Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

Network users are authorized individual access during a log-on session to encrypted content on content media at the user without the necessity of individualizing the content media for the particular user. The content may comprise multimedia data. The content media, which may be mass produced and distributed, includes a computer program which generates a unique configuration identifier upon instantiation of the program to begin a user access session. The program creates a virtual directory structure for the content that is uniquely determined for that session by the configuration identifier. The configuration identifier is uploaded to a remote server which uses the configuration identifier with other information identifying the content media and the user authorize user access. The remote server creates and downloads to a browser of the user an encrypted message containing URLs for accessing the content in the virtual directory structure and containing transformations of a decryption...

InventorMan Chan
Original AssigneeCI4 Technologies, Inc.
Primary Examiner: Hosuk Song
Secondary Examiner: Thomas Gyorfi
Attorney: Barry N. Young
Current U.S. Classification713/189; 380/201; 713/156; 713/165; 726/26; 726/27

View patent at USPTO
Search USPTO Assignment Database

Citations

Cited PatentFiling dateIssue dateOriginal AssigneeTitle
US3829833Oct 24, 19721974CODE IDENTIF/EP DECODER
US3911397May 9, 19741975ACCESS CONTROL ASSEMBLY
US39240651975CERTIFICATE OF CORRECTION
US3970992Jun 25, 1974Jul 20, 1976IBM CorporationTransaction terminal with unlimited range of functions
US4070692May 8, 1975Jan 24, 1978The United States of America as represented by the Secretary of the ArmyVideo digitizing system for single valued functions
US4071911Apr 9, 1976Jan 31, 1978Continental Can Co. Inc.Machine control system with machine serializing and safety circuits
US4112421Apr 16, 1975Sep 5, 1978Information Identification Company, Inc.Method and apparatus for automatically monitoring objects
US4209787Aug 31, 1978Jun 24, 1980Gould Inc.Method for monitoring the location of monitored objects
US4217588Mar 16, 1978Aug 12, 1980Information Identification Company, Inc.Object monitoring method and apparatus
US4220991Sep 21, 1978Sep 2, 1980Tokyo Electric Co., Ltd.Electronic cash register with removable memory packs for cashier identification
US4270182Dec 30, 1974May 26, 1981Automated information input, storage, and retrieval system
US4305098Aug 28, 1979Dec 8, 1981The Secretary of State for Defence in Her Britannic Majesty's Government of the United Kingdom of Great Britain and Northern IrelandApparatus for recording television images on cine film
US4528643Jan 10, 1983Jul 9, 1985FPDC, Inc.System for reproducing information in material objects at a point of sale location
US4555803Mar 30, 1983Nov 26, 1985Tokyo Shibaura Denki Kabushiki KaishaImage information filing apparatus and method
US4685055Jul 1, 1985Aug 4, 1987Method and system for controlling use of protected software
US5103476Nov 7, 1990Apr 7, 1992Secure system for activating personal computer software at remote locations
US5138712Oct 2, 1989Aug 11, 1992Sun Microsystems, Inc.Apparatus and method for licensing software on a network of computers
US5222134Apr 9, 1991Jun 22, 1993Tau Systems CorporationSecure system for activating personal computer software at remote locations
US5260999Sep 15, 1992Nov 9, 1993Digital Equipment CorporationFilters in license management system
US5319705Oct 21, 1992Jun 7, 1994International Business Machines CorporationMethod and system for multimedia access control enablement
US5457746Dec 19, 1994Oct 10, 1995Spyrus, Inc.System and method for access control for portable data storage media
US5495411Dec 22, 1993Feb 27, 1996Secure software rental system using continuous asynchronous password verification
US5509070Dec 15, 1992Apr 16, 1996SoftLock Services Inc.Method for encouraging purchase of executable and non-executable software
US5548645Jul 7, 1994Aug 20, 1996Secure software rental system using distributed software
US5555303May 22, 1995Sep 10, 1996Secure transaction system and method utilized therein
US5576843Oct 29, 1993Nov 19, 1996Time Warner Entertainment Co., L.P.System and method for controlling play of multiple dialog audio tracks of a software carrier
US5592511Jan 29, 1996Jan 7, 1997Digital customized audio products with user created data and associated distribution and production system
US5629980Nov 23, 1994May 13, 1997Xerox CorporationSystem for controlling the distribution and use of digital works
US5638513Jun 7, 1995Jun 10, 1997Secure software rental system using continuous asynchronous password verification
US5699512Apr 28, 1995Dec 16, 1997Nippon Telegraph and Telephone Corp.Software analysis protection method for changing the software pattern on the memory of a user terminal
US5715453May 31, 1996Feb 3, 1998International Business Machines CorporationWeb server mechanism for processing function calls for dynamic data queries in a web page
US5745642Jul 26, 1996Apr 28, 1998Broderbund Software, Inc.System to add selectivley persistent resource data to unused bandwidth of digital movie
US5765152Oct 13, 1995Jun 9, 1998Trustees of Dartmouth CollegeSystem and method for managing copyrighted electronic media
US5790664Feb 26, 1996Aug 4, 1998Network Engineering Software, Inc.Automated system for management of licensed software
US5809245Aug 2, 1996Sep 15, 1998Kabushiki Kaisha ToshibaMultimedia computer system
US5825876Feb 12, 1996Oct 20, 1998Northern TelecomTime based availability to content of a storage medium
US5892825Nov 25, 1996Apr 6, 1999Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media
US5933500Nov 27, 1996Aug 3, 1999Thomson Consumer Electronics, Inc.Adaptive decoding system for processing encrypted and non-encrypted broadcast, cable or satellite video data
US5937164Jan 31, 1997Aug 10, 1999HyperLOCK Technologies, Inc.Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media within a platform independent networking system
US6067622Jan 2, 1996May 23, 2000Software security system using remove function to restrict unauthorized duplicating and installation of an application program
US6161179Mar 4, 1998Dec 12, 2000WEA Manufacturing, Inc.Key-based protection method for light-readable discs
US6226618Aug 13, 1998May 1, 2001International Business Machines CorporationElectronic content delivery system
US6240401Jun 5, 1998May 29, 2001Digital Video Express, L.P.System and method for movie transaction processing
US6298446Sep 14, 1999Oct 2, 2001Alchemedia Ltd.Method and system for copyright protection of digital images transmitted over networks
US6389403Sep 17, 1999May 14, 2002International Business Machines CorporationMethod and apparatus for uniquely identifying a customer purchase in an electronic distribution system
US6405265Apr 16, 1999Jun 11, 2002Mijenix CorporationDevice driver for accessing computer files
US6505160May 2, 2000Jan 7, 2003Digimarc CorporationConnected audio and other media objects
US6611812Aug 17, 1999Aug 26, 2003International Business Machines CorporationSecure electronic content distribution on CDS and DVDs
US6674703Mar 2, 2001Jan 6, 2004Matsushita Electric Industrial Co., Ltd.Medium, apparatus, and method related to encryption resultant information
US6804708Oct 20, 2000Oct 12, 2004Scientific-Atlanta, Inc.Media-on-demand flexible and adaptive architecture
US20020016776Jul 13, 2001Distributing digital content
US20020021805Jun 15, 2001Digital content distribution system and method
US20020067914Jun 15, 2001Content packet distribution system
US20020095420Jan 17, 2002System and method of managing pre-paid electronic access to goods, services and other content
US20020129002Oct 22, 2001eMediaCarts
US20020144153Nov 20, 2001Systems and methods for preventing unauthorized use of digital content
US20020172366Oct 26, 2001GENERAL INSTRUMENT, Inc.Initial viewing period for scalable authorization of streaming multimedia content
US20020174366Oct 26, 2001General Instrument, Inc.Enforcement of content rights and conditions for multimedia content
US20020186844Apr 18, 2002User-friendly rights management systems and methods
US20030005464Apr 30, 2002Amicas, Inc.System and method for repository storage of private data on a network for direct client access

