Binding content to a domain

US 8,843,413 B2
Filed: 02/13/2004
Issued: 09/23/2014
Est. Priority Date: 02/13/2004
Status: Active Grant

First Claim

Patent Images

1. At a central domain server in a rights management system that protects content from being consumed by unauthorized devices in a wide area network, the central domain server configured to enforce domain membership for other computing devices that request access to digitally protected content in the wide area network, a method of enforcing digital rights within the confines of a content license used when consuming content within a domain by validating domain membership criteria set by a content provider, the method comprising acts of:

the central domain server receiving a first request from a first computing device for creating a domain and for receiving a domain identification for the domain;

in response to the first request, the central domain server creating a first domain certificate for the first computing device, the first domain certificate including the domain identification, the domain identification uniquely binding content licenses to the domain, the content licenses comprising one or more usage rights that define how content associated with the licenses may be consumed by any members of the domain;

the central domain server sending the first domain certificate to the first computing device such that the first computing device is established as a member of and the domain manager for the domain;

the central domain server subsequently receiving a second request generated by the second computing device, the second request for the second computing device becoming a member of the domain and for the second computing device receiving the domain identification, the second request including device specific information uniquely identifying the second computing device;

in response to the second request, the central domain server enforcing digital rights by validating domain membership criteria set by the content provider through at least both of (1) a velocity check that determines how many requestors have both joined and unjoined from the domain within a predetermined period of time; and

(2) a proximity check that checks how close the second computing device is to the first computing device, the domain membership criteria defines a minimum proximal closeness required of the second computing device relative to the first computing device;

upon validation of the domain membership criteria that a predetermined frequency of requestors both joining and unjoining the domain over the predetermined period of time has not been exceeded, the central domain server creating a second domain certificate for the second computing device, the second domain certificate including the device specific information and the domain identification;

the central domain server sending the second domain certificate to the second computing device for establishing the second computing device as member of the domain;

the central domain server receiving a third request from the content provider for verifying the domain identification, the third request including the domain identification sent by the content provider when the content provider receives a request for content from a member of the domain; and

in response to the third request, the central domain server sending a verification to the content provider that the domain identification is valid, such that the central domain server centrally regulates content access for both the first and second computing devices through membership in the domain in accordance with the desires of the content provider.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides for a digital rights management system with a centralized domain service capable of creating and managing membership criteria for joining a domain in accordance with business rules defined by a content owner. A domain identification is created that allows a content provider to uniquely bind content licenses to a domain. The content licenses include usage rights that define how content associated with the licenses may be consumed by one or more members of the domain. The centralized domain service can enforce digital rights by validating membership criteria including at least one of a domain proximity check for validating that a requestor is in close proximity to the domain, a total number of requestors, or the frequency that the requests have been made by various requestors to join the domain and unjoin from the domain.

Citations

19 Claims

1. At a central domain server in a rights management system that protects content from being consumed by unauthorized devices in a wide area network, the central domain server configured to enforce domain membership for other computing devices that request access to digitally protected content in the wide area network, a method of enforcing digital rights within the confines of a content license used when consuming content within a domain by validating domain membership criteria set by a content provider, the method comprising acts of:
- the central domain server receiving a first request from a first computing device for creating a domain and for receiving a domain identification for the domain;
  
  in response to the first request, the central domain server creating a first domain certificate for the first computing device, the first domain certificate including the domain identification, the domain identification uniquely binding content licenses to the domain, the content licenses comprising one or more usage rights that define how content associated with the licenses may be consumed by any members of the domain;
  
  the central domain server sending the first domain certificate to the first computing device such that the first computing device is established as a member of and the domain manager for the domain;
  
  the central domain server subsequently receiving a second request generated by the second computing device, the second request for the second computing device becoming a member of the domain and for the second computing device receiving the domain identification, the second request including device specific information uniquely identifying the second computing device;
  
  in response to the second request, the central domain server enforcing digital rights by validating domain membership criteria set by the content provider through at least both of (1) a velocity check that determines how many requestors have both joined and unjoined from the domain within a predetermined period of time; and
  
