US20100211776A1 - Digital rights management in a distributed network - Google Patents

Digital rights management in a distributed network Download PDF

Info

Publication number
US20100211776A1
US20100211776A1 US12/772,404 US77240410A US2010211776A1 US 20100211776 A1 US20100211776 A1 US 20100211776A1 US 77240410 A US77240410 A US 77240410A US 2010211776 A1 US2010211776 A1 US 2010211776A1
Authority
US
United States
Prior art keywords
license
content
cdn
rights
license server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/772,404
Inventor
Lakshminarayanan Gunaseelan
Abdul Salam Faisal Padinjareveetil
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Akamai Technologies Inc
Original Assignee
Akamai Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Akamai Technologies Inc filed Critical Akamai Technologies Inc
Priority to US12/772,404 priority Critical patent/US20100211776A1/en
Assigned to AKAMAI TECHNOLOGIES, INC. reassignment AKAMAI TECHNOLOGIES, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PADINJAREVEETIL, ABDUL SALAM FAISAL
Publication of US20100211776A1 publication Critical patent/US20100211776A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/108Transfer of content, software, digital rights or licenses
    • G06F21/1084Transfer of content, software, digital rights or licenses via third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions

Definitions

  • the present invention relates generally to techniques for content delivery.
  • a content delivery network is a collection of content servers and associated control mechanisms that offload work from Web site origin servers by delivering content on their behalf to end users.
  • a well-managed CDN achieves this goal by serving some or all of the contents of a site's Web pages, thereby reducing the customer's infrastructure costs while enhancing an end user's browsing experience from the site.
  • the CDN service provider may maintain an objective, detailed, real-time view of the Internet's topology, reliability, and latency, and this view may then be used to power a dynamic DNS-based system to direct end users to the best CDN server to handle a particular request.
  • DRM Digital Rights Management
  • Microsoft, Real and Apple have developed proprietary DRM technologies for their audio and audiovisual content distribution. Apple's DRM technology is used in its iTunes music service. Microsoft and Real Networks support DRM protection for both on-demand and live media content. There are some standardization efforts around DRM (MPEG4/ISMA and Open Mobile Alliance), but these standards are still in the specification stage.
  • An end-to-end DRM system typically comprises three (3) parts: encryption, business-logic and license-delivery.
  • DRM starts with the encryption of the content. Once the content is encrypted, a key is required to unlock the content.
  • the encrypted content can be delivered through any number of delivery methods: HTTP, streaming, FTP, P2P, email, or the like.
  • An end-user who desires to play the content visits an e-commerce web site and transacts with the business-logic process, usually involving one of registration, login, and/or payment; once this is done, the end-user is issued a license to play the content.
  • the issued license typically comprises (i) a key (for decrypting the content), (ii) a set of rights (e.g.
  • a media file e.g., a stream
  • a streaming Server serves the encrypted stream to an end user browser's media player.
  • the player needs to get a license (which includes the key) from a license server to decrypt and play the content.
  • DRM digital rights management
  • CDN content delivery network
  • entity e.g., the CDN
  • the present invention envisions a distributed license delivery infrastructure that is separate from any centralized database in which is stored information about the end users that may desire to obtain the content protected by the license.
  • An advantage of this solution is that is separates the business logic from any validation scheme, and hence allows content providers to implement flexible business rules that are appropriate for their business.
  • the CDN service provider need not maintain a database of all the end-users of the CDN customers.
  • the CDN provides license delivery but is not directly involved in authenticating the requesting end-user's identity, collecting payment or obtaining credit-card information; rather, the CDN simply authenticates the end-user's request (as opposed to the user) before issuing the license and, ultimately, delivering the stream.
  • the invention thus separates the business-logic from license delivery in the context of a DRM-implemented CDN solution offering.
  • CDN content delivery network
  • the present invention is implemented within a distributed network operating environment (such as a CDN) in which content providers offload given content for delivery from servers (e.g., CDN edge servers) managed by a service provider (such as a CDN operator). It is assumed that the given content is secured using a digital rights management scheme.
  • a distributed set of license server processes are provided to manage the issuance of content licenses. Each of the license server processes are operative to generate licenses by which a given end user client obtains given rights for given content.
  • the distributed set of license server processes operates in a de-centralized manner and without access to authentication information associated with end users requesting the given content.
  • FIG. 1 is a block diagram of a known distributed network (such as a content delivery network) in which the present invention may be implemented; and
  • FIG. 2 illustrates a typical machine configuration for an edge server in the distributed network of FIG. 2 ;
  • FIG. 3 illustrates the basic components of a DRM solution that is implemented in a CDN according to the present invention
  • FIG. 4 is a more detailed description of how DRM-protected content is delivered by the CDN
  • FIG. 5 illustrates a token validation process performed by a CDN license server process
  • FIG. 6 illustrates how the CDN license server process generates and delivers the license
  • FIG. 7 illustrates a dynamic rights object that may be created and used by a license server to enforce dynamic license rights on a per request basis.
  • a CDN is a network of geographically distributed content delivery nodes that are arranged for efficient delivery of content on behalf of third party content providers.
  • a CDN is implemented as a combination of a content delivery infrastructure, a request-handling mechanism (preferably based in DNS), and a distribution infrastructure.
  • the content delivery infrastructure usually comprises a set of “surrogate” origin servers that are located at strategic locations (e.g., Internet network access points, Internet Points of Presence, and the like) for delivering content to requesting end users.
  • an Internet content delivery infrastructure usually comprises a set of “surrogate” origin servers 102 that are located at strategic locations (e.g., Internet network access points, and the like) for delivering copies of content to requesting end users 119 .
  • a surrogate origin server is defined, for example, in IETF Internet Draft titled “Requirements for Surrogates in the HTTP” dated Aug. 9, 2000, which is incorporated herein by reference.
  • the mechanism 104 allocates servers 102 in the content delivery infrastructure to requesting clients. Typically, the mechanism 104 is implemented within (or as an adjunct to) a DNS subsystem managed by the CDN service provider.
