Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: Adsorption refrigerating device
Patent Number: 7,000,426 Issued on 02/21/2006 to Jeuch

Title: Polyurethane PSA
Patent Number: 7,160,976 Issued on 01/09/2007 to Luhmann,   et al.

Title: Peptide derivatives
Patent Number: 7,001,887 Issued on 02/21/2006 to Shiraishi,   et al.

Title: Non-aqueous electrolyte secondary battery comprising composite particles
Patent Number: 6,824,920 Issued on 11/30/2004 to Iwamoto,   et al.

Title: Fixing holder for fixing an electronic component having wire-shaped leg portions to a printed circuit board
Patent Number: 7,089,657 Issued on 08/15/2006 to Masumoto

Title: Full color surface discharge type plasma display device
Patent Number: 6,787,995 Issued on 09/07/2004 to Shinoda,   et al.

Title: N-Aryl (thio) anthranilic acid amide derivatives, their preparation and their use as VEGF
Patent Number: 7,002,022 Issued on 02/21/2006 to Altmann,   et al.

Title: Programmable controller
Patent Number: 6,898,262 Issued on 05/24/2005 to Yokokawa

Title: Electric welder
Patent Number: 6,897,406 Issued on 05/24/2005 to Crisler, III,   et al.

Title: Diagnostic information generation apparatus and ultrasonic diagnostic system
Patent Number: 6,855,113 Issued on 02/15/2005 to Amemiya,   et al.

Title: Methacrylates as stabilizers for polymer polyols
Patent Number: 7,160,975 Issued on 01/09/2007 to Adkins,   et al.

Title: Method and apparatus for assessing performance of combined cycle power-plants
Patent Number: 6,785,633 Issued on 08/31/2004 to Patanian,   et al.

Title: Video overlay device of mobile telecommunication terminal
Patent Number: 7,123,283 Issued on 10/17/2006 to Park

Title: Brightness adjusting apparatus of reflective type liquid crystal display device and program of game machine
Patent Number: 6,992,648 Issued on 01/31/2006 to Yamada

Title: Guanidine derivatives quinazoline and quinoline for use in the treatment of autoimmune diseases
Patent Number: 7,001,904 Issued on 02/21/2006 to Poyser

Title: Control apparatus and method for variable valve
Patent Number: 6,994,060 Issued on 02/07/2006 to Yoeda

Title: Polymer blends with improved notched impact strength
Patent Number: 7,160,977 Issued on 01/09/2007 to Hale,   et al.

Title: Cavity-preventing type reactor and a method for fabricating a preform for a plastic optical fiber using the same
Patent Number: 6,984,345 Issued on 01/10/2006 to Cho,   et al.

Title: Management system and apparatus, method therefor, and device manufacturing method
Patent Number: 6,785,583 Issued on 08/31/2004 to Oishi,   et al.

Title: Optical and opto-electronic interconnect alignment system
Patent Number: 6,984,073 Issued on 01/10/2006 to Cox

Title: Apparatus and method for resistivity well logging
Patent Number: 6,777,940 Issued on 08/17/2004 to Macune

Title: Matrix methods and systems for supply chain management
Patent Number: 6,823,226 Issued on 11/23/2004 to Clemens,   et al.

Title: Apparatus, and associated method, for allocating channel capacity in a wireless communication system
Patent Number: 6,823,186 Issued on 11/23/2004 to Salokannel,   et al.

Title: Golf club gripping device
Patent Number: 7,128,656 Issued on 10/31/2006 to Orchel

Title: Synchronous/asynchronous bridge circuit for improved transfer of data between two circuits
Patent Number: 7,085,874 Issued on 08/01/2006 to Penton,   et al.

Title: Modularity system for computer assisted surgery
Patent Number: 6,785,593 Issued on 08/31/2004 to Wang,   et al.

Title: Backup technique for data stored on multiple storage devices
Patent Number: 7,085,900 Issued on 08/01/2006 to Inagaki,   et al.

Title: System and method for calculating an optimized route and calculation thereof
Patent Number: 6,785,608 Issued on 08/31/2004 to Milici,   et al.

Title: Dual panel-type organic electroluminescent display device
Patent Number: 6,831,298 Issued on 12/14/2004 to Park,   et al.

Title: Light receiving element carrier and optical receiver
Patent Number: 7,046,936 Issued on 05/16/2006 to Aruga

Title: One-piece manufactured shielding casing for accommodating electronic functional elements
Patent Number: 6,831,224 Issued on 12/14/2004 to Koivusilta

Title: Objective lens with the diffractive surface for DVD/CD compatible optical pickup
Patent Number: 6,992,838 Issued on 01/31/2006 to Park

Title: Printed-circuit board, multilayer printed-circuit board and method of manufacture thereof
Patent Number: 6,831,235 Issued on 12/14/2004 to Enomoto,   et al.

Title: Security control and communication system and method
Patent Number: 6,999,562 Issued on 02/14/2006 to Winick

Title: Ergonomic stylus storable in the pen slot of a personal digital assistant
Patent Number: 6,819,557 Issued on 11/16/2004 to Lilenfeld

Title: Signal transmission film, control signal part and liquid crystal display including the film
Patent Number: 6,992,745 Issued on 01/31/2006 to Kim,   et al.

Title: Cordless telephone system with wireless expansion peripherals
Patent Number: 6,990,356 Issued on 01/24/2006 to Charney,   et al.

Title: Cooling apparatus and plasma processing apparatus having cooling apparatus
Patent Number: 7,000,416 Issued on 02/21/2006 to Hirooka,   et al.

