Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: Display bar assembly for merchandising displays
Patent Number: 7,438,268 Issued on 10/21/2008 to Kologe

Title: Paint bucket ladder hook with closed grip design handle
Patent Number: 7,438,267 Issued on 10/21/2008 to Bardill,   et al.

Title: Stackable instrument stadium hardware stand
Patent Number: 7,438,266 Issued on 10/21/2008 to May

Title: Single and double electrical cable holder strip
Patent Number: 7,438,265 Issued on 10/21/2008 to Urzua

Title: Method and associated apparatus for capturing, servicing and de-orbiting earth satellites using robotics
Patent Number: 7,438,264 Issued on 10/21/2008 to Cepollina,   et al.

Title: Optimal aircraft window shape for noise control
Patent Number: 7,438,263 Issued on 10/21/2008 to Rassaian,   et al.

Title: Redundant gas turbine engine mounting arrangement
Patent Number: 7,438,262 Issued on 10/21/2008 to Chamberlain

Title: Stratospheric balloon utilizing electrostatic inflation of walls
Patent Number: 7,438,261 Issued on 10/21/2008 to Porter

Title: Vertical take-off aircraft--C
Patent Number: 7,438,260 Issued on 10/21/2008 to Kusic

Title: Compound aircraft control system and method
Patent Number: 7,438,259 Issued on 10/21/2008 to Piasecki,   et al.

Title: Reel device for winding an electrical cable thereon
Patent Number: 7,438,258 Issued on 10/21/2008 to Chen

Title: Toilet paper dispenser
Patent Number: 7,438,257 Issued on 10/21/2008 to Kennard

Title: Rolled product dispenser
Patent Number: 7,438,256 Issued on 10/21/2008 to Nip,   et al.

Title: Suspended toilet tissue roll holder with auxiliary toilet tissue
Patent Number: 7,438,255 Issued on 10/21/2008 to Burnett

Title: Wind-off device
Patent Number: 7,438,254 Issued on 10/21/2008 to Oettershagen

Title: Spool support system
Patent Number: 7,438,253 Issued on 10/21/2008 to Schunck

Title: Winding device
Patent Number: 7,438,252 Issued on 10/21/2008 to Kusel

Title: Web tensioning device with plural control inputs
Patent Number: 7,438,251 Issued on 10/21/2008 to St. Germain,   et al.

Title: Low entry hose reel device with elevated point of operation
Patent Number: 7,438,250 Issued on 10/21/2008 to Anderson,   et al.

Title: Recording medium cartridge and fabrication method thereof
Patent Number: 7,438,249 Issued on 10/21/2008 to Hiraguchi

Title: Modularized fishing reel spool
Patent Number: 7,438,248 Issued on 10/21/2008 to Tao

Title: Grinding rollers for a vertical crusher
Patent Number: 7,438,247 Issued on 10/21/2008 to Leclercq

Title: Casting runner crushing device
Patent Number: 7,438,246 Issued on 10/21/2008 to Saito

Title: Milling and classifying apparatus, collision mill, air classifier, toner, and method for producing toner
Patent Number: 7,438,245 Issued on 10/21/2008 to Kawamoto,   et al.

Title: Method and apparatus for separation and recycling plastic
Patent Number: 7,438,244 Issued on 10/21/2008 to Rozema,   et al.

Title: Tie-down anchor for a self-propelled irrigation system
Patent Number: 7,438,243 Issued on 10/21/2008 to Erickson

Title: Electromagnetically actuated fuel injector
Patent Number: 7,438,242 Issued on 10/21/2008 to Ciampolini

Title: Low pressure fuel injector nozzle
Patent Number: 7,438,241 Issued on 10/21/2008 to Goenka,   et al.

Title: Hand-held sprayer for hose rollers
Patent Number: 7,438,240 Issued on 10/21/2008 to Rabe

Title: Fire fighting piercing nozzle device
Patent Number: 7,438,239 Issued on 10/21/2008 to Woodson

Title: Gaseous fuel injector
Patent Number: 7,438,238 Issued on 10/21/2008 to Date,   et al.

Title: Method for identification and authenticating without specific reader an identifier
Patent Number: 7,438,237 Issued on 10/21/2008 to Bourrieres,   et al.

Title: Contactless activation systems and methods
Patent Number: 7,438,236 Issued on 10/21/2008 to Top

Title: Non-contact information medium and communication system using non-contact information medium
Patent Number: 7,438,235 Issued on 10/21/2008 to Miura,   et al.

Title: System for biometric security using a smartcard
Patent Number: 7,438,234 Issued on 10/21/2008 to Bonalle,   et al.

Title: Blinded electronic medical records
Patent Number: 7,438,233 Issued on 10/21/2008 to Leiper

Title: Two-dimensional code and information processing method
Patent Number: 7,438,232 Issued on 10/21/2008 to Uchiyama

Title: Method for detecting forged barcodes
Patent Number: 7,438,231 Issued on 10/21/2008 to Cordery,   et al.

Title: Image processing apparatus, image processing method, and image processing program
Patent Number: 7,438,230 Issued on 10/21/2008 to Saijo,   et al.

