Safe distribution and use of content

US 8,543,824 B2
Filed: 04/20/2006
Issued: 09/24/2013
Est. Priority Date: 10/27/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying, by one or more first server computers, a content item;

creating, by one or more first server computers, a cryptographic hash of at least a portion of the content item;

storing the content item on one or more content distributors, the one or more content distributors different from the one or more first server computers;

creating, by one or more first server computers, a ticket file including the cryptographic hash and information relating to downloading the content item from one or more second server computers, the one or more second server computers different from the one or more first server computers;

receiving, by the one or more first server computers, a request for the content item from a user system;

distributing, from the one or more first server computers, the ticket file to the user system separate from the content item;

receiving, by the one or more first server computers, a notification from the user system that a verification of the content item using the cryptographic hash has failed; and

subsequent to receiving the notification that the verification of the content item using the cryptographic hash has failed, initiating, from the one or more first server computers, a security action against the one or more content distributors in response to the failed verification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic hash of content (e.g., applications, documents, widgets, software, music, videos, etc.) is created and made available for distribution over a network (or by other means) as part of a ticket file. The ticket file can be cryptographically signed to ensure its authenticity. The ticket file and content can be downloaded separately (e.g., from different websites) to a user system (e.g., a computer, mobile phone, media player/recorder, personal digital assistant (PDA), etc.). The user system verifies the signature of the ticket file and the content hash to ensure that the content has not been compromised. The ticket file can include information relating to downloading the content (e.g., a Uniform Resource Identifier (URI)) and other meta-data (e.g., hash type, content information, public key, size, version, etc.).

Citations

15 Claims

1. A method, comprising:
- identifying, by one or more first server computers, a content item;
  
  creating, by one or more first server computers, a cryptographic hash of at least a portion of the content item;
  
  storing the content item on one or more content distributors, the one or more content distributors different from the one or more first server computers;
  
  creating, by one or more first server computers, a ticket file including the cryptographic hash and information relating to downloading the content item from one or more second server computers, the one or more second server computers different from the one or more first server computers;
  
  receiving, by the one or more first server computers, a request for the content item from a user system;
  
  distributing, from the one or more first server computers, the ticket file to the user system separate from the content item;
  
  receiving, by the one or more first server computers, a notification from the user system that a verification of the content item using the cryptographic hash has failed; and
  
  subsequent to receiving the notification that the verification of the content item using the cryptographic hash has failed, initiating, from the one or more first server computers, a security action against the one or more content distributors in response to the failed verification.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, where creating a ticket file further comprises:
    - digitally signing the ticket file.
  - 3. The method of claim 1, where initiating the security action in response to the failed verification includes initiating the security action against at least one of the one or more second server computers.
  - 4. The method of claim 3, where initiating the security action comprises:
    - revoking a digital signature of the ticket file;
      
      storing a digital certificate associated with the ticked file in a certificate revocation list (CRL); and
      
      pushing the CRL to one or more user systems.
  - 5. The method of claim 3, where initiating the security action comprises:
    - preventing one or more user systems from downloading the content item, including preventing redirection of the one or more user systems to the at least one of the one or more second server computers.

6. A non-transitory computer-readable medium having stored thereon instructions which, when executed by one or more first server computers, causes the one or more first server computers to perform operations comprising:
- identifying a content item;
  
  creating a cryptographic hash of at least a portion of the content item;
  
  storing the content item on one or more content distributors, the one or more content distributors different from the one or more first server computers;
  
  creating a ticket file including the cryptographic hash and information relating to downloading the content item from one or more second server computers, the one or more second server computers different from the one or more first server computers;
  
  receiving, by the one or more first server computers, a request for the content item from a user system;
  
  distributing, from the one or more first server computers, the ticket file to the user system separate from the content item;
  
  receiving, by the one or more first server computers, a notification from the user system that a verification of the content item using the cryptographic hash has failed; and
  
  subsequent to receiving the notification that the verification of the content item using the cryptographic hash has failed, initiating, from the one or more first server computers, a security action against the one or more content distributors in response to the failed verification.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer-readable medium of claim 6, where creating a ticket file further comprises:
    - digitally signing the ticket file.
  - 8. The computer-readable medium of claim 6, whereinitiating the security action in response to the failed verification includes initiating the security action against at least one of the one or more second server computers.
  - 9. The computer-readable medium of claim 8, where initiating the security action comprises:
    - revoking a digital signature of the ticket file;
      
      storing a digital certificate associated with the ticked file in a certificate revocation list (CRL); and
      
      pushing the CRL to one or more user systems.
  - 10. The computer-readable medium of claim 8, where initiating the security action comprises:
    - preventing one or more user systems from downloading the content item, including preventing redirection of the one or more user systems to the at least one of the one or more second server computers.

11. A system, comprising:
- one or more first server computers configured to perform operations comprising;
  
  identifying a content item;
  
  creating a cryptographic hash of at least a portion of the content item;
  
  storing the content item on one or more content distributors, the one or more content distributors different from the one or more first server computers;
  
  creating a ticket file including the cryptographic hash and a path to the one or more content distributors, the path specifying one or more second server computers from which the content item is to be downloaded, the one or more second server computers different from the one or more first server computers;
  
  distributing, from the one or more first server computers, the ticket file to a user system upon a request to download content;
  
  receiving, by the one or more first server computers and from the user system a verification status, the verification status indicating whether the content downloaded to the user system according to the path included in the ticket file matches the cryptographic hash; and
  
  subsequent to receiving a the verification status that the verification of the content item using the cryptographic hash has failed, initiating a security action from the one or more first server computers against the one or more content distributors based on the verification status.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, where initiating the security action in response to the failed verification includes initiating the security action against at least one of the one or more second server computers.
  - 13. The system of claim 12, where initiating the security action comprises:
    - revoking a digital signature of the ticket file;
      
      storing a digital certificate associated with the ticked file in a certificate revocation list (CRL); and
      
      pushing the CRL to one or more user systems.
  - 14. The system of claim 12, where initiating the security action comprises:
    - preventing one or more user systems from downloading the content item, including preventing redirection of the one or more user systems to the at least one of the one or more second server computers.
  - 15. The system of claim 11, where creating a ticket file further comprises:
    - digitally signing the ticket file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Louch, John O., Stachowiak, Maciej, Sige, Aaron
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
To, Baotran N

Application Number

US11/409,276
Publication Number

US 20070101146A1
Time in Patent Office

2,714 Days
Field of Search

713/176, 713/155, 713/158, 713/172, 705/51, 380/232, 726/26
US Class Current

713/176
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/126 the source of the received ...

Safe distribution and use of content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Safe distribution and use of content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links