  • the distribution infrastructure consists of on-demand or push-based mechanisms that move content from the origin server to the surrogates.
  • a CDN service provider may organize sets of surrogate origin servers as a group or so-called “region.”
  • a CDN region 106 typically comprises a set (or cluster) of one or more content servers that share a common back-end network, e.g., a LAN, and that are located at or near an Internet access point.
  • a typical CDN region may be co-located within an Internet Service Provider (ISP) Point of Presence (PoP) 108 .
  • ISP Internet Service Provider
  • PoP Point of Presence
  • a representative CDN content server is a Pentium-based caching appliance running an operating system (e.g., Linux, Windows NT, Win2K) and having suitable RAM and disk storage for CDN applications and content delivery network content (e.g., HTTP content, streaming media and applications).
  • CDN applications are sometimes referred to as “edge” servers as they are located at or near the so-called outer reach or “edge” of the Internet.
  • the CDN typically also includes network agents 109 that monitor the network as well as the server loads. These network agents are typically co-located at third party data centers or other locations.
  • Mapmaker software 107 receives data generated from the network agents and periodically creates maps that dynamically associate IP addresses (e.g., the IP addresses of client-side local name servers) with the CDN regions.
  • Content may be identified for delivery from the CDN using a content migrator or rewrite tool 106 operated, for example, at a participating content provider server.
  • Tool 106 rewrites embedded object URLs to point to the CDNSP domain.
  • a request for such content is resolved through a CDNSP-managed DNS to identify a “best” region, and then to identify an edge server within the region that is not overloaded and that is likely to host the requested content.
  • a participating content provider may simply direct the CDNSP to serve an entire domain (or sub-domain) by a DNS directive (e.g., a CNAME).
  • a DNS directive e.g., a CNAME
  • the CDNSP may provide object-specific metadata to the CDN content servers to determine how the CDN content servers will handle a request for an object being served by the CDN.
  • Metadata refers to a set of control options and parameters for the object (e.g., coherence information, origin server identity information, load balancing information, customer code, other control codes, etc.), and such information may be provided to the CDN content servers via a configuration file, in HTTP headers, or in other ways.
  • the Uniform Resource Locator (URL) of an object that is served from the CDN in this manner does not need to be modified by the content provider.
  • a customer's DNS system directs the name query (for whatever domain is in the URL) to the CDNSP DNS request routing mechanism.
  • a representative CDN DNS request routing mechanism is described, for example, in U.S. Pat. No. 6,108,703, the disclosure of which is incorporated herein by reference.
  • the CDN may also include other infrastructure, such as a distributed data query and collection system that collects usage and other data from the edge servers, aggregates that data across a region or set of regions, and passes that data to other back-end systems to facilitate monitoring, logging, alerts, billing, management and other operational and administrative functions.
  • a distributed data query and collection system that collects usage and other data from the edge servers, aggregates that data across a region or set of regions, and passes that data to other back-end systems to facilitate monitoring, logging, alerts, billing, management and other operational and administrative functions.
  • the CDNSP also may operate a metadata transport system 116 comprising a set of one or more servers to enable metadata to be provided to the CDNSP content servers.
  • the transport system 116 may comprise at least one control server 118 , and one or more staging server 120 a - n , each of which is typically an HTTP server (e.g., Apache).
  • Metadata is provided to the control server 118 by the CDNSP or the content provider (e.g., using a secure extranet application) and periodically delivered to the staging servers 120 a - n .
  • the staging servers deliver the metadata to the CDN content servers as necessary. Metadata is useful for controlling how the content is managed at the edge server.
  • the above described content delivery network is merely illustrative.
  • the present invention may leverage any content delivery infrastructure.
  • FIG. 2 illustrates a typical machine configuration for a CDN content edge machine, sometimes referred to generally as a server.
  • the machine 200 comprises commodity hardware running an operating system 202 .
  • the machine may optionally include a virtual machine 204 and an application server 206 to facilitate the execution of one or more customer application or application components 210 .
  • the machine 200 typically implements a cache 212 .
  • the machine also includes a store for customer configuration data 214 , typically in the form of customer-specific metadata, which controls how content is managed on the machine.
  • a server manager 216 overlays and controls the cache 212 , using the customer configuration data.
  • the machine includes one or more media servers 215 , such as a Windows Media Server (WMS), as required by the supported media formats.
  • WMS Windows Media Server
  • the server manager 216 may also control the media server according to the customer configuration data.
  • System management 218 and system security 220 modules are also provided to facilitate these and other conventional functions.
  • the machine may also incude logging processes, name server processes, data aggregation processes, and the like.
  • a given machine includes a rights management license server process 225 , which faciliates a de-centralized DRM-based license serving model.
  • the license server process 225 serves DRM licenses for the protected content served from the machine, or for the protected content served from machines co-located with the machine.
  • DRM digital rights management
  • One such known DRM system available from Microsoft Corporation includes a Digital Rights Manager that can be integrated into a content delivery network (CDN) according to the present invention.
  • CDN content delivery network
  • a Windows Media Rights Manager helps protect digital media (such as songs and videos) by packaging digital media files.
  • the present invention is not limited to use with DRM solutions from any particular vendor, of course. Indeed, the present invention assume the existence of a third party DRM solution (available from a DRM solutions provider) and concerns how that solution (and, in particular, the license server(s)) may be implemented within the CDN, taking advantage of the CDN's distributed or de-centralized infrastructure.
  • a packaged media file is a version of the media file that has been encrypted and locked with a key.
  • keys are created and used in the Windows Media Rights Manager.
  • the KeyID component is designed to vary by file. The content provider may use a different KeyID per file, or alternatively, it may choose to encrypt all of its files (or a collection of files) using a single KeyID.
  • a license issued for a given KeyID will apply to all the files encrypted using the same KeyID.
  • a license key seed and a key ID are needed.
  • the license key seed is a value that is known only to the content owner and the DRM license server.
  • the content owner creates a KeyID for each protected file. This value is included in the packaged file.