Title: Combined magnetic shield member and pressure pad for a magnetic reader
Patent Number: 7,438,229 Issued on 10/21/2008 to Harris,   et al.

Title: Systems and methods for managing electronic prescriptions
Patent Number: 7,438,228 Issued on 10/21/2008 to Robertson,   et al.

Title: System and method to determine the prices and order quantities that maximize a retailer's total profit
Patent Number: 7,438,227 Issued on 10/21/2008 to Keser,   et al.

Title: Fraud risk advisor
Patent Number: 7,438,226 Issued on 10/21/2008 to Helsper,   et al.

Title: Biometric authentication device and method
Patent Number: 7,438,225 Issued on 10/21/2008 to Schneider,   et al.

Title: Transaction card with stake
Patent Number: 7,438,224 Issued on 10/21/2008 to Jensen,   et al.

Title: Rechargeable smart card blood pressure recording method and apparatus
Patent Number: 7,438,223 Issued on 10/21/2008 to Sarkis,   et al.

Title: Card reading arrangement including robotic card handling responsive to card sensing
Patent Number: 7,438,222 Issued on 10/21/2008 to Green,   et al.

Title: Automated banking machine currency cassette with RFID tag
Patent Number: 7,438,221 Issued on 10/21/2008 to Washington,   et al.

Title: Automated banking machine including deposit storage chest and card reader cooling device
Patent Number: 7,438,220 Issued on 10/21/2008 to Magee,   et al.

Title: Check accepting and cash dispensing automated banking machine system and method
Patent Number: 7,438,219 Issued on 10/21/2008 to Crews,   et al.

Title: Systems and methods for pharmacy reimbursement claim resubmission
Patent Number: 7,438,218 Issued on 10/21/2008 to Dooley,   et al.

Title: System and method for configuring a computing device
Patent Number: 7,438,217 Issued on 10/21/2008 to Bhella,   et al.

Title: Medical information access and processing system
Patent Number: 7,438,216 Issued on 10/21/2008 to Ambekar,   et al.

Title: Printing location-based information using a mobile device
Patent Number: 7,438,215 Issued on 10/21/2008 to Silverbrook,   et al.

Title: Mailbox post bracket
Patent Number: 7,438,214 Issued on 10/21/2008 to Riker,   et al.

Title: Voting ballot envelope
Patent Number: 7,438,213 Issued on 10/21/2008 to Ackley,   et al.

Title: Container
Patent Number: 7,438,212 Issued on 10/21/2008 to Barthel,   et al.

Title: Retractable and extendable material loader apparatus for directing material onto a conveyor
Patent Number: 7,438,171 Issued on 10/21/2008 to Clark,   et al.

Title: Coupling device and improved method of assembly thereof
Patent Number: 7,438,167 Issued on 10/21/2008 to Morgensai,   et al.

Title: Flywheel assembly
Patent Number: 7,438,166 Issued on 10/21/2008 to Tsuruta,   et al.

Title: Quick release removable bridge caliper
Patent Number: 7,438,161 Issued on 10/21/2008 to Burgoon,   et al.

Title: Diaphragm, spherical-shell diaphragm and electroacoustic transducer, and method of manufacturing electroacoustic transducer
Patent Number: 7,438,156 Issued on 10/21/2008 to Inagaki,   et al.

Title: Axial heat exchanger
Patent Number: 7,438,122 Issued on 10/21/2008 to Hawranek

Title: Heat exchanger and method for manufacturing the same
Patent Number: 7,438,121 Issued on 10/21/2008 to Minami,   et al.

Title: Cylinder block casting bulkhead window formation
Patent Number: 7,438,117 Issued on 10/21/2008 to Douro,   et al.

Title: Aligning-positioning mechanism and aligning-positioning method
Patent Number: 7,438,116 Issued on 10/21/2008 to Tsuji

Title: Attachment of an architectural covering
Patent Number: 7,438,115 Issued on 10/21/2008 to Bohlen

Title: Tire mounting apparatus
Patent Number: 7,438,110 Issued on 10/21/2008 to Kim

Title: Separating and transporting flexible two-dimensional (sheet-like) products
Patent Number: 7,438,108 Issued on 10/21/2008 to Hansch

Title: Method and device for attaching a supplementary product that is at least approximately flat to a side of a printed product
Patent Number: 7,438,107 Issued on 10/21/2008 to Kost

Title: Production of shaped rubber body
Patent Number: 7,438,106 Issued on 10/21/2008 to Ogawa

Title: Method for serial production of secure documents and machine therefor
Patent Number: 7,438,105 Issued on 10/21/2008 to Guionnet,   et al.

Title: Radial tire
Patent Number: 7,438,104 Issued on 10/21/2008 to Morii,   et al.

Title: Pneumatic tire with side reinforcement rubber layer and tread reinforcement rubber layer
Patent Number: 7,438,103 Issued on 10/21/2008 to Akiyama

Title: Pneumatic tire with specified bead portion profile
Patent Number: 7,438,102 Issued on 10/21/2008 to Yoshinaka

Asynchronous communication within a server arrangement Number:7,171,692 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Greek, Cypriot Leaders Resume Unification Talks in Nicosia by Nathan Morley
     Indonesia Tobacco Sales Grow, Raising Health Fears
     South Korea Allows Top Defector to Travel Overseas by VOA News

Title: Asynchronous communication within a server arrangement

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items.

