Secure authorization for accessing content on a shareable device

US 9,323,916 B1
Filed: 02/14/2013
Issued: 04/26/2016
Est. Priority Date: 02/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method of securely authorizing access to media content, comprising:

receiving, from a first device, a first identification of a second device and a request to authorize access to the media content by the second device;

verifying a user account associated with the first device;

generating a token in a manner that prevents authentication information of a user of the first device from being derived from the token, the token being a randomly generated or arbitrary value;

associating the token with the first identification received from the first device;

sending the token to the first device, the token to be sent from the first device to the second device;

receiving, from the second device, the token and a second identification of the second device;

authenticating the second device based on comparing the second identification received from the second device to the first identification associated with the received token; and

authorizing access to the media content by the second device based on saidauthenticating and while the second device is associated with a user account different from the user account associated with the first device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a process for securely authorizing access to media content from a first device to a second device. Access to content may be authorized by performing authentication from the first device. Information used for authentication (e.g. login information) is not shared with the second device. Instead, a token may be used to authenticate the second device. The authorization process may be done in a secure manner by sharing only the generated token with the second device. Authentication information may not be derived from the token, and accordingly, even if the second device is not secure or the token is exposed, authentication information remains secure.

67 Citations

View as Search Results

20 Claims

1. A method of securely authorizing access to media content, comprising:
- receiving, from a first device, a first identification of a second device and a request to authorize access to the media content by the second device;
  
  verifying a user account associated with the first device;
  
  generating a token in a manner that prevents authentication information of a user of the first device from being derived from the token, the token being a randomly generated or arbitrary value;
  
  associating the token with the first identification received from the first device;
  
  sending the token to the first device, the token to be sent from the first device to the second device;
  
  receiving, from the second device, the token and a second identification of the second device;
  
  authenticating the second device based on comparing the second identification received from the second device to the first identification associated with the received token; and
  
  authorizing access to the media content by the second device based on saidauthenticating and while the second device is associated with a user account different from the user account associated with the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said verifying further includes verifying payment information associated with the user account associated with the first device.
  - 3. The method of claim 1, wherein the second device is paired with the first device through a local wireless connection.
  - 4. The method of claim 1, further comprising disabling access to the media content by the first device upon said authorizing the second device.
  - 5. The method of claim 1, wherein said authorizing access by the second device includes providing the second device with a license required to access the media content.
  - 6. The method of claim 1, wherein said authorizing access by the second device includes providing the second device with a key required to decrypt the media content and wherein the media content comprises a video.
  - 7. The method of claim 1, wherein the token comprises an arbitrary value.
  - 8. The method of claim 1, wherein the method is performed within a Content Distribution Network (CDN).

9. A method of securely authorizing access to media content, comprising:
- receiving, from a first device, a request to access the media content;
  
  authorizing access to the media content by the first device based on information received from the first device;
  
  receiving, from the first device, a first identification of a second device and a request to delegate access to the authorized media content to the second device;
  
  generating a token in a manner that prevents authentication information of a user of the first device from being derived from the token, the token being a randomly generated or arbitrary value;
  
  associating the token with the first identification received from the first device;
  
  sending the token to the first device, the token to be sent from the first device to the second device;
  
  receiving, from the second device, the token and a second identification of the second device;
  
  authenticating the second device based on comparing the second identification received from the second device to the first identification associated with the received token; and
  
  delegating access to the authorized media content to the second device based on said authenticating and while the second device is associated with a user account different from a user account associated with the first device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein said authorizing access to the media content by the first device further includes verifying the user account associated with the first device.
  - 11. The method of claim 10, wherein said authorizing access to the media content by the first device further includes verifying payment information of the user account associated with the first device.
  - 12. The method of claim 9, wherein the second device is paired with the first device through a local wireless connection.
  - 13. The method of claim 9, wherein said authorizing access to the media content by the first device includes authenticating the first device.
  - 14. The method of claim 9, further comprising disabling access to the media content by the first device upon said delegating access to the second device.
  - 15. The method of claim 9, wherein the token comprises an arbitrary value.
  - 16. The method of claim 9, wherein the method is performed within a Content Distribution Network (CDN).

17. A system for securely authorizing access to media content, comprising a first server, the first server comprising:
- communications circuitry configured to connect to a first device and a second device; and
  
  a processor configured to;
  
  receive, from the first device, a first identification of the second device and a request to authorize access to the media content by the second device;
  
  verify a user account associated with the first device;
  
  generate a token in a manner that prevents authentication information of a user of the first device from being derived from the token, the token being a randomly generated or arbitrary value;
  
  associate the token with the first identification received from the first device;
  
  send the token to the first device, the token to be sent from the first device to the second device;
  
  receive, from the second device, the token and a second identification of the second device;
  
  authenticate the second device based on comparing the second identification received from the second device to the first identification associated with the received token; and
  
  authorize access to the media content by the second device based on authentication of the second device and while the second device is associated with a user account different from the user account associated with the first device.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the second device comprises:
    - communications circuitry configured to connect to the first device and the first server; and
      
      a processor configured to;
      
      connect the second device to the first device through a local wireless connection;
      
      share identification information with the first device through the local wireless connection;
      
      receive, from the first device, the token;
      
      send the token and the second identification of the second device to the first server; and
      
      access the media content upon the first server authorizing access to the media content by the second device.
  - 19. The system of claim 17, wherein the processor of the first server is further configured to provide the second device with a license required to access the media content and wherein the processor of the second device is further configured to play the media content using the provided license.

20. A system for securely delegating access to media content, comprising a first server, the first server comprising:
- communications circuitry configured to connect to a first device and a second device; and
  
  a processor configured to;
  
  receive, from the first device, a request to access the media content;
  
  authorize access to the media content by the first device based on information received from the first device;
  
  receive, from the first device, a first identification of the second device and a request to delegate access to the authorized media content to the second device;
  
  generate a token in a manner that prevents authentication information of a user of the first device from being derived from the token, the token being a randomly generated or arbitrary value;
  
  associate the token with the first identification received from the first device;
  
  send the token to the first device, the token to be sent from the first device to the second device;
  
  receive, from the second device, the token and a second identification of the second device;
  
  authenticate the second device based on comparing the second identification received from the second device to the first identification associated with the received token; and
  
  delegate access to the authorized media content to the second device based on authentication of the second device and while the second device is associated with a user account different from a user account associated with the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Catania, Nicolas, Condra, Curtis Gerald, Wu, Huahui
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US13/766,822
Time in Patent Office

1,167 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

Secure authorization for accessing content on a shareable device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authorization for accessing content on a shareable device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links