Method and apparatus for secure delivery and rights management of digital content

US 7,493,499 B1
Filed: 05/22/2003
Issued: 02/17/2009
Est. Priority Date: 05/22/2003
Status: Active Grant

First Claim

Patent Images

1. Apparatus for secure distribution of digital content from a content server over a network to a user running a browser program in a workstation connected to the network, the apparatus comprising:

means for downloading a secure viewer program into the browser;

means in the viewer program for requesting a document containing content from the content server;

means in the content server for downloading an encrypted version of the requested document;

means in the viewer for performing a numerical calculation, using as one input encrypted document content in the encrypted version of the requested document and as another input information that is downloaded with the viewer program, to compute as a result a document identifier that cannot be derived solely from the encrypted version of the requested document and sending the document identifier to the content server;

means in the content server and responsive to the document identifier for downloading a decryption key to the viewer program; and

means in the viewer program for decrypting the encrypted version of the document and presenting the document content to the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure distribution system utilizes a content viewer that consists of an applet that is downloaded to a user'"'"'s conventional browser when the user logs into a publisher'"'"'s server. The content viewer requests a selected document from the server by referring to the document name or URL. The server retrieves the document and forwards it to the viewer in encrypted form. The viewer then computes a document identifier from the encrypted document and uses the identifier to request a key in order to decrypt the document. The key is forwarded from the server to the viewer that then decrypts the document and displays it in the viewer. Since the document is processed by the viewer and displayed only in a window associated with the viewer, none of the conventional browser functions has to be disabled. Further, since the document is downloaded in encrypted form, it cannot be stored or forwarded using the conventional browser.

72 Citations

View as Search Results

37 Claims

1. Apparatus for secure distribution of digital content from a content server over a network to a user running a browser program in a workstation connected to the network, the apparatus comprising:
- means for downloading a secure viewer program into the browser;
  
  means in the viewer program for requesting a document containing content from the content server;
  
  means in the content server for downloading an encrypted version of the requested document;
  
  means in the viewer for performing a numerical calculation, using as one input encrypted document content in the encrypted version of the requested document and as another input information that is downloaded with the viewer program, to compute as a result a document identifier that cannot be derived solely from the encrypted version of the requested document and sending the document identifier to the content server;
  
  means in the content server and responsive to the document identifier for downloading a decryption key to the viewer program; and
  
  means in the viewer program for decrypting the encrypted version of the document and presenting the document content to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1 wherein the secure viewer program comprises an applet that runs in the browser.
  - 3. The apparatus of claim 1 wherein the viewer generates a display area within the browser and wherein the document is presented within the display area.
  - 4. The apparatus of claim 1 wherein the document identifier is computed from the encrypted document content and a text string embedded in the viewer code.
  - 5. The apparatus of claim 1 wherein the content server comprises a key database and wherein the means for downloading a decryption key comprises means for using the document identifier to retrieve the decryption key from the key database.
  - 6. The apparatus of claim 1 further comprising a publishing tool that accepts plaintext documents, encrypts the plaintext documents and generates document identifiers for each encrypted document.
  - 7. The apparatus of claim 6 wherein the publishing tool comprises a file compressor that compresses each document before encrypting the document.
  - 8. The apparatus of claim 6 wherein the content server comprises a key database and wherein the publishing tool comprises a key encryptor that encrypts each decryption key before the each key is stored in the key database.
  - 9. The apparatus of claim 6 wherein the publishing tool computes a document identifier for each encrypted document from the encrypted document content and a text string embedded in the publishing tool code.
  - 10. The apparatus of claim 9 wherein the text string embedded in the viewer code is the same as the text string embedded in the publishing tool code.
  - 11. The apparatus of claim 1 wherein the content server comprises an encrypted document database for storing encrypted versions of documents and means responsive to the document identifier for retrieving the requested document.

12. A method for secure distribution of digital content from a content server over a network to a user running a browser program in a workstation connected to the network, the method comprising:
- (a) downloading a secure viewer program into the browser;
  
  (b) sending a request for a document containing content from the viewer program to the content server;
  
  (c) downloading an encrypted version of the requested document from the content server to the viewer;
  
  (d) computing a document identifier in the viewer as a result of a numerical calculation using as one input encrypted content in the encrypted version of the requested document and as another input information that is downloaded with the viewer program, which document identifier cannot be derived solely from the encrypted version of the requested document, and sending the document identifier to the content server;
  
  (e) downloading a decryption key to the viewer program from the content server in response to the document identifier; and
  
  (f) decrypting the encrypted version of the document in the viewer program and presenting the document content to the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12 wherein step (a) comprises downloading a viewer applet that runs in the browser.
  - 14. The method of claim 12 wherein step (f) comprises generating a display area within the browser and presenting the document within the display area.
  - 15. The method of claim 12 wherein step (d) comprises computing the document identifier from the encrypted document content and a text string embedded in the viewer code.
  - 16. The method of claim 12 wherein the content server comprises a key database and wherein step (e) comprises using the document identifier to retrieve the decryption key from the key database.
  - 17. The method of claim 12 further comprising the step of:
    - (g) encrypting plaintext documents at the content server using a publishing tool and(h) generating document identifiers for each encrypted document.
  - 18. The method of claim 17 wherein step (g) comprises compressing each document before encrypting the document.
  - 19. The method of claim 17 wherein the content server comprises a key database and wherein step (h) comprises encrypting each decryption key and storing the each key in the key database.
  - 20. The method of claim 17 wherein step (h) comprises generating a document identifier for each encrypted document from the encrypted document content and a text string embedded in the publishing tool code.
  - 21. The method of claim 20 wherein the text string embedded in the viewer code is the same as the text string embedded in the publishing tool code.
  - 22. The method of claim 12 wherein the content server comprises an encrypted document database for storing encrypted versions of documents and step (c) comprises retrieving the requested document from the encrypted document database in response to the document identifier.