  • a key can be recreated by retrieving the key ID from the packaged file.
  • the Windows Media License Service uses the license key seed and the key ID from the packaged file to create a key.
  • the key is included in the license sent to the end user's computer. Using the key included in the license, the player on the consumer's computer can open and play the protected file.
  • FIG. 3 illustrates the inventive DRM CDN solution.
  • the three (3) primary components of the full end-to-end DRM solution are (i) packager 300 (ii) license server 302 and (iii) E-commerce storefront (or its equivalent) 304 .
  • the packager 300 typically is software (a set of program instructions executable on a processor) used to encrypt the content. This software may run at a CDN customer premise (an origin server), or on one or more CDN servers.
  • the license servers 302 issue licenses to end-users' players and are managed by the CDN.
  • the license servers 302 operate in a distributed or de-centralized manner, leveraging the basic infrastructure of the CDN itself, as opposed to operating in a centralized manner of the prior art.
  • the E-commerce storefront 304 preferably is set up and managed by the content provider or some third party on the content provider's behalf.
  • the following process flow illustrates the basic operation of the invention.
  • an end-user visits the content provider's web site and performs a business transaction.
  • the content provider's site After registration/login and/or payment collection, once the content provider decides to make the content available to the end-user, the content provider's site generates a token (using the shared-secret agreed between the CDN service provider and the content provider) and sends the end-user's browser (the player) to the CDN license server. Typically, this will be done in the background while the end-user stays on the content provider's site.
  • the License server validates the token presented by the end-user's browser. The token usually has information to issue the license to ‘“user U with rights R for content C.” The license server first validates the token using the shared secret to ensure that the token has been issued by the content-provider's site.
  • step 2 the token is found to be valid, it generates and issues a DRM license ⁇ U, R, C> to the end-user.
  • this entire step 2 will be transparent to the end-users.
  • the content provider's site can choose to get the license itself directly from the CDN license servers and forward the license to the end-user. This is shown as step 2 ′ in FIG. 3 .
  • This latter approach ensures a much more secure workflow as the license servers can be configured (e.g., via metadata access control lists (ACLs)) to issue licenses only to the content provider's web-servers.
  • ACLs metadata access control lists
  • the streaming server will send the encrypted content to the player.
  • the playback will start since a license is already present.
  • the store-front URL embedded in the content would direct the end-user's player to the content-provider's site.
  • FIG. 4 illustrates this process in more detail for streaming or on-demand media content delivery.
  • the CDN supplied packaging program 400 generates a key, generates and signs the content header, and then encrypts the file (e.g., a Windows media file) with this information.
  • the content header of a packaged media file contains the following information: KeyID and license acquisition URL.
  • an end-user visits the content provider's web site 402 and performs a business transaction.
  • the content provider's site 402 After registration/login and/or payment collection, once the content provider decides to make the content available to the end-user, the content provider's site 402 generates a token (using the shared-secret agreed between the CDN and the content provider) and does one of the following depending on a selected security model: (a) the customer site contacts a CDN license server 404 to get a license; this is shown as step 3 in FIG. 4 , or (b) the customer site sends the end-user's browser to the CDN license server (usually this will be done in the background while the end-user stays on the content-provider's site); this is shown as step 3 ′ in FIG. 4 .
  • the CDN-supplied tokenizer 406 (a software program, process, thread, or the like) generates a token, preferably using a shared-secret agreed between the CDN service provider and the content provider, and this token is used to contact a CDNSP DRM license server 404 .
  • the CDN license server 404 validates the token presented by the customer site (or end-user's browser). The token usually has information to issue the license to “user U with rights R for content C.”
  • the license server 404 first validates the token, preferably using a token salt, and ensures that the token has been issued by the content provider's site.
  • the token Once the token is found to be valid, it generates and issues a DRM license that contains a key to decrypt the encrypted content at the player. This process is also described in detail.
  • the end user attempts to access the protected content and plays the content. If the end user does not have a valid license, the end user needs to get a license.
  • the Content header of the encrypted file (or live stream) includes the license acquisition URL.
  • the player opens the license acquisition URL and attempts to get the license. Typically this will be a URL to the content provider's web site asking for a registration/subscription renewal or payment (i.e. step 1 ).
  • the secrets are generally broken down into secrets required for packaging content (both for live and on-demand), and secrets required for token generation.
  • the CDN may provide the customer with an application, which will allow either the CDNSP or the customer to generate all required, shared secrets. These shared secrets must be kept secret and communicated to the other party over some secure channel. Provisioning for on-demand video typically will require generation of a DRM VOD XML file (sometimes referred to as a DRM VOD Specification) that the user loads into the CDN packager tool to package files using this set of shared secrets.
  • a token salt is required for MD5 digest calculation for the DRM token.
  • a base 64-encoded 128-bit Rijndael key may be used to encrypt an optionally included encryption Seed and public key. The customer and the CDN must share these values securely for successful secure license delivery. The Rijndael key is not necessary for all token generation scenarios.
  • Rijndael cipher used for this encryption may be provisioned per-customer and may be stored on the license server in metadata associated with that customer.
  • a specification identifier is specified in this case as well, and this identifier may be used to determine the token salt and Rijndael key.
  • Type Drm Token type and flags A single digit followed by base64-encoded flag word Digest MD5 token digest Base64-encoded 16-byte MD5 digest Keyed Key ID Cleartext string Ts Token creation time, in Cleartext 32-bit integer GMT seconds-since-epoch specID Spec ID Cleartext 32-bit integer rightsID Rights ID Cleartext 32-bit integer
  • the Token type and flag indicates the token type, and a 16-bit bit field of flags indicates the required presence of any optional query string parameters.
  • the defined bit values are listed in the following Table 2. A query string parser will ignore flag bits that are set but undefined.
  • An MD5 digest is calculated at token generation time and included in the query string.
  • the license server recalculates the digest upon reception of a license request and verifies that the digest is identical before processing the request.
