits; and
      
      if the resulting hash does not match another hash, causing the application to malfunction.

11. A method of securing content over a network, comprising:
- (a) receiving a request from a client for content associated with an application;
  
  (b) tagging a portion of the content as exclusively memory resident on the client;
  
  (c) determining if the client is authentic, by;
  
  determining a remote address and a local address associated with the client;
  
  concatenating the determine remote address and local address;
  
  hashing the results of the concatenation to generate a digest;
  
  receiving an authenticator from the client;
  
  combining the authenticator with the digest to generate a timestamp; and
  
  determining, in part, whether the client is authentic based on whether a value of the timestamp is within a window; and
  
  if the client is authentic,(i) providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided; and
  
  (ii)enabling the tagged portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising changing at a pre-set rate at least a portion of the content prior to providing the content to the client.
  - 13. The method of claim 11, further comprising ensuring that the client stores only a portion of content that is associated with the application.
  - 14. The method of claim 11, wherein receiving the request from the client further comprises receiving a content ticket from the client that includes at least one of a client'"'"'s local IP address, client'"'"'s remote IP addresses, a user'"'"'s account, a user name, a lifetime parameter, a portion of application content, a version identifier associated with an application, and a session key.
  - 15. The method of claim 14, wherein the content is encrypted and digitally signed.
  - 16. The method of claim 11, wherein the content further comprises at least one checksum block that is digitally signed and encrypted.
  - 17. The method of claim 11, wherein the content associated with the application further comprises content that is obfuscated.
  - 18. The method of claim 11, further comprising if the client is authentic providing a stream of bits that include at least one of a pseudo-random number, a decryption key, and a signature verification key.
  - 19. The method of claim 11, wherein the requested content further comprises a block of content that is configured to cross validate another block of content.

20. An apparatus for securing content over a network, comprising:
- (a) an interface configured to send the content and to receive a request for content associated with an application; and
  
  (b) coupled to the interface, a server configured to perform acts, comprising;
  
  receiving the request from a client for content associated with the application, wherein the request includes an authenticator that is associated to the client through a concatenation of the client'"'"'s remote Internet Protocol (IP) address and the client'"'"'s local IP address, the concatenation being hashed to generate a digest and the digest being subsequently combined with a timestamp;
  
  tagging a portion of the content as exclusively memory resident on the client; and
  
  determining if the client is authentic, and if the client is authentic,(1) providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided; and
  
  (2) enabling the tagged portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The apparatus of claim 20, further comprising changing the content at a pre-set rate.
  - 22. The apparatus of claim 20, wherein the server is further configured to provide a message that includes at least one of an instruction to cancel a client'"'"'s authentication and to modify a flow of content to an unauthentic client.
  - 23. The apparatus of claim 20, further comprising ensuring that the client store only a portion of the content associated with the application.
  - 24. The apparatus of claim 20, wherein receiving a request from the client further comprises receiving a content ticket from the client that includes at least one of a client'"'"'s local IP address, client'"'"'s remote IP addresses, a user'"'"'s account, a user name, a lifetime parameter, a portion of application content, a version identifier associated with an application, and a session key.

25. An apparatus securing content over a network, comprising:
- (a) a means for receiving a request from a client for content associated with an application, wherein the request includes an authenticator that is associated to the client though a concatenation of the client'"'"'s remote Internet Protocol (IP) address and the client'"'"'s local IP address, the concatenation being hashed to generate a digest and the digest being subsequently combined with a timestamp;
  
  (b) a means for determining if the client is authentic, and if the client is authentic,(i) a means for tagging a portion of the content as exclusively memory resident on the client;
  
  (ii) a means for providing the requested content to the client at a predetermined rate, wherein the provided content enables an application to start execution on the client before the content associated with the application is completely provided;
  
  (iii) a means for enabling the portion of the content to execute on the client, wherein the tagged portion of the content remains absent from a client'"'"'s permanent data store thereby reducing theft of the content; and
  
  (iv) a means for ensuring that the client stores only a portion of content that is associated with the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valve Corporation
Original Assignee
Valve Corporation
Inventors
Jones, Paul David, Newcombe, Christopher Richard, Birum, Derrick Jason, Ellis, Richard Donald
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/318,350
Publication Number

US 20030172270A1
Time in Patent Office

1,672 Days
Field of Search

709/246, 709/217, 726/27
US Class Current

713/155
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2463/101   applying security measures ...

H04L 41/0896   Bandwidth or capacity manag...

H04L 61/2514   between local and global IP...

H04L 63/045   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/06   specially adapted for file ...

H04L 67/1001   for accessing one among a p...

H04L 67/306   User profiles

H04L 67/34   involving the movement of s...

H04L 67/51   Discovery or management the...

H04L 67/53   using third party service p...

H04L 67/55   Push-based network services

H04L 67/62   Establishing a time schedul...

Method and system for enabling content security in a distributed system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling content security in a distributed system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links