SECURING MULTIMEDIA CONTENT VIA CERTIFICATE-ISSUING CLOUD SERVICE

US 20160344561A1
Filed: 05/22/2015
Published: 11/24/2016
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an authentication server, authentication credentials from a browser of a client device;

authenticating a user of the client device based on the authentication credentials;

assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user;

communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user;

forming, at the authentication server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate;

encrypting the public and private key pair with the hash; and

communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.

44 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at an authentication server, authentication credentials from a browser of a client device;
  
  authenticating a user of the client device based on the authentication credentials;
  
  assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user;
  
  communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user;
  
  forming, at the authentication server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate;
  
  encrypting the public and private key pair with the hash; and
  
  communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein authenticating the user based on authentication credentials further comprises authenticating based on a combination of at least a username and password authentication, a two-factor authentication, and a federated identity from an outside identity service.
  - 3. The method of claim 1, wherein the web session attributes comprise a combination of at least browser information, standard HTTP headers, browser plugin list, browser flash font list, browser time zone, HMTL storage support, HTML local storage, and HMTL session storage.
  - 4. The method of claim 1, further comprising:
    - receiving a request from the client device to access encrypted media content stored at a media content server, the encrypted media content encrypted with the public and private key pair associated with the identity assigned to the user a group identity assigned to the user, the request identifying the encrypted media content and the certificate;
      
      validating the request, at a license server, based on a verification of a signature of the certificate and a confirmed identity contained in the certificate.retrieving a shared key associated with the encrypted media content identified in the request;
      
      communicating the shared key to the browser extension of the browser of the client device and to an active key cache of the media content server;
      
      encrypting, at the license server, license information with public key, the license information comprising at least one of the shared key, a URL identifier for use in accessing the encrypted media content;
      
      signing the license information with the private key; and
      
      communicating the license information to the browser extension of the web browser of the client device.
  - 5. The method of claim 4, wherein the browser extension is configured to:
    - validate the signature of the license server and decrypts the license information; and
      
      communicate the identifier for the encrypted media content to the browser.
  - 6. The method of claim 5, wherein the browser extension is configured to:
    - communicate with the media content server;
      
      receive a content frame of the encrypted media content encrypted with the shared key;
      
      decrypts the content frame; and
      
      render and display the content frame in the browser.
  - 7. The method of claim 4, wherein the browser extension is configured to delete the shared key at the client device after the encrypted media content has been displayed.
  - 8. The method of claim 1, further comprising:
    - identifying the encrypted media content stored at the media server and accessible by the user based on an access privilege configuration of the user, the access privilege configuration provided by an enterprise server; and
      
      providing the identified encrypted media content to the client device.
  - 9. The method of claim 8, further comprising:
    - receiving unencrypted media content at the media content server;
      
      encrypting the unencrypted media content with a set of storage keys associated with the user or a group the user is a member of; and
      
      storing the encrypted media content and associated keys in the media content server.
  - 10. The method of claim 1, further comprising:
    - receiving the authentication credentials from the browser extension;
      
      providing an encrypted shared key to the browser extension;
      
      receiving a request to access encrypted media content from the browser extension; and
      
      providing the encrypted media content to the browser extension in response to the request, the browser extension configured to decrypt the encrypted media content with an associated shared key held by the media content server and display the decrypted media content in the web browser.

11. A content access server comprising:
- an authentication server configured to receive authentication credentials from a browser of a client device, to authenticate a user of the client device based on the authentication credentials, to assign an identity to the authenticated user based on a media licensing service, to map the assigned identity to the authenticated user; and
  
  a key server configured to receive, via a webservice from the authentication server, the assigned identity, to generate a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user, the authentication server to form a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate, to encrypt the public and private key pair with the hash, and to communicate the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The content access server of claim 11, wherein the authentication server is configured to authenticate the user based on authentication credentials further comprises authenticating based on a combination of at least a username and password authentication, a two-factor authentication, and a federated identity from an outside identity service.
  - 13. The content access server of claim 11, wherein the web session attributes comprise a combination of at least browser information, standard HTTP headers, browser plugin list, browser flash font list, browser time zone, HMTL storage support, HTML local storage, and HMTL session storage.
  - 14. The content access server of claim 11,wherein the authentication server is configured to receive a request from the client device to access encrypted media content stored at a media content server, the encrypted media content encrypted with the public and private key pair associated with the identity assigned to the user a group identity assigned to the user, the request identifying the encrypted media content and the certificate;
    - wherein the content access server further comprises;
      
      a license server configured to validate the request based on a verification of a signature of the certificate and a confirmed identity contained in the certificate, to retrieve a shared key associated with the encrypted media content identified in the request, to communicate the shared key to the browser extension of the browser of the client device and to an active key cache of the media content server, to encrypt license information with public key, the license information comprising at least one of the shared key, a URL identifier for use in accessing the encrypted media content, to sign the license information with the private key, and to communicate the license information to the browser extension of the web browser of the client device.
  - 15. The content access server of claim 14, wherein the browser extension is configured to:
    - validate the signature of the license server and decrypts the license information; and
      
      communicate the identifier for the encrypted media content to the browser.
  - 16. The content access server of claim 15, wherein the browser extension is configured to:
    - communicate with the media content server;
      
      receive a content frame of the encrypted media content encrypted with the shared key;
      
      decrypts the content frame; and
      
      render and display the content frame in the browser.
  - 17. The content access server of claim 14, wherein the browser extension is configured to delete the shared key at the client device after the encrypted media content has been displayed.
  - 18. The content access server of claim 14, wherein the media content server is configured to:
    - identify the encrypted media content stored at the media server and accessible by the user based on an access privilege configuration of the user, the access privilege configuration provided by an enterprise server; and
      
      provide the identified encrypted media content to the client device.
  - 19. The content access server of claim 18, wherein the media content server is configured to:
    - receiving unencrypted media content at the media content server;
      
      encrypting the unencrypted media content with a set of storage keys associated with the user or a group the user is a member of; and
      
      storing the encrypted media content and associated keys in the media content server.

20. A non-transitory machine-readable storage medium comprising instructions that, when executed by one or more processors of a machine, cause the machine to perform operations comprising:
- receiving, at an authentication server, authentication credentials from a browser of a client device;
  
  authenticating a user of the client device based on the authentication credentials;
  
  assigning an identity to the authenticated user based on a media licensing service and mapping the assigned identity to the authenticated user;
  
  communicating, via a webservice, the identity to a key server, the key server generating a public and private key pair, a name of a certificate for the public key mapped to the identity assigned to the authenticated user;
  
  forming, at the key server, a hash based on web session attributes of the browser of the client device, the web session attributes comprising HMTL parameters for the browser requesting a certificate;
  
  encrypting the public and private key pair with the hash; and
  
  communicating the encrypted key pair to a browser extension of the browser of the client device, the browser extension configured to form the same hash to decrypt the encrypted key pair, to store the certificate at the client device, and to decrypt the encrypted key pair using the hash.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Garret Grajek
Original Assignee
Garret Grajek
Inventors
Grajek, Garret

Granted Patent

US 9,742,570 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3268   using certificate validatio...

SECURING MULTIMEDIA CONTENT VIA CERTIFICATE-ISSUING CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING MULTIMEDIA CONTENT VIA CERTIFICATE-ISSUING CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links