Title: Aromatic amide polymer systems and methods for making the same
Patent Number: 7,160,978 Issued on 01/09/2007 to Fowkes

Title: Method of manufacturing semi conductor device
Patent Number: 7,001,812 Issued on 02/21/2006 to Noda,   et al.

Title: Method and apparatus for single-ended conversion of DC to AC power for driving discharge lamps
Patent Number: 7,161,305 Issued on 01/09/2007 to Chen

Title: Method and apparatus for the detection and identification of trace organic substances from a continuous flow sample system using laser photoionization-mass spectrometry
Patent Number: 7,161,145 Issued on 01/09/2007 to Oser,   et al.

Title: Method for analyzing defect data and inspection apparatus and review system
Patent Number: 7,084,968 Issued on 08/01/2006 to Shibuya,   et al.

Title: Functionalized silicon compounds and methods for their synthesis and use
Patent Number: 7,129,307 Issued on 10/31/2006 to McGall,   et al.

Title: External memory control device regularly reading ahead data from external memory for storage in cache memory, and data driven type information processing apparatus including the same
Patent Number: 7,082,499 Issued on 07/25/2006 to Kamitani,   et al.

Title: Information recording medium cartridge having a pair of movable shutter members
Patent Number: 7,103,902 Issued on 09/05/2006 to Abe,   et al.

Title: Determination of fit basis functions
Patent Number: 7,092,852 Issued on 08/15/2006 to Kane,   et al.

Title: Upholstery fabric tack strips
Patent Number: 6,989,186 Issued on 01/24/2006 to Haygood,   et al.

Title: Exercise machine for performing rowing-type and other exercises
Patent Number: 6,817,968 Issued on 11/16/2004 to Galbraith,   et al.

Title: Method, apparatus, and product for accurately determining the intima-media thickness of a blood vessel
Patent Number: 6,817,982 Issued on 11/16/2004 to Fritz,   et al.

Title: Method and system for regeneration of misprocessed mailpieces or the like
Patent Number: 6,823,237 Issued on 11/23/2004 to Bodie

Title: Flex circuit bracket which establishes a diffusion path for a data storage device housing
Patent Number: 6,822,824 Issued on 11/23/2004 to Macpherson

Title: Process for the electrophilic substitution of thiazolidines or oxazolidines
Patent Number: 7,081,537 Issued on 07/25/2006 to Heldmann,   et al.

Title: Tablet dispenser with isolated delivery sensor
Patent Number: 7,097,068 Issued on 08/29/2006 to Limback,   et al.

Title: Launching missiles
Patent Number: 7,040,212 Issued on 05/09/2006 to Gaywood,   et al.

Title: Device for determining focused state of taking lens
Patent Number: 6,822,801 Issued on 11/23/2004 to Yahagi,   et al.

Title: Write head collision detection using MR read element in disc drives
Patent Number: 6,822,814 Issued on 11/23/2004 to Ng,   et al.

Title: Slurry tray and slurry tray assembly for use in fractionation towers
Patent Number: 6,830,607 Issued on 12/14/2004 to Allen,   et al.

Title: Intraocular irrigating solution having improved flow characteristics
Patent Number: 7,084,130 Issued on 08/01/2006 to Shah,   et al.

Title: Oxidized polyolefin waxes
Patent Number: 6,825,283 Issued on 11/30/2004 to Mihan,   et al.

Title: Stability improvement of carbon monoxide ethylene copolymer in pvc compound
Patent Number: 6,825,256 Issued on 11/30/2004 to Bae,   et al.

Title: Lewis acid catalyst composition
Patent Number: 7,084,088 Issued on 08/01/2006 to Nishikido,   et al.

Title: Dolastatin 15 derivatives
Patent Number: 7,084,110 Issued on 08/01/2006 to Janssen,   et al.

Title: Laminating method of film-shaped organic die-bonding material, die-bonding method, laminating machine and die-bonding apparatus, semiconductor device, and fabrication process of semiconductor
Patent Number: 6,825,249 Issued on 11/30/2004 to Takeda,   et al.

Title: Method and an apparatus for cleaning of gas
Patent Number: 6,821,319 Issued on 11/23/2004 to Moberg,   et al.

Title: Method and apparatus for leveling a transportable bed assembly
Patent Number: 6,993,798 Issued on 02/07/2006 to Roberts

Title: Information display device and display control device for construction machine
Patent Number: 6,826,465 Issued on 11/30/2004 to Ishimoto,   et al.

Title: Stackable low depth bottle case
Patent Number: 7,086,531 Issued on 08/08/2006 to Apps,   et al.

Title: Cluster assembly
Patent Number: 6,822,178 Issued on 11/23/2004 to Billings,   et al.

Title: Method and system for performing subword permutation instructions for use in two-dimensional multimedia processing
Patent Number: 7,092,526 Issued on 08/15/2006 to Lee

Title: Thin-film solar cell and manufacture method therefor
Patent Number: 6,822,158 Issued on 11/23/2004 to Ouchida,   et al.

Title: System and method for measuring and quantizing document quality
Patent Number: 7,092,552 Issued on 08/15/2006 to Harrington,   et al.

Title: Grill rack cleaning device and method
Patent Number: 7,086,117 Issued on 08/08/2006 to Lann

Title: Removable decorative basketball backboard signboard
Patent Number: 7,086,189 Issued on 08/08/2006 to Morris,   et al.

Title: Cover device for lines in vehicles
Patent Number: 7,030,322 Issued on 04/18/2006 to Preissl,   et al.

