Secure server plug-in architecture for digital rights management systems

US 7,631,318 B2
Filed: 06/28/2002
Issued: 12/08/2009
Est. Priority Date: 06/28/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system implemented at least in part by a computing device for providing digital rights management services, the system comprising:

a processor; and

a plurality of customized pipelines, implemented on the processor, that are unconditionally independent of one another, each customized pipeline is configured for providing a specific digital rights management service to a customer by executing a plurality of plug-in components of the customized pipeline in a sequential order from start to finish, the customized pipeline comprising;

a service program that provides a processing framework for performing the specific digital rights management service;

wherein plug-in options are selected from amongst a plurality of optional plug-in modular components,the plurality of plug-in components corresponding to the selected plug-in options are integrated into the processing framework according to a respective predefined set of interface rules,each of the plurality of plug-in components is denied direct access to data structures of the service program, the denial of direct access being implemented by controlling data interaction between each of the plurality of plug-in components and the service program,each of the plurality of plug-in components is validated for providing trust between the service program and each of the plurality of plug-in components,a first asynchronous component that is appended to an end point of the customized pipeline in the plurality of customized pipelines, the end point selected such that the first asynchronous component is operative only after all the plurality of plug-in components of the customized pipeline have performed their respective tasks, and wherein the first asynchronous component is configured to have no control over a processing of a request associated with the respective tasks performed by the plurality of plug-in components of the customized pipeline, anda second asynchronous component that is appended to the end point of the customized pipeline wherein the second asynchronous component operates in parallel with, and independent of, the first asynchronous component, and wherein the second asynchronous component is operative only after all the plurality of plug-in components of the customized pipeline have performed their respective tasks, the second asynchronous component configured to have no control over a processing of a request associated with the respective tasks performed by the plurality of plug-in components of the customized pipeline.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing digital rights management services are disclosed. Such a system includes a service program that provides a processing framework for performing a digital rights management service, such as publishing or licensing rights managed digital content. A plurality of plug-in components are provided, each of which performs a respective task associated with the digital rights management service. The plug-in components are integrated into the processing framework according to predefined sets of interface rules.

Citations

22 Claims

1. A system implemented at least in part by a computing device for providing digital rights management services, the system comprising:
- a processor; and
  
  a plurality of customized pipelines, implemented on the processor, that are unconditionally independent of one another, each customized pipeline is configured for providing a specific digital rights management service to a customer by executing a plurality of plug-in components of the customized pipeline in a sequential order from start to finish, the customized pipeline comprising;
  
  a service program that provides a processing framework for performing the specific digital rights management service;
  
  wherein plug-in options are selected from amongst a plurality of optional plug-in modular components,the plurality of plug-in components corresponding to the selected plug-in options are integrated into the processing framework according to a respective predefined set of interface rules,each of the plurality of plug-in components is denied direct access to data structures of the service program, the denial of direct access being implemented by controlling data interaction between each of the plurality of plug-in components and the service program,each of the plurality of plug-in components is validated for providing trust between the service program and each of the plurality of plug-in components,a first asynchronous component that is appended to an end point of the customized pipeline in the plurality of customized pipelines, the end point selected such that the first asynchronous component is operative only after all the plurality of plug-in components of the customized pipeline have performed their respective tasks, and wherein the first asynchronous component is configured to have no control over a processing of a request associated with the respective tasks performed by the plurality of plug-in components of the customized pipeline, anda second asynchronous component that is appended to the end point of the customized pipeline wherein the second asynchronous component operates in parallel with, and independent of, the first asynchronous component, and wherein the second asynchronous component is operative only after all the plurality of plug-in components of the customized pipeline have performed their respective tasks, the second asynchronous component configured to have no control over a processing of a request associated with the respective tasks performed by the plurality of plug-in components of the customized pipeline.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein one of the digital rights management service includes processing a publication request to publish rights managed digital content.
  - 3. The system of claim 2, wherein the plurality of plug-in components include a plug-in component for storing a rights label that includes a rights description, an encrypted content key, and a digital signature over both the rights description and the encrypted content key.
  - 4. The system of claim 2, wherein the plurality of plug-in components include a plug-in component for protecting a private key that is used in connection with encrypting and decrypting the rights managed digital content.
  - 5. The system of claim 2, wherein the plurality of plug-in components include a plug-in component for generating a certificate.
  - 6. The system of claim 2, wherein the plurality of plug-in components include a plug-in component for authenticating an entity submitting the publication request.
  - 7. The system of claim 2, wherein the plurality of plug-in components include a plug-in component for determining whether an entity submitting the publication request is authorized to publish the rights managed digital content in accordance with the publication request.
  - 8. The system of claim 1, wherein a digital rights management service include processing a license request to license rights managed digital content.
  - 9. The system of claim 8, wherein the plurality of plug-in components include a group expansion plug-in component for retrieving a user list based on a group identifier provided in the license request.
  - 10. The system of claim 8, wherein the plurality of plug-in components include a plug-in component for retrieving a rights label that includes a rights description, an encrypted content key, and a digital signature over both the rights description and the encrypted content key.
  - 11. The system of claim 8, wherein the plurality of plug-in components include a plug-in component for retrieving a certificate.
  - 12. The system of claim 8, wherein the plurality of plug-in components include a plug-in component for authenticating an entity submitting the license request.
  - 13. The system of claim 8, wherein the plurality of plug-in components include a plug-in component for determining whether an entity submitting the license request is authorized to use the rights managed digital content in accordance with the license request.
  - 14. The system of claim 1, wherein the plurality of plug-in components include at least one extension plug-in component that performs its respective task based on an occurrence of a prescribed event.
  - 15. The system of claim 14, wherein the extension plug-in component is adapted to halt processing of the service program.
  - 16. The system of claim 1, wherein a digital rights management service includes at least one of a) an activation service, b) an enrollment service, c) a certification service, and d) a federation service.