Patent Number: 7,171,692 Issued on 01/30/2007 to DeMello,   et al.

Inventors: DeMello; Marco A. (Redmond, WA), Zeman; Pavel (Makawao, HI), Krishnaswamy; Vinay (Woodinville, WA), Malik; Prashant (Bellevue, WA), Hughes; Kathryn E. (Redmond, WA), Byrum; Frank D. (Seattle, WA)
Assignee: Microsoft Corporation (Redmond, WA)
Appl. No.: 09/604,939
Filed: June 27, 2000

Current U.S. Class: 726/26 ; 709/203; 719/313; 719/315
Current International Class: H04L 9/00 (20060101); G06F 15/16 (20060101); G06F 3/00 (20060101); H04L 9/32 (20060101)
Field of Search: 709/101,203,316 719/313,314-316 713/201 726/3,26

References Cited [Referenced By]
U.S. Patent Documents
4405829 September 1983 Rivest et al.
4688169 August 1987 Joshi
4827508 May 1989 Shear
4924378 May 1990 Hershey et al.
4977594 December 1990 Shear
5050213 September 1991 Shear
5191573 March 1993 Hair
5222134 June 1993 Waite et al.
5359659 October 1994 Rosenthal
5410598 April 1995 Shear
5509070 April 1996 Schull
5530235 June 1996 Stefik et al.
5625693 April 1997 Rohatgi et al.
5629980 May 1997 Stefik et al.
5634012 May 1997 Stefik et al.
5638443 June 1997 Stefik et al.
5654746 August 1997 McMullan, Jr. et al.
5666411 September 1997 McCarty
5675734 October 1997 Hair
5708780 January 1998 Levergood et al.
5715403 February 1998 Stefik
5724425 March 1998 Chang et al.
5734823 March 1998 Saigh et al.
5734891 March 1998 Saigh
5742677 April 1998 Pinder et al.
5765152 June 1998 Erickson
5784609 July 1998 Kurihara
5809145 September 1998 Slik et al.
5845281 December 1998 Benson et al.
5883955 March 1999 Ronning
5892900 April 1999 Ginter et al.
5910987 June 1999 Ginter et al.
5915019 June 1999 Ginter et al.
5917912 June 1999 Ginter et al.
5920861 July 1999 Hall et al.
5933498 August 1999 Schneck et al.
5940504 August 1999 Griswold
5943422 August 1999 Van Wie et al.
5949876 September 1999 Ginter et al.
5970475 October 1999 Barnes et al.
5982891 November 1999 Ginter et al.
5983273 November 1999 White et al.
5991399 November 1999 Graunke et al.
5991402 November 1999 Jia et al.
5999622 December 1999 Yasukawa et al.
6006332 December 1999 Rabne et al.
6021492 February 2000 May
6029046 February 2000 Khan et al.
6035403 March 2000 Subbiah et al.
6049612 April 2000 Fielder et al.
6067582 May 2000 Smith et al.
6088717 July 2000 Reed et al.
6199053 March 2001 Herbert et al.
6226618 May 2001 Downs et al.
6298446 October 2001 Schreiber et al.
6331865 December 2001 Sachs et al.
6385596 May 2002 Wiser et al.
6425017 July 2002 Dievendorff et al.
6442687 August 2002 Savage
6449645 September 2002 Nash
6513117 January 2003 Tarpenning et al.
6606604 August 2003 Dutta
6629138 September 2003 Lambert et al.
6718361 April 2004 Basani et al.
6892306 May 2005 En-Seung et al.
2001/0011238 August 2001 Eberhard et al.
2002/0002611 January 2002 Vange
2002/0069265 June 2002 Bountour et al.
Foreign Patent Documents
0 778 512 Jun., 1997 EP
0 795 809 Sep., 1997 EP
0 843 449 May., 1998 EP
WO 96/24092 Aug., 1996 WO
WO 96/42041 Dec., 1996 WO
WO 98/44402 Oct., 1998 WO
WO 98/45768 Oct., 1998 WO
WO 98/58306 Dec., 1998 WO
WO 99/01815 Jan., 1999 WO
WO 99/26123 May., 1999 WO
WO 99/45491 Sep., 1999 WO
WO 99/55055 Dec., 1999 WO
WO 99/63416 Dec., 1999 WO
WO 00/08909 Feb., 2000 WO
WO 00/21239 Apr., 2000 WO
WO 00/75760 Dec., 2000 WO

Other References

Flexible Control of Downloaded Executable Content, Trent Jaeger, May 1999, vol. 2 No. 2, p. 177-228. cited by examiner .
Riley, M., et al. (Eds.), "Open eBook.TM. Publication Structure 1.0," http://www.openebook.org/specification.html, Sep. 16, 2000, 1-77. cited by other .
Shamir, A. et al., "Playing Hide and Seek with Stored Keys", Third International Conference, 1999, franklin, M. (ed), 118-124. cited by othe- r .
Auchsmith, D., "Tamper Resistant Software: An Implementation", first International Workshop, Anderson, Ross (ed., ) 1996, 317-333. cited by other.