Remote access authorization of local content Number:7,089,425 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Betancourt Healthy Following Release From Colombian Jungle by VOA News
     Violent Protests Disrupt Hungary's Gay Rights Parade by Stefan Bos
     Pernice Leads AT&T National Golf Tournament by David Byrd

Title: Remote access authorization of local content

Abstract: Network users are authorized individual access during a log-on session to encrypted content on content media at the user without the necessity of individualizing the content media for the particular user. The content may comprise multimedia data. The content media, which may be mass produced and distributed, includes a computer program which generates a unique configuration identifier upon instantiation of the program to begin a user access session. The program creates a virtual directory structure for the content that is uniquely determined for that session by the configuration identifier. The configuration identifier is uploaded to a remote server which uses the configuration identifier with other information identifying the content media and the user authorize user access. The remote server creates and downloads to a browser of the user an encrypted message containing URLs for accessing the content in the virtual directory structure and containing transformations of a decryption algorithm and decryption keys for the encrypted content. Encrypted multimedia content selected by the user is stored in a temporary file, decrypted in a moving time window, and rendered After rendering, the decrypted portion of the temporary file is scrambled to preclude further access.

Patent Number: 7,089,425 Issued on 08/08/2006 to Chan

Inventors: Chan; Man (San Jose, CA)
Assignee: CI4 Technologies, Inc. (Mountain View, CA)
Appl. No.: 10/392,591
Filed: March 18, 2003

Current U.S. Class: 713/189 ; 380/201; 713/156; 713/165; 726/26; 726/27
Current International Class: H04L 9/32 (20060101)
Field of Search: 713/165,191,156,189 707/10 709/203 380/200-201,243 726/26-30 715/500,501.1

References Cited [Referenced By]
U.S. Patent Documents
3829833 August 1974 Freeny, Jr.
3911397 October 1975 Freeny, Jr.
3924065 December 1975 Freeny, Jr.
3970992 July 1976 Boothroyd
4070692 January 1978 Parks
4071911 January 1978 Mazur
4112421 September 1978 Freeny, Jr.
4209787 June 1980 Freeny, Jr.
4217588 August 1980 Freeny, Jr.
4220991 September 1980 Hamano et al.
4270182 May 1981 Asija
4305098 December 1981 Mitchell
4528643 July 1985 Freeny, Jr.
4555803 November 1985 Hirose
4685055 August 1987 Thomas
5103476 April 1992 Waite et al.
5138712 August 1992 Corbin
5222134 June 1993 Waite et al.
5260999 November 1993 Wyman
5319705 June 1994 Halter et al.
5457746 October 1995 Dolphin
5495411 February 1996 Ananda
5509070 April 1996 Schull
5548645 August 1996 Ananda
5555303 September 1996 Stambler
5576843 November 1996 Cookson et al.
5592511 January 1997 Schoen et al.
5629980 May 1997 Stefik et al.
5638513 June 1997 Ananda
5699512 December 1997 Moriyasu et al.
5715453 February 1998 Stewart
5745642 April 1998 Ahn
5765152 June 1998 Erickson
5790664 August 1998 Colety et al.
5809245 September 1998 Zenda
5825876 October 1998 Peterson, Jr.
5892825 April 1999 Mages et al.
5933500 August 1999 Blatter et al.
5937164 August 1999 Mages et al.
6067622 May 2000 Moore
6161179 December 2000 Seidel
6226618 May 2001 Downs et al.
6240401 May 2001 Oren et al.
6298446 October 2001 Schreiber et al.
6389403 May 2002 Dorak, Jr.
6405265 June 2002 Kronenberg et al.
6505160 January 2003 Levy et al.
6611812 August 2003 Hurtado et al.
6674703 January 2004 Oshima
6804708 October 2004 Jerding et al.
2002/0016776 February 2002 Chu et al.
2002/0021805 February 2002 Schumann et al.
2002/0067914 June 2002 Schumann et al.
2002/0095420 July 2002 Hovsepian
2002/0129002 September 2002 Alberts et al.
2002/0144153 October 2002 LeVine et al.
2002/0172366 November 2002 Peterka et al.
2002/0174366 November 2002 Peterka et al.
2002/0186844 December 2002 Levy et al.
2003/0005464 January 2003 Gropper et al.
Foreign Patent Documents
855638 Jul., 1998 EP
1061516 Dec., 2000 EP
2001086113 Mar., 2001 JP

Other References

Simon, Richard. Microsoft Windows 200 API SuperBible. .COPYRGT. 2000 Sams Publishing. Chapter 3, Section 1 "Creating the Main Window". cited by exa- miner .
"How Can I enable and disable Windows XP's built-in zip support?" .COPYRGT. 2000 WindowsITPro.com http://www.windowsitpro.com/Article/ArticleID/24720/24720.html?Ad=1. cite- d by examiner .
Schneier, Bruce. Applied Cryptography, 2.sup.nd Edition. .COPYRGT. 1996 Bruce Schneier. pp. 28-31 and p. 216. cited by examiner.

Primary Examiner: Song; Hosuk
Assistant Examiner: Gyorfi; Thomas
Attorney, Agent or Firm: Young; Barry N.
Claims


The invention claimed is:

1. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media, the executable program generating a configuration identifier that is unique to the current instance of the executable program; creating, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location within the directory structure that depends upon the configuration identifier and which has a corresponding path; communicating with a remote server for access authorization by said user; providing to the user information on selectable content and the corresponding path of such content; and providing to the user from said remote server a decryption key for decrypting selected content.

2. The method of claim 1, wherein said content comprises a plurality of content files, each file having a separate location within the directory structure and a separate corresponding path.

