Concept of efficiently distributing access authorization information

US 9,165,121 B2
Filed: 04/21/2009
Issued: 10/20/2015
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A device for providing an authorization message for a user device with regard to an access-restricted service, comprising:

an authorization message creator; and

an identifier manager,wherein the authorization message creator is configured to generate an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, the enabling message or the extending message being provided with a service-dependent user identifier provided by the identifier manager;

wherein the identifier manager comprises a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running,a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, anda third block of service-dependent user identifiers released for being used again;

and wherein the identifier manager is configured to leave a service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last, and to release the service-dependent user identifier for being used again by the authorization message creator after expiry of the predetermined duration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for controlling a service access authorization for a user device with regard to an access-restricted service includes a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device.

Citations

22 Claims

1. A device for providing an authorization message for a user device with regard to an access-restricted service, comprising:
- an authorization message creator; and
  
  an identifier manager,wherein the authorization message creator is configured to generate an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, the enabling message or the extending message being provided with a service-dependent user identifier provided by the identifier manager;
  
  wherein the identifier manager comprises a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running,a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, anda third block of service-dependent user identifiers released for being used again;
  
  and wherein the identifier manager is configured to leave a service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last, and to release the service-dependent user identifier for being used again by the authorization message creator after expiry of the predetermined duration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device in accordance with claim 1, wherein the authorization message creator is configured to create a message for enabling or extending an audio service, video service, multimedia service or data service for a pay video system or for a driving assistance system on a mobile or fixedly installed apparatus or for a data service on a mobile phone or for a chargeable and/or access-restricted service on a portable or stationary computer with or without Internet access.
  - 3. The device in accordance with claim 1, wherein the authorization message creator is configured to create the authorization message comprising one or several service-dependent user identifiers, wherein the service-dependent user identifiers are represented by a sequence of bits, and wherein the authorization message creator is implemented to be an electronic circuit, and wherein the authorization message creator is configured to transmit the message comprising the service-dependent user identifier via a message channel of limited bandwidth, and wherein the identifier manager is implemented to be an electronic circuit.
  - 4. The device in accordance with claim 1, wherein the identifier manager is configured to release the service-dependent user identifier for being used again by another user or another peripheral after expiry of the predetermined duration.
  - 5. The device in accordance with claim 1, wherein the identifier manager is configured to use, after a subscription of a user of a user device to which the service-dependent user identifier was associated last has ended, the service-dependent user identifier again for a new subscription of another user or the same user after expiry of the predetermined duration since the subscription has ended.
  - 6. The device in accordance with claim 1, wherein the identifier manager is configured to allocate a value in the range of three days to three months to the predetermined duration.
  - 7. The device in accordance with claim 1, wherein the authorization message creator is configured to generate a message directed to a plurality of receivers.
  - 8. The device in accordance with claim 1, wherein the authorization message creator is configured to personalize the enabling message or extending message such that the service-dependent user identifier depends on the apparatus identification of the apparatus on which the service runs and on a service identification, and wherein the authorization message creator is configured to group several enabling messages or extending messages in a manner such that messages to users comprising the same authorization time interval are united in one group.
  - 9. The device in accordance with claim 1, wherein the authorization time interval is specified by means of a start time and an end time or is specified by means of a start time and a duration.

10. A system for controlling a service access authorization with regard to an access-restricted service, comprising:
- a device for providing an authorization message for a user device with regard to an access-restricted service, comprising;
  
  an authorization message creator; and
  
  an identifier manager, wherein the authorization message creator is configured to generate an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, the enabling message or the extending message being provided with a service-dependent user identifier provided by the identifier manager;
  
  wherein the identifier manager comprises a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running, a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, and a third block of service-dependent user identifiers released for being used again; and
  
  wherein the identifier manager is configured to leave a service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last, and to release the service-dependent user identifier for being used again by the authorization message creator after expiry of the predetermined duration;
  
  a first device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising;
  
  a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device, wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration, and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration; and
  
  a second device for controlling a service access authorization for a user device with regard to an access-restricted service, comprising;
  