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US7725716Jun 16, 2005May 25, 2010Japan Communications, Inc.Methods and systems for encrypting, transmitting, and storing electronic information and files
US7760882Jun 16, 2005Jul 20, 2010Japan Communications, Inc.Systems and methods for mutual authentication of network nodes
US7869594Oct 31, 2006Jan 11, 2011Sony CorporationDigital broadcasting receiving system and digital broadcasting receiving device
US7895311Nov 17, 2006Feb 22, 2011Arthur W. JuengerContent distribution systems
US7921135Feb 27, 2004Apr 5, 2011Adobe Systems IncorporatedMethod and system for collecting online merchandising data
US8108319Aug 26, 2003Jan 31, 2012Sony Computer Entertainment America LLCSystem and method for controlling access to computer readable content using downloadable authentication
US8244729Mar 8, 2011Aug 14, 2012Adobe Systems IncorporatedMethod and system for collecting online merchandising data

Claims

1. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media, the executable program generating a configuration identifier that is unique to the current instance of the executable program; creating, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location within the directory structure that depends upon the configuration identifier and which has a corresponding path; communicating with a remote server for access authorization by said user; providing to the user information on selectable content and the corresponding path of such content; and providing to the user from said remote server a decryption key for decrypting selected content.

2. The method of claim 1, wherein said content comprises a plurality of content files, each file having a separate location within the directory structure and a separate corresponding path.

3. The method of claim 1, wherein said providing to the user information on selectable content comprises providing encrypted information on said content and on said corresponding path, the information on said corresponding paths comprising a URL identifying a location within the directory structure of said content.