3. The method of claim 1, wherein said providing to the user information on selectable content comprises providing encrypted information on said content and on said corresponding path, the information on said corresponding paths comprising a URL identifying a location within the directory structure of said content.

4. The method of claim 1 further comprising encrypting at the remote server said information provided to the user using a first encrypting process and a first encryption key; and downloading to a browser at the user a page containing said encrypted information.

5. The method of claim 4 further comprising downloading to said executable program a first transformation of a decryption program and a second transformation of said encryption key for decrypting the encrypted information on said page.

6. The method of claim 5, wherein said first and second transformations are different transformation processes and are unique to a current access session.

7. The method of claim 6, wherein said second transformation process comprises combining said first key with a number to form a combination, and encrypting said combination using a second encryption process to produce said second transformation of said encryption key, and wherein said first transformation process of the decryption program comprises decrypting the encrypted combination to recover the first encryption key, and decrypting using a different decryption process and said decrypted key the encrypted information on said page.

8. The method of claim 1, wherein said executable program comprises a local server, and said communicating with said remote server comprises communicating with said local server via a browser at the user.

9. The method of claim 1, wherein said generating a configuration identifier comprises generating with the executable program a random number; and said step of creating a virtual directory structure comprises creating a location within the directory structure for said content using said random number.

10. The method of claim 9 further comprising providing said configuration identifier to the remote server, and forming at said remote server a path corresponding to the location in the directory structure of said content using said configuration identifier; and wherein said providing of information to a user on selectable content comprises providing to the user a description of said content and the corresponding path.

11. The method of claim 10 further comprising encrypting said information at said remote server, and decrypting said information in the executable program to recover the content description and path.

12. The method of claim 1, wherein said instantiating comprises running a first portion of the executable program which creates a local server; and said generating a configuration identifier comprises running a second portion of the executable program to produce an unpredictable number, said configuration identifier comprising said unpredictable number.

13. The method of claim 12, wherein said remote server comprises one or more content servers and an authorization server, and the method further comprises authorizing, in a content server, access by the user during a current access session to encrypted content on the content media; and supplying to the user a session identifier identifying said access session, and wherein said providing to the user information on selectable content comprises uploading from the user to the authorization server the session identifier and a content media identifier; and downloading from the authorization server in response to said identifiers information on selectable content.

14. The method of claim 1, wherein said content comprises multimedia data, and said content media comprises a data storage device.

15. The method of claim 14 further comprising storing encrypted multimedia data content selected by the user in a temporary file; decrypting the encrypted data in said temporary file in a moving time window; and scrambling the decrypted data in said temporary file following rendering.

16. A method of controlling access by a user to encrypted content on content media at the user, comprising storing on the content media encrypted content files, each file having an associated key; providing on the content media an executable program, the executable program comprising a first portion operating as a server, a second portion generating a unique identifier for each instantiation of the program, a third portion creating for each instance of the executable program a virtual directory structure for the content files on the content media, the content files in the directory structure having locations in said directory structure determined by the unique identifier and said locations having corresponding paths, and a fourth portion for decryption; authorizing by a remote server user access to the encrypted content; and communicating to the executable program after said authorizing an associated key for decrypting an encrypted content file selected by the user.

17. The method of claim 16 further comprising providing a browser at said user for communicating between the first server portion of the executable program on the content media and the remote server; and downloading to the browser a page having a main frame for displaying information to the user and having a hidden frame with a program for communicating with the server portion of the executable program.

18. The method of claim 17 further comprising uploading from the user to the remote server said unique identifier and a content media identifier; receiving from the remote server an encrypted message comprising a decryption program for use with said associated keys for decrypting encrypted content, and receiving a security key for decrypting communications between the remote server and the user during said access session.

19. The method of claim 18 further comprising generating using said unique identifier in said executable program a decryption key for decrypting said encrypted message from the remote server.

20. The method of claim 18, wherein said security key and said decryption program received from said remote server comprise a first transformation of a security key and a second transformation of an encryption program for encrypting communications between the remote server and the user, said transformations enabling decryption of communications only during the current access session.

21. The method of claim 20, wherein said first transformation of the security key and the second transformation of said decryption algorithm comprise different transformations.

22. The method of claim 16, wherein said remote server comprises one or more content servers and an authorization server, and wherein said authorizing user access comprises authorizing user access by a content server, and said communicating of said associated key for decrypting comprises communicating said key from the authorization server.

23. The method of claim 22, wherein said authorizing user access by said content server comprises downloading to the user a vendor identifier; communicating from the user to the authorization server said vendor identifier and said unique identifier generated for the current instance of the executable program; and receiving at the user from the authorization server transformations of associated keys for decrypting the encrypted content files on the content media and another transformation of a decryption program for said decrypting, said transformations being specific to the current instance of the executable program.

24. The method of claim 23 further comprising receiving at said user from said content server a content selection page containing a description of selectable content files on the content media and the corresponding paths in said directory structure for said selectable content files.

25. The method of claim 24, wherein said corresponding paths for content files comprise URLs which indicate said locations in the directory structure of said files, and said receiving comprises receiving said paths in an encrypted communication on a hidden frame in a browser of the user.

26. The method of claim 25 further comprising uploading said encrypted communication from the browser to the first server portion of the executable program; and decrypting the encrypted communication using the fourth portion of the executable program.

27. The method of claim 22 further comprising receiving from the authorization server on a hidden frame of a browser URLs for the corresponding paths of said content files in the directory structure; uploading said URLs to the executable program; constructing in the executable program a content page identifying selectable content and associated URLs; and downloading the content page from the server portion of the executable program to a main frame of the browser for display to the user.