  • the digest is calculated over the values of all recognized name-value pairs included in the query string, other information in the request URL, and a secret Token salt that is shared by the license server and the customer.
  • the required timestamp is the token creation time.
  • the optional time window parameter is used to prevent license re-acquisition for an expired license by simply resending the original license request. If the time window parameter is not found in the query string, the license server may use a value specified in metadata for the given customer.
  • the query string must contain a specification identifier. An encryption seed/public key pair can appear in the query string. If encryption seed and public key are found in the query string, these values will be used during license generation. If encryption seed and public key are not in the query string, the encryption seed and public key associated with the specified (in query string) specification identifier are taken from the metadata. If the rights ID is not specified in the query string, the license server will use the default rights profile as specified in the metadata to generate the license.
  • a license is bound to a particular client machine by the inclusion of a ClientInfo string generated on the requesting client machine.
  • the string contains one or more pieces of data, such as an encrypted client ID, version information about given software on the end user's computer, other version information associated with the individual, or the like.
  • the ClientInfo string is required to generate the license, and it ensures that the license is only good on the machine from which the end-user originally attempted to obtain the license.
  • the particular manner by which the ClientInfo string is generated is DRM-implementation specific and outside the scope of the present invention.
  • customer specific information is stored in per-customer metadata.
  • a representative metadata file would include the following information: license key seed (the shared secret between the CDNSP and the customer for content encryption), the token salt (a value shared between the CDNSP and the customer to compute the token digest), a public key (used for signing the license), a customer code (used to identify the customer to the CDN), a fail action URL (the customer's Web site URL, as license requests with invalid tokens would be re-directed here), a Rijndael key (used to decrypt the license key seed if supplied as part of the token), a priority value (used if the customer has multiple licenses for a single content item), Rights ID, and Specification ID.
  • license key seed the shared secret between the CDNSP and the customer for content encryption
  • the token salt a value shared between the CDNSP and the customer to compute the token digest
  • a public key used for signing the license
  • a customer code used to identify the customer to the CDN
  • a fail action URL the customer's Web
  • the content provider can specify a list of rights-profiles.
  • a rights-profile describes a specific set of rights to be issued with a license.
  • a customer would typically set up one or more of such rights profiles in metadata and indicate the Rights ID to be used for a given license in the token sent with the license request.
  • users have an option to specify the encryption seed and public key through the query string or they can associate an encryption Seed and public key to the specification identifier passed as part of the query string.
  • the CDN license server uses the specification identifier to choose the matching shared secrets from metadata and uses the secrets to generate the license. Although not required, by specifying a different Specification ID the shared secrets can be rotated. This is useful mainly for rotating the token generation related secrets.
  • the CDN customer may require that the files be played only on an application that has been “individualized” by specifying a minimum individualization version number (this number may be included in the ClientInfo string). If a consumer tries to play a media file that requires individualization using a player that has not been individualized, a license is not issued and the player prompts the consumer to get a security upgrade.
  • the license server is a process running at an edge server acting as the license server.
  • the process listens on a given port (e.g., port 8083 ) and accepts DRM requests from end user browser media players (or the like). If necessary, a customer site preferably contacts a license server process with the DRM request on port 80 , and this request is then tunneled to the license server process on the given port.
  • the edge server license process listens on the given port and accepts requests such as HTTP GET or POST requests.
  • the process takes input from a user supplied token and customer metadata parameters (e.g., encryption key seed, which is used to protect the content, and token salt, which is used to protect the token) to generate a license.
  • customer metadata parameters e.g., encryption key seed, which is used to protect the content
  • token salt which is used to protect the token
  • the token validation process is illustrated in the flowchart of FIG. 5
  • the license generation and delivery process is illustrated in the flowchart of FIG. 6 .
  • a DRM request to the CDN license server process always contains a token in the form of query string. The request will not be processed if the token present is not valid.
  • the edge server license process creates a dummy token digest using the same scheme mentioned in the token generation section above. It then compares the generated token digest with the supplied digest. If they match, the license server process assumes that the request is valid.
  • the routine starts at step 502 by extracting parameters from the request's query string. A test is then performed at step 504 to determine whether a given time associated with the token has expired.
  • step 506 the routine branches to step 506 and issues a “no license” redirect to the customer's site (and/or, in the alternative, logs an access denied error). If, however, the outcome of the test at step 504 is negative, the license server process computes the digest using the query parameter and the metadata information. This is step 508 . A test is then performed at step 510 to determine if the digest matches that associated with the token. If the outcome of the test at step 508 is negative, the routine issues the “no license” redirect at step 506 . If, however, the outcome of the test at step 510 is positive, the token is validated and the license is then generated at step 512 .
  • FIG. 6 illustrates the license generation process.
  • the license includes at least the key to play the encrypted content, as well as the rights and conditions of the license, and it may also include other information (e.g., priority value, attributes identifying the CDN, or the like) as may be desired or required by the particular DRM solution.
  • the routine begins after the server process has validated the token, as described in FIG. 5 .
  • the routine extracts parameters from the request's query string.
  • a test is performed to check the ClientInfo string (e.g., client capability, version, etc.) or the like.
  • step 612 If, however, the outcome of the test at step 612 is negative, the routine continues at step 614 to construct the license (preferably as an XML file) and to deliver that license to the requesting end user's browser media player (or other rendering engine, as the case may be).
  • the license preferably as an XML file
  • license server process should be broadly construed as given software instructions, program sequences, code portions, and the like, executable by one or more processors. According to the invention, a set of such processes provide distributed license serving and operate in a de-centralized manner, preferably without access to authentication information associated with end users requesting the given content.

Abstract

The present invention is implemented within a distributed network operating environment (such as a CDN) in which content providers offload given content for delivery from servers (e.g., CDN edge servers) managed by a service provider (such as a CDN operator). It is assumed that the given content is secured using a digital rights management (DRM) scheme. According to the invention, a distributed set of license server processes are provided to manage the issuance of content licenses. Each of the license server processes is operative to generate licenses by which a given end user client obtains given rights for given content, typically the content served from the machine. A distributed set of license server processes operates in a de-centralized manner and without access to third party business logic (e.g., a payment mechanism) or authentication information associated with end users requesting the given content.

