Delivering a content item from a server to a device

US 9,577,824 B2
Filed: 03/29/2012
Issued: 02/21/2017
Est. Priority Date: 09/23/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-based method of delivering a content item from a server to a first device and a second device, the computer-based method comprising:

receiving a request from the first device for the content item;

authenticating the first device based on a first set of subscriber credentials and a Media Access Control (MAC) address of the first device;

requesting, upon successfully authenticating the first device, a first session key from a key management server, located remote from the server, in order to generate a first session identification (ID), wherein the first session ID is specific to the content item and the first device;

receiving, by the server, the first session key from the key management server, wherein the first session key corresponds to a first session associated with the first device;

associating, in a database in the server, the first session ID with the first session key, the content item, and an Internet Protocol (IP) address of the first device;

generating a first plurality of session-specific file segment addresses corresponding to a first plurality of file segments of the content item by appending filenames of the first plurality of file segments with the first session ID;

sending the first session ID and a first session-specific playlist to the first device, wherein the first session-specific playlist includes the first plurality of session-specific file segment addresses;

receiving a request from the first device for a session-specific file segment from the first session-specific playlist, wherein the request includes the first session ID and the IP address of the first device;

receiving a first encryption key from the key management server to encrypt the session-specific file segment from the first session-specific playlist when the IP address of the first device in the request from the first device matches the IP address of the first device stored in the database;

using the first encryption key to encrypt the content item into a first encrypted content item;

receiving a request from the second device for the content item;

authenticating the second device based on a second set of subscriber credentials and a MAC address of the second device;

requesting, upon successfully authenticating the second device, a second session key from the key management server in order to generate a second session ID, wherein the second session ID is specific to the content item and the second device;

receiving, by the server, the second session key from the key management server, wherein the second session key corresponds to a second session associated with the second device;

associating, in the database, the second session ID with the second session key, the content item, and an IP address of the second device;

generating a second plurality of session-specific file segment addresses corresponding to a second plurality of file segments of the content item by appending filenames of the second plurality of file segments with the second session ID;

sending the second session ID and a second session-specific playlist to the second device, wherein the second session-specific playlist includes the second plurality of session-specific file segment addresses;

receiving a request from the second device for a session-specific file segment from the second session-specific playlist, wherein the request includes the second session ID and the IP address of the second device;

receiving a second encryption key from the key management server to encrypt the session-specific file segment from the second session-specific playlist when the IP address of the second device in the request from the second device matches the IP address of the second device stored in the database;

using the second encryption key to encrypt the content item into a second encrypted content item, wherein the first session key is unique to the first device and the first session, wherein the second session key is unique to the second device and the second session, and wherein the first encryption key and the second encryption key can be reused;

delivering the first encrypted content item to the first device; and

delivering the second encrypted content item to the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device.

45 Citations

View as Search Results

25 Claims

1. A computer-based method of delivering a content item from a server to a first device and a second device, the computer-based method comprising:
- receiving a request from the first device for the content item;
  
  authenticating the first device based on a first set of subscriber credentials and a Media Access Control (MAC) address of the first device;
  
  requesting, upon successfully authenticating the first device, a first session key from a key management server, located remote from the server, in order to generate a first session identification (ID), wherein the first session ID is specific to the content item and the first device;
  
  receiving, by the server, the first session key from the key management server, wherein the first session key corresponds to a first session associated with the first device;
  
  associating, in a database in the server, the first session ID with the first session key, the content item, and an Internet Protocol (IP) address of the first device;
  
  generating a first plurality of session-specific file segment addresses corresponding to a first plurality of file segments of the content item by appending filenames of the first plurality of file segments with the first session ID;
  
  sending the first session ID and a first session-specific playlist to the first device, wherein the first session-specific playlist includes the first plurality of session-specific file segment addresses;
  
  receiving a request from the first device for a session-specific file segment from the first session-specific playlist, wherein the request includes the first session ID and the IP address of the first device;
  
  receiving a first encryption key from the key management server to encrypt the session-specific file segment from the first session-specific playlist when the IP address of the first device in the request from the first device matches the IP address of the first device stored in the database;
  
  using the first encryption key to encrypt the content item into a first encrypted content item;
  
  receiving a request from the second device for the content item;
  
  authenticating the second device based on a second set of subscriber credentials and a MAC address of the second device;
  
  requesting, upon successfully authenticating the second device, a second session key from the key management server in order to generate a second session ID, wherein the second session ID is specific to the content item and the second device;
  
  receiving, by the server, the second session key from the key management server, wherein the second session key corresponds to a second session associated with the second device;
  
  associating, in the database, the second session ID with the second session key, the content item, and an IP address of the second device;
  
  generating a second plurality of session-specific file segment addresses corresponding to a second plurality of file segments of the content item by appending filenames of the second plurality of file segments with the second session ID;
  
  sending the second session ID and a second session-specific playlist to the second device, wherein the second session-specific playlist includes the second plurality of session-specific file segment addresses;
  
