Method and apparatus for content protection in a secure content delivery system

US 7,690,039 B2
Filed: 07/13/2004
Issued: 03/30/2010
Est. Priority Date: 11/16/1998
Status: Expired due to Term

First Claim

Patent Images

1. A server apparatus connectable to one or more requestor processes and at least one a source of titles over a computer network comprising:

a processor;

a memory coupled to the processor;

a network interface coupled to the memory and processor;

conversion logic responsive to a unique identifier of a title and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and

activator generator logic responsive to the network interface and configured to generate an activator, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, said activator including keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user'"'"'s local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user'"'"'s local computer system.

Citations

16 Claims

1. A server apparatus connectable to one or more requestor processes and at least one a source of titles over a computer network comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a network interface coupled to the memory and processor;
  
  conversion logic responsive to a unique identifier of a title and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and
  
  activator generator logic responsive to the network interface and configured to generate an activator, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, said activator including keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server apparatus of claim 1 wherein the activator generation logic comprises program logic for receiving data identifying a requestor process and for generating an activator.
  - 3. The server apparatus of claim 1 wherein an activator comprises cryptographic data useful to a requestor process for processing a title.
  - 4. The server apparatus of claim 1 wherein the activator comprises a token containing data identifying a time period in which the requestor process may access the source.
  - 5. The server apparatus of claim 1 wherein the conversion logic comprises program logic for comparing the unique identifier of a title with a plurality of location identifiers stored in the memory.
  - 6. The server apparatus of claim 1 wherein the conversion logic further comprises a database for storing one or more location identifiers and database query logic for accessing the database.

7. A computer readable storage device or storage disk having computer usable program code embodied thereon, the computer program code comprising:
- (a) network interface program code responsive to requests from a requestor process on a computer network;
  
  (b) conversion program code responsive to a unique identifier of a title supplied by a requestor process and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and
  
  generator program code configured to generate an activator for a requestor process, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, wherein the activator includes keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer readable storage device or storage disk of claim 7 wherein the activator comprises cryptographic data useful to a requestor process for processing title data.
  - 9. The computer readable storage device or storage disk of claim 7 wherein the activator comprises a token containing data identifying a time period in which the requestor may access the source.
  - 10. The computer readable storage device or storage disk of claim 7 wherein the conversion program code comprises program code for comparing a unique identifier of a title with a plurality of location identifiers stored in the server apparatus memory.
  - 11. The computer readable storage device or storage disk of claim 7 wherein the conversion program code further comprises database program code for storing one or more location identifiers and further comprises database query program code for accessing the database program code and the location identifiers contained therein.

12. In a server apparatus comprising a processor, memory and a network interface, and connectable to a computer network, a method for enabling requesting processes to access a title comprising:
- (a) authenticating a launch string from a requesting process, wherein the launch string is digitally signed by said server and includes a unique identifier identifying a title received from a requesting process;
  
  (b) converting the unique identifier to a location identifier indicating an address of a source on the computer network where the title is accessible by launching a portable self-contained file system including files for executing said title without installing the title;
  
  (c) generating an activator wherein the activator includes keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and wherein the activator comprises program code for determining a fixed period of time in which the source is accessible by the requesting process, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising said self-contained file system; and
  
  (d) forwarding the activator to the requesting process over the computer network wherein the requesting processes accesses the title associated with the location identifier and uses the keying material to decrypt the accessed title.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 wherein the activator comprises cryptographic data useful to the requesting process for decrypting title data.
  - 14. The method of claim 12 wherein the step of converting the unique identifier comprises:
    - (b.1) comparing the unique identifier with a plurality of unique identifiers stored in the memory; and
      
      (b.2) retrieving a location identifier associated with the unique identifier, if a match occurs.
  - 15. The method of claim 12 wherein the step of converting a unique identifier into a location identifier comprises:
    - (b.1) maintaining a plurality of unique identifiers within a database, selected of the unique identifiers having associated therewith a location identifier; and
      
      (b.2) querying the database for a specific location identifier associated with a unique identifier received from a requesting process.
  - 16. The method of claim 12 wherein step (c) comprises the step of combining cryptographic data with one or more byte codes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Softricity Inc (Microsoft Corporation)
Inventors
Eichin, Mark W., Schmeidler, Yonah, Atkins, Derek, Rostcheck, David J.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
PATEL, NIRAV B

Application Number

US10/889,811
Publication Number

US 20050021613A1
Time in Patent Office

2,086 Days
Field of Search

726 26- 33, 713/185, 713/193, 713/150, 380200-202, 380228-223, 709/229.225, 709/203, 707/1, 707/100, 705/50, 705/51, 705/57, 705 53- 56, 725/87, 725/91, 725/143, 725/145, 725/25
US Class Current

726/26
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2137   Time limited access, e.g. t...

G06Q 30/06   Buying, selling or leasing ...

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2872   Termination of subscriber c...

H04L 12/4633   Interconnection of networks...

H04L 2463/102   applying security measure f...

H04L 47/2408   for supporting different se...

H04L 63/04   for providing a confidentia...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 67/06   specially adapted for file ...

H04L 67/34   involving the movement of s...

H04L 67/62   Establishing a time schedul...

H04N 21/23106   involving caching operation...

H04N 21/2312   Data placement on disk arra...

H04N 21/2347   involving video stream encr...

H04N 21/2402   Monitoring of the downstrea...

H04N 21/2408   Monitoring of the upstream ...

H04N 21/2541 : Rights Management protectin...

H04N 21/25435 : involving characteristics o...

H04N 21/26216 : involving the channel capac...

H04N 21/4331 : Caching operations, e.g. of...

H04N 21/4405 : involving video stream decr...

H04N 21/4627 : Rights management associate...

H04N 21/47202 : for requesting content on d...

H04N 21/8186 : specially adapted to be exe...

H04N 7/1675 : Providing digital key or au...

H04N 7/17318 : Direct or substantially dir...

View All

Method and apparatus for content protection in a secure content delivery system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for content protection in a secure content delivery system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links