Description

  • This application is a continuation of Ser. No. 11/148,899, filed Jun. 9, 2005, now U.S. Pat. No. 7,711,647, which application was based on and claimed priority from Provisional Application Ser. No. 60/578,670, which was filed Jun. 10, 2004.
  • BACKGROUND OF THE INVENTION
  • 1. Technical Field
  • The present invention relates generally to techniques for content delivery.
  • 2. Description of the Related Art
  • It is known in the art for a content provider to outsource its content delivery requirements to a content delivery network (a “CDN”). A content delivery network is a collection of content servers and associated control mechanisms that offload work from Web site origin servers by delivering content on their behalf to end users. A well-managed CDN achieves this goal by serving some or all of the contents of a site's Web pages, thereby reducing the customer's infrastructure costs while enhancing an end user's browsing experience from the site. For optimal performance, the CDN service provider may maintain an objective, detailed, real-time view of the Internet's topology, reliability, and latency, and this view may then be used to power a dynamic DNS-based system to direct end users to the best CDN server to handle a particular request.
  • Digital Rights Management (DRM) refers to the technology used for the protection of digital media content, typically audio or audiovisual works. DRM works by encrypting the content before distribution, and by limiting access to only those end-users who have acquired a proper license to play the content. The DRM license enforcement is done at the player/client, and therefore, the integrity of the client-side (of DRM) is critical for the scheme to work. Microsoft, Real and Apple have developed proprietary DRM technologies for their audio and audiovisual content distribution. Apple's DRM technology is used in its iTunes music service. Microsoft and Real Networks support DRM protection for both on-demand and live media content. There are some standardization efforts around DRM (MPEG4/ISMA and Open Mobile Alliance), but these standards are still in the specification stage.
  • An end-to-end DRM system typically comprises three (3) parts: encryption, business-logic and license-delivery. DRM starts with the encryption of the content. Once the content is encrypted, a key is required to unlock the content. The encrypted content can be delivered through any number of delivery methods: HTTP, streaming, FTP, P2P, email, or the like. An end-user who desires to play the content visits an e-commerce web site and transacts with the business-logic process, usually involving one of registration, login, and/or payment; once this is done, the end-user is issued a license to play the content. The issued license typically comprises (i) a key (for decrypting the content), (ii) a set of rights (e.g. play exactly once, play for 30 days, or the like), and (iii) with the property that the license is valid only on the end-user machine to which it is issued. When an end-user attempts to play the DRM protected content, the player first checks the license cache on the machine, and if a license is found, the playback starts by decrypting the content. If a license is not found, the player attempts to get a license, typically from the storefront URL that is embedded in the content. Ultimately, it is the player/client that enforces the DRM. In a typical DRM scenario, a media file (e.g., a stream) is encrypted by a packager component using a key. Alternatively, the stream can be encrypted on the fly by an encoder. A streaming Server serves the encrypted stream to an end user browser's media player. As noted above, the player needs to get a license (which includes the key) from a license server to decrypt and play the content.
  • In the past, administration and management of the DRM license keys has taken place in a centralized manner, primarily to address security issues. It would highly desirable to be able to leverage the distributed nature of a content delivery network to facilitate a distributed (non-centralized) license delivery infrastructure. This present invention addresses this need.
  • BRIEF SUMMARY OF THE INVENTION
  • It is an object of the present invention to provide a distributed architecture for digital rights management (DRM) license delivery.
  • It is a further object of the invention to leverage the distributed infrastructure of a content delivery network (CDN) to enable management and distribution of DRM license keys, preferably in a non-centralized (i.e., distributed manner).
  • It is another object of the invention to provide for a distributed architecture for license delivery wherein the entity (e.g., the CDN) that provides the license key distribution does not maintain or have access to identifying information for the anticipated users of the protected content.
  • Thus, the present invention envisions a distributed license delivery infrastructure that is separate from any centralized database in which is stored information about the end users that may desire to obtain the content protected by the license. An advantage of this solution is that is separates the business logic from any validation scheme, and hence allows content providers to implement flexible business rules that are appropriate for their business. In a preferred embodiment, the CDN service provider need not maintain a database of all the end-users of the CDN customers. The CDN provides license delivery but is not directly involved in authenticating the requesting end-user's identity, collecting payment or obtaining credit-card information; rather, the CDN simply authenticates the end-user's request (as opposed to the user) before issuing the license and, ultimately, delivering the stream. The invention thus separates the business-logic from license delivery in the context of a DRM-implemented CDN solution offering.
  • It is a further general object of the present invention to facilitate music distribution and subscription-based media services over a content delivery network (CDN).
  • Generalizing, the present invention is implemented within a distributed network operating environment (such as a CDN) in which content providers offload given content for delivery from servers (e.g., CDN edge servers) managed by a service provider (such as a CDN operator). It is assumed that the given content is secured using a digital rights management scheme. According to the invention, a distributed set of license server processes are provided to manage the issuance of content licenses. Each of the license server processes are operative to generate licenses by which a given end user client obtains given rights for given content. The distributed set of license server processes operates in a de-centralized manner and without access to authentication information associated with end users requesting the given content.
