SECURING MULTIMEDIA CONTENT VIA CERTIFICATE-ISSUING CLOUD SERVICE
First Claim
Patent Images
1. A method comprising:
- receiving, at an authentication server, authentication credentials from a browser of a client device;
authenticating a user of the client device based on the authentication credentials;
assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user;
communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user;
forming, at the authentication server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate;
encrypting the public and private key pair with the hash; and
communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.
1 Assignment
0 Petitions
Accused Products
Abstract
A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.
44 Citations
20 Claims
-
1. A method comprising:
-
receiving, at an authentication server, authentication credentials from a browser of a client device; authenticating a user of the client device based on the authentication credentials; assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user; communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user; forming, at the authentication server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate; encrypting the public and private key pair with the hash; and communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A content access server comprising:
-
an authentication server configured to receive authentication credentials from a browser of a client device, to authenticate a user of the client device based on the authentication credentials, to assign an identity to the authenticated user based on a media licensing service, to map the assigned identity to the authenticated user; and a key server configured to receive, via a webservice from the authentication server, the assigned identity, to generate a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user, the authentication server to form a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate, to encrypt the public and private key pair with the hash, and to communicate the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable storage medium comprising instructions that, when executed by one or more processors of a machine, cause the machine to perform operations comprising:
-
receiving, at an authentication server, authentication credentials from a browser of a client device; authenticating a user of the client device based on the authentication credentials; assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user; communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user; forming, at the key server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate; encrypting the public and private key pair with the hash; and communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.
-
Specification