Licensing protected content to application sets
First Claim
1. At a computer system, which includes one or more processors, a method for providing access to protected content, the method comprising:
- an act of the computer system detecting that a user is attempting to access protected content through an application at the computer system, the protected content protected in accordance with a protection policy, the protection policy managed by a digital rights management system that includes a separate digital rights management server, the protection policy including an application set which identifies a set of applications that are allowed to access the protected content according to the protection policy;
prior to allowing the application to access the protected content;
an act of the computer system exchanging information with the digital rights management server, the information including one or more attributes of the computer system'"'"'s operating environment, the one or more attributes used by the digital rights management server to determine that the computer system is trusted to evaluate whether the application is in the application set;
based at least in part on the computer system exchanging information with the digital rights management server, an act of the computer system obtaining a user key corresponding to the user, the user key being usable for accessing the protected content, the user key issued by the digital rights management server after determining that the user is authorized to access the protected content and after determining that the computer system is trusted to evaluate whether the application is in the application set; and
an act of the computer system determining that the application is in the application set; and
subsequent to the computer system determining that the application is in the application set, an act of the computer system allowing the application to use the user key to access the protected content.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
18 Citations
20 Claims
-
1. At a computer system, which includes one or more processors, a method for providing access to protected content, the method comprising:
-
an act of the computer system detecting that a user is attempting to access protected content through an application at the computer system, the protected content protected in accordance with a protection policy, the protection policy managed by a digital rights management system that includes a separate digital rights management server, the protection policy including an application set which identifies a set of applications that are allowed to access the protected content according to the protection policy; prior to allowing the application to access the protected content; an act of the computer system exchanging information with the digital rights management server, the information including one or more attributes of the computer system'"'"'s operating environment, the one or more attributes used by the digital rights management server to determine that the computer system is trusted to evaluate whether the application is in the application set; based at least in part on the computer system exchanging information with the digital rights management server, an act of the computer system obtaining a user key corresponding to the user, the user key being usable for accessing the protected content, the user key issued by the digital rights management server after determining that the user is authorized to access the protected content and after determining that the computer system is trusted to evaluate whether the application is in the application set; and an act of the computer system determining that the application is in the application set; and subsequent to the computer system determining that the application is in the application set, an act of the computer system allowing the application to use the user key to access the protected content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20)
-
-
9. At a computer system, which includes one or more processors, a method for providing access to protected content, the method comprising:
-
an act of detecting that a user is attempting to access protected content through an application at the computer system, the protected content protected in accordance with a protection policy, the protection policy specified by a business owner of a business that originated the protected content, the protection policy indicating;
users that are authorized to access the content, operations authorized users are permitted to perform with respect to the protected content, computing environments that are permitted to access the content, and a set of applications that are permitted to access the content;an act of sending user identity information for the user to a content protection server; an act of sending one or more attributes of a computing environment of the computer system to the content protection server, including one or more attributes indicating that the computer system is sufficiently trusted to evaluate whether the application is in the set of applications that are permitted to access the content; an act of receiving a user key from the content protection server, the user key usable by the user to access the protected content, the user key returned from the content protection server to the computer system in response to authenticating the user based on the user identity information and in response to determining that the one or more attributes of the computing environment indicate that the computer system is sufficiently trusted to evaluate whether the application is in the set of applications that are permitted to access the content; an act of an operating system at the computer system determining if the application is included in the set of applications in the protection policy; and an act of the operating system appropriately regulating the application'"'"'s access to the protected content based on the determination, including; an act of permitting the application to access the protected content when the application is included in the set of applications in the protection policy; and an act of preventing the application form accessing the protected content when the application is not included in the set of applications in the protection policy. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer system, the computer system comprising:
-
one or more processors; system memory; and one or more computer-readable media having stored thereon computer executable instructions that, when executed by one of the processors, cause the computer system to provide access to protected content, including the following; detect that a user is attempting to access protected content through an application at the computer system, the protected content protected in accordance with a digital rights management (DRM) protection policy, the DRM protection policy specified by a business owner of a business that originated the protected content, the protection policy indicating;
users that are authorized to access the content, operations authorized users are permitted to perform with respect to the protected content, computing environments that are permitted to access the content, and a set of applications that are permitted to access the content;send user credentials for the user to a DRM server; send one or more system attributes of the computer system to the DRM server to indicate that the computing environment of the computer system can be trusted by the DRM server to evaluate whether the application at the computer system is in the set of applications that are permitted to access the content; receive a user key from the DRM server, the user key usable by the user to access the protected content, the user key returned from the DRM server to the computer system in response to authenticating the user with the user credentials and in response to determining that the one or more system attributes indicate a computing environment that can be trusted by the DRM server to evaluate whether the application is in the set of applications that are permitted to access the content according to the protection policy; an operating system at the computer system determining if the application is included in the set of applications in the protection policy, inclusion in the set of applications indicative of an application that is trusted to enforce operations authorized users are permitted to perform with respect to the protected content; and the operating system appropriately regulating the application'"'"'s access to the protected content based on the determination, including; permitting the application to enforce operations authorized users are permitted to perform with respect to the protected content when the application is included in the set of applications in the protection policy; and preventing the application from accessing the protected content when the application is not included in the set of applications in the protection policy. - View Dependent Claims (17, 18, 19)
-
Specification