  • The foregoing has outlined some of the more pertinent features of the invention. These features should be construed to be merely illustrative. Many other beneficial results can be attained by applying the disclosed invention in a different manner or by modifying the invention as will be described.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of a known distributed network (such as a content delivery network) in which the present invention may be implemented; and
  • FIG. 2 illustrates a typical machine configuration for an edge server in the distributed network of FIG. 2;
  • FIG. 3 illustrates the basic components of a DRM solution that is implemented in a CDN according to the present invention;
  • FIG. 4 is a more detailed description of how DRM-protected content is delivered by the CDN;
  • FIG. 5 illustrates a token validation process performed by a CDN license server process;
  • FIG. 6 illustrates how the CDN license server process generates and delivers the license; and
  • FIG. 7 illustrates a dynamic rights object that may be created and used by a license server to enforce dynamic license rights on a per request basis.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • It is known to deliver digital content (e.g., HTTP content, streaming media and applications) using an Internet content delivery network (CDN). A CDN is a network of geographically distributed content delivery nodes that are arranged for efficient delivery of content on behalf of third party content providers. Typically, a CDN is implemented as a combination of a content delivery infrastructure, a request-handling mechanism (preferably based in DNS), and a distribution infrastructure. The content delivery infrastructure usually comprises a set of “surrogate” origin servers that are located at strategic locations (e.g., Internet network access points, Internet Points of Presence, and the like) for delivering content to requesting end users. The request-handling mechanism (typically a set of name servers) allocates servers in the content delivery infrastructure to requesting clients in a way that, for web content delivery, minimizes a given client's response time and, for streaming media delivery, provides for the highest quality. The distribution infrastructure consists of on-demand or push-based mechanisms that move content from the origin server to the surrogates. An effective CDN serves frequently accessed content from a surrogate that is optimal for a given requesting client. In a typical CDN, a single service provider operates the request-handlers, the surrogates, and the content distributors. In addition, that service provider establishes business relationships with content publishers and acts on behalf of their origin server sites to provide a distributed delivery system.
  • As seen in FIG. 1, an Internet content delivery infrastructure usually comprises a set of “surrogate” origin servers 102 that are located at strategic locations (e.g., Internet network access points, and the like) for delivering copies of content to requesting end users 119. A surrogate origin server is defined, for example, in IETF Internet Draft titled “Requirements for Surrogates in the HTTP” dated Aug. 9, 2000, which is incorporated herein by reference. The mechanism 104 allocates servers 102 in the content delivery infrastructure to requesting clients. Typically, the mechanism 104 is implemented within (or as an adjunct to) a DNS subsystem managed by the CDN service provider. The distribution infrastructure consists of on-demand or push-based mechanisms that move content from the origin server to the surrogates. A CDN service provider (CDNSP) may organize sets of surrogate origin servers as a group or so-called “region.” In this type of arrangement, a CDN region 106 typically comprises a set (or cluster) of one or more content servers that share a common back-end network, e.g., a LAN, and that are located at or near an Internet access point. Thus, for example, a typical CDN region may be co-located within an Internet Service Provider (ISP) Point of Presence (PoP) 108. A representative CDN content server is a Pentium-based caching appliance running an operating system (e.g., Linux, Windows NT, Win2K) and having suitable RAM and disk storage for CDN applications and content delivery network content (e.g., HTTP content, streaming media and applications). Such content servers are sometimes referred to as “edge” servers as they are located at or near the so-called outer reach or “edge” of the Internet. The CDN typically also includes network agents 109 that monitor the network as well as the server loads. These network agents are typically co-located at third party data centers or other locations. Mapmaker software 107 receives data generated from the network agents and periodically creates maps that dynamically associate IP addresses (e.g., the IP addresses of client-side local name servers) with the CDN regions.
  • Content may be identified for delivery from the CDN using a content migrator or rewrite tool 106 operated, for example, at a participating content provider server. Tool 106 rewrites embedded object URLs to point to the CDNSP domain. A request for such content is resolved through a CDNSP-managed DNS to identify a “best” region, and then to identify an edge server within the region that is not overloaded and that is likely to host the requested content. Instead of using content provider-side migration (e.g., using the tool 106), a participating content provider may simply direct the CDNSP to serve an entire domain (or sub-domain) by a DNS directive (e.g., a CNAME). In either case, the CDNSP may provide object-specific metadata to the CDN content servers to determine how the CDN content servers will handle a request for an object being served by the CDN. Metadata, as used herein, refers to a set of control options and parameters for the object (e.g., coherence information, origin server identity information, load balancing information, customer code, other control codes, etc.), and such information may be provided to the CDN content servers via a configuration file, in HTTP headers, or in other ways. The Uniform Resource Locator (URL) of an object that is served from the CDN in this manner does not need to be modified by the content provider. When a request for the object is made, for example, by having an end user navigate to a site and select the URL, a customer's DNS system directs the name query (for whatever domain is in the URL) to the CDNSP DNS request routing mechanism. A representative CDN DNS request routing mechanism is described, for example, in U.S. Pat. No. 6,108,703, the disclosure of which is incorporated herein by reference. Once an edge server is identified, the browser passes the object request to the server, which applies the metadata supplied from a configuration file or HTTP response headers to determine how the object will be handled. The CDN may also include other infrastructure, such as a distributed data query and collection system that collects usage and other data from the edge servers, aggregates that data across a region or set of regions, and passes that data to other back-end systems to facilitate monitoring, logging, alerts, billing, management and other operational and administrative functions.
  • As also seen in FIG. 1, the CDNSP also may operate a metadata transport system 116 comprising a set of one or more servers to enable metadata to be provided to the CDNSP content servers. The transport system 116 may comprise at least one control server 118, and one or more staging server 120 a-n, each of which is typically an HTTP server (e.g., Apache). Metadata is provided to the control server 118 by the CDNSP or the content provider (e.g., using a secure extranet application) and periodically delivered to the staging servers 120 a-n. The staging servers deliver the metadata to the CDN content servers as necessary. Metadata is useful for controlling how the content is managed at the edge server.
  • The above described content delivery network is merely illustrative. The present invention may leverage any content delivery infrastructure.