28. The method of claim 27, wherein said URLs are encrypted, and the method further comprises decrypting in the executable program an encrypted URL corresponding to a selected content file.

29. The method of claim 22, wherein there are a plurality of content servers, each content server being identified by a vendor identifier and having a corresponding group of encrypted content files to which such content server grants user access; and wherein said authorization server stores in a key file keys for the encrypted content files of said plurality of content servers.

30. The method of claim 16, wherein said encrypted content files comprise multimedia data; and wherein said executable program stores a content file selected by a user in a temporary file; decrypts a portion of the content file in the temporary file in a moving time window; and scrambles the decrypted portion of the content file in the temporary file following rendering.

31. The method of claim 16, wherein said encrypted content is selected from the group consisting of digital data and executable programs.

32. The method of claim 16, wherein said content media comprises storage media selected from the group consisting of optical storage, magnetic storage, and semiconductor memory.

33. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media; generating with the executable program upon instantiation a configuration identifier that is unique to the current instance of the executable program; communicating with a remote server for access authorization by said user, comprising providing said configuration identifier to the remote server; providing to the user information on selectable content; and providing to the user from said remote server in a message encrypted using said configuration identifier a decryption code and a decryption key for decrypting selected content.

34. The method of claim 33 further comprising creating for the current instance, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location and a corresponding path within the directory structure which depend upon said configuration identifier.

35. The method of claim 33, wherein said providing to the user information on selectable content comprises providing a path for said selectable content which is encrypted using said configuration identifier.

36. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media; communicating with a remote server for access authorization by said user; providing to the user information on selectable content; and providing to the user from said remote server a first transformation of a decryption code and a second transformation of a decryption key for decrypting selected content, said first and second transformations being unique to the current instance.

37. Content media for controlled access to encrypted content by a user, comprising a repository on the content media storing encrypted content files; an executable program on the content media executable by a computer of the user, said executable program comprising a local server for communicating with a browser of the user; a configuration identifier generator operable upon instantiation of the program to generate a unique configuration identifier corresponding to a current instance of the executable program; first program code for creating upon said instantiation of the executable program a virtual directory structure for the encrypted content files stored in said repository, the content files having locations within said directory structure during said current instance determined by the configuration identifier, and said locations having corresponding encrypted paths; and second program code for receiving from said browser keys for decrypting an encrypted content file selected by the user for access and the corresponding encrypted path.

38. The content media of claim 37, wherein said configuration identifier generator comprises a random number generator which generates a different random number for each instantiation of the program, and the first program code includes an encryption program for encrypting said random number, the encrypted random number being used for creating said virtual directory structure.

39. The content media of claim 38, wherein said first program code assigns to each encrypted content file a location within said virtual directory structure that is determined by said encrypted random number, and wherein said encrypted path for such location comprises a URL formed using said encrypted random number.

40. The content media of claim 39, wherein said executable program comprises a shell program and a library which is updatable via the browser to change the operations of the executable program.

41. The content media of claim 37 further comprising a URL within the content media that indicates a network address for a remote server, and wherein the local server communicates with the remote server via the browser to authorize access to the content media by the user.

42. The content media of claim 37, wherein said content media comprises a storage device, and the content media further includes a program that comprises a parameter file which cooperates with the user's computer for automatically instantiating the executable program.

43. The content media of claim 37, wherein said content media is selected from the group consisting of optical storage devices, magnetic storage devices, and semiconductor memory.

44. The content media of claim 37, wherein said encrypted content files comprise multimedia data.

45. The content media of claim 37, wherein said executable program further comprises program code having a first portion for writing an encrypted content file to a temporary file; a second portion for accessing the temporary file in a non-exclusive access mode; a third portion for decrypting preselected parts of the encrypted temporary file in a moving time window; and a fourth portion for scrambling the decrypted parts of the temporary file at a predetermined time following decryption.
Description


BACKGROUND OF THE INVENTION

This invention relates generally to encryption systems and methods for authentication and access, and more particularly to encryption systems and methods for networks for remotely authorizing local access to digital content stored on content media.

Developers of digital information, for example multimedia information such as streaming video and/or audio information, or of other digital data or code, face a number of significant problems in delivering the digital content to end users and then controlling access to the digital content. Content owners and providers are interested in a distribution mechanism which allows them to efficiently and inexpensively produce and distribute the digital content to end users, while at the same time controlling access and preventing unauthorized copying and use of the digital content. Some content owners who mass produce and distribute content on physical media have relied upon obtaining the agreement of end users to licenses limiting use or copying before authorizing access to the content. While licenses may afford the content owner a legal remedy, they are not effective in preventing unauthorized activities. Once unprotected content has been publicly distributed, it is difficult to prevent unauthorized copying and use of the content. Even encrypted content which requires a key for use may be easily duplicated and used without authorization.

Instead of distributing physical media, some content owners rely upon electronic delivery of content over a network, such as the Internet. This provides a content owner somewhat greater control over the content, since the content owner can require actual identification of the end user and an agreement to license terms before downloading the content to the user. However, once a content is downloaded, the content owner loses the ability to control access to the content.

