Methods and apparatus for premises content distribution

US 10,069,836 B2
Filed: 08/21/2017
Issued: 09/04/2018
Est. Priority Date: 11/01/2006
Status: Active Grant

First Claim

Patent Images

1. A computerized method for sharing protected digitally rendered content within an ad hoc network, comprising:

establishing a communication channel between first and second computerized devices, at least the first and second computerized devices forming the ad hoc network when the communication channel is established, the establishing comprises causing the first and second computerized devices to be placed in data communication via a wireless interface, such that the first computerized device performs a first role and the second computerized device performs a second role with respect to the communication channel, the first and second roles each comprising one or more asymmetric data communication capabilities with respect to the other;

causing authentication of the first computerized device to the second computerized device;

enabling a user of the first computerized device to browse protected digitally rendered content stored on the second computerized device based at least in part on the authentication; and

causing transfer of at least a portion of the protected digitally rendered content from the second computerized device to the first computerized device based at least in part on;

(i) the authentication, and (ii) a request for at least the portion of the protected digitally rendered content issued by the first computerized device to the second computerized device;

wherein;

the first role comprises a premises server device, and the second role comprises a premises renderer device; and

the causing authentication comprises the premises server device determining authorization rights of the premises renderer device to access at least the portion of the protected digitally rendered content.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) Local Area Network (LAN), and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implements a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

391 Citations

18 Claims

1. A computerized method for sharing protected digitally rendered content within an ad hoc network, comprising:
- establishing a communication channel between first and second computerized devices, at least the first and second computerized devices forming the ad hoc network when the communication channel is established, the establishing comprises causing the first and second computerized devices to be placed in data communication via a wireless interface, such that the first computerized device performs a first role and the second computerized device performs a second role with respect to the communication channel, the first and second roles each comprising one or more asymmetric data communication capabilities with respect to the other;
  
  causing authentication of the first computerized device to the second computerized device;
  
  enabling a user of the first computerized device to browse protected digitally rendered content stored on the second computerized device based at least in part on the authentication; and
  
  causing transfer of at least a portion of the protected digitally rendered content from the second computerized device to the first computerized device based at least in part on;
  
  (i) the authentication, and (ii) a request for at least the portion of the protected digitally rendered content issued by the first computerized device to the second computerized device;
  
  wherein;
  
  the first role comprises a premises server device, and the second role comprises a premises renderer device; and
  
  the causing authentication comprises the premises server device determining authorization rights of the premises renderer device to access at least the portion of the protected digitally rendered content.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computerized method of claim 1, wherein the establishing comprises causing the first and second entities to be placed in data communication via at least a plug-and-play data interface.
  - 3. The computerized method of claim 2, further comprising selecting a secure image based at least in part on a communication received from the second computerized device, the secure image configured to manage the at least one content protection scheme, the at least one content protection scheme comprising at least one of:
    - (i) Trusted Domain (TD) policies or configuration, and (ii) Authorized Service Domain (ASD) policies or configuration.
  - 4. The computerized method of claim 1, wherein at least one of the first and second computerized devices is in data communication with a managed content distribution network, and the causing authentication is based at least in part on security package or framework capability data obtained from a computerized security entity of the managed content distribution network.
  - 5. The computerized method of claim 4, wherein the security package or framework capability data is obtained from the computerized security entity of the managed content distribution network at least by:
    - transmitting, from the second computerized device to the computerized security entity, at least data descriptive of the first computerized device; and
      
      receiving at the second computerized device from the computerized security entity, the security package or framework capability data, the security package or framework capability data being specific to the first computerized device.
  - 6. The computerized method of claim 1, wherein the causing authentication comprises causing a query of security parameters associated with the first computerized device, and causing a determination of whether the security parameters are capable of interoperating with security parameters of the second computerized device.

7. Computerized network apparatus configured for enablement of two or more computerized client devices associated with a network to share protected digitally rendered content therebetween, the computerized network apparatus comprising:
- at least one client application computer program operative to run on the two or more computerized client devices, respectively, and communicate respective security capability information therebetween; and
  
  computerized server apparatus comprising;
  
  processor apparatus;
  
  network interface apparatus in data communication with the processor apparatus; and
  
  storage apparatus in data communication with the processor apparatus, the storage apparatus comprising at least one computer program configured to, when executed on the processor apparatus;
  
  selectively provide access to a first one of the two or more computerized client devices to browse the protected digitally rendered content;
  
  enable transfer of the protected digitally rendered content to a protected domain associated with a user of the at least one of the two or more computerized client devices; and
  
  configure the protected domain such that;
  
  a second one of the two or more computerized client devices can authenticate the first one of the two or more computerized client devices via communication with the protected domain;
  
  the second one of the two or more computerized client devices can determine the security capabilities of the first one of the two or morecomputerized client devices via communication with the protected domain; and
  
  the second one of the two or more computerized client devices can selectively transfer the protected digitally rendered content to the first one of the two or more computerized client devices when;
  
