Digital rights management engine systems and methods

US 8,776,216 B2
Filed: 10/18/2006
Issued: 07/08/2014
Est. Priority Date: 10/18/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authorizing access to a piece of electronic content on a host computer system, the method comprising:

receiving a request from a user of the host computer system to access the piece of electronic content;

retrieving a license associated with the piece of electronic content, the license comprising a control object, a controller object, a protector object, and a content key object;

retrieving a first control program from the control object;

executing the first control program using a digital rights management engine running on the host computer system to determine whether the request is granted, including determining that a path of valid link objects exists between nodes in a first authorization graph from a first node associated with the user to a second node associated with the host computer system, wherein each link object represents a relationship between two entities in an authorization graph, wherein a link object is valid if all of one or more conditions expressed by the link object are met; and

executing a second control program included in a first link object using the digital rights management engine running on the host computer system to determine whether all of the one or more conditions expressed by the first link object are satisfied, wherein the one or more conditions expressed by the first link object includes a time restriction, and wherein the first authorization graph is formed by adding the first link object to a second authorization graph.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for performing digital rights management. In one embodiment, a digital rights management engine is provided that evaluates license associated with protected content to determine if a requested access or other use of the content is authorized. In some embodiments, the licenses contain control programs that are executable by the digital rights management engine.

258 Citations

11 Claims

1. A method of authorizing access to a piece of electronic content on a host computer system, the method comprising:
- receiving a request from a user of the host computer system to access the piece of electronic content;
  
  retrieving a license associated with the piece of electronic content, the license comprising a control object, a controller object, a protector object, and a content key object;
  
  retrieving a first control program from the control object;
  
  executing the first control program using a digital rights management engine running on the host computer system to determine whether the request is granted, including determining that a path of valid link objects exists between nodes in a first authorization graph from a first node associated with the user to a second node associated with the host computer system, wherein each link object represents a relationship between two entities in an authorization graph, wherein a link object is valid if all of one or more conditions expressed by the link object are met; and
  
  executing a second control program included in a first link object using the digital rights management engine running on the host computer system to determine whether all of the one or more conditions expressed by the first link object are satisfied, wherein the one or more conditions expressed by the first link object includes a time restriction, and wherein the first authorization graph is formed by adding the first link object to a second authorization graph.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, in which the controller object is configured to bind the control object with the content key object.
  - 3. The method of claim 1, wherein the time restriction requires that the current time be on before a predefined time.
  - 4. The method of claim 1, wherein the time restriction requires that the current time be after a predetermined time.
  - 5. The method of claim 1, in which at least one of the one or more conditions expressed by the link object comprises a requirement that the second control program not have been previously executed more than a predefined number of times.
  - 6. The method of claim 1, in which at least one of the one or more conditions expressed by the link object comprises a requirement that a counter stored in memory not exceed a predefined value.
  - 7. The method of claim 1, in which at least one of the one or more conditions expressed by the link object comprises a requirement that a predefined event not have previously occurred.
  - 8. The method of claim 1, in which at least one of the one or more conditions expressed by the first control program comprises a requirement that the host computer system must have one or more predefined characteristics.
  - 9. The method of claim 1, in which at least one of the one or more conditions expressed by the first control program comprises a requirement that software running on the host computer system for rendering the piece of electronic content be unable to export the piece of electronic content to a predefined interface.

10. A method of authorizing a given action to be performed on a piece of electronic content, the method comprising:
- executing a first control program using a virtual machine running on a first digital rights management engine, the first control program being configured to determine whether the given action on the piece of electronic content is authorized, wherein the first control program is configured to evaluate a first set of one or more conditions that must be satisfied in order for the given action to be authorized, and wherein at least one of the first set of one or more conditions comprises a requirement that each link object be valid among one or more link objects along a path of link objects between nodes in a first authorization graph from a first node representing a first entity to a second node representing a second entity;
  
  retrieving the one or more link objects, each of the link objects expressing a relationship between two entities, wherein a link object is valid if all of one or more conditions expressed by the link object have been met, and a first link object includes a second control program configured to evaluate one or more conditions all of which must be satisfied in order for the first link object to be considered valid; and
  
  executing the second control program using the digital rights management engine running on the host computer system to determine whether all of the one or more conditions expressed by the first link object are satisfied, wherein the one or more conditions expressed by the first link object includes a time restriction, and wherein the first authorization graph is formed by adding the first link object to a second authorization graph.
- View Dependent Claims (11)
- - 11. The method of claim 10, in which at least one of the conditions comprises a requirement that a counter stored in memory not exceed a predefined value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Boccon-Gibod, Gilles, Boeuf, Julien G.
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/583,693
Publication Number

US 20070180519A1
Time in Patent Office

2,820 Days
Field of Search

726/21, 726 26- 27
US Class Current

726/21
CPC Class Codes

G06F 21/1013   to locations

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/202   Interconnection or interact...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/302   involving the integer facto...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Digital rights management engine systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

258 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Digital rights management engine systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

258 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links