Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment
First Claim
1. A method for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein an identity provider entity together with a service provider entity participate in a federation, comprising:
- at an identity provider entity that includes a hardware element;
upon authentication of the end user to the identity provider entity, receiving a request to single sign-on to the service provider entity to attempt to obtain the piece of content;
during processing of the request to single sign-on to the service provider entity, determining a DRM policy that is enforced at the service provider entity, determining a set of one or more DRM privileges associated with the end user requesting access to the piece of content, and based on the DRM policy and the set of one or more DRM privileges so determined, evaluating against the DRM policy the set of one or more DRM privileges, wherein the evaluating step is carried out using the hardware element;
during processing of the request to single sign-on to the service provider entity, based on the authentication of the end user and a result of the evaluation, generating a single sign-on message that includes a reference to the set of one or more DRM privileges associated with the end user requesting access to the piece of content, wherein the single sign-on message is generated using the hardware element; and
forwarding to the service provider entity the single sign-on message that includes the reference to the set of one or more DRM privileges to complete the processing of the request to single sign-on to the service provider entity, wherein the single sign-on message is forwarded from the identity provider entity to the service provider entity via a redirection mechanism;
wherein evaluating DRM policy based on the determined DRM privileges during the single sign-on request processing flow provides an improved identity provider entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A method operative at an identity provider enforces a digital rights management (DRM) scheme associated with a piece of content. The identity provider is an entity that participates in a “federation” with one or more other entities including, for example, an service provider (e.g., a content provider), a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins by having the identity provider obtain and evaluate against a DRM policy a set of DRM privileges associated with the end user requesting access to the piece of content. Based on the evaluation, the identity provider generates a single sign on (SSO) message that includes a reference to the set of DRM privileges. The message is then forward to the service provider entity, which provides the end user a response.
24 Citations
15 Claims
-
1. A method for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein an identity provider entity together with a service provider entity participate in a federation, comprising:
at an identity provider entity that includes a hardware element; upon authentication of the end user to the identity provider entity, receiving a request to single sign-on to the service provider entity to attempt to obtain the piece of content; during processing of the request to single sign-on to the service provider entity, determining a DRM policy that is enforced at the service provider entity, determining a set of one or more DRM privileges associated with the end user requesting access to the piece of content, and based on the DRM policy and the set of one or more DRM privileges so determined, evaluating against the DRM policy the set of one or more DRM privileges, wherein the evaluating step is carried out using the hardware element; during processing of the request to single sign-on to the service provider entity, based on the authentication of the end user and a result of the evaluation, generating a single sign-on message that includes a reference to the set of one or more DRM privileges associated with the end user requesting access to the piece of content, wherein the single sign-on message is generated using the hardware element; and forwarding to the service provider entity the single sign-on message that includes the reference to the set of one or more DRM privileges to complete the processing of the request to single sign-on to the service provider entity, wherein the single sign-on message is forwarded from the identity provider entity to the service provider entity via a redirection mechanism; wherein evaluating DRM policy based on the determined DRM privileges during the single sign-on request processing flow provides an improved identity provider entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
Specification