System and method for transparently authenticating a user to a digital rights management entity

US 8,707,404 B2
Filed: 08/28/2009
Issued: 04/22/2014
Est. Priority Date: 08/28/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

issuing a first credential from a digital rights management provider to a content provider, the first credential indicating that the content provider is trusted by the digital rights management provider to generate an authentication token relating to content that is to be distributed by the content provider;

receiving, by the digital rights management provider from a remote computer system, an activation request that includes the authentication token generated by the content provider, wherein the authentication token has been (a) digitally signed by the content provider using the first credential and (b) sent to the remote computer system when the remote computer system accesses the content provider for its content;

verifying, by the digital rights management provider, the authentication token by determining that the authentication token was at least partially generated based on the first credential issued to the content provider to confirm that the content provider is authorized by the digital rights management provider to distribute the content; and

in response to verifying the authentication token, issuing, by the digital rights management provider, to the remote computer system one or more user credentials for performing one or more of;

communication with the content provider or decryption of the content that is distributed by the content provider.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials.

19 Citations

View as Search Results

10 Claims

1. A computer-implemented method comprising:
- issuing a first credential from a digital rights management provider to a content provider, the first credential indicating that the content provider is trusted by the digital rights management provider to generate an authentication token relating to content that is to be distributed by the content provider;
  
  receiving, by the digital rights management provider from a remote computer system, an activation request that includes the authentication token generated by the content provider, wherein the authentication token has been (a) digitally signed by the content provider using the first credential and (b) sent to the remote computer system when the remote computer system accesses the content provider for its content;
  
  verifying, by the digital rights management provider, the authentication token by determining that the authentication token was at least partially generated based on the first credential issued to the content provider to confirm that the content provider is authorized by the digital rights management provider to distribute the content; and
  
  in response to verifying the authentication token, issuing, by the digital rights management provider, to the remote computer system one or more user credentials for performing one or more of;
  
  communication with the content provider or decryption of the content that is distributed by the content provider.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprising, in response to verifying the authentication token, generating, by the digital rights management provider, a stored identifier of a digital rights management account associated with a user of the remote computer system.
  - 3. The computer-implemented method of claim 1, wherein:
    - the authentication token indicates a user identifier identifying a user of the remote computer system; and
      
      the method further comprises generating, by the digital rights management provider, (a) a stored identifier of a digital rights management account associated with the user, and (b) a stored mapping of the digital rights management account to the user identifier.
  - 4. The computer-implemented method of claim 1, wherein the method further comprises:
    - issuing a second credential from the digital rights management provider to a second content provider, the second credential indicating that the second content provider is trusted by the digital rights management provider to generate a second authentication token relating to content that is to be distributed by the second content provider;
      
      receiving, by the digital rights management provider, a second activation request that includes the second authentication token generated by the second content provider, wherein the second authentication token has been (a) digitally signed by the second content provider using the second credential and (b) sent to the remote computer system when the remote computer system accesses the second content provider for its content;
      
      verifying, by the digital rights management provider, the second authentication token by determining that the second authentication token was at least partially generated based on the second credential issued to the secondcontent provider to confirm that the second content provider is authorized by the digital rights management provider to distribute content; and
      
      in response to verifying the second authentication token, issuing, by the digital rights management provider, to the remote computer system one or more user credentials for performing one or more of;
      
      communication with the second content provider or decryption of the content received from the second content provider.
  - 5. The computer-implemented method of claim 1, further comprising receiving, by the digital rights management provider, a message indicating an identifier of a digital rights management account associated with a user of the remote computer system, wherein the one or more user credentials are issued in response to verification of (a) the authentication token and (b) the identifier of the digital rights management account.

6. A system comprising a digital rights management provider that comprises:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to;
  
  issue a first credential from the digital rights management provider to a content provider, the first credential indicating that the content provider is trusted by the digital rights management provider to generate an authentication token relating to content that is to be distributed by the content provider;
  
  receive an activation request from a remote computer system in regard to the content, wherein the activation request includes the authentication token generated by the content provider, and wherein the authentication token has been (a) digitally signed by the content providerusing the first credential and (b) sent to the remote computer system when the remote computer system accesses the content provider for its content;
  
  verify the authentication token by determining that the authentication token was at least partially generated based on the first credential issued to the content provider to confirm that the content provider is authorized by the digital rights management provider to distribute content; and
  
  in response to verifying the authentication token, issue, to the remote computer system one or more user credentials for performing one or more of;
  
  communication with the content provider or decryption of the content that is distributed by the content provider.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the program instructions are further executable by the one or more processors to, in response to verifying the authentication token, generate a stored identifier of a digital rights management account associated with a user of the remote computer system.
  - 8. The system of claim 6, wherein:
    - the authentication token indicates a user identifier identifying a user of the remote computer system; and
      
      the program instructions are further executable by the one or more processors to generate (a) a stored identifier of a digital rights management account associated with the user, and (b) a stored mapping of the digital rights management account to the user identifier.
  - 9. The system of claim 6, wherein the program instructions are further executable by the one or more processors to:
    - issue a second credential from the digital rights management provider to a second content provider, the second credential indicating that the second content provider is trusted by the digital rights management provider to generate a second authentication token relating to content that is to be distributed by the second content provider;
      
      receive a second activation request from the remote computer system in regard to the content that is to be distributed by the second content provider, wherein the activation request includes the second authentication token generated by the second content provider, and wherein the second authentication token has been (a) digitally signed by the second content provider using the second credential and (b) sent to the remote computer system when the remote computer system accesses the second content provider for its content;
      
      verify the second authentication token by determining that the second authentication token was at least partially generated based on the second credential issued to the second content provider to confirm that the second content provider is authorized by the digital rights management provider to distribute content; and
      
      in response to verifying the second authentication token, issue, to the remote computer system one or more user credentials for performing one or more of;
      
      communication with the second content provider or decryption of content received from the second content provider.
  - 10. The system of claim 6, wherein:
    - the program instructions are further executable by the one or more processors to receive a message indicating an identifier of a digital rights management account associated with a user of the remote computer system; and
      
      the one or more user credentials are issued in response to verification of (a) the authentication token and (b) the identifier of the digital rights management account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Sorotokin, Peter, Lester, James L., Agrawal, Sunil C., Sheretov, Andrei
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Alata, Ayoub

Application Number

US12/550,265
Publication Number

US 20130125223A1
Time in Patent Office

1,698 Days
Field of Search

726/2, 726 6- 7
US Class Current

726/6
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

System and method for transparently authenticating a user to a digital rights management entity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

System and method for transparently authenticating a user to a digital rights management entity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others