Methods and systems for scalable distribution of protected content
First Claim
1. A computerized device, comprising:
- a network interface; and
a data processing hardware element,wherein the data processing hardware element is configured to implement a content player, wherein the content player is configured to obtain a parameter value from a content stream accessed by the content player via the network interface, the content stream comprising encrypted content requested by the content player and an embedded license, the embedded license comprising a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key accessible by the content player, the parameter value specifying a digital signature,wherein the content player is configured to;
obtain an electronic token based on performing an authentication process for authenticating a client associated with the computerized device;
access the content stream without performing the authentication process;
determine that the electronic token is present and is signed with the digital signature specified by the parameter value obtained from the content stream, anduse the global key to decrypt the content key based on determining that the electronic token signed with the specified digital signature is present.
2 Assignments
0 Petitions
Accused Products
Abstract
A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.
15 Citations
18 Claims
-
1. A computerized device, comprising:
-
a network interface; and a data processing hardware element, wherein the data processing hardware element is configured to implement a content player, wherein the content player is configured to obtain a parameter value from a content stream accessed by the content player via the network interface, the content stream comprising encrypted content requested by the content player and an embedded license, the embedded license comprising a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key accessible by the content player, the parameter value specifying a digital signature, wherein the content player is configured to; obtain an electronic token based on performing an authentication process for authenticating a client associated with the computerized device; access the content stream without performing the authentication process; determine that the electronic token is present and is signed with the digital signature specified by the parameter value obtained from the content stream, and use the global key to decrypt the content key based on determining that the electronic token signed with the specified digital signature is present. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method, comprising:
-
associating a content item with a parameter value associated with an electronic token, the parameter value specifying a digital signature used to sign the token; providing the electronic token to a content player application executed at a client device via a network connection based on performing an authentication process for authenticating a client associated with the client device, the electronic token comprising electronic content signed with the digital signature specified by the parameter value; and responsive to receiving a request for the content item from the client device; embedding data specifying the parameter value in a content stream comprising an encrypted version of the content item, and providing the content stream to the client device, the content stream including the encrypted version of the content item and the embedded data specifying the parameter value wherein the content stream is provided to the client device without performing the authentication process in response to the request for the content item. - View Dependent Claims (14)
-
-
9. A computer program product comprising a non-transitory computer readable medium embodying program code, the program code comprising:
-
program code for obtaining an electronic token based on performing an authentication process for authenticating a client associated with a computing device; program code for accessing a content stream using a network interface of the computing device without performing the authentication process, the content stream comprising encrypted content requested by a content player, a parameter value specifying a digital signature, and an embedded license that includes a content key that is useable for decrypting the encrypted content and that is encrypted according to a global key; program code for identifying the digital signature from the parameter value in the content stream comprising the encrypted content requested by the content player; program code for determining that the electronic token is present on the computing device and that the electronic token is signed with the digital signature specified by the parameter value; and program code for using the global key to decrypt the content key based on determining that the electronic token is present and is signed with the digital signature specified by the parameter value. - View Dependent Claims (10, 11, 12, 13)
-
-
15. A method comprising:
-
obtaining an electronic token based on performing an authentication process for authenticating a client associated with a computing device; accessing a content stream using a network interface of the computing device without performing the authentication process, the content stream comprising encrypted content requested by a content player, a parameter value specifying a digital signature, and an embedded license that includes a content key encrypted according to a global key; identifying the digital signature from the parameter value in the content stream comprising the encrypted content requested by the content player; determining that the electronic token is present on the computing device and that the electronic token is signed with the digital signature specified by the parameter value; and using the global key to decrypt the content key based on determining that the electronic token is present and is signed with the digital signature specified by the parameter value. - View Dependent Claims (16, 17, 18)
-
Specification