Enabling content security in a distributed system
First Claim
Patent Images
1. A system for securing content over a network, comprising:
- a client device configured and arranged to receive content, comprising;
a memory component that is arranged for temporal content storage; and
a permanent-memory based storage component that is arranged for non-temporal content storage; and
a secure content manager that is configured to perform actions, including;
receiving a first portion of content of an application that is tagged to be exclusively memory resident at the memory component of the client device;
receiving a second portion of the content of the application that is untagged, such that the second portion is enabled to be stored on the client device'"'"'s permanent-memory based storage component;
receiving a request for the content from the client device, wherein the request includes an authenticator associated with the client device, the authenticator determining if the client is authentic by;
determining a remote address and a local address associated with the client device,concatenating the determined remote address and the local address,determining a digest based on the concatenation,determining a timestamp based on the digest and the authenticator, andemploying the timestamp to determine whether the client device is authentic;
if the client device is authentic based, in part, on the authenticator;
providing, over the network, at least the first portion of the content and the second portion of the content to the client device, wherein the first portion of the content is exclusively memory resident at the memory component on the client device, and the second portion of the content is storable on the client device'"'"'s permanent-memory based storage component;
receiving, in response to a change in the content, another request from the client device for another portion of the content that is required for continued execution of the application at the client device; and
providing, over the network, the other portion of the content to the client device.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system are directed towards enabling content security in a distributed environment. The system includes a data store for content associated with an application that may be tagged as exclusively memory resident at a client. The content may also be encrypted and digitally signed. When an authenticated client requests the content, it is provided at a constrained rate that enables a portion of the content to start execution on the client before the application associated with the content is completely downloaded. Additional portions of the content are provided to the client when the additional portions are required for execution by the application.
-
Citations
18 Claims
-
1. A system for securing content over a network, comprising:
-
a client device configured and arranged to receive content, comprising; a memory component that is arranged for temporal content storage; and a permanent-memory based storage component that is arranged for non-temporal content storage; and a secure content manager that is configured to perform actions, including; receiving a first portion of content of an application that is tagged to be exclusively memory resident at the memory component of the client device; receiving a second portion of the content of the application that is untagged, such that the second portion is enabled to be stored on the client device'"'"'s permanent-memory based storage component; receiving a request for the content from the client device, wherein the request includes an authenticator associated with the client device, the authenticator determining if the client is authentic by; determining a remote address and a local address associated with the client device, concatenating the determined remote address and the local address, determining a digest based on the concatenation, determining a timestamp based on the digest and the authenticator, and employing the timestamp to determine whether the client device is authentic; if the client device is authentic based, in part, on the authenticator; providing, over the network, at least the first portion of the content and the second portion of the content to the client device, wherein the first portion of the content is exclusively memory resident at the memory component on the client device, and the second portion of the content is storable on the client device'"'"'s permanent-memory based storage component; receiving, in response to a change in the content, another request from the client device for another portion of the content that is required for continued execution of the application at the client device; and providing, over the network, the other portion of the content to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of securing content over a network, comprising:
-
tagging a first portion of content to be exclusively memory resident at a memory component arranged for temporal content storage at a client device; determining a second portion of the content to be untagged, such that the second portion is enabled to be stored on the client device'"'"'s permanent data store device; receiving a request for the content from the client device, wherein the request includes an authenticator associated with the client device; determining if the client device is authentic based on the authenticator; and if the client device is authentic, providing, over the network, at least the first portion of the content and the second portion of the content to the client device, wherein the first portion of the content is loaded exclusively as memory resident on the memory component of the client device, and the second portion of the content is loaded on the client device'"'"'s permanent data store device, wherein determining if the client is authentic further comprises; determining a remote address and a local address associated with the client device; concatenating the determined remote address and the local address; determining a digest based on the concatenation; determining a timestamp based on the digest and the authenticator; and employing the timestamp to determine whether the client device is authentic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for securing content over a network, comprising:
-
memory for storing data and instructions; and a processor that includes instructions for executing the instructions to perform actions, including; receiving a request for content from a client device having a permanent data storage component; tagging a portion of the content to be exclusively memory resident on a memory component arranged for temporal content storage at the client device, while another portion of the content remains untagged such that the other portion is configured to be storable on the permanent data storage component; receiving a content ticket that includes an authenticator; employing the content ticket and the authenticator to determine whether the client device is allowed access to the requested content; and if the client device is allowed access, providing, over the network, the tagged portion of the content and the untagged other portion of the content to the client device, wherein the tagged portion of the content is loaded as exclusively memory resident on the memory component of the client device, while the untagged other portion of the content is loadable on the client device'"'"'s permanent data storage component, wherein employing the authenticator to determine whether the client device is allowed access further comprises; determining a remote address and a local address associated with the client device; concatenating the determined remote address and the local address; determining a digest based on the concatenation; determining a timestamp based on the digest and the authenticator; and employing the timestamp to determine whether the client device is authentic. - View Dependent Claims (16, 17, 18)
-
Specification