Primary Examiner: Thomson; W.
Assistant Examiner: Zhen; Li
Attorney, Agent or Firm: Woodcock Washburn LLP
Claims


What is claimed is:

1. A system for providing a content item, said system comprising: a plurality of download servers, wherein each download server receives a request for said content item, said request comprising encrypted data that represents a public key associated with a user from whom said request is received and an identification of said content item, said request having been generated at a first server with which said user has previously engaged in a transaction to purchase said content item, said encrypted data having been encrypted with a first key, each of said download servers having: a cache which stores said content item; and a first object which receives a first message to invalidate said content item in said cache and which invalidates said content item in said cache in response to receipt of said first message; and a fulfillment server having: a content store which stores said content item; and a first database which stores information relating to said content item; and a second object which receives a notification that said information in said first database has been updated or deleted, and which generates, in response to said notification, said first message for dispatch to said plurality of download servers, said first server being separate from said plurality of download servers and from said fulfillment server, said first key being known to said first server and to said plurality of download servers but not to said user, each of said plurality of download servers comprising logic that applies said first key to said encrypted data to retrieve said identification of said content item and said first key, and that uses said public key to encrypt a second key that is used to decrypt said content item, said content item being provided to said user in a form encrypted with said second key and including said second key in a form encrypted by said public key.

2. The system of claim 1, wherein said fulfillment server further includes a second database which stores a log of events occurring on said plurality of download servers, wherein each of said plurality of download servers generates a second message for dispatch to said fulfillment server in response to said events, and wherein said second object receives said second message and logs said events in said second database.

3. The system of claim 1, wherein said events include the downloading of said content item to said user who is a purchaser of said content item, said user having engaged in a purchase transaction with said first server, said first server including functionality to determine whether to generate said request or not to generate said request depending on whether the user has completed said purchase transaction.

4. The system of claim 1, wherein said content item is sold by a retailer for download by one of said plurality of download servers, and wherein said first database further stores information relating to said retailer.

5. The system of claim 4, wherein said plurality of download servers is hosted by said retailer.

6. The system of claim 1, wherein said user has previously obtained said public key by engaging in a transaction with a second server that distributes and installs public keys and their corresponding private keys on machines, said second server comprising logic that performs acts comprising: maintaining an association between said user, said public key, and a private key associated with said public key; receiving a request to install said public key and said private key on a machine; authenticating the user from whom the request is received as a condition to installing said public key and said private key on said machine; determining that a limit on the number of machines on which said user's public key and private key may be installed has not been exceeded as a further condition to installing said public key and said private key on said machine; and installing said public key and said private key on said machine by delivering a certificate that includes said public key and said private key with at least said private key being encrypted by a platform public key that is associated with, and relatively unique to, said machine.

7. The system of claim 1, wherein each of said first and second object is an instance of an MSMQ independent client.

8. A computer-implemented method of using a plurality of servers to distribute a content item, said method comprising the acts of: receiving, at a first of said plurality of servers from a first computing device, a request for said content item, said first server having a first cache; determining that no valid copy of said content item exists in said first cache; obtaining said content item at said first server from a content store; providing said content item to said first computing device; storing said content item in said first cache; receiving, at a fulfillment server, a change to an attribute of said content item, said attribute being stored at said fulfillment server; said fulfillment server sending a notification to said plurality of servers in response to said change; and said first server invalidating said copy of said content item in said first cache in response to said notification, each of said plurality of servers comprising logic that performs acts comprising: receiving, from a user, a request to provide said content item to a user, said request comprising a public key associated with said user and an identification of said content item, said public key and identification being in an form encrypted by a first key that is known to each of said plurality of servers and to a first server at which said request is generated but that is not known to said user, said public key being installed by an activation server on a plurality of machines associated with said user.

9. The computer-implemented method of claim 8, wherein said act of sending a notification comprises using a store-and-forward messaging facility.

10. The computer-implemented method of claim 8, wherein said change comprises a change in a physical location of said content item.

11. The computer-implemented method of claim 8, wherein said activation server enforces a limit as to the number of machines associated with said user on which said public key may be installed, said limit being initially set to a first number, and said limit being increasable beyond said first number if a standard that governs the increase in said limit has been met, said public key being installed on each of said users machines along with a private key corresponding to said public key in a manner so as to make an installation of said private key unusable if said installation of said private key is copied to a machine other than a machine on which said private key has been installed by said activation server.

12. The computer-implemented method of claim 8, wherein said content item comprises: encrypted content; and a first cryptographic key which decrypts said encrypted content.

13. The computer-implemented method of claim 12, wherein said content item further comprises meta-data, wherein said first cryptographic key is sealed with said meta-data.

14. The computer-implemented method of claim 12, wherein said encrypted content is stored in said cache separately from said first cryptographic key.

15. The computer-implemented method of claim 8, wherein said change comprises a change in the meta-data of said content item.