  a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier depending on whether at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device, wherein the service access authorization provider is configured to determine the duration having passed and to compare same to the predetermined duration, and to disable the authorization for extending or reactivating using the previous service-dependent user identifier when the duration having passed is greater than or equal to the predetermined duration,wherein the system is configured to associate a predetermined service-dependent user identifier at first to the first device for controlling a service access authorization, and to associate the predetermined service-dependent user identifier, after being released for being used again, to the second device for controlling a service access authorization,and wherein the system is configured such that the authorization for extending or reactivating the service access authorization using a predetermined service-dependent user identifier is active in at most one of the first device for controlling a service access authorization and the second device for controlling a service access authorization, and wherein the first device for controlling a service access authorization and the second device for controlling a service access authorization are coupled to the device for providing an authorization message so as to receive the authorization message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The system in accordance with claim 10, wherein the system is configured to transmit the authorization message via a digital video broadcast system or audio broadcast system, via a mobile radio system, via a line-switched or package-switched voice network or data network, an Internet protocol system, a GSM system or UMTS system or CDMA system, a GPS system or a DSL system in a conducted or wireless manner.
  - 12. The system in accordance with claim 10, wherein the system is configured to use the same predetermined duration for the device for providing an authorization message, for the first device for controlling a service access authorization and for the second device for controlling a service access authorization, and wherein the system is configured to transmit the predetermined duration when enabling the service or to consider same to be a fixed quantity of the system or to determine same from known parameters of the system.
  - 13. The system in accordance with claim 10, wherein the device for providing an authorization message is configured to provide a service-dependent user identifier which comprises a range of values smaller than the product of a number of users registered in the system and a number of services registered in the system.
  - 14. The system in accordance with claim 10, wherein the identifier manager of the device for providing an authorization message is configured to allocate the service-dependent user identifier temporarily, and wherein the system is configured to block the service-dependent user identifier for the user of the user device to which the service-dependent user identifier was associated last after expiry of the service access authorization to the expiry of the predetermined duration.
  - 15. The system in accordance with claim 10, wherein the system is configured to partly or completely encrypt the authorization message with a cryptographic key using an encryption algorithm and to transmit same in a partly or completely encrypted manner.
  - 16. The system in accordance with claim 15, wherein the system is configured to transmit the authorization message in a partly or completely encrypted manner using an encryption method.
  - 17. The system in accordance with claim 10, wherein the system is configured to identify the authorization message using an electronic authentication method or an electronic signature.
  - 18. The system in accordance with claim 17, wherein the system is configured to transmit the authorization message together with a message authentication code.
  - 19. The system in accordance with claim 10, wherein the authorization message is specified in accordance with one of the OMA DRM, ETSI EUROCRYPT or ISMA standards.
  - 20. The system in accordance with claim 10, wherein a user comprising an expired service access authorization is prevented from being able to access, by means of access data still present, the service access authorization of another user transmitted after expiry of the service access authorization using the same service-dependent user identifier.

21. A method for providing an authorization message for a user device with regard to an access-restricted service, the method comprising:
- generating an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, wherein the enabling message or the extending message is provided with a service-dependent user identifier provided by an identifier manager;
  
  leaving the service-dependent user identifier unused for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last; and
  
  after expiry of the predetermined duration, releasing the service-dependent user identifier for being used again for generating a new enabling message or a new extending message;
  
  wherein the identifier manager comprisesa first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running,a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, anda third block of service-dependent user identifiers released for being used again;
  
  wherein the method is performed by a hardware apparatus, or by a computer, or by a combination of a hardware apparatus and a computer.

22. A non-transitory computer readable medium comprising a computer program comprising program code for executing a method on a computer for providing an authorization message for a user device with regard to an access-restricted service, the method comprising:
- generating an enabling message for enabling a service access authorization or an extending message for extending a service access authorization, wherein the enabling message or the extending message is provided with a service-dependent user identifier;
  
  not using the service-dependent user identifier for at least a predetermined duration after expiry of an authorization time interval of a user device to which the service-dependent user identifier was associated last; and
  
  after expiry of the predetermined duration, releasing the service-dependent user identifier for generating a new enabling message or a new extending message, when the computer program runs on a computer wherein there is a first block of associated service-dependent user identifiers in which an authorization time interval of a user device is running, a second block of unused service-dependent user identifiers in which the authorization time interval of the user device has expired by less than the predetermined duration, and a third block of service-dependent user identifiers released for being used again.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forsching E.V.
Original Assignee
Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forsching E.V.
Inventors
Bartel-Kurz, Birgit, Kraegeloh, Stefan, Prosch, Markus, Zeh, Rinat
Primary Examiner(s)
ELAHI, SHAN E

Application Number

US12/989,140
Publication Number

US 20110093930A1
Time in Patent Office

2,373 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/1073 Conversion

Concept of efficiently distributing access authorization information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Concept of efficiently distributing access authorization information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links