  (2) a proximity check that checks how close the second computing device is to the first computing device, the domain membership criteria defines a minimum proximal closeness required of the second computing device relative to the first computing device;
  
  upon validation of the domain membership criteria that a predetermined frequency of requestors both joining and unjoining the domain over the predetermined period of time has not been exceeded, the central domain server creating a second domain certificate for the second computing device, the second domain certificate including the device specific information and the domain identification;
  
  the central domain server sending the second domain certificate to the second computing device for establishing the second computing device as member of the domain;
  
  the central domain server receiving a third request from the content provider for verifying the domain identification, the third request including the domain identification sent by the content provider when the content provider receives a request for content from a member of the domain; and
  
  in response to the third request, the central domain server sending a verification to the content provider that the domain identification is valid, such that the central domain server centrally regulates content access for both the first and second computing devices through membership in the domain in accordance with the desires of the content provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
- - 2. The method of claim 1, wherein the domain identification expires within a time period set by the centralized domain service.
  - 3. The method of claim 2, further comprising the acts of:
    - receiving, at the centralized domain service, a renewal request to extend the domain identification expiration time period.
  - 4. The method of claim 1, wherein the domain membership criteria further includes at least a total number of requestors to join the domain and unjoin from the domain.
  - 5. The method of claim 1, wherein receiving the second request includes receiving the proximity data in the second request, and wherein receiving the proximity data includes identifying at least one of the time it took a token that includes the proximity data to travel from the first computing device to the second computing device, or the number of intermediary nodes that the token traveled across between the first computing device and the second computing device.
  - 6. The method of claim 5, wherein the centralized domain service includes the domain manager, and wherein the domain manager requested the creation of the domain from a centralized domain server, which created the domain identification.
  - 7. The method of claim 5, wherein the domain manager receives one or more requests for tokens for a second domain.
  - 8. The method of claim 1, wherein the centralized domain service revokes the domain identification.
  - 17. The method of claim 5, wherein the minimum network proximity includes at least one of a minimum time for the token to travel from the first computing device to the second computing device, or a minimum number of intermediary nodes for the token travel across between the first computing device and the second computing device.

9. A computer program product for use at a central domain server in a rights management system that protects content from being consumed by unauthorized devices in a wide area network, the central domain server configured to enforce domain membership for other computing devices that request access to digitally protected content in the wide area network, the computer program product of implementing a method of enforcing digital rights within the confines of a content license used when consuming content within a domain by validating domain membership criteria set by a content provider, the computer program product comprising one or more computer hardware storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the central domain server to the perform the method, including the follow:
- receive a first request from a first computing device for creating a domain and for receiving a domain identification for the domain;
  
  in response to the first request, create a first domain certificate for the first computing device, the first domain certificate including the domain identification, the domain identification uniquely binding content licenses to the domain, the content licenses comprising one or more usage rights that define how content associated with the licenses may be consumed by any members of the domain;
  
  send the first domain certificate to the first computing device such that the first computing device is established as a member of and the domain manager for the domain;
  
  subsequently receive a second request generated by the second computing device, the second request for the second computing device becoming a member of the domain and for the second computing device receiving the domain identification, the second request including device specific information uniquely identifying the second computing device;
  
  in response to the second request, the central domain server enforcing digital rights by validating domain membership criteria set by the content provider through at least both of (1) a velocity check that determines how many requestors have both joined and unjoined from the domain within a predetermined period of time; and
  
  (2) a proximity check that checks how close the second computing device is to the first computing device, the domain membership criteria defines a minimum proximal closeness required of the second computing device relative to the first computing device;
  
  upon validation of the domain membership criteria that a predetermined frequency of requestors both joining and unjoining the domain over the predetermined period of time has not been exceeded, the central domain server creating a second domain certificate for the second computing device, the second domain certificate including the device specific information and the domain identification;
  
  the central domain server sending the second domain certificate to the second computing device for establishing the second computing device as member of the domain;
  
  the central domain server receiving a third request from the content provider for verifying the domain identification, the third request including the domain identification sent by the content provider when the content provider receives a request for content from a member of the domain; and
  