16. A computer-readable medium encoded with computer-executable instructions to perform a method of using a plurality of servers to distribute a content item, the method comprising: receiving, at a first of said plurality of servers from a first computing device, a request for said content item, said request being received from a user and having been generated at a server remote from said user, said request comprising an identification of a content item and a public key associated with said user, said request being in a form encrypted with a first cryptographic key that is known to said plurality of servers and to said server remote from said user, but that is not known to said user, said content item being encrypted in a form that is decryptable with said first cryptographic key, said first cryptographic key being included in said content item in a from encrypted with said public key, said first server having a first cache; determining that no valid copy of said content item exists in said first cache; obtaining said content item at said first server from a content store; providing said content item to said first computing device; storing said content item in said first cache; receiving, at a fulfillment server, a change to an attribute of said content item, said attribute being stored at said fulfillment server; said fulfillment server sending a notification to said plurality of servers in response to said change; and said first server invalidating said copy of said content item in said first cache in response to said notification.

17. The computer-readable medium of claim 16, wherein said act of sending a notification comprises using a store-and-forward messaging facility.

18. The computer-readable medium of claim 16, wherein said change comprises a change in a physical location of said content item.

19. The computer-readable medium of claim 16, wherein said change comprises a change in a level of protection to be applied to said content item.

20. The computer-readable medium of claim 16, wherein said content item comprises: encrypted content; and said first cryptographic key which decrypts said encrypted content.

21. The computer-readable medium of claim 20, wherein said content item further comprises meta-data, wherein said first cryptographic key is sealed with said meta-data.

22. The computer-readable medium of claim 20, wherein said encrypted content is stored in said cache separately from said first cryptographic key.

23. The computer-readable medium of claim 16, wherein said change comprises a change in the meta-data of said content item.
Description


REFERENCE TO COMPUTER PROGRAM LISTING APPENDIX

This application includes a computer program listing appendix on compact disc. There is one compact disc submitted in duplicate. The compact disc includes a single file named "appendix.txt," created Jun. 28, 2004. The size of the file is 7 kilobytes. The contents of the computer program listing appendix are hereby incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates generally to the field of computing, and more particularly to asynchronous communication within a server arrangement, particularly within a digital rights management architecture.

BACKGROUND OF THE INVENTION

As the availability and use of computers and palm-sized electronic devices has increased, it has become common for documents to be transmitted and viewed electronically. With improving communication over infrastructures such as the Internet, there is a tremendous drive to provide enhanced services and content to the devices. Examples of services and content that may be provided are authored works, such as books or other textual material. Electronic distribution of text documents is both faster and cheaper than conventional distribution of paper copies. The same principle applies to non-textual content, such as audio and video: electronic distribution of such content is generally faster and cheaper than the delivery of such content on conventional media (e.g., magnetic tape or optical disk). However, the low cost and instantaneity of electronic distribution, in combination with the ease of copying electronic content, is at odds with the goal of controlled distribution in a manner that protects the rights of the owners of the distributed works.

Once an electronic document is transmitted to one party, it may be easily copied and distributed to others without authorization by the owner of rights in the electronic document or, often, without even the owner's knowledge. This type of illicit document distribution may deprive the author or content provider of royalties and/or income. A problem with many present delivery schemes is that they may make no provisions for protecting ownership rights. Other systems attempt to protect ownership rights, but however, are cumbersome and inflexible and make the viewing/reading of the authored works (or otherwise rendering the authored works, in the case of non-text content such as music, video, etc.) difficult for the purchaser.

Thus, in view of the above, there is a need for an improved digital rights management system that allows of delivery of electronic works to purchasers in a manner that protects ownership rights, while also being flexible and easy to use. There is also a need for the system that provides flexible levels of security protection and is operable on several client platforms such that electronic content may be viewed/rendered by its purchaser on each platform. The digital rights management system of the present invention advantageously provides solutions to the above problems which protect the intellectual property rights of content owners and allow for authors or other content owners to be compensated for their creative efforts, while ensuring that purchasers are not over-burdened by the protection mechanism.

SUMMARY OF THE INVENTION

A server architecture is provided which supports the distribution of protected content in a digital rights management ("DRM") system. The architecture includes an activation server arrangement, and a distribution server arrangement. The architecture includes various security features that guard against unauthorized distribution or use of protected content, as well as software components that implement the security features.

In accordance with the architecture provided, content may be protected at a plurality of levels, including: no protection, source sealed, individually sealed (or "inscribed"), source signed, and fully individualized (or "owner exclusive"). "No protection" content is distributed in an unencrypted format. "Source sealed" and "individually sealed" content is encrypted and bundled with an encryption key that is cryptographically sealed with certain rights-management data associated with the content, such that the key cannot be retrieved if the rights-management data has been altered. The distinction between "source" and "individual" sealing is that "individually sealed" content includes in the rights-management data information pertinent to the rightful owner (e.g., the owner's name, credit card number, receipt number or transaction ID for the purchase transaction, etc.), such that this information cannot be removed from a working copy of the content, thereby allowing for detection of unauthorized distributors. The particular type of information included is determined by the retailer of the copy. "Signed" content is cryptographically signed in such a way that the rendering application can verify its authenticity, or the authenticity of its distribution channel. "Fully individualized" content is encrypted content provided with a decryption key that has not merely been sealed with the rights-management information, but also encrypted in such a way that it cannot be accessed in the absence of a "secure repository" and "activation certificate," which are issued by the activation server arrangement only to a particular client or set of clients, thereby limiting the use of such content to a finite number of installations.