  (i) the first one of the two or more computerized client devices is authenticated, and (ii) the security capabilities of the first one of the two or more computerized client devices meet one or more prescribed criterion to maintain protection of the protected digitally rendered content;
  
  wherein the protected domain comprises one of;
  
  (i) a Trusted Domain (TD), and an Authorized Service Domain (ASD).
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computerized network apparatus of claim 7, where the first and second ones of the two or more computerized client devices are in data communication with one another via a standardized communications interface, the standardized communications interface comprising a Universal Plug and Play (UPnP) interface.
  - 9. The computerized network apparatus of claim 7, wherein the at least one computer program is further configured to, when executed on the processor apparatus:
    - cause storage of a plurality of security-related data at the second one of the two or more computerized client devices in accordance with an authentication protocol, at least a portion of 5 the plurality of security-related data enabling the authentication of the first one of the two or more computerized client devices.
  - 10. The computerized network apparatus of claim 9, wherein the plurality of security-related data comprises data relating to at least one of:
    - (i) a public-private key pair, and (ii) an encryption algorithm.
  - 11. The computerized network apparatus of claim 9, wherein:
    - the authentication of the first one of the two or more computerized client devices via communication with the protected domain comprises completion of the authentication protocol, the completion of the authentication protocol comprising transfer, between the first and second ones of the two or more computerized client devices, of first data associated with a personalized 15 image and second data associated with a common image; and
      
      the personalized image is specific to one of the first and second ones of the two or more computerized client devices, and the common image is common to both of the first and second ones of the two or more computerized client devices.
  - 12. The computerized network apparatus of claim 7, wherein the at least one computer program is further configured to, when executed on the processor apparatus:
    - create a directory of the protected digitally rendered content, the directory configured to indicate one or more titles for respective ones of the protected digitally rendered content;
      
      wherein the selective provision of access to the first one of the two or more computerized client devices to browse the protected digitally rendered content comprises provision of a preview of the protected digitally rendered content associated with the one or more titles; and
      
      wherein the selective provision of access to the first one of the two or more computerized client devices to browse the protected digitally rendered content is based at least on a first level of authentication, and the selective transfer of the protected digitally rendered content to the first one of the two or more computerized client devices is based in part on a second level of authentication, the second level of authentication being higher than the first level of authentication.

13. Computer readable apparatus comprising a non-transitory storage medium, the non-transitory medium comprising at least one computer program having a plurality of instructions configured to, when executed on a processing apparatus of a first computerized user device:
- receive protected digitally rendered content over an interface of the first computerized user device that is in data communication with a computerized digital content provision entity of a managed content distribution network;
  
  cause storage of the protected digitally rendered content at a storage apparatus of the first computerized user device;
  
  cause authentication of a second computerized user device in communication with a premises network when the second computerized user device requests access to the stored digitally rendered content from the first computerized user device;
  
  enable the second computerized user device to browse the stored digitally rendered content;
  
  receive data representative of a request for transmission of at least a portion of the stored digitally rendered content;
  
  cause transmission of the at least portion of the stored digitally rendered content to the second computerized user device in accordance with at least one content protection scheme; and
  
  select a secure image based at least in part on a communication received from the second computerized user device, the secure image configured to manage the at least one content protection scheme, the at least one content protection scheme comprising at least one of;
  
  (i) Trusted Domain (TD) policies or configuration, and (ii) Authorized Service Domain (ASD) policies or configuration.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer readable apparatus of claim 13, wherein the at least portion of the stored digitally rendered content is encrypted before the transmission thereof to the second computerized user device, and the at least one content protection scheme comprises at least one decryption algorithm and at least a portion of a public-private key pair used to decrypt the digitally rendered content.
  - 15. The computer readable apparatus of claim 13, wherein the authentication of the second computerized user device comprises a query of security parameters associated with the second computerized user device, and a determination of whether the security parameters are capable of interoperating with security parameters of the first computerized user device.
  - 16. The computer readable apparatus of claim 13, wherein the instructions are further configured to, when executed on the processing apparatus:
    - enable, based at least on the authentication of the second computerized user device and a subscription level associated therewith, access by the second computerized user device to descriptive information relating to the digitally rendered content stored on the first computerized user device.
  - 17. The computer readable apparatus of claim 13, wherein the authentication is based at least in part on security package or framework capability data obtained from a computerized security entity of the managed content distribution network.
  - 18. The computer readable apparatus of claim 17, wherein the security package or framework capability data is obtained from the computerized security entity of the managed content distribution network at least by:
    - transmission, from the second computerized user device, to the computerized security entity, at least data descriptive of the first computerized user device; and
      
      receipt at the second computerized user device from the computerized security entity, the security package or framework capability data, the security package or framework capability data being specific to the first computerized user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Cholas, Chris, Helms, William, Carlucci, John, Markley, Jeffrey
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
Victoria, Narciso

Application Number

US15/682,433
Publication Number

US 20180069862A1
Time in Patent Office

379 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/06   specially adapted for file ...

H04L 67/51   Discovery or management the...

Methods and apparatus for premises content distribution

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

391 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for premises content distribution

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

391 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links