Digital rights management (DRM)-enabled policy management for a service provider in a federated environment

US 8,196,177 B2
Filed: 10/16/2008
Issued: 06/05/2012
Est. Priority Date: 10/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method, operative at a service provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider entity together with an identity provider entity participate in a federation, comprising:

receiving a message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;

in response to receiving the message, obtaining and evaluating the DRM privileges associated with the end user against a DRM policy, the DRM policy being distinct from the DRM license; and

based on the evaluation, providing the end user a response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method operative at a service provider enforces a digital rights management (DRM) scheme associated with a piece of content. The service provider typically is a content provider. The service provider is an entity that participates in a “federation” with one or more other entities including, for example, an identity provider, a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins upon receipt at the service provider of a single sip on (SSO) message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with an end user requesting access to the piece of content. In response to receiving the message, the service provider as necessary obtains the DRM privileges and at least one applicable DRM policy. It then evaluates the DRM privileges associated with the end user against the DRM policy, and provides the end user a response.

39 Citations

View as Search Results

23 Claims

1. A method, operative at a service provider entity, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider entity together with an identity provider entity participate in a federation, comprising:
- receiving a message generated by the identity provider entity that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;
  
  in response to receiving the message, obtaining and evaluating the DRM privileges associated with the end user against a DRM policy, the DRM policy being distinct from the DRM license; and
  
  based on the evaluation, providing the end user a response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method as described in claim 1 wherein the message is a single sign-on (SSO) message generated by the identity provider entity upon authentication of the end user by the identity provider entity.
  - 3. The method as described in claim 1 wherein the DRM policy is available locally at the service provider entity.
  - 4. The method as described in claim 1 wherein, when the DRM policy is not available locally at the service provider entity, the method further includes the steps of:
    - generating a DRM policy evaluation request that includes the DRM privileges;
      
      forwarding the DRM policy evaluation request to an entity in the federation; and
      
      receiving a response to the DRM policy evaluation request.
  - 5. The method as described in claim 4 wherein the response to DRM policy evaluation request indicates that access to the given piece of content is permitted.
  - 6. The method as described in claim 1 wherein the DRM privileges are available locally at the service provider entity.
  - 7. The method as described in claim 1 wherein, when the DRM privileges are not available locally at the service provider entity, the method further includes obtaining the DRM privileges from an entity in the federation.
  - 8. The method as described in claim 1 wherein, when the DRM privileges are not available locally at the service provider entity, the method further includes obtaining the DRM privileges from the user.
  - 9. The method as described in claim 8 wherein the DRM privileges are obtained from the user directly.
  - 10. The method as described in claim 8 wherein the DRM privileges are obtained by having user cause a third entity to provide the DRM privileges.
  - 11. The method as described in claim 1 further including:
    - receiving the DRM privileges from a third entity in the federation;
      
      generating a DRM policy evaluation request that includes the DRM privileges;
      
      forwarding the DRM policy evaluation request to a fourth entity in the federation; and
      
      receiving a response to the DRM policy evaluation request from the fourth entity.
  - 12. The method as described in claim 11 wherein the third entity provides a service of managing DRM privileges on behalf of users within the federation.
  - 13. The method as described in claim 11 wherein the fourth entity provides a service of managing DRM policy within the federation.
  - 14. The method as described in claim 11 wherein the third and fourth entity are a single entity within the federation that manages DRM privileges on behalf of users and also manages DRM policy within the federation.
  - 15. The method as described in claim 1 wherein the message includes a pointer to an assertion containing the DRM privileges associated with the end user, and wherein the service provider requests an exchange of the pointer for the assertion to obtain the DRM privileges.

16. A method, operative at a service provider, for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, wherein the service provider participates in a federation that also includes an identity provider, a DRM privileges provider, and a DRM policy provider, comprising:
- receiving a message generated by the identity provider that includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;
  
  in response to receiving the message, determining whether the DRM privileges are available for evaluation;
  
  if the DRM privileges are not available for evaluation, retrieving the DRM privileges from the DRM privileges provider;
  
  determining whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license;
  
  if the DRM policy is to be evaluated and is not available, retrieving a DRM policy from the DRM policy provider; and
  
  evaluating the DRM privileges against the DRM policy.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method as described in claim 16 wherein the DRM privileges provider and the DRM policy provider are a single service provider within the federation.
  - 18. The method as described in claim 16 wherein the identity provider and the DRM privileges provider are a single service provider within the federation.
  - 19. The method as described in claim 16 wherein the service provider and the DRM privileges provider are a single service provider within the federation.
  - 20. The method as described in claim 16 wherein the identity provider and the DRM policy provider are a single service provider within the federation.
  - 21. The method as described in claim 16 wherein the service provider and the DRM policy provider are a single service provider within the federation.

22. A data processing system for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, the system comprising;
- a processor;
  
  code executable by the processor and responsive to receipt of a message generated by an identity provider, wherein the message includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;
  
  code executable by the processor and responsive to receipt of the message to determine whether the DRM privileges are available for evaluation;
  
  code executable by the processor to retrieve the DRM privileges from a DRM privileges provider if the DRM privileges are not available for evaluation;
  
  code executable by the processor to determine whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license;
  
  code executable by the processor to retrieve the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and
  
  code executable by the processor to evaluate the DRM privileges against the DRM policy.

23. A computer program product stored in a non-transitory computer-readable medium and executable in a processor for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein the piece of content has an associated DRM license consisting of a decryption key, a set of rights, and an identifier of a device associated with an end user and upon which the piece of content is permitted to be rendered, comprising:
- code responsive to receipt of a message generated by an identity provider, wherein the message includes a reference to a set of DRM privileges associated with the end user requesting access to the piece of content, the set of DRM privileges being distinct from the DRM license;
  
  code responsive to receipt of the message to determine whether the DRM privileges are available for evaluation;
  
  code to retrieve the DRM privileges from a DRM privileges provider if the DRM privileges are not available for evaluation;
  
  code to determine whether a DRM policy is to be evaluated and is available, the DRM policy being distinct from the DRM license;
  
  code to retrieve the DRM policy from a DRM policy provider if the DRM policy is to be evaluated and is not available; and
  
  code to evaluate the DRM privileges against the DRM policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, I, Heather Maria
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Mohammadi, Fahimeh

Application Number

US12/252,384
Publication Number

US 20100100924A1
Time in Patent Office

1,328 Days
Field of Search

726 1- 2, 726/27, 380247-250, 713155-159
US Class Current

726/1
CPC Class Codes

G06F 21/10 Protecting distributed prog...

Digital rights management (DRM)-enabled policy management for a service provider in a federated environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Digital rights management (DRM)-enabled policy management for a service provider in a federated environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links