The activation server arrangement includes one or more server computing devices which "activate" client computing devices by providing code and data to these devices, where the code and data are necessary to access "fully individualized" content on a given client device. In one example, the "data" includes an activation certificate having a public key and an encrypted private key, and the "code" is a program (e.g., a "secure repository") that accesses the private key in the activation certificate by applying, in a secure manner, the key necessary to decrypt the encrypted private key. Preferably, the key pair in the activation certificate is persistently associated with an authenticatable "persona," such that a device can be "activated" to read content that has been individualized for that persona, but not content that has been "fully individualized" for other personas. As used herein, a "persona" is a unique identifier that can be tied to a user and can be securely authenticated by an out-of-band process--e.g., a username and password form on a web browser for use over a secure socket layer (SSL) is an example embodiment of such a process. Moreover, the activation server arrangement preferably provides a given activation certificate (that is, an activation certificate having a particular key pair) only after authenticating credentials (e.g., a username and password) associated with a persona. In accordance with a feature of the invention, the number of devices that a particular persona may activate may be limited by rate and or by number (e.g., five activations within a first 90 day period, followed by an additional activation for every subsequent 90 day period, up to a maximum of ten activations), thereby preventing the unchecked proliferation of devices on which individualized content can be rendered. As one example use of this technique, protected content may be distributed as a file that includes content encrypted with a symmetric key, where the symmetric key itself is provided via a license construct embedded in the file in a form encrypted by the certificate's public key, thus making it necessary to have both the activation certificate and accompanying secure repository prior to interacting with the licensed content.

The distribution server arrangement includes one or more retail servers and one or more fulfillment sites. Retail servers sell protected content (or otherwise enlist users to receive protected content). Fulfillment sites provide the actual content that has been sold by the retail servers. The operator of a retail server may be a different entity from the operator of a fulfillment site, thereby making it possible for a retailer to sell protected content simply by entering into an agreement whereby a fulfillment site will provide content sold by the retailer. This allows the retailer to sell content without investing in the means to store or distribute the content. In one example, the retailer and the fulfillment site agree on a secret (e.g., a cryptographic key), and the retailer equips its server with software that uses the secret to create an encrypted instruction to provide the content to the purchaser. The retailer may then allow the purchaser to "fulfill" his or her purchase by providing an HTTP request to the purchaser (e.g., a POST request rendered as a hyperlink on a "receipt" or "confirmation" web page), where the HTTP request contains the address of the fulfillment site and the encrypted instruction. In the case of content requiring some level of individualization, the encrypted instruction may include the individualization information (e.g., the purchaser's name, or, in the case of "fully individualized" content, the purchaser's activation certificate). The fulfillment site receives the encrypted instruction when the purchaser clicks on the link, and the fulfillment site uses the shared secret to decrypt the instruction and provide the content in accordance therewith. A component object model (COM) object may be provided to the retailer which creates the encrypted instruction.

The fulfillment site may be organized as a fulfillment server plus one or more "download" servers and a content store. The content store stores content to be distributed to consumers. The fulfillment server maintains databases of information related to the fulfillment of content orders, such as the physical location of content items and the secret (e.g., the cryptographic key) necessary to decrypt instructions received from the retailer. The download servers perform the actual downloading of content to consumers/purchasers of the content, as well as any preparation of the content that is necessary to meet the protection requirements associated with the content (e.g., the download server may perform individualization of the content). Each download server may have a cache, where the download server obtains a copy of a content item from the content store (in accordance with the location specified in the fulfillment server database) the first time that download server is called upon to process a download of that item, where the download server stores the item in the cache for future downloads. The cache may have limits associated therewith, and it may expire items out of the cache based on an algorithm such as a "least recently used" algorithm. The download server may also provide information regarding the downloads that it processes to the fulfillment server for entry into a log. The download server may provide this information in the form of messages through an asynchronous messaging, such as MICROSOFT MESSAGE QUEUE (MSMQ). The fulfillment server may store the information in a "logging database." Additionally, when updates to information stored on the fulfillment server are made which affect the content item stored in the cache, the fulfillment server may use the messaging service to send messages to the various download servers indicating that the item should be invalidated in the download server caches.

Other features of the invention are described below.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing summary, as well as the following detailed description, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, like references numerals represent similar parts throughout the several views of the drawings, it being understood, however, that the invention is not limited to the specific methods and instrumentalities disclosed. In the drawings:

FIG. 1 is an exemplary electronic book (eBook) title file format;

FIG. 2 is a block diagram showing an exemplary computing environment in which aspects of the present invention may be implemented;

FIG. 3 is a block diagram of an embodiment of a first server architecture implementing aspects of a digital rights management system in accordance with the invention;

FIG. 4 is a block diagram of an embodiment of a second server architecture implementing aspects of a digital rights management system in accordance with the invention;

FIG. 5 is a block diagram illustrating certain interactions within a content provider server in accordance with aspects of the invention;

FIG. 6 is a block diagram showing components of an asynchronous fulfillment pipeline in accordance with aspects of the invention;

FIG. 7 is a flow diagram illustrating the process of generating a license in accordance with aspects of the invention;

FIG. 8 is a flow diagram illustrating a client reader activation process in accordance with aspects of the invention; and

FIGS. 9 and 10 are flow and block diagrams illustrating an eCommerce flow in accordance with aspects of the invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is directed to a system for processing and delivery of electronic content wherein the content may be protected at multiple levels. A preferred embodiment of the invention is described, which is directed to the processing and delivery of electronic books, however, the invention is not limited to electronic books and may include all digital content such as video, audio, software executables, data, etc.

