Method for communicating entitlement data from a server, related server, client systems and computer program product

US 8,442,236 B2
Filed: 12/29/2005
Issued: 05/14/2013
Est. Priority Date: 12/29/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of communicating a set of entitlement data from a server to at least one client, the set of entitlement data including a set of predicates representative of entitlement of the at least one client to access corresponding content data stored on the server, comprising the steps of:

determining a set of keys each corresponding to a predicate in said set of predicates, wherein each key in said set of keys is determined by varying said key and calculating a result of a non-invertible function being applied to a bit until said result is equal to the corresponding predicate;

causing said server and said at least one client to share said non-invertible function and one of said set of keys and said bit string; and

transmitting from said server to said at least one client the other remaining one of said set of keys and said selected bit string that is not shared with said at least one client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server communicates a set of entitlement data representative of the entitlement of a client to access corresponding contents data by using a set of keys and a non-invertible cryptographic function. The cryptographic function is applied to a set of candidate bit strings using the set of keys to find a selected bit string that produces the set of entitlement data as a result of the application of the non-invertible cryptographic function by using the keys in the set. The server and the client share the cryptographic function as well as the set of keys (or the selected bit string). The server transmits to the client the selected bit string (or the set of keys). In either case, the client is thus in a position to apply the cryptographic function to the selected string of bits by using the set of keys, thereby reconstructing the set of entitlement data.

16 Citations

View as Search Results

17 Claims

1. A method of communicating a set of entitlement data from a server to at least one client, the set of entitlement data including a set of predicates representative of entitlement of the at least one client to access corresponding content data stored on the server, comprising the steps of:
- determining a set of keys each corresponding to a predicate in said set of predicates, wherein each key in said set of keys is determined by varying said key and calculating a result of a non-invertible function being applied to a bit until said result is equal to the corresponding predicate;
  
  causing said server and said at least one client to share said non-invertible function and one of said set of keys and said bit string; and
  
  transmitting from said server to said at least one client the other remaining one of said set of keys and said selected bit string that is not shared with said at least one client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the non-invertible function is a non-invertible cryptographic function.
  - 3. The method of claim 1, comprising selecting said bit string out of a set of candidate bit strings.
  - 4. The method of claim 1, comprising the steps of:
    - causing said server and said at least one client to share said non-invertible function and said set of keys; and
      
      transmitting from said server to the at least one client said bit string.
  - 5. The method of claim 1, wherein said non-invertible function has a uniform distribution of outputs as a function of inputs.
  - 6. The method of claim 1, wherein said non-invertible function is a message authentication code function.
  - 7. The method of claim 6, wherein said non-invertible function is a HMAC-x function where x is selected from the group:
    - HAVAL,MD2, MD4, MD5,N-Hash,RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-3U,SHA, SHA-0, SHA-1 and SHA-2, SHA-256, SHA-384, SHA-512,Snefru, Snefru-2Tiger,Whirlpool, Whirlpool-0GOST-Hash,HAS-160, HAS-V,Panama, andMGF1.
  - 8. The method of claim 7, wherein said non-invertible function is selected from the group:
    - HMAC-SHA-1 andHMAC-MD5.
  - 9. The method of claim 3, comprising the steps of:
    - orderly selecting said keys in said set of keys; and
      
      subsequently using each key orderly selected in said set of keys for applying said non-invertible cryptographic function to newly generated candidate bit strings in said set of candidate bit strings.
  - 10. The method of claim 1, comprising the steps of:
    - partitioning said set of entitlement data into at least a first and a second subset of entitlement data; and
      
      applying said non-invertible function and keys of said set of keys to said at least a first and a second subset of entitlement data to produce at least a first and a second bit string that respectively produce said at least a first and a second subset of entitlement data as a result of a non-invertible cryptographic function being applied to said at least a first and a second bit string by using said set of keys, whereby said set of entitlement data is expressed by the concatenation of said at least a first and a second bit string.
  - 11. The method of claim 10, wherein said at least a first and a second subset of entitlement data comprise the same amount of entitlement data.
  - 12. The method of claim 1, further comprising the steps of:
    - receiving at said client the other of said set of keys and said bit string; and
      
      applying said cryptographic function to said string of bits by using said set of keys, thereby reconstructing at said client said set entitlement data.
  - 13. The method of claim 12, comprising the steps of:
    - said server associating with said entitlement data parametric values expressing conditions for access by said at least one client to corresponding contents data; and
      
      said client associating said parametric values to said entitlement data in said set as reconstructed at said client as a function of the order in which the corresponding bits are in said string of bits.
  - 14. A server system capable of communicating according to the method of claim 1, and comprising a set of entitlement data representative of entitlement of at least one client to access corresponding content data, said server system being configured for sharing with said at least one client a noninvertible function and one of a set of keys and a bit string and for transmitting to said at least one client the remaining one of said set of keys and said bit string that is not shared with said at least one client.
  - 15. The server system of claim 14, wherein said server system is implemented as a special purpose hardware processor configured for applying said non-invertible function to a string of bits by using said set of keys.
  - 16. A client system cooperable with the server system of claim 14, comprising:
    - a client system configured for;
      
      receiving from said server system the other of said set of keys and said bit string; and
      
      applying said non-invertible function to a string of bits by using said set of keys, thereby reconstructing said set of entitlement data.
  - 17. A non-transitory computer readable medium encoded with a computer program product, loadable into a memory of at least one computer, the computer program product comprising software code portions for performing the method of claim 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
Balestri, Massimo, De Petris, Gianluca, Silano, Barbara
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Anderson, Michael D

Application Number

US12/087,220
Publication Number

US 20090034743A1
Time in Patent Office

2,693 Days
Field of Search

380/28, 380/285, 713/170
US Class Current

380/285
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3242   involving keyed hash functi...

H04N 21/2541   Rights Management protectin...

H04N 21/835   Generation of protective da...

Method for communicating entitlement data from a server, related server, client systems and computer program product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for communicating entitlement data from a server, related server, client systems and computer program product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links