23. A viewer for a secure digital content distribution system that distributes digital content from a content server over a network to a browser program in a workstation connected to the network, the viewer running in the browser program and comprising:
- means for generating in the browser a user interface that does not utilize the functions of the browser user interface, including a display area that is controlled exclusively by the viewer;
  
  means for requesting a document containing content from the content server;
  
  means for receiving an encrypted version of the requested document from the content server;
  
  means for calculating a document identifier as a result of a numerical computation using as one input encrypted content in the encrypted version of the requested document and as another input information that is downloaded with the viewer program, which document identifier cannot be derived solely from the encrypted version of the requested document and sending the document identifier to the content server;
  
  means for receiving a decryption key from the content server and decrypting the encrypted version of the document; and
  
  means for presenting the document content to the user in the viewer display area.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The viewer of claim 23 wherein the means for generating a user interface comprises an applet that runs in the browser.
  - 25. The viewer of claim 23 wherein the means for calculating the document identifier computes the document identifier from the encrypted document content and a text string embedded in code that implements the viewer.
  - 26. The viewer of claim 25 wherein the means for calculating the document identifier comprises:
    - a first one-way hashing mechanism that is responsive to the text string for generating a hashed text string;
      
      a second one-way hashing mechanism that is responsive to the encrypted document content for generating hashed document content; and
      
      a third one-way hashing mechanism that is responsive to the hashed text string and the hashed document content for generating the document identifier.
  - 27. The viewer of claim 23 wherein the user interface further comprises:
    - means for navigating within individual articles; and
      
      means for navigating from article to article.
  - 28. The viewer of claim 23 wherein the user interface further comprises:
    - means for setting bookmarks to selected articles; and
      
      means for printing selected articles.
  - 29. The viewer of claim 23 wherein the user interface further comprises:
    - means for communicating with a search engine located within the content server in order to search document content located within the content server.
  - 30. The viewer of claim 23 wherein the user interface further comprisesmeans for logging various user activities;
    - andmeans for communicating logged activities to the content server.

31. A content server for use in a secure distribution system that distributes digital content over a network to a user running a browser program in a workstation connected to the network, the content server comprising:
- a publishing tool that accepts plaintext documents, encrypts the plaintext documents and generates document identifiers for each encrypted document wherein each document identifier is calculated for each encrypted document as a result of a numerical computation using as one input the encrypted document content and as another input information that is not part of the encrypted document content, so that the document identifier cannot be derived solely from the encrypted document content;
  
  means for downloading a secure viewer program and the information that is not part of the encrypted document content into the browser;
  
  means responsive to a document request from the viewer program for downloading an encrypted version of the requested document containing encrypted content;
  
  means for receiving a document identifier that is computed in the viewer program as a result of a numerical computation using as one input the encrypted content and as another input the information that was downloaded with the viewer program, but which cannot be derived solely from the encrypted version of the requested document from the viewer program; and
  
  means responsive to the document identifier for downloading a decryption key to the viewer program.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The content server of claim 31 further comprising a key database and wherein the means for downloading a decryption key comprises means for using the document identifier to retrieve the decryption key from the key database.
  - 33. The content server of claim 31 wherein the publishing tool comprises a file compressor that compresses each document before encrypting the document.
  - 34. The content server of claim 31 wherein the content server comprises a key database and wherein the publishing tool comprises a key encryptor that encrypts each decryption key before the each key is stored in the key database.
  - 35. The content server of claim 31 wherein the publishing tool comprises means for calculating a document identifier for each encrypted document from the encrypted document content and a text string embedded in the publishing tool code.
  - 36. The content server of claim 35 wherein the means for calculating the document identifier comprises:
    - a first one-way hashing mechanism that is responsive to the text string for generating a hashed text string;
      
      a second one-way hashing mechanism that is responsive to the encrypted document content for generating hashed document content; and
      
      a third one-way hashing mechanism that is responsive to the hashed text string and the hashed document content for generating the document identifier.
  - 37. The content server of claim 31 further comprising an encrypted document database for storing encrypted versions of documents and means responsive to the document identifier for retrieving the requested document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Copyright Clearance Center, Inc.
Inventors
Deaver, John, Klebe, Skott C., Johnson, Woodrow W.
Primary Examiner(s)
Nalven; Andrew L

Application Number

US10/443,261
Time in Patent Office

2,098 Days
Field of Search

705/51, 713/193
US Class Current

713/193
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/10   Protecting distributed prog...

G06F 2221/2107   File encryption

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

Method and apparatus for secure delivery and rights management of digital content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure delivery and rights management of digital content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links