Overview

The success of the electronic book industry will undoubtedly require providing the existing book-buying public with an appealing, secure, and familiar experience to acquire all sorts of textual material. This material may include "free" or low-cost material requiring little copy protection, to "premium-quality" electronic book titles (herein "eBooks") requiring comprehensive rights protection. In order to enable a smooth transition from the current distribution and retail model for printed books into an electronic distribution system, an infrastructure must exist to ensure a high level of copy protection for those publications that demand it, while supporting the distribution of titles that require lower levels of protection.

The Digital Rights Management (DRM) and Digital Asset Server (DAS) systems of the present invention advantageously provides such an infrastructure. The present invention makes purchasing an eBook more desirable than "stealing" (e.g., making an unauthorized copy of) an eBook. The non-intrusive DRM system minimizes piracy risk, while increasing the likelihood that any piracy will be offset by increased sales/distribution of books in the form of eBooks. In addition, the present invention provides retailers with a system that can be rapidly deployed at a low-cost.

The primary users of the DRM System are publishers and retailers, who use and/or deploy the DRM System to ensure legitimacy of the content sold as well as copy protection. Exemplary users of the DRM System may be the traditional publisher, the "leading edge" publisher, and the "hungry author." The traditional publisher is likely to be concerned about losing revenue from their printed book publishing operation to eBook piracy. The leading edge publisher is not necessarily concerned with isolated incidents of piracy and may appreciate that eBooks commerce will be most successful in a system where consumers develop habits of purchase. Meanwhile, the hungry author, who would like to collect money for the sale of his or her works, is more interested in attribution (e.g., that the author's name be permanently bound to the work).

As will be described in greater detail below, the DRM System of the present invention accomplishes its goals by protecting works, while enabling their rightful use by consumers, by supporting various "levels" of protection. At the lowest level ("Level 1"), the content source and/or provider may choose no protection via unsigned and unsealed (clear-text) eBooks that do not include a license. A next level of protection ("Level 2") is "source sealed," which means that the content has been encrypted and sealed with a key, where the seal is made using a cryptographic hash of the eBook's title's meta-data (see below) and the key is necessary to decrypt the content. Source sealing guards against tampering with the content or its accompanying meta-data after the title has been sealed, since any change to the meta-data will render the title unusable; however, source sealing does not guarantee authenticity of the a copy of the title (i.e., source sealing does not provide a mechanism to distinguish legitimate copies from unauthorized copies). In the case of the "hungry author," the author's name may be included in the meta-data for permanent binding to the content, thereby satisfying the "hungry author's" goal of attribution. A next level of protection ("Level 3") is "individually sealed" (or "inscribed"). An "individually sealed" title is an eBook whose meta-data includes information related to the legitimate purchaser (e.g., the user's name or credit card number, the transaction ID or receipt number from the purchase transaction, etc.), such that this information is cryptographically bound to the content when the title is sealed. This level of protection discourages people from distributing copies of the title, since it would be easy to detect the origin of an unauthorized copy (and any change to the meta-data, including the information related to the purchaser, would make it impossible, or at least improbable, that the necessary decryption key could be unsealed).

The next level of protection ("Level 4") is "source signed." Source signed eBooks are titles that can be authenticated by a "reader" (which, as more particularly discussed below, is a user application that enables the reading of eBooks on a computing device, such as a PC, a laptop, a Personal Digital Assistant (PDA), PocketPC, or a purpose-built reading device). Authenticity may preferably be defined in three varieties: "tool signed," which guarantees that the eBook title was generated by a trusted conversion and encryption tool; "owner signed," which is a tool signed eBook that also guarantees the authenticity of the content in the copy (e.g., the owner may be the author or other copyright holder); and "provider signed," which is a tool signed eBook that attests to the authenticity of its provider (e.g., the publisher or retailer of the content). The "tool," the owner, and the provider may each have their own asymmetric key pair to facilitate the creation and validation of digital signatures of the information. A title may be both provider signed and source signed, which facilitates authentication of the distribution channel of the title (e.g., through a signature chain in the copy). The strongest level of protection is "fully individualized" or "owner exclusive" ("Level 5"). "Fully individualized" titles can only be opened by authenticated reader applications that are "activated" for a particular user, thereby protecting against porting of a title from one person's reader (or readers) to a reader that is not registered to that person. In order for the reader of the present invention to open a title protected at Level 5, the Reader must be "activated" (i.e., the device on which the reader resides must have an activation certificate for a particular persona, and a secure repository). The process of activation is described in greater detail below with reference to FIG. 8.