  receiving a request from the second device for a session-specific file segment from the second session-specific playlist, wherein the request includes the second session ID and the IP address of the second device;
  
  receiving a second encryption key from the key management server to encrypt the session-specific file segment from the second session-specific playlist when the IP address of the second device in the request from the second device matches the IP address of the second device stored in the database;
  
  using the second encryption key to encrypt the content item into a second encrypted content item, wherein the first session key is unique to the first device and the first session, wherein the second session key is unique to the second device and the second session, and wherein the first encryption key and the second encryption key can be reused;
  
  delivering the first encrypted content item to the first device; and
  
  delivering the second encrypted content item to the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-based method of claim 1, wherein using the first encryption key to encrypt the content item into the first encrypted content item comprises encrypting the content item using the first encryption key from a first set of keys, andwherein using the second encryption key to encrypt the content item into the second encrypted content item comprises encrypting the content item using the second encryption key from a second set of keys.
  - 3. The computer-based method of claim 2, wherein the first set of keys is associated with the first session, andwherein the second set of keys is associated with the second session.
  - 4. The computer-based method of claim 2, wherein the first set of keys is associated with a first identifier, the first identifier being associated with the first device, andwherein the second set of keys is associated with a second identifier, the second identifier being associated with the second device.
  - 5. The computer-based method of claim 4, wherein the first identifier is an authenticated device credential associated with the first device.
  - 6. The computer-based method of claim 5, wherein the authenticated device credential comprises at least one of a token, a web cookie, or a device certificate.
  - 7. The computer-based method of claim 4, wherein the first identifier is identification information associated with a network interface to which the first device is connected.
  - 8. The computer-based method of claim 4, wherein the first identifier is the IP address of the first device.
  - 9. The computer-based method of claim 4, wherein the first identifier is a hardware identifier associated with the first device.
  - 10. The computer-based method of claim 9, wherein the hardware identifier is the MAC address of the first device.
  - 11. The computer-based method of claim 2, further comprising:
    - delivering the first set of keys to the first device; and
      
      delivering the second set of keys to the second device.
  - 12. The computer-based method of claim 1, further comprising caching the content item before encryption and delivery.

13. A system to deliver a content item from a server to a first device and a second device, comprising:
- a database;
  
  an encryption engine, coupled to the database, configured to;
  
  receive a request from the first device for the content item;
  
  authenticate the first device based on a first set of subscriber credentials and a Media Access Control (MAC) address of the first device;
  
  request, based upon successful authentication of the first device, a first session key from a key management server, located remote to the server, in order to generate a first session identification (ID), wherein the first session ID is specific to the content item and the first device;
  
  receive the first session key from the key management server, wherein the first session key corresponds to a first session associated with the first device;
  
  associate, in the database, the first session ID with the first session key, the content item, and an Internet Protocol (IP) address of the first device;
  
  generate a first plurality of session-specific file segment addresses corresponding to a first plurality of file segments of the content item by appending filenames of the first plurality of file segments with the first session ID;
  
  send the first session ID and a first session-specific playlist to the first device, wherein the first session-specific playlist includes the first plurality of session-specific file segment addresses;
  
  receive a request from the first device for a session-specific file segment from the first session-specific playlist, wherein the request includes the first session ID and the IP address of the first device;
  
  receive a first encryption key from the key management server to encrypt the session-specific file segment from the first session-specific playlist when the IP address of the first device in the request from the first device matches the IP address of the first device stored in the database;
  
  use the first encryption key to encrypt the content item into a first encrypted content item;
  
  receive a request from the second device for the content item;
  
  authenticate the second device based on a second set of subscriber credentials and a MAC address of the second device;
  
  request, upon successfully authenticating the second device, a second session key from the key management server in order to generate a second session ID, wherein the second session ID is specific to the content item and the second device;
  
  receive the second session key from the key management server, wherein the second session key corresponds to a second session associated with the second device;
  
  associate, in the database, the second session ID with the second session key, the content item, and an IP address of the second device;
  
  generate a second plurality of session-specific file segment addresses corresponding to a second plurality of file segments of the content item by appending filenames of the second plurality of file segments with the second session ID;
  
  send the second session ID and a second session-specific playlist to the second device, wherein the second session-specific playlist includes the second plurality of session-specific file segment addresses;
  
  receive a request from the second device for a session-specific file segment from the second session-specific playlist, wherein the request includes the second session ID and the IP address of the second device;
  
  receive a second encryption key from the key management server to encrypt the session-specific file segment from the second session-specific playlist when the IP address of the second device in the request from the second device matches the IP address of the second device stored in the database; and
  
  use the second encryption key to encrypt the content item into a second encrypted content item, wherein the first session key is unique to the first device and the first session, wherein the second session key is unique to the second device and the second session, wherein the first session ID is specific to the content item and the first device and the second session ID is specific to the content item and the second device, and wherein the first encryption key and the second encryption key can be reused; and
  