Controlling access to content may be desirable not only to prevent unauthorized distribution and use by others, but also, as in the case of training materials, to require the user to progress through the content in a controlled and predetermined manner. It may be desirable, for example, to require users to complete chapters in a preassigned order and to perform certain exercises after completing one chapter before going to the next. Although the content owner can regulate this through online delivery of the content, once a content has been delivered to the user, the problems of unauthorized copying and use continue to exist. Moreover, online delivery of broadband content has other problems which favors delivery of content in other forms. Streaming video, for example, may have quality problems due to network or system bandwidth limitations or be incompatible with corporate firewalls which, for security purposes, may block streaming content.

Loss of revenue is another significant problem faced by content owners because of their inability to effectively control access to content following distribution and their inability to monitor and charge for subsequent uses of their content. A training video, for example, has value each time it is used and the content owner has had no effective way of deriving revenue for each use of such content after it has been distributed. Even content delivered on line may be stored, copied and reused once it has been delivered to a user.

It is desirable to provide systems and methods which address these and other problems faced by owners of digital content in distributing and controlling each access to the content, and it is to these ends that the present invention is directed.

SUMMARY OF THE INVENTION

The invention addresses the foregoing and other problems in distributing and controlling access to digital content by affording an efficient and cost effective distribution mechanism for digital content in a form which enables the content owner to control and, accordingly, derive revenue for, every access to the content. In accordance with the invention, the content may be distributed to network users on physical media or distributed electronically to the users over the network and stored on local media at the user. The content media may comprise one or more files of encrypted content and an executable program which, among other things, manages access to and decryption of the content. The executable program may receive dynamic updates to its core library at runtime from a remote server, without user intervention, to enable its engine to be replaced and its process to be changed dynamically. At the same time, the server can download to the client any updated content. The encrypted content and the executable program may be the same on all copies of the content media so that the content media may be mass produced and distributed. Yet, in accordance with the invention, the decryption code and access to each content file may be individualized on an access-by-access basis so that access can be controlled by a remote server.

In accordance with one aspect, the invention provides a method of controlling access by a user to encrypted content on content media that includes instantiating at the user a current instance of an executable program which is stored on the content media. The executable program generates a configuration identifier that is unique to the current instance of the executable program, and creates a virtual directory structure for content on the content media using the configuration identifier. The content in the virtual directory structure has a location that depends upon the configuration identifier, and has a path which corresponds to its location. The user communicates with a remote server, and upon being granted access is provided with information on selectable content and the corresponding path of such content within the virtual directory structure. The user is further provided from the remote server a decryption key for decrypting the selected content.

In accordance with a further aspect, the invention provides a method of controlling access by a user to encrypted content stored on content media at the user. An executable program also stored on the content media is instantiated. The user communicates with a remote server to obtain authorization to access the content. The user is provided information on selectable content, and the remote server provides the user a decryption code and a decryption key for decrypting content selected by the user.

In accordance with another aspect, the invention provides a method of controlling access to encrypted content on content media at a user which includes storing on the content media encrypted content files and an executable program. The executable program includes a first portion which operates as a server, a second portion that generates a unique identifier for each instantiation of the executable program, a third portion that creates, for each instance of the executable program, a virtual directory structure for the content files on the content media, and a fourth portion for decryption. The content files in the directory structure have locations which are determined by the unique identifier and each location has a corresponding path. The user is authorized access by a remote server, which communicates an associated key to the executable program for decrypting an encrypted content file selected by the user.

In yet another aspect, the invention provides content media for controlling access by a user to encrypted content files stored in a repository on the content media. The content media includes a computer program that provides a local server for communicating with a browser of the user, a generator which is operable upon each instantiation of the program to generate a unique configuration identifier that corresponds to the current instance of the program. The program further includes code for creating upon instantiation of the program a virtual directory structure for the encrypted content files stored in the repository such that each content file has a location within the structure which is determined by the configuration identifier and which has a corresponding encrypted path. The program further includes code for receiving keys for decrypting selected content files and for decrypting the corresponding encrypted paths for the locations of the selected files.

In accordance with more specific aspects of the invention, access by a user to encrypted content on the content media requires instantiation of an executable program on the content media for every access session. The executable program comprises a local HTTP server which communicates with a remote server via a browser at the user, and randomly generates a different directory structure for the content on the media for each instance of the program, i.e., for each access session. Each different directory structure is constructed using a unique configuration identifier, e.g., a random number, which is generated for every instantiation of the executable program, and knowledge of which is necessary for access to the encrypted content. Since the directory structure will be different for each session, saving a link to particular content during one session will not permit future access to the protected content during a later session. Moreover, each access session may be uniquely identified by a session identifier generated by the remote server upon authorization of access by the user. The session identifier can be provided to the executable program following a log-on process and can be used to maintain the integrity of access during a particular session. The session identifier will be valid for only a single session, and may be valid for only a limited period of time during a session, necessitating an additional log-on, further making it difficult for an unauthorized user to break into the content.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a first computer network system of the type with which the invention may be employed;

FIG. 2 is a diagrammatic view of the organization of a content media in accordance with the invention;

FIG. 3 is a diagrammatic view of the organization of an executable program included on the content media of FIG. 2;

FIG. 4 is a flow chart illustrating a process in accordance with a first embodiment of the invention by which a user is authorized access to encrypted content, and an executable program is enabled to provide the content;

FIG. 5 is a diagrammatic view of an example of a virtual directory structure for encrypted content on the content media;

FIG. 6 is flow diagram of a process in accordance with the first embodiment of the invention for constructing a content selection page for selecting encrypted content;

FIG. 7 is a flow chart of a process in accordance with the invention for playing selected streaming media content; and

FIG. 8 is a block diagram of a second computer network system with which the invention may be employed.

