Access control and key management system for streaming media

US 8,255,989 B2
Filed: 06/12/2002
Issued: 08/28/2012
Est. Priority Date: 09/26/2001
Status: Active Grant

First Claim

Patent Images

1. In a communication network, a method for controlling access by a client to a data stream from a caching server, the method comprising:

receiving, from a Key Distribution Centre (KDC), authorization data generated at the KDC, the authorization data including at least one subscription option selected by the client for the data stream;

receiving, from a content provider, a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for the data stream, and at least one rule that governs access by the client to the data stream, wherein the session rights object cannot be modified by the client;

comparing, by the caching server, the session rights object and the authorization data to determine whether the client is authorized to access the data stream, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option; and

transferring a decryption key data and an encrypted data stream to the client when the client is authorized to access the data stream.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A session rights object and authorization data are used for defining a consumer'"'"'s access right to a media content stream. The access rights are determined at a caching server remotely located from the consumer rather than locally at the end user site. In a first aspect, in a computing network having a content provider, a key distribution center, a caching server and a client, a method for controlling client access to a real-time data stream from the caching server, is disclosed. The method includes receiving, by the client, a session rights object from a content provider, the session rights object defining access rules for accessing the real-time data stream; receiving, by the client, authorization data from the key distribution center, the authorization data defining the client'"'"'s access rights to the real-time data stream; forwarding to the caching server the session rights object and the authorization data; comparing, by the caching server, the session rights object with the authorization data to determine client authorization; and if the client is authorized, streaming, by the caching server, the real-time data stream to the client.

46 Citations

View as Search Results

10 Claims

1. In a communication network, a method for controlling access by a client to a data stream from a caching server, the method comprising:
- receiving, from a Key Distribution Centre (KDC), authorization data generated at the KDC, the authorization data including at least one subscription option selected by the client for the data stream;
  
  receiving, from a content provider, a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for the data stream, and at least one rule that governs access by the client to the data stream, wherein the session rights object cannot be modified by the client;
  
  comparing, by the caching server, the session rights object and the authorization data to determine whether the client is authorized to access the data stream, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option; and
  
  transferring a decryption key data and an encrypted data stream to the client when the client is authorized to access the data stream.
- View Dependent Claims (2, 5)
- - 2. The method of claim 1, wherein the encrypted data stream is a real-time data stream from the caching server to the client.
  - 5. The method of claim 1, wherein said at least one purchase option selected by the client include pay per view, pay per time, and number of viewings.

3. A method for controlling access by a client to a real-time data stream from a caching server located within a computing network, the method comprising:
- receiving authorization data generated at a key distribution center, the authorization data including at least one subscription option selected by the client for accessing the real-time data stream;
  
  receiving a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for accessing the real-time data stream, and at least one rule that governs access by the client to the real-time data stream, wherein the session rights object cannot be modified by the client;
  
  forwarding, by the client, the session rights object and the authorization data to the caching server; and
  
  receiving a decryption key data and an encrypted real-time data stream when a comparison, performed by the caching server, of the session rights object and the authorization data determines, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option, that the client is authorized to access the real-time data stream.
- View Dependent Claims (4, 6, 7)
- - 4. The method of claim 3, wherein said at least one subscription option selected by the client comprises any one or more of client geographic location data, list of services subscribed by the client, subscription identification, and the client'"'"'s ability to pay for the real-time data stream.
  - 6. The method of claim 3, wherein the session rights object contains any one or more geographic location black outs, purchase options for the real-time data stream, and content identification.
  - 7. The method of claim 6, wherein the content identification is a URI (uniform resource identifier).

8. A system for controlling access by a client system to a real-time data stream from a caching server located within a computing network, the system comprising:
- the client system further comprising at least a first processor configured to perform steps of;
  
  receiving, from a content provider, a session rights object that includes at least one purchase option selected by the client system for the real-time data stream, and at least one rule that governs access by the client system to the real-time data stream, wherein the session rights object cannot be modified by the client;
  
  receiving authorization data, from a Key Distribution centre (KDC), that includes at least one subscription option selected by the client system for the real-time data stream;
  
  forwarding the session rights object and the authorization data; and
  
  receiving a decryption key data and an encrypted real-time data stream; and
  
  the caching server further comprising at least a second processor configured to perform steps of;
  
  receiving the session rights object and the authorization data;
  
  comparing the session rights object and the authorization data to determine, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option, whether the client system is authorized to access the real-time data stream; and
  
  transmitting a decryption key data and the encrypted real-time data stream to the client system when the client system is authorized to access the real-time data stream.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, further comprising:
    - the KDC further comprising at least a third processor configured to perform steps of;
      
      generating the authorization data; and
      
      forwarding the authorization data to the client system.
  - 10. The method of claim 8, further comprising:
    - a content provider further comprising at least a third processor configured to perform steps of;
      
      generating the session rights object; and
      
      forwarding the session rights object to the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander, Peterka, Petr, Moroney, Paul
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US10/170,951
Publication Number

US 20030063752A1
Time in Patent Office

3,730 Days
Field of Search

726/9, 726/7, 726/17, 726/19, 713/194, 713/186, 382/115
US Class Current

726/19
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 63/0407   wherein the identity of one...

H04L 63/0457   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 65/65   Network streaming protocols...

H04L 65/70   Media network packetisation

Access control and key management system for streaming media

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Access control and key management system for streaming media

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links