Method and system for verifying entitlement to access content by URL validation
First Claim
1. A method comprising:
- performing a transaction between a user and a transaction system for purchase of user-specific rights to digital content delivered electronically;
storing a record of the transaction, wherein the record is accessible by the transaction system, and wherein the record entitles the user to exercise the user-specific rights to the digital content;
providing to a user device a resource address for accessing the digital content based on an authorization to exercise the user-specific rights, wherein the resource address comprises an encrypted string that represents, upon decryption, unique transaction identifier information and rights information associated with the user-specific rights, wherein the rights information specifies a maximum number of authorized downloads available to the user; and
providing access to the digital content identified by the resource address, based on the rights information, the unique transaction identifier, and the record of the transaction, in response to a successful validation of a user request to exercise the user-specific rights.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects include a mechanism of entitling users to transacted-for digital content access, indicating download authorization with discrete authentication URLs, and validating download attempts using each such URL. The authentication mechanism comprises producing an encrypted string included in a URL provided to a user. The encrypted string comprises transaction identifier information, and information about the transacted-for entitlement. When a user wishes to exercise the transacted-for entitlement, the user activates the URL, which is resolved to a location that has/can obtain access to the key(s) used in producing the encrypted string, decrypt the string, and use the information in it to validate the URL and the entitlement. The validation can use data retrieved from a database, using the transaction identifier as a key. The entitlement information included in the now-decrypted string can be compared with the prior download information. A byte range of requested by a browser using the URL can be used in validation, as well as how a particular authorization/validation should count for entitlement fulfillment.
8 Citations
22 Claims
-
1. A method comprising:
-
performing a transaction between a user and a transaction system for purchase of user-specific rights to digital content delivered electronically; storing a record of the transaction, wherein the record is accessible by the transaction system, and wherein the record entitles the user to exercise the user-specific rights to the digital content; providing to a user device a resource address for accessing the digital content based on an authorization to exercise the user-specific rights, wherein the resource address comprises an encrypted string that represents, upon decryption, unique transaction identifier information and rights information associated with the user-specific rights, wherein the rights information specifies a maximum number of authorized downloads available to the user; and providing access to the digital content identified by the resource address, based on the rights information, the unique transaction identifier, and the record of the transaction, in response to a successful validation of a user request to exercise the user-specific rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to perform steps comprising:
-
performing a transaction between a user and a transaction system for purchase of user-specific rights to digital content delivered electronically; storing a record of the transaction, wherein the record is accessible by the transaction system, and wherein the record entitles the user to exercise the user-specific rights to the digital content; providing to a user device a resource address for accessing the digital content based on an authorization to exercise the user-specific rights, wherein the resource address comprises an encrypted string that represents, upon decryption, unique transaction identifier information and rights information associated with the user-specific rights, wherein the rights information specifies a maximum number of authorized downloads available to the user; and providing access to the digital content identified by the resource address, based on the rights information, the unique transaction identifier, and the record of the transaction, in response to a successful validation of a user request to exercise the user-specific rights. - View Dependent Claims (19, 20)
-
-
21. A system comprising:
-
a processor; a memory storing instructions for controlling the processor to perform steps comprising; performing a transaction between a user and a transaction system for purchase of user-specific rights to digital content delivered electronically; storing a record of the transaction, wherein the record is accessible by the transaction system, and wherein the record entitles the user to exercise the user-specific rights to the digital content; providing to a user device a resource address for accessing the digital content based on an authorization to exercise the user-specific rights, wherein the resource address comprises an encrypted string that represents, upon decryption, unique transaction identifier information and rights information associated with the user-specific rights, wherein the rights information specifies a maximum number of authorized downloads available to the user; and providing access to the digital content identified by the resource address in response to a successful validation of a user request to exercise the user-specific rights based on the rights information, the unique transaction identifier, and the record of the transaction. - View Dependent Claims (22)
-
Specification