DESCRIPTION OF PREFERRED EMBODIMENTS

The present invention is particularly applicable to protecting and controlling access to digital multimedia content, such as streaming video and/or audio, and will be described in that context. It will be appreciated, however, that this is illustrative of only one utility of the invention, and that the invention may also be employed for protecting and controlling access to other types of content, including program code.

FIG. 1 illustrates a computer network system of the type with which the invention may be employed. As shown, the system may include a remote server computer 20 connected to a local user computer 22 for the exchange of digital information over a network 24 which may comprise, for example, the Internet. As shown, remote server 20 may comprise one or more computers, including a content server 26 and an authorization server 28. Content server 26 may be associated with the content provider which supplies the protected content and registers and logs on users who are authorized to access that content. The authorization server 28 interacts with an authorized local user 22 following verification of the local user's identity, to manage and control access to the content 36 stored on content media 32 at the local user. The functions performed by content server 26 and authorization server 28 may be performed in separate server computers as, for example, at separate locations as described below in connection with FIG. 8, or they may be performed as separate functions in a single remote server computer 20 as shown in the figure.

Content media 32 may comprise any storage media capable of storing the protected digital content in encrypted form, executable programs, and an associated parameter file, as will be explained in more detail shortly. The content media 32 may comprise, for example, optical storage media, such as a CD-ROM, a DVD-ROM, a SmartCard, semiconductor memory, e.g., flash memory, or magnetic storage media such as a hard disk, a floppy disk, etc. Additionally, the content storage media may comprise removable physical media, such as a CD-ROM, etc., which may be mass produced, physically distributed to end users, and inserted into the user's computer, or it may be an internal hard disk in the local user's computer onto which the content is downloaded. Irrespective of the form of the content media, as will be described, the invention advantageously permits all copies of the content media to be the same without the necessity of individualizing each media with a different access code, while still enabling the remote server to control and authorize each access to the content media on an access-by-access basis. The authorization server 28 can, therefore, not only control which content files are accessed or the order in which they are accessed by an individual user, but may also charge fees to individual users for each access.

As shown in FIG. 1, local user computer 22 may comprise a personal computer, e.g., a Windows PC, that employs a standard HTML browser 34, such as Internet Explorer or a Netscape browser, for communicating via network 24 with remote server 20. As shown in FIG. 2, in addition to storing content, which may comprise a plurality of separate content files in a content repository 36, content media 32 may store an executable program 37 comprising a shell program 38, a library 39 and a parameter file 40. The library may be dynamically updatable at run time in order to update or change the process performed by the executable program. The parameter file may contain an autorun facility that can be used to automatically run the executable program upon loading of the media onto the local user's computer. As shown in FIG. 3, the executable program 37 comprises a local HTTP server 41 that interfaces the content media to the HTML browser 24 which communicates with remote server 20 via the network 24. Using the HTML browser as a middle man in this manner avoids the prohibition in the HTTP protocol of two servers directly communicating. The executable program may additionally comprise a configuration identifier (WID) generator 42, e.g., a random number generator, decryption algorithms 43, which will be described more fully below, and a program 44 for creating a virtual directory structure for the content using WID for each logon session, as will also be described. The user computer 22 may also include associated storage 46, such as a hard disk, and an output mechanism 47 for the decrypted content. Output mechanism 47 may comprise a media player, e.g., Microsoft Windows Media Player, when the content stored in content repository 36 is streaming video and/or audio. When an encrypted content file is accessed from the content media 32, it may be provided to a temporary file, e.g., the hard disk 46, and decrypted as it is being accessed by the media player 47 for output to the user. Prior to describing this process, the process for producing the encrypted content for storage on the content media and the executable program will first be described in more detail.

Initially, a content provider may create one or more plaintext content files C.sub.1, C.sub.2, . . . C.sub.i which the provider desires to protect and control access to and store these in encrypted form on content media 32. The content files may include streaming data, for example. The content provider may also be responsible for registering users who wish to access the content, and creating associated user identifications and passwords to enable the users to log on to the remote (content) server for authorization to gain access to the content. Each plaintext content file C.sub.i may be encrypted using an encryption algorithm E.sub.i and a key K.sub.i to produce an encrypted content file C'.sub.i: C'.sub.i=E.sub.i(K.sub.i, C.sub.i)

The encryption algorithm E.sub.i may be a publicly known encryption process, such as the Data Encryption Standard (DES), or it may be some other public or non-public encryption algorithm. (As used herein, depending on context, the term "algorithm" refers either to a process embodied in a computer program or to the program itself.) The encryption process creates the encrypted content C'.sub.i by using the encryption algorithm E.sub.i and the secret K.sub.i to process the plaintext content C.sub.i in a well known manner. There is associated with the encryption algorithm a decryption algorithm, D.sub.i, such that when the encrypted content C'.sub.i and the secret key K.sub.i are processed using the decryption algorithm, the plain text content C.sub.i is returned, i.e.: C.sub.i=D.sub.i(K.sub.i, C'.sub.i)

Each plaintext content file C.sub.i may be encrypted using the same encryption algorithm E with the same or different keys K.sub.i, or encrypted with different encryption algorithms. The keys may be collected and stored in a key file or repository in the remote server. The remote server uses the keys in the key file, in a manner which will be described shortly, to provide decryption keys for decrypting content on the content media. Following encryption, images of the encrypted content files C'.sub.i are stored in the content repository 36 on the content media 32. In addition to the encrypted content files, the content media may also store a product identifier (PID) that signifies the content stored on the media. The PID may be stored in the same repository as the encrypted content.