  • FIG. 2 illustrates a typical machine configuration for a CDN content edge machine, sometimes referred to generally as a server. Typically, the machine 200 comprises commodity hardware running an operating system 202. The machine may optionally include a virtual machine 204 and an application server 206 to facilitate the execution of one or more customer application or application components 210. For handling HTTP content, the machine 200 typically implements a cache 212. The machine also includes a store for customer configuration data 214, typically in the form of customer-specific metadata, which controls how content is managed on the machine. A server manager 216 overlays and controls the cache 212, using the customer configuration data. For streaming media, the machine includes one or more media servers 215, such as a Windows Media Server (WMS), as required by the supported media formats. The server manager 216 may also control the media server according to the customer configuration data. System management 218 and system security 220 modules are also provided to facilitate these and other conventional functions. The machine may also incude logging processes, name server processes, data aggregation processes, and the like. For purposes of the present invention, as will be described below, a given machine includes a rights management license server process 225, which faciliates a de-centralized DRM-based license serving model. The license server process 225 serves DRM licenses for the protected content served from the machine, or for the protected content served from machines co-located with the machine.
  • By way of additional background, digital rights management (DRM) solutions are well-known in the art. One such known DRM system available from Microsoft Corporation includes a Digital Rights Manager that can be integrated into a content delivery network (CDN) according to the present invention. In this example, a Windows Media Rights Manager helps protect digital media (such as songs and videos) by packaging digital media files. The present invention is not limited to use with DRM solutions from any particular vendor, of course. Indeed, the present invention assume the existence of a third party DRM solution (available from a DRM solutions provider) and concerns how that solution (and, in particular, the license server(s)) may be implemented within the CDN, taking advantage of the CDN's distributed or de-centralized infrastructure.
  • In a typical DRM solution, a packaged media file is a version of the media file that has been encrypted and locked with a key. In the Microsoft DRM solution, keys are created and used in the Windows Media Rights Manager. In particular, the key used to encrypt the content is computed from a seed and a KeyID, namely: Seed+KeyID=Key. Typically, for purposes of the present invention, one seed will be chosen per content provider, and this seed is then used to encrypt all of content provider's content. The KeyID component is designed to vary by file. The content provider may use a different KeyID per file, or alternatively, it may choose to encrypt all of its files (or a collection of files) using a single KeyID. A license issued for a given KeyID will apply to all the files encrypted using the same KeyID. To generate a key, a license key seed and a key ID are needed. The license key seed is a value that is known only to the content owner and the DRM license server. The content owner creates a KeyID for each protected file. This value is included in the packaged file. When the license server needs to issue a license for a packaged file, a key can be recreated by retrieving the key ID from the packaged file. The Windows Media License Service uses the license key seed and the key ID from the packaged file to create a key. The key is included in the license sent to the end user's computer. Using the key included in the license, the player on the consumer's computer can open and play the protected file.
  • FIG. 3 illustrates the inventive DRM CDN solution. The three (3) primary components of the full end-to-end DRM solution are (i) packager 300 (ii) license server 302 and (iii) E-commerce storefront (or its equivalent) 304. The packager 300 typically is software (a set of program instructions executable on a processor) used to encrypt the content. This software may run at a CDN customer premise (an origin server), or on one or more CDN servers. The license servers 302 issue licenses to end-users' players and are managed by the CDN. According to a technical advantage of the present invention, the license servers 302 operate in a distributed or de-centralized manner, leveraging the basic infrastructure of the CDN itself, as opposed to operating in a centralized manner of the prior art. The E-commerce storefront 304 preferably is set up and managed by the content provider or some third party on the content provider's behalf. The following process flow illustrates the basic operation of the invention. At step (1), an end-user visits the content provider's web site and performs a business transaction. After registration/login and/or payment collection, once the content provider decides to make the content available to the end-user, the content provider's site generates a token (using the shared-secret agreed between the CDN service provider and the content provider) and sends the end-user's browser (the player) to the CDN license server. Typically, this will be done in the background while the end-user stays on the content provider's site. At step (2), the License server validates the token presented by the end-user's browser. The token usually has information to issue the license to ‘“user U with rights R for content C.” The license server first validates the token using the shared secret to ensure that the token has been issued by the content-provider's site. Once the token is found to be valid, it generates and issues a DRM license <U, R, C> to the end-user. Typically, this entire step 2 will be transparent to the end-users. Alternatively, the content provider's site can choose to get the license itself directly from the CDN license servers and forward the license to the end-user. This is shown as step 2′ in FIG. 3. This latter approach ensures a much more secure workflow as the license servers can be configured (e.g., via metadata access control lists (ACLs)) to issue licenses only to the content provider's web-servers. At step (3), the end-user clicks on the URL at the content provider's site to play a stream. This request will hit a CDN streaming server. The streaming server will send the encrypted content to the player. The playback will start since a license is already present. In the event a user attempts to play a piece of content directly from a CDN server without first going the content provider's site, the store-front URL embedded in the content would direct the end-user's player to the content-provider's site.
  • FIG. 4 illustrates this process in more detail for streaming or on-demand media content delivery. At step 0, the CDN supplied packaging program 400 generates a key, generates and signs the content header, and then encrypts the file (e.g., a Windows media file) with this information. The content header of a packaged media file contains the following information: KeyID and license acquisition URL. At step 1, an end-user visits the content provider's web site 402 and performs a business transaction. After registration/login and/or payment collection, once the content provider decides to make the content available to the end-user, the content provider's site 402 generates a token (using the shared-secret agreed between the CDN and the content provider) and does one of the following depending on a selected security model: (a) the customer site contacts a CDN license server 404 to get a license; this is shown as step 3 in FIG. 4, or (b) the customer site sends the end-user's browser to the CDN license server (usually this will be done in the background while the end-user stays on the content-provider's site); this is shown as step 3′ in FIG. 4. As seen in the drawing, at step 2, the CDN-supplied tokenizer 406 (a software program, process, thread, or the like) generates a token, preferably using a shared-secret agreed between the CDN service provider and the content provider, and this token is used to contact a CDNSP DRM license server 404. This process is described in more detail below. At step 3, the CDN license server 404 validates the token presented by the customer site (or end-user's browser). The token usually has information to issue the license to “user U with rights R for content C.” Preferably, the license server 404 first validates the token, preferably using a token salt, and ensures that the token has been issued by the content provider's site. Once the token is found to be valid, it generates and issues a DRM license that contains a key to decrypt the encrypted content at the player. This process is also described in detail. At step 4, the end user attempts to access the protected content and plays the content. If the end user does not have a valid license, the end user needs to get a license. The Content header of the encrypted file (or live stream) includes the license acquisition URL. When an end user tries to play a DRM protected media file that does not have a license, the player opens the license acquisition URL and attempts to get the license. Typically this will be a URL to the content provider's web site asking for a registration/subscription renewal or payment (i.e. step 1).
