Content distribution and aggregation

US 8,935,532 B2
Filed: 10/21/2011
Issued: 01/13/2015
Est. Priority Date: 10/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a license number associated with a client device;

retrieving a hardware fingerprint associated with the client device based on the license number, the hardware fingerprint being a unique identifier associated with the client device that indicates that the client device includes an installed client renderer;

determining that the client device is registered with a secure publishing system based on one or more of the hardware fingerprint and the license number;

retrieving content which is configured for consumption based a first policy that indicates to the client renderer that the client device must maintain a tethered connection in order to consume the content;

encrypting the content with a media key to generate encrypted content, the encrypted content being encrypted using a single type of encryption and including a first sub-container and a second sub-container that are included in a same media stream, the different sub-containers corresponding to different portions of the content and the first policy configured to apply to the first sub-container and the second policy configured to apply to the second sub-container;

and providing the encrypted content to the client device associated with a private key and a public key, wherein the private key is encrypted based on the hardware fingerprint of the client device and the private key is stored at the client device;

encrypting the media key with the public key;

providing the encrypted media key to the client device;

wherein the private key is stored on the client device as an obfuscated private key and the client device is configured to;

rearrange the bits of the obfuscated private key in memory of the client device to generate the private key without ever saving the private key in the clear in non-volatile storage of the client device;

decrypt the encrypted media key using the private key;

decrypt the encrypted content using the decrypted media key; and

render the decrypted content on the client device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a method for secure publication of content is described. The method may include encrypting content with a media key. The method may also include providing the encrypted content to a client device associated with a private key and a public key. The private key may be stored at the client device. The method may also include encrypting the media key with the public key. The method may also include providing the encrypted media key to the client device.

61 Citations

View as Search Results

19 Claims

1. A method comprising:
- receiving a license number associated with a client device;
  
  retrieving a hardware fingerprint associated with the client device based on the license number, the hardware fingerprint being a unique identifier associated with the client device that indicates that the client device includes an installed client renderer;
  
  determining that the client device is registered with a secure publishing system based on one or more of the hardware fingerprint and the license number;
  
  retrieving content which is configured for consumption based a first policy that indicates to the client renderer that the client device must maintain a tethered connection in order to consume the content;
  
  encrypting the content with a media key to generate encrypted content, the encrypted content being encrypted using a single type of encryption and including a first sub-container and a second sub-container that are included in a same media stream, the different sub-containers corresponding to different portions of the content and the first policy configured to apply to the first sub-container and the second policy configured to apply to the second sub-container;
  
  and providing the encrypted content to the client device associated with a private key and a public key, wherein the private key is encrypted based on the hardware fingerprint of the client device and the private key is stored at the client device;
  
  encrypting the media key with the public key;
  
  providing the encrypted media key to the client device;
  
  wherein the private key is stored on the client device as an obfuscated private key and the client device is configured to;
  
  rearrange the bits of the obfuscated private key in memory of the client device to generate the private key without ever saving the private key in the clear in non-volatile storage of the client device;
  
  decrypt the encrypted media key using the private key;
  
  decrypt the encrypted content using the decrypted media key; and
  
  render the decrypted content on the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - prior to encrypting the content, transcoding the content into a plurality of formats, each format including a different version of the content, wherein the encrypted content includes an encrypted version of the content in a particular format;
      
      generating a first data stream including the encrypted content and a locator for the encrypted content;
      
      generating a second data stream including the media key and the locator of the content.
  - 3. The method of claim 2, wherein the second data stream further includes the different policies and each of the different policies controls consumption of the content by the client device.
  - 4. The method of claim 3, wherein each of the different policies specifies at least one of:
    - a consumption period having a predetermined length, starting when the content is first accessed on the client device;
      
      a consumption period starting at a first date and time and lasting until a second date and time;
      
      consumption of the content being contingent on other first content being previously accessed on the client device;
      
      consumption of the content being contingent on other second content not being previously accessed on the client device;
      
      orconsumption of the content up to N times, where N is defined and specified by the publisher.
  - 5. The method of claim 2, wherein:
    - providing the encrypted content to the client device includes a publisher server providing the first data stream to the client device; and
      
      providing the encrypted media key to the client device includes providing the second data stream to a business server configured to provide the second data stream to the client device.
  - 6. The method of claim 5, wherein the business server provides the second data stream to the client device in response to receiving a request including the locator included in the first data stream and the license number associated with the client device.
  - 7. The method of claim 6, wherein the license number is a unique identifier assigned to the client device.
  - 8. The method of claim 1, wherein the private key is stored on the client device in an encrypted format and the client device is configured to:
    - decrypt the encrypted private key at the client device using a key derived from a the hardware fingerprint of the client device;
      
      decrypt the encrypted media key using the decrypted private key;
      
