Method and apparatus for content protection in a secure content delivery system
First Claim
1. A server apparatus connectable to one or more requestor processes and at least one a source of titles over a computer network comprising:
- a processor;
a memory coupled to the processor;
a network interface coupled to the memory and processor;
conversion logic responsive to a unique identifier of a title and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and
activator generator logic responsive to the network interface and configured to generate an activator, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, said activator including keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user'"'"'s local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user'"'"'s local computer system.
-
Citations
16 Claims
-
1. A server apparatus connectable to one or more requestor processes and at least one a source of titles over a computer network comprising:
-
a processor; a memory coupled to the processor; a network interface coupled to the memory and processor; conversion logic responsive to a unique identifier of a title and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and activator generator logic responsive to the network interface and configured to generate an activator, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, said activator including keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer readable storage device or storage disk having computer usable program code embodied thereon, the computer program code comprising:
-
(a) network interface program code responsive to requests from a requestor process on a computer network; (b) conversion program code responsive to a unique identifier of a title supplied by a requestor process and configured to convert the unique identifier of the title into a location identifier indicating an address on the computer network where the title may be accessed; and generator program code configured to generate an activator for a requestor process, said activator comprising a bytecode object and representing a portion of client software for receiving and running said title, wherein the activator includes keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and a token authorizing access to said title for a predetermined time, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising a self-contained file system and at least one file for running said title without installing the title on a target system. - View Dependent Claims (8, 9, 10, 11)
-
-
12. In a server apparatus comprising a processor, memory and a network interface, and connectable to a computer network, a method for enabling requesting processes to access a title comprising:
-
(a) authenticating a launch string from a requesting process, wherein the launch string is digitally signed by said server and includes a unique identifier identifying a title received from a requesting process; (b) converting the unique identifier to a location identifier indicating an address of a source on the computer network where the title is accessible by launching a portable self-contained file system including files for executing said title without installing the title; (c) generating an activator wherein the activator includes keying material in obfuscated bytecode for decrypting the title located at the address indicated by the location identifier and wherein the activator comprises program code for determining a fixed period of time in which the source is accessible by the requesting process, the activator configured to communicate with said server to request a replacement activator and become inoperable when the activator fails to request the replacement activator, each activator uniquely associated with a client and uniquely associated with a briq object comprising said self-contained file system; and (d) forwarding the activator to the requesting process over the computer network wherein the requesting processes accesses the title associated with the location identifier and uses the keying material to decrypt the accessed title. - View Dependent Claims (13, 14, 15, 16)
-
Specification