System for digital rights management using distributed provisioning and authentication

US 8,364,951 B2
Filed: 12/30/2002
Issued: 01/29/2013
Est. Priority Date: 12/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user to a Digital Rights Management (DRM) client application, including an entitlement service for assigning authorization data for digital content to the DRM client application and an authentication service for verifying the identity of the DRM client application, the method comprising:

operating a ticket granting service at a first administrative domain, the first administrative domain controlling access to content delivery servers;

operating a first authentication service at a second administrative domain, the second administrative domain controlling access, for the DRM client application associated with a first set of human users, to second administrative domain content, wherein the first administrative domain is different from the second administrative domain;

operating a second authentication service at a third administrative domain, the third administrative domain controlling access, for a second set of human users, to third administrative domain content, wherein the second set of users are different from the first set of users,wherein each of the administrative domains shares an inter-realm key with the ticket granting service and each of the authentication services issues a ticket granting ticket which enables the DRM client application to request service tickets from the ticket granting service and;

granting the service ticket to the DRM client application from the ticket granting service, the service ticket containing authentication data which enables the DRM client application to access second administrative domain content via, one of the content delivery servers, and third administrative domain content via one of the content delivery servers.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations. Synchronization among the different PSs is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system via an appropriate protocol. The requests can be made from a single, dedicated authentication service, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.

49 Citations

View as Search Results

17 Claims

1. A method for providing access rights to content in a secure digital content distribution system, the system including a provisioning service for allocating rights to a human user to a Digital Rights Management (DRM) client application, including an entitlement service for assigning authorization data for digital content to the DRM client application and an authentication service for verifying the identity of the DRM client application, the method comprising:
- operating a ticket granting service at a first administrative domain, the first administrative domain controlling access to content delivery servers;
  
  operating a first authentication service at a second administrative domain, the second administrative domain controlling access, for the DRM client application associated with a first set of human users, to second administrative domain content, wherein the first administrative domain is different from the second administrative domain;
  
  operating a second authentication service at a third administrative domain, the third administrative domain controlling access, for a second set of human users, to third administrative domain content, wherein the second set of users are different from the first set of users,wherein each of the administrative domains shares an inter-realm key with the ticket granting service and each of the authentication services issues a ticket granting ticket which enables the DRM client application to request service tickets from the ticket granting service and;
  
  granting the service ticket to the DRM client application from the ticket granting service, the service ticket containing authentication data which enables the DRM client application to access second administrative domain content via, one of the content delivery servers, and third administrative domain content via one of the content delivery servers.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the secure digital content distribution system includes one or more of the following entities:
    - an authenticating central company, content providers, broadband operators;
      
      wherein each entity is associated with one or more physical locations, wherein the first, second and third locations are each at one of the administrative domains.

3. A secure digital content distribution system comprising:
- a first plurality of entities for providing authentication services, the plurality of entities being located at different administrative domains at different locations each other and controlling access to content at their respective administrative domain;
  
  a second plurality of entities for providing provisioning services based on information provided by one or more of the plurality of entities for providing authentication services;
  
  wherein each of the administrative domains shares an inter-realm key with a ticket granting service and each of the authentication services is configured to grant a ticket granting ticket to a client which enables it to request service tickets from the ticket granting service;
  
  the ticket granting service which is configured to grant the service ticket to the client, the service ticket containing authentication data which enables the client to access content at each of the administrative domains via each authentication service; and
  
  a session rights service which is configured to construct a session rights object (SRO), wherein the SRO includes at least one purchase option selected by the client,the client being a Digital Rights Management DRM client application associated with a user.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 4. The secure digital content distribution system of claim 3, further comprising the session rights service process for restricting client access to content based on one or more rules.
  - 5. The content distribution system of claim 4, wherein the rules are static.
  - 6. The content distribution system of claim 4, wherein the rules are dynamic.
  - 7. The content distribution system of claim 3, further comprising one or more entities for providing entitlement services to assign authorization data to a client.
  - 8. The content distribution system of claim 7, wherein the authorization data is used by a rights evaluation service to grant or deny access to content.
  - 9. The content distribution system of claim 7, wherein an entity for providing entitlement services is associated with a provisioning service.
  - 10. The content distribution system of claim 7, wherein an entity for providing entitlement services is associated with an authentication service.
  - 11. The content distribution system of claim 7, wherein a single, centralized entity for providing entitlement services is used.
  - 12. The content distribution system of claim 7, wherein first and second entitlement services assign different authorization data to a client.
  - 13. The content distribution system of claim 8, wherein the ticket-granting service contacts an entity for providing entitlement services to obtain authorization data.
  - 14. The content distribution system of claim 3, wherein an entity includes a local entity, the content distribution system further comprising an authentication portal associated with the local entity;
    - and a process for authenticating a client during initial provisioning.
  - 15. The content distribution system of claim 9, wherein a local entity includes a content provider.
  - 16. The content distribution system of claim 9, wherein a local entity includes a broadband operator.
  - 17. The content distribution system of claim 3, wherein the authentication service produces the ticket granting ticket, the ticket granting ticket including a client host identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Peterka, Petr, Medvinsky, Alexander
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US10/334,606
Publication Number

US 20040128499A1
Time in Patent Office

3,683 Days
Field of Search

713/155, 705 65- 69
US Class Current

713/155
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

System for digital rights management using distributed provisioning and authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System for digital rights management using distributed provisioning and authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links