17. A method for providing digital rights management (DRM) services to a plurality of users, the method comprising:
- configuring, on a processor, a first pipeline in a plurality of customized pipelines for executing a first set of DRM plug-in components of the first pipeline in a sequential order from start to finish;
  
  configuring a second pipeline in the plurality of customized pipelines for executing a second set of DRM plug-in components of the second pipeline in a sequential order from start to finish, wherein the first pipeline and the second pipeline are unconditionally independent of one another;
  
  providing a service program that provides a processing framework for performing a specific digital rights management service;
  
  providing to a first user of the DRM services, a plurality of DRM plug-in options;
  
  selecting a first set of plug-in options from amongst the plurality of DRM plug-in options;
  
  configuring, on the processor, the first pipeline by integrating the first set of DRM plug-in components corresponding to the first set of plug-in options selected by the first user from the plurality of DRM plug-in options;
  
  providing to a second user of the DRM services, the plurality of DRM plug-in options;
  
  selecting a second set of plug-in options from amongst the plurality of DRM plug-in options;
  
  configuring the second pipeline by integrating the second set of DRM plug-in components corresponding to the second set of plug-in options selected by the second user from the plurality of DRM plug-in options, wherein the second set of DRM plug-in components is different than the first set of DRM plug-in components, and wherein the first and second set of DRM plug-in components corresponding to the selected plug-in options are integrated into the processing framework according to a respective predefined set of interface rules;
  
  denying each DRM plug-in component in the first and second set of DRM plug-in components direct access to data structures of the service program, the denial of direct access being implemented by controlling data interaction between each DRM plug-in component and the service program;
  
  validating each DRM plug-in component in the first and second set of DRM plug-in components for providing trust between the service program and each DRM plug-in component;
  
  appending a first asynchronous component to an end point of the first pipeline in the plurality of customized pipelines, wherein the end point is selected such that the first asynchronous component is operative only after all the first set of DRM plug-in components of the first pipeline have performed their respective tasks, and the first asynchronous component is configured to have no control over a processing of a request associated with the respective tasks performed by the first set of DRM plug-in components of the first pipeline; and
  
  appending a second asynchronous component to the end point of the first pipeline, wherein the second asynchronous component operates in parallel with, and independent of, the first asynchronous component, and the second asynchronous component is operative only after all the first set of DRM plug-in components of the first pipeline have performed their respective tasks, the second asynchronous component configured to have no control over a processing of a request associated with the respective tasks performed by the first set of DRM plug-in components of the first pipeline.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, wherein the first pipeline is a publishing pipeline and the second pipeline is a licensing pipeline, and wherein the publishing and licensing pipelines operate independent of one another.
  - 19. The method of claim 17, further comprising:
    - denying each of the first and second set of DRM plug-in components in the first and second pipelines, direct access to data structures of the service program that provides the DRM services.
  - 20. The method of claim 19, further comprising:
    - providing security by using replicated data for data interaction between the service program and each DRM plug-in component in the first and second pipelines.
  - 21. The method of claim 17, further comprising:
    - integrating an extension plug-in component into at least one of the first or second pipelines.
  - 22. The method of claim 17, wherein the first user is the same as the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malik, Prashant, Yarmolenko, Vladimir, Cottrille, Scott C., Krishnaswamy, Vinay, Kostal, Gregory, Waxman, Peter David, Venkatesh, Chandramouli, Lindeman, Thomas K., Byrum, Frank, Narin, Attilla
Primary Examiner(s)
Truong; Lechi

Application Number

US10/185,906
Publication Number

US 20040003139A1
Time in Patent Office

2,720 Days
Field of Search

719/310, 719/328, 713/400, 713151-194, 707/3, 726/17, 705/1
US Class Current

719/328
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Y10S 707/99933   Query processing, i.e. sear...

Secure server plug-in architecture for digital rights management systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure server plug-in architecture for digital rights management systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links