Access control and key management system for streaming media
First Claim
1. In a communication network, a method for controlling access by a client to a data stream from a caching server, the method comprising:
- receiving, from a Key Distribution Centre (KDC), authorization data generated at the KDC, the authorization data including at least one subscription option selected by the client for the data stream;
receiving, from a content provider, a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for the data stream, and at least one rule that governs access by the client to the data stream, wherein the session rights object cannot be modified by the client;
comparing, by the caching server, the session rights object and the authorization data to determine whether the client is authorized to access the data stream, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option; and
transferring a decryption key data and an encrypted data stream to the client when the client is authorized to access the data stream.
4 Assignments
0 Petitions
Accused Products
Abstract
A session rights object and authorization data are used for defining a consumer'"'"'s access right to a media content stream. The access rights are determined at a caching server remotely located from the consumer rather than locally at the end user site. In a first aspect, in a computing network having a content provider, a key distribution center, a caching server and a client, a method for controlling client access to a real-time data stream from the caching server, is disclosed. The method includes receiving, by the client, a session rights object from a content provider, the session rights object defining access rules for accessing the real-time data stream; receiving, by the client, authorization data from the key distribution center, the authorization data defining the client'"'"'s access rights to the real-time data stream; forwarding to the caching server the session rights object and the authorization data; comparing, by the caching server, the session rights object with the authorization data to determine client authorization; and if the client is authorized, streaming, by the caching server, the real-time data stream to the client.
-
Citations
10 Claims
-
1. In a communication network, a method for controlling access by a client to a data stream from a caching server, the method comprising:
-
receiving, from a Key Distribution Centre (KDC), authorization data generated at the KDC, the authorization data including at least one subscription option selected by the client for the data stream; receiving, from a content provider, a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for the data stream, and at least one rule that governs access by the client to the data stream, wherein the session rights object cannot be modified by the client; comparing, by the caching server, the session rights object and the authorization data to determine whether the client is authorized to access the data stream, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option; and transferring a decryption key data and an encrypted data stream to the client when the client is authorized to access the data stream. - View Dependent Claims (2, 5)
-
-
3. A method for controlling access by a client to a real-time data stream from a caching server located within a computing network, the method comprising:
-
receiving authorization data generated at a key distribution center, the authorization data including at least one subscription option selected by the client for accessing the real-time data stream; receiving a session rights object generated by a content provider, the session rights object including at least one purchase option selected by the client for accessing the real-time data stream, and at least one rule that governs access by the client to the real-time data stream, wherein the session rights object cannot be modified by the client; forwarding, by the client, the session rights object and the authorization data to the caching server; and receiving a decryption key data and an encrypted real-time data stream when a comparison, performed by the caching server, of the session rights object and the authorization data determines, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option, that the client is authorized to access the real-time data stream. - View Dependent Claims (4, 6, 7)
-
-
8. A system for controlling access by a client system to a real-time data stream from a caching server located within a computing network, the system comprising:
-
the client system further comprising at least a first processor configured to perform steps of; receiving, from a content provider, a session rights object that includes at least one purchase option selected by the client system for the real-time data stream, and at least one rule that governs access by the client system to the real-time data stream, wherein the session rights object cannot be modified by the client; receiving authorization data, from a Key Distribution centre (KDC), that includes at least one subscription option selected by the client system for the real-time data stream; forwarding the session rights object and the authorization data; and receiving a decryption key data and an encrypted real-time data stream; and the caching server further comprising at least a second processor configured to perform steps of; receiving the session rights object and the authorization data; comparing the session rights object and the authorization data to determine, based on comparing the at least one rule against the authorization data, and based on comparing the at least one rule against the at least one purchase option, whether the client system is authorized to access the real-time data stream; and transmitting a decryption key data and the encrypted real-time data stream to the client system when the client system is authorized to access the real-time data stream. - View Dependent Claims (9, 10)
-
Specification