  in response to the third request, the central domain server sending a verification to the content provider that the domain identification is valid, such that the central domain server centrally regulates content access for both the first and second computing devices through membership in the domain in accordance with the desires of the content provider.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18)
- - 10. The computer program product of claim 9, wherein the domain identification expires within a time period set by the centralized domain service.
  - 11. The computer program product of claim 10, further comprising the acts of:
    - receiving, at the centralized domain service, a renewal request to extend the domain identification expiration time period.
  - 12. The computer program product of claim 9, wherein the domain membership criteria further includes at least one of a total number of requestors to join the domain and unjoin from the domain.
  - 13. The computer program product of claim 9, wherein receiving the second request includes receiving the proximity data in the second request, and wherein receiving the proximity data includes identifying at least one of the time it took a token that includes the proximity data to travel from the first computing device to the second computing device, or the number of intermediary nodes that the token traveled across between the first computing device and the second computing device.
  - 14. The computer program product of claim 13, wherein the centralized domain service includes the domain manager, and wherein the domain manager requested the creation of the domain from a centralized domain server, which created the domain identification.
  - 15. The computer program product of claim 13, wherein the domain manager receives one or more requests for tokens for a second domain.
  - 16. The computer program product of claim 9, wherein the centralized domain service revokes the domain identification.
  - 18. The computer program product of claim 13, wherein the minimum network proximity includes at least one of a minimum time for the token to travel from the first computing device to the second computing device, or a minimum number of intermediary nodes for the token travel across between the first computing device and the second computing device.

19. A rights management system that protects content from being consumed by unauthorized devices in a wide area network, the rights management system configured to enforce domain membership for other computing devices that request access to digitally protected content in the wide area network, the system comprising:
- a central domain server;
  
  a first membership computing device;
  
  a second membership computing device;
  
  a content provider computing device,wherein the central domain server, the first membership computing device, the second membership computing device and the content provider computing device include one or more processors and one or more physical computer readable media having stored thereon computer executable instructions that are configured to be executed by the one or more processors to cause the following;
  
  the first membership computing device to provide a first request to the central domain server, the first request including a request that the central domain server create a domain and provide a domain identification to the first membership computing device;
  
  the central domain server to receive the first request and create a first domain certificate for the first membership computing device, the first domain certificate including the domain identification, the domain identification uniquely binding content licenses to the domain, the content licenses comprising one or more usage rights that define how content associated with the licenses may be consumed by any members of the domain;
  
  the central domain server to send the first domain certificate to the first membership computing device;
  
  the first membership computing device to receive the first domain certificate and upon receipt, to be established as a member of and the domain manager for the domain;
  
  the first membership computing device to generate a token including proximity data indicative of the network proximity of the second membership computing device relative to the first membership computing device upon receipt of a domain membership request from the second membership computing device;
  
  the second membership computing device to provide a domain membership request to the first membership computing device and, in response to the membership request, to receive the token from the first membership computing device;
  
  the second membership computing device to send a second request to the central domain server, the second request including device specific information uniquely identifying the second membership computing device and the token, the second request including a request that the central domain server allow the second membership computing device to become a member of the domain and to provide the domain identification to the second membership computing device;
  
  the content provider computing device to send domain membership criteria to the central domain server;
  
  the central domain server to receive the second request and to receive the domain membership criteria and in response enforce digital rights by validating the domain membership criteria through at least both of (1) a velocity check that determines how many requestors have both joined and unjoined from the domain within a predetermined period of time; and
  
  (2) a proximity check that checks how close the second computing device is to the first computing device, the domain membership criteria defines a minimum proximal closeness required of the second computing device relative to the first computing device;
  
  the central domain server to, upon validation of the domain membership criteria including a determination that a predetermined frequency of requestors both joining and unjoining the domain over the predetermined period of time has not been exceeded, create a second domain certificate for the second membership computing device, the second domain certificate including the device specific information and the domain identification, and to send the second domain certificate to the second membership computing device;
  
  the second membership computing device to receive the second domain certificate and upon receipt, to be established as a member of the domain;
  
  the content provider computing device to receive a request for content from the first or second membership computing devices in response to the request for content, send a third request to the central domain server, the third request including the domain identification and a request to verify the domain identification; and
  
  the central domain server to receive the third request from the content provider computing device and in response to the third request, send a verification to the content provider computing device that the domain identification is valid, such that the central domain server is configured to centrally regulate content access for both the first and second membership computing devices through membership in the domain in accordance with the desires of the content provider computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Corporation
Inventors
Robert, Arnaud, Alkove, James M., Knowlton, Chadd B.
Primary Examiner(s)
OBEID, MAMON A

Application Number

US10/778,743
Publication Number

US 20050182727A1
Time in Patent Office

3,875 Days
Field of Search

705/54, 705/59, 705/50, 705/51, 726/5, 726/10, 726/26, 713/156, 713/157, 713/168, 713/175
US Class Current

705/59
CPC Class Codes

G06F 21/1012   to domains

H04L 2463/101   applying security measures ...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04N 21/43615   Interfacing a Home Network,...

H04N 21/835   Generation of protective da...

Binding content to a domain

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Binding content to a domain

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links