4. The method of claim 1 further comprising encrypting at the remote server said information provided to the user using a first encrypting process and a first encryption key; and downloading to a browser at the user a page containing said encrypted information.

5. The method of claim 4 further comprising downloading to said executable program a first transformation of a decryption program and a second transformation of said encryption key for decrypting the encrypted information on said page.

6. The method of claim 5, wherein said first and second transformations are different transformation processes and are unique to a current access session.

7. The method of claim 6, wherein said second transformation process comprises combining said first key with a number to form a combination, and encrypting said combination using a second encryption process to produce said second transformation of said encryption key, and wherein said first transformation process of the decryption program comprises decrypting the encrypted combination to recover the first encryption key, and decrypting using a different decryption process and said decrypted key the encrypted information on said page.

8. The method of claim 1, wherein said executable program comprises a local server, and said communicating with said remote server comprises communicating with said local server via a browser at the user.

9. The method of claim 1, wherein said generating a configuration identifier comprises generating with the executable program a random number; and said step of creating a virtual directory structure comprises creating a location within the directory structure for said content using said random number.

10. The method of claim 9 further comprising providing said configuration identifier to the remote server, and forming at said remote server a path corresponding to the location in the directory structure of said content using said configuration identifier; and wherein said providing of information to a user on selectable content comprises providing to the user a description of said content and the corresponding path.

11. The method of claim 10 further comprising encrypting said information at said remote server, and decrypting said information in the executable program to recover the content description and path.

12. The method of claim 1, wherein said instantiating comprises running a first portion of the executable program which creates a local server; and said generating a configuration identifier comprises running a second portion of the executable program to produce an unpredictable number, said configuration identifier comprising said unpredictable number.

13. The method of claim 12, wherein said remote server comprises one or more content servers and an authorization server, and the method further comprises authorizing, in a content server, access by the user during a current access session to encrypted content on the content media; and supplying to the user a session identifier identifying said access session, and wherein said providing to the user information on selectable content comprises uploading from the user to the authorization server the session identifier and a content media identifier; and downloading from the authorization server in response to said identifiers information on selectable content.

14. The method of claim 1, wherein said content comprises multimedia data, and said content media comprises a data storage device.

15. The method of claim 14 further comprising storing encrypted multimedia data content selected by the user in a temporary file; decrypting the encrypted data in said temporary file in a moving time window; and scrambling the decrypted data in said temporary file following rendering.

16. A method of controlling access by a user to encrypted content on content media at the user, comprising storing on the content media encrypted content files, each file having an associated key; providing on the content media an executable program, the executable program comprising a first portion operating as a server, a second portion generating a unique identifier for each instantiation of the program, a third portion creating for each instance of the executable program a virtual directory structure for the content files on the content media, the content files in the directory structure having locations in said directory structure determined by the unique identifier and said locations having corresponding paths, and a fourth portion for decryption; authorizing by a remote server user access to the encrypted content; and communicating to the executable program after said authorizing an associated key for decrypting an encrypted content file selected by the user.

17. The method of claim 16 further comprising providing a browser at said user for communicating between the first server portion of the executable program on the content media and the remote server; and downloading to the browser a page having a main frame for displaying information to the user and having a hidden frame with a program for communicating with the server portion of the executable program.

18. The method of claim 17 further comprising uploading from the user to the remote server said unique identifier and a content media identifier; receiving from the remote server an encrypted message comprising a decryption program for use with said associated keys for decrypting encrypted content, and receiving a security key for decrypting communications between the remote server and the user during said access session.

19. The method of claim 18 further comprising generating using said unique identifier in said executable program a decryption key for decrypting said encrypted message from the remote server.

20. The method of claim 18, wherein said security key and said decryption program received from said remote server comprise a first transformation of a security key and a second transformation of an encryption program for encrypting communications between the remote server and the user, said transformations enabling decryption of communications only during the current access session.

21. The method of claim 20, wherein said first transformation of the security key and the second transformation of said decryption algorithm comprise different transformations.

22. The method of claim 16, wherein said remote server comprises one or more content servers and an authorization server, and wherein said authorizing user access comprises authorizing user access by a content server, and said communicating of said associated key for decrypting comprises communicating said key from the authorization server.

23. The method of claim 22, wherein said authorizing user access by said content server comprises downloading to the user a vendor identifier; communicating from the user to the authorization server said vendor identifier and said unique identifier generated for the current instance of the executable program; and receiving at the user from the authorization server transformations of associated keys for decrypting the encrypted content files on the content media and another transformation of a decryption program for said decrypting, said transformations being specific to the current instance of the executable program.

24. The method of claim 23 further comprising receiving at said user from said content server a content selection page containing a description of selectable content files on the content media and the corresponding paths in said directory structure for said selectable content files.