  a communication unit configured to deliver the first encrypted content item to the first device, and to deliver the second encrypted content item to the second device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the first encryption key is a part of a first set of keys and the first encrypted content item is generated from the first encryption key and other keys from the first set of keys, andwherein the second encryption key is a part of a second set of keys and the second encrypted content item is generated from the second encryption key and other keys from the second set of keys.
  - 15. The system of claim 14, wherein the first set of keys is associated with the first session, andwherein the second set of keys is associated with the second session.
  - 16. The system of claim 14, wherein the first set of keys is associated with a first identifier, the first identifier being associated with the first device, andwherein the second set of keys is associated with a second identifier, the second identifier being associated with the second device.
  - 17. The system of claim 16, wherein the first identifier is a hardware identifier associated with the first device.
  - 18. The system of claim 17, wherein the hardware identifier is the media access control (MAC) address of the first device.
  - 19. The system of claim 16, wherein the first identifier is an authenticated device credential associated with the first device.
  - 20. The system of claim 19, wherein the authenticated device credential comprises at least one of a token, a web cookie, or device certificate.
  - 21. The system of claim 16, wherein the first identifier is identification information associated with a network interface to which the first device is connected.
  - 22. The system of claim 16, wherein the first identifier is the IP address of the first device.
  - 23. The system of claim 14, wherein the communication unit is further configured to deliver the first set of keys to the first device and to deliver the second set of keys to the second device.
  - 24. The system of claim 13, further comprising:
    - a cache; and
      
      a cache controller configured to store the content item in the cache before encryption and delivery.

25. A non-transitory computer-readable medium having computer-executable instructions stored thereon that, when executed by a computing device, cause the computing device to perform a method of delivering a content item from a server to a first device and a second device, the method comprising:
- receiving a request from the first device for the content item;
  
  authenticating the first device based on a first set of subscriber credentials and a Media Access Control (MAC) address of the first device;
  
  requesting, upon successfully authenticating the first device, a first session key from a key management server, located remote from the server, in order to generate a first session identification (ID), wherein the first session ID is specific to the content item and the first device;
  
  receiving, by the server, the first session key from the key management server, wherein the first session key corresponds to a first session associated with the first device;
  
  associating, in a database in the server, the first session ID with the first session key, the content item, and an Internet Protocol (IP) address of the first device;
  
  generating a first plurality of session-specific file segment addresses corresponding to a first plurality of file segments of the content item by appending filenames of the first plurality of file segments with the first session ID;
  
  sending the first session ID and a first session-specific playlist to the first device, wherein the first session-specific playlist includes the first plurality of session-specific file segment addresses;
  
  receiving a request from the first device for a session-specific file segment from the first session-specific playlist, wherein the request includes the first session ID and the IP address of the first device;
  
  receiving a first encryption key from the key management server to encrypt the session-specific file segment from the first session-specific playlist when the IP address of the first device in the request from the first device matches the IP address of the first device stored in the database;
  
  using the first encryption key to encrypt the content item into a first encrypted content item;
  
  receiving a request from the second device for the content item;
  
  authenticating the second device based on a second set of subscriber credentials and a MAC address of the second device;
  
  requesting, upon successfully authenticating the second device, a second session key from the key management server in order to generate a second session ID, wherein the second session ID is specific to the content item and the second device;
  
  receiving, by the server, the second session key from the key management server, wherein the second session key corresponds to a second session associated with the second device;
  
  associating, in the database, the second session ID with the second session key, the content item, and an IP address of the second device;
  
  generating a second plurality of session-specific file segment addresses corresponding to a second plurality of file segments of the content item by appending filenames of the second plurality of file segments with the second session ID;
  
  sending the second session ID and a second session-specific playlist to the second device, wherein the second session-specific playlist includes the second plurality of session-specific file segment addresses;
  
  receiving a request from the second device for a session-specific file segment from the second session-specific playlist, wherein the request includes the second session ID and the IP address of the second device;
  
  receiving a second encryption key from the key management server to encrypt the session-specific file segment from the second session-specific playlist when the IP address of the second device in the request from the second device matches the IP address of the second device stored in the database;
  
  using the second encryption key to encrypt the content item into a second encrypted content item, wherein the first session key is unique to the first device and the first session,wherein the second session key is unique to the second device and the second session, and wherein the first encryption key and the second encryption key can be reused;
  
  delivering the first encrypted content item to the first device; and
  
  delivering the second encrypted content item to the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CSC Holdings LLC (Altice USA, Inc.)
Original Assignee
CSC Holdings LLC (Altice USA, Inc.)
Inventors
Martell, Lawrence Robert, Henriksen, Brett, Lariccio, Michael, Sweeney, Brian
Primary Examiner(s)
GRACIA, GARY S

Application Number

US13/434,428
Publication Number

US 20130080777A1
Time in Patent Office

1,790 Days
Field of Search

713/168, 713/176, 726/27
US Class Current

1/1
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

Delivering a content item from a server to a device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Delivering a content item from a server to a device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links