The systems of the present invention also define an architecture for sharing information between a reader, a content provider and a content source, how that information is used to "seal" titles at the various levels, and how that information must be structured. The availability of these choices will enable content sources to pick and choose which content will be sold to what users and using what protection (if any). The particular information may be used to sign and/or seal titles for use by a reader, and a compatible reader (which, in the case of level 5, may be a reader activated for a particular persona) may unseal the title and enable reading of the eBook.

eBook File Structure

The DRM system of the present invention protects content by incorporating it in a file structure, such as the exemplary structure shown in FIG. 1. Referring to FIG. 1, eBook 10 contains content 16, which is text such as a book (or any electronic content) that has been encrypted by a key (the "content key"), which itself has been encrypted and/or sealed. In a preferred embodiment, the key is a symmetric key 14A that is sealed with a cryptographic hash of meta-data 12 or, in the case of level 5 titles, with the public key of the user's activation certificate. This key is stored either as a separate stream in a sub-storage section of the eBook file (DRM Storage 14 in the diagram) or, in the case of level 5 titles, in the license. (In the case of level 5 titles, instead of storing the content key as a separate stream, stream 14A contains a license, which is a construct that defines the rights that the user can exercise upon purchase of the title. In titles that have a license, the content key is contained within the license.). Also included in the DRM storage 14 are the source stream 14B, which may include the name of the publisher (or other content source), as well as the bookplate stream 14C, which, for individually sealed (level 3 and/or level 5) titles, includes the consumer's name as provided by the retailer (which may, for example, be obtained as part of the commercial transaction of purchasing an eBook 10, such as from the consumer's credit card information). The method of calculating the cryptographic hash that encrypts and/or seals the symmetric key 14C (or the method of using such cryptographic hash to seal the key) is preferably a "secret" known only to trusted content preparation tools and trusted rendering applications. Using a hash in this way may complicate/discourage tampering with the meta-data 12 contained with the eBook 10. It is noted that any method may be used to "seal" an eBook, so long as such method provide some measure of tamper resistance to the eBook 10.

In accordance with the present invention, the meta-data 12 may include a copyright tag, which describes the rights granted to the user or purchaser by the content source (e.g., the publisher). Whenever such tag is present, the client (e.g., device 90 or 92 shown in FIG. 4) may display to a user the text included in the tag. It will be appreciated that the act of reminding users of the copyright laws that apply to their eBooks may serves to deter typical users from attempting to copy eBooks.

DRM System Architecture

As shown in FIG. 2, an exemplary system for implementing the invention includes a general purpose computing device in the form of a conventional personal computer or network server 20 or the like, including a processing unit 21, a system memory 22, and a system bus 23 that couples various system components including the system memory 22 to the processing unit 21. The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read-only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system 26 (BIOS), containing the basic routines that help to transfer information between elements within the personal computer 20, such as during start-up, is stored in ROM 24. The personal computer or network server 20 may further include a hard disk drive 27 for reading from and writing to a hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD-ROM or other optical media. The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical drive interface 34, respectively. The drives and their associated computer-readable media provide non-volatile storage of computer readable instructions, data structures, program modules and other data for the personal computer or network server 20. Although the exemplary environment described herein employs a hard disk, a removable magnetic disk 29 and a removable optical disk 31, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories (RAMs), read-only memories (ROMs) and the like may also be used in the exemplary operating environment.

A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25, including an operating system 35 (e.g., Windows.RTM. 2000, Windows NT.RTM., or Windows 95/98), one or more application programs 36, other program modules 37 and program data 38. A user may enter commands and information into the personal computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joystick, game pad, satellite disk, scanner or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to the system bus 23, but may be connected by other interfaces, such as a parallel port, game port, universal serial bus (USB), or a 1394 high-speed serial port. A monitor 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48. In addition to the monitor 47, personal computers typically include other peripheral output devices (not shown), such as speakers and printers.

The personal computer or network server 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49. The remote computer 49 may be another personal computer, another network server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 20, although only a memory storage device 50 has been illustrated in FIG. 2. The logical connections depicted in FIG. 2 include a local area network (LAN) 51 and a wide area network (WAN) 52. Such networking environments are commonplace in offices, enterprise-wide computer networks, Intranets and the Internet.

When used in a LAN networking environment, the personal computer or network server 20 is connected to the local network 51 through a network interface or adapter 53. When used in a WAN networking environment, the personal computer or network server 20 typically includes a modem 54 or other means for establishing communications over the wide area network 52, such as the Internet. The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the personal computer or network server 20, or portions thereof, may be stored in the remote memory storage device 50. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.

Server Architecture

Referring now to FIG. 3, there is illustrated a first exemplary server architecture 70 implementing the DRM System of the present invention. Server architecture 70 is implemented and deployed at, for example, a retail/distribution site. In one embodiment of the invention, all components of server architecture 70 are associated with a single party (e.g., a large electronic bookstore) that both retails eBooks 10 and performs the actual download of eBooks 10 to customers' reading devices. In anoth


Free Web Sudoku Puzzles.
Solve with your browser.
6   5       3   9
            1    
  8 4   9 3      
7       4   5    
  5           6  
    3   6       4
      6 1   7 3  
    8            
3   9       2   1
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!