25. The method of claim 24, wherein said corresponding paths for content files comprise URLs which indicate said locations in the directory structure of said files, and said receiving comprises receiving said paths in an encrypted communication on a hidden frame in a browser of the user.

26. The method of claim 25 further comprising uploading said encrypted communication from the browser to the first server portion of the executable program; and decrypting the encrypted communication using the fourth portion of the executable program.

27. The method of claim 22 further comprising receiving from the authorization server on a hidden frame of a browser URLs for the corresponding paths of said content files in the directory structure; uploading said URLs to the executable program; constructing in the executable program a content page identifying selectable content and associated URLs; and downloading the content page from the server portion of the executable program to a main frame of the browser for display to the user.

28. The method of claim 27, wherein said URLs are encrypted, and the method further comprises decrypting in the executable program an encrypted URL corresponding to a selected content file.

29. The method of claim 22, wherein there are a plurality of content servers, each content server being identified by a vendor identifier and having a corresponding group of encrypted content files to which such content server grants user access; and wherein said authorization server stores in a key file keys for the encrypted content files of said plurality of content servers.

30. The method of claim 16, wherein said encrypted content files comprise multimedia data; and wherein said executable program stores a content file selected by a user in a temporary file; decrypts a portion of the content file in the temporary file in a moving time window; and scrambles the decrypted portion of the content file in the temporary file following rendering.

31. The method of claim 16, wherein said encrypted content is selected from the group consisting of digital data and executable programs.

32. The method of claim 16, wherein said content media comprises storage media selected from the group consisting of optical storage, magnetic storage, and semiconductor memory.

33. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media; generating with the executable program upon instantiation a configuration identifier that is unique to the current instance of the executable program; communicating with a remote server for access authorization by said user, comprising providing said configuration identifier to the remote server; providing to the user information on selectable content; and providing to the user from said remote server in a message encrypted using said configuration identifier a decryption code and a decryption key for decrypting selected content.

34. The method of claim 33 further comprising creating for the current instance, using the configuration identifier, a virtual directory structure for content on the content media, the content having a location and a corresponding path within the directory structure which depend upon said configuration identifier.

35. The method of claim 33, wherein said providing to the user information on selectable content comprises providing a path for said selectable content which is encrypted using said configuration identifier.

36. A method of controlling access by a user to encrypted content on content media at the user, comprising instantiating at the user a current instance of an executable program stored on the content media; communicating with a remote server for access authorization by said user; providing to the user information on selectable content; and providing to the user from said remote server a first transformation of a decryption code and a second transformation of a decryption key for decrypting selected content, said first and second transformations being unique to the current instance.

37. Content media for controlled access to encrypted content by a user, comprising a repository on the content media storing encrypted content files; an executable program on the content media executable by a computer of the user, said executable program comprising a local server for communicating with a browser of the user; a configuration identifier generator operable upon instantiation of the program to generate a unique configuration identifier corresponding to a current instance of the executable program; first program code for creating upon said instantiation of the executable program a virtual directory structure for the encrypted content files stored in said repository, the content files having locations within said directory structure during said current instance determined by the configuration identifier, and said locations having corresponding encrypted paths; and second program code for receiving from said browser keys for decrypting an encrypted content file selected by the user for access and the corresponding encrypted path.

38. The content media of claim 37, wherein said configuration identifier generator comprises a random number generator which generates a different random number for each instantiation of the program, and the first program code includes an encryption program for encrypting said random number, the encrypted random number being used for creating said virtual directory structure.

39. The content media of claim 38, wherein said first program code assigns to each encrypted content file a location within said virtual directory structure that is determined by said encrypted random number, and wherein said encrypted path for such location comprises a URL formed using said encrypted random number.

40. The content media of claim 39, wherein said executable program comprises a shell program and a library which is updatable via the browser to change the operations of the executable program.

41. The content media of claim 37 further comprising a URL within the content media that indicates a network address for a remote server, and wherein the local server communicates with the remote server via the browser to authorize access to the content media by the user.

42. The content media of claim 37, wherein said content media comprises a storage device, and the content media further includes a program that comprises a parameter file which cooperates with the user's computer for automatically instantiating the executable program.

43. The content media of claim 37, wherein said content media is selected from the group consisting of optical storage devices, magnetic storage devices, and semiconductor memory.

44. The content media of claim 37, wherein said encrypted content files comprise multimedia data.

45. The content media of claim 37, wherein said executable program further comprises program code having a first portion for writing an encrypted content file to a temporary file; a second portion for accessing the temporary file in a non-exclusive access mode; a third portion for decrypting preselected parts of the encrypted temporary file in a moving time window; and a fourth portion for scrambling the decrypted parts of the temporary file at a predetermined time following decryption.

Drawings