Digital rights management (DRM)-enabled policy management for a service provider in a federated environment
First Claim
1. A method, operative at a service provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider entity together with an identity provider entity participate in a federation, comprising:
- receiving a message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;
in response to receiving the message, obtaining and evaluating the DRM privileges associated with the end user against a DRM policy, the DRM policy being distinct from the DRM license; and
based on the evaluation, providing the end user a response.
1 Assignment
0 Petitions
Accused Products
Abstract
A method operative at a service provider enforces a digital rights management (DRM) scheme associated with a piece of content. The service provider typically is a content provider. The service provider is an entity that participates in a “federation” with one or more other entities including, for example, an identity provider, a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins upon receipt at the service provider of a single sip on (SSO) message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with an end user requesting access to the piece of content. In response to receiving the message, the service provider as necessary obtains the DRM privileges and at least one applicable DRM policy. It then evaluates the DRM privileges associated with the end user against the DRM policy, and provides the end user a response.
39 Citations
23 Claims
-
1. A method, operative at a service provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider entity together with an identity provider entity participate in a federation, comprising:
-
receiving a message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license; in response to receiving the message, obtaining and evaluating the DRM privileges associated with the end user against a DRM policy, the DRM policy being distinct from the DRM license; and based on the evaluation, providing the end user a response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, operative at a service provider, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider participates in a federation that also includes an identity provider, a DRM privileges provider, and a DRM policy provider, comprising:
-
receiving a message generated by the identity provider that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license; in response to receiving the message, determining whether the DRM privileges are available for evaluation; if the DRM privileges are not available for evaluation, retrieving the DRM privileges from the DRM privileges provider; determining whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license; if the DRM policy is to be evaluated and is not available, retrieving a DRM policy from the DRM policy provider; and evaluating the DRM privileges against the DRM policy. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A data processing system for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, the system comprising;
-
a processor; code executable by the processor and responsive to receipt of a message generated by an identity provider, wherein the message includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license; code executable by the processor and responsive to receipt of the message to determine whether the DRM privileges are available for evaluation; code executable by the processor to retrieve the DRM privileges from a DRM privileges provider if the DRM privileges are not available for evaluation; code executable by the processor to determine whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license; code executable by the processor to retrieve the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and code executable by the processor to evaluate the DRM privileges against the DRM policy.
-
-
23. A computer program product stored in a non-transitory computer-readable medium and executable in a processor for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, comprising:
-
code responsive to receipt of a message generated by an identity provider, wherein the message includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license; code responsive to receipt of the message to determine whether the DRM privileges are available for evaluation; code to retrieve the DRM privileges from a DRM privileges provider if the DRM privileges are not available for evaluation; code to determine whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license; code to retrieve the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and code to evaluate the DRM privileges against the DRM policy.
-
Specification