As previously described, the content media will also store the executable program 37 which includes a local HTTP server 41 occupying a unique TCP port, e.g., TCP "localhost 8688". This local server communicates with the browser 34 using the HTTP protocol. It runs in a listening mode; and will not on its own initiate a connect to any process in the user computer or to the network, and will not be contacted directly by any server connected to the network. This information exchange technique by which the local server communicates with the remote server via the browser avoids any problems which may be caused by local firewalls. In the case of a removable content media, such as a CD-ROM, the executable program and/or parameter file may also include an auto-run facility to automatically instantiate, i.e., run, an instance of the executable program when the content media is inserted into the drive of a user's computer. The structure and operation of the executable program will be described in more detail below.

As will be also described in more detail, for security reasons the content media does not store either the decryption algorithm, D.sub.i, or the keys, K.sub.i, for decrypting the encrypted content on the content media, and the actual decryption algorithm (code) and keys are never directly provided to the running executable program on the content media. Rather, transformations of the decryption algorithm and keys which are session-specific are downloaded to the browser from the remote server and uploaded from the browser to the local server during a session. These are used to provide access to the protected content during that particular session, but are useless for other logon sessions. The executable program does, however, include decryption algorithms 43, i.e., programs, that include a communications security key generation algorithm, F.sub.K, as will be explained, for use in producing session specific keys (WID.sub.d) for decrypting secure communications from the remote server during a session.

FIG. 4 is a flow chart which provides an overview of a first embodiment of a process which authorizes access to protected content and enables an executable program on the content media to provide decrypted content to a local user.

The process may begin by instantiating an instance of the executable program on the content media according to the stored parameter file. In the case of a renewable CD-ROM, the auto-run feature of the operating system may instantiate the executable program to automatically run upon insertion of the CD-ROM into the user computer. Otherwise, where the auto-run feature in Windows is disabled, or where the executable is on the hard disk in the user computer, the user may instantiate the executable program. The executable program will preferably run in the background, without user input, awaiting further instructions until the process is terminated.

The first step in the access process is to contact the remote server (at 50) for log on and authorization. The user may manually load the remote server URL (location) into the HTML browser 34, or the running executable program may load the URL to the browser. In response, the remote server downloads, at 52, a login page which is configured to accept a user ID, e.g., name, and password. These are returned to the remote server. If the remote server verifies (at 54) the user, it downloads to the browser, at 56, a second page containing a main frame 58 and a hidden frame 59 (see FIG. 1). This may be done by concurrently downloading two URLs on the second page for the two frames, where the hidden frame has a column size of zero, and is thus not seen. Representative HTML code for this is:

TABLE-US-00001 Frames.htm <html> <frameset cols="0,*" frameborder="no"> <frame name="Hidden" src=http://127.0.0.1:8688/info.htm noresize> <frame name="Main" src=http://www."RemoteServer".com/ V1234/authorization.htm" no resize> </frameset> </html>

The "0,*" term in the line "frameset cols" sets the size of one frame, i.e., the hidden frame, at 0, and the size of the second main frame to be the remaining columns. The location "127.0.0.1 :8688" is the TCP web address of the local server.

The main frame may display an instruction to the user to insert the appropriate content media, e.g., CD-ROM, if not already done. The hidden frame is mainly used to communicate with the executable program on the content media. The main frame may also contain JavaScript which instructs the hidden frame to periodically attempt to load a page from the local server (executable program 37). The downloaded second page from the remote server may also contain a session identifier (SID) which is a unique identifier, such as a random number generated by the remote server, that corresponds to the current log-on session. At 61, the browser 34 downloads from the local server a page that preferably contains an auto-submit form for automatically submitting information back to the remote server, with fields for certain identifiers, including the product identifier (PID) assigned to the media, the session identifier (SID) previously generated by the remote server, and a configuration identifier (WID) for the current session generated by the WID generator 42 (see FIG. 3) of the executable program. The remote server uses this technique to detect the existence of the content and the media on which it resides.

The configuration identifier, WID, is preferably a random number generated (at 60, FIG. 4) upon instantiation of the executable program on the content media. It identifies the particular configuration of the running instance of the executable program, and is session specific. The purpose of the WID is to introduce unpredictability as to the internal configuration of the running instance in order to enhance security. WID is used primarily for two purposes. One purpose is to generate a random virtual web directory structure for the content on the content media for each session. The other is to combine with the PID to form a communications security key, WID.sub.d, for decrypting the first message from the remote server to the browser. This key, WID.sub.d, may be formed using a key generation algorithm (process) F.sub.K with WID and PID as follows: WID.sub.d=F.sub.k(WID, PID) This key will be generated by the decryption process 43 of the executable program 37, stored temporarily at the local server, and used to decrypt the first message downloaded from the remote server. The key generation algorithm F.sub.k is preferably known only to the executable program on the content media and to the remote (authorization) server. Using this generated key, the communication between the remote server and the local server may be secured using any encryption algorithm, F.sub.b( ), e.g., the Data Encryption Standard (DES) algorithm.

Returning to FIG. 4, after the executable program (local server) downloads to the browser (at 61) the expected page containing identifiers WID, PID and SID with an auto-submit form, the browser may then automatically upload this page to the remote server, at 64, sending to the server (in the clear) the identifiers WID, PID and SID.

The remote server verifies (at 65) that the PID corresponds to the log-on URL associated with the content media and uses the SID to identify the session (user)


Free Web Sudoku Puzzles.
Solve with your browser.
    3   7        
5     9   3     1
  6   1       7  
  3   5          
1 8           6 2
          7   9  
  9       6   1  
3     7   9     5
        1   7    
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!