      decrypt the encrypted content using the decrypted media key; and
      
      render the decrypted content on the client device.
  - 9. The method of claim 1, further comprising watermarking the content with a unique identifier associated with the client device prior to encryption.
  - 10. The method of claim 1, wherein the encrypted content and encrypted media key are provided to the client device over a communication network, the client device being intermittently connected to the communication network.
  - 11. The method of claim 10, further comprising receiving the content from a publisher intermittently connected to the communication network.
  - 12. The method of claim 11, further comprising aggregating data from the client device and providing the aggregated data to the publisher.
  - 13. The method of claim 12, further comprising:
    - receiving aggregated content from the publisher, the aggregated content being derived from the aggregated data collected by the client device and one or more other client devices;
      
      encrypting the aggregated content with the media key; and
      
      providing the encrypted aggregated content to one or more client devices.
  - 14. The method of claim 13, wherein the aggregated content is derived from the aggregated data by the publisher filtering, formatting, and/or processing the aggregated data.
  - 15. The method of claim 11, wherein the publisher administers the different policies for the content and other content when connected to the communication network.
  - 16. The method of claim 15, wherein, after downloading the different policies to the client device, permissions associated with the one or more policies are enforceable during offline content playback by software on the client device.
  - 17. The method of claim 1, wherein each of the sub-containers corresponds to a different specific portion of the content such that different specific portions of the content are independently licensable to the client device.

18. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receive a license number associated with a client device;
  
  retrieve a hardware fingerprint associated with the client device based on the license number, the hardware fingerprint being a unique identifier generated based on two or more hardware elements of the client device and indicating that the client device includes an installed client renderer;
  
  determine that the client device is registered with a secure publishing system based on one or more of the hardware fingerprint and the license number;
  
  retrieving content which is configured for consumption based a first policy that indicates to the client renderer that the client device must maintain a tethered connection in order to consume the content;
  
  encrypt the content with a media key to generate encrypted content, the encrypted content being encrypted using a single type of encryption and including a first sub-container and a second sub-container corresponding to different portions of the content that are included in a same media stream, the different sub-containers corresponding to different portions of the content and the first policy configured to apply to the first sub-container and the second policy configured to apply to the second sub-container;
  
  provide the encrypted content to a client device associated with a private key and a public key, wherein the private key is encrypted based on the hardware fingerprint of the client device and the private key stored at the client device;
  
  encrypt the media key with the public key;
  
  provide the encrypted media key to the client device;
  
  wherein the private key is stored on the client device as an obfuscated private key and the client device is configured to;
  
  rearrange the bits of the obfuscated private key in memory of the client device to generate the private key without ever saving the private key in the clear in non-volatile storage of the client device;
  
  decrypt the encrypted media key using the private key;
  
  decrypt the encrypted content using the decrypted media key; and
  
  render the decrypted content on the client device.

19. A system comprising:
- a processor; and
  
  a memory storing instructions that, when executed, cause the system to;
  
  receive a license number associated with a client device;
  
  retrieve a hardware fingerprint associated with the client device based on the license number, the hardware fingerprint being derived from a hardware token associated with the client device that indicates that the client device includes an installed client renderer;
  
  determine that the client device is registered with a secure publishing system based on one or more of the hardware fingerprint and the license number;
  
  retrieving content which is configured for consumption based a first policy that indicates to the client renderer that the client device must maintain a tethered connection in order to consume the content;
  
  encrypt the content with a media key to generate encrypted content, the encrypted content being encrypted using a single type of encryption and including a first sub-container and a second sub-container corresponding to different portions of the content that are included in a same media stream, the different sub-containers corresponding to different portions of the content and the first policy configured to apply to the first sub-container and the second policy configured to apply to the second sub-container;
  
  provide the encrypted content to a client device associated with a private key and a public key, wherein the private key is encrypted based on the hardware fingerprint of the client device and the private key stored at the client device;
  
  encrypt the media key with the public key;
  
  provide the encrypted media key to the client device;
  
  wherein the private key is stored on the client device as an obfuscated private key and the client device is configured to;
  
  rearrange the bits of the obfuscated private key in memory of the client device to generate the private key without ever saving the private key in the clear in non-volatile storage of the client device;
  
  decrypt the encrypted media key using the private key;
  
  decrypt the encrypted content using the decrypted media key; and
  
  render the decrypted content on the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qumu Corp.
Original Assignee
Qumu Corp.
Inventors
Mittal, Samir, Mathur, Priyadarshee Deeptarag, Johnson, Robert William, Wells, Christopher Ashley
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US13/279,016
Publication Number

US 20120102329A1
Time in Patent Office

1,180 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G11B 20/00137   involving measures which re...

G11B 20/00188   involving measures which re...

G11B 20/00224   wherein the key is obtained...

G11B 20/00688   said measures preventing th...

G11B 20/00695   said measures preventing th...

G11B 20/0071   involving a purchase action

G11B 20/00804   wherein the usage restricti...

G11B 20/0084   wherein the usage restricti...

G11B 20/00862   wherein the remote server c...

G11B 20/00869   wherein the remote server c...

H04L 2463/101   applying security measures ...

H04L 63/06   for supporting key manageme...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 65/764   at the destination reforma...

H04L 9/3247   involving digital signatures

Content distribution and aggregation

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Content distribution and aggregation

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links