  • Before the CDN can begin issuing licenses for a customer's DRM protected content, several secrets must be provisioned and shared by the CDN and its customer. The following describes the process for two types of streaming media. The secrets are generally broken down into secrets required for packaging content (both for live and on-demand), and secrets required for token generation. In one embodiment, the CDN may provide the customer with an application, which will allow either the CDNSP or the customer to generate all required, shared secrets. These shared secrets must be kept secret and communicated to the other party over some secure channel. Provisioning for on-demand video typically will require generation of a DRM VOD XML file (sometimes referred to as a DRM VOD Specification) that the user loads into the CDN packager tool to package files using this set of shared secrets. Required tags would include Key_seed, an encryption seed, Header_private_key, a private key for signing a header, Header_public_key, a public key for signing a header, License_URL, a license acquisition URL, and Individualization, a required client individualization level. Additional tags (keys and certificates) may be implemented as well. The provisioning tool may rely on a DRM provider's SDK (e.g., Windows Media Format SDK) to generate seeds and keys. Provisioning for live video requires the generation of a DRM profile export file, which typically is a password-protected encrypted file that includes information necessary for an encoder to generate a DRM-protected live stream compatible with the CDNSP license server, together with an XML file (sometimes referred to as a DRM Live Specification) that includes a Key_seed tag and a Header_public_key tag and their associated values. The latter file may also include a Profile_import_password tag that defines a password for importing an associated DRM profile Likewise, the provisioning tool may rely on the DRM provider's SDK to generate the DRM profile.
  • In a representative embodiment, there are two additional shared secrets needed for token generation and parsing. A token salt is required for MD5 digest calculation for the DRM token. A base 64-encoded 128-bit Rijndael key may be used to encrypt an optionally included encryption Seed and public key. The customer and the CDN must share these values securely for successful secure license delivery. The Rijndael key is not necessary for all token generation scenarios.
  • Once the customer has decided to issue a license to an end-user, it must communicate the details of this desired license to the CDN license server. This information may be communicated in the URL used by the end-user client (e.g., an end user browser media player) to request a license, e.g., a token in the form of a query string. The following section will describe the format of the query string and the workflows that determine which optional components of the query string may be used. In a representative embodiment, there are two major provisioning/token generation workflows: shared secrets in metadata, and shared secrets in query string. In the first workflow, a customer uses a CDN DRM provisioning tool to generate a DRM VOD Specification (along with its associated DRM Profile) and/or an DRM Live Specification. The values in the generated specifications are securely communicated to the CDNSP are entered in the CDN's metadata transport system (reference number 116 in FIG. 1) under a specification identifier. In this case, when the customer generates a query string token for use in license delivery, it will specify this identifier in the query string. In the second workflow, it is assumed that the customer does not want to add their shared secrets (encryption seed and public key) to metadata (or perhaps because the CDN does not implement such a transport system). This may be due to security concerns on the part of the customer, or because the particular workflow of the customer requires frequent specification generation. In this case, the customer (or some third party on the customer's behalf) manages its own database of encryption seeds and public keys. They are communicated to the CDN license server in the query string during each license request. To maintain security for these two secrets, preferably they are encrypted using the Rijndael cipher before being placed in the query string. The Rijndael key used for this encryption may be provisioned per-customer and may be stored on the license server in metadata associated with that customer. A specification identifier is specified in this case as well, and this identifier may be used to determine the token salt and Rijndael key.
  • Preferably, the CDN license server (a program, process, execution thread, or the like) responds to license requests with a valid DRM license only if the request has a valid token associated with it. As noted above, preferably the token is generated at the customer's site using CDN-supplied tools. A representative URL for a DRM license request to a CDN license server may take the form: http://abc.wm.edgedrm.net/getLicense?<query string>, where <query string> is a series of name-value pairs taking the form “name=value”, with successive name-value pairs are separated by ampersands. The required names recognized by the license server are set forth below in Table 1:
  • TABLE 1
    Name Description Value Type
    Drm Token type and flags A single digit followed by
    base64-encoded flag word
    Digest MD5 token digest Base64-encoded 16-byte
    MD5 digest
    Keyed Key ID Cleartext string
    Ts Token creation time, in Cleartext 32-bit integer
    GMT seconds-since-epoch
    specID Spec ID Cleartext 32-bit integer
    rightsID Rights ID Cleartext 32-bit integer

    The Token type and flag indicates the token type, and a 16-bit bit field of flags indicates the required presence of any optional query string parameters. The defined bit values are listed in the following Table 2. A query string parser will ignore flag bits that are set but undefined.
  • TABLE 2
    Query string flag bitmap definitions
    Required Query String Component Flag Value
    Time window 0x0001
    Encryption seed 0x0002
    Public key 0x0004
    cInfo 0x0008
    Chg 0x0010

    An MD5 digest is calculated at token generation time and included in the query string. The license server recalculates the digest upon reception of a license request and verifies that the digest is identical before processing the request. Preferably, the digest is calculated over the values of all recognized name-value pairs included in the query string, other information in the request URL, and a secret Token salt that is shared by the license server and the customer. The required timestamp is the token creation time. The optional time window parameter is used to prevent license re-acquisition for an expired license by simply resending the original license request. If the time window parameter is not found in the query string, the license server may use a value specified in metadata for the given customer. The query string must contain a specification identifier. An encryption seed/public key pair can appear in the query string. If encryption seed and public key are found in the query string, these values will be used during license generation. If encryption seed and public key are not in the query string, the encryption seed and public key associated with the specified (in query string) specification identifier are taken from the metadata. If the rights ID is not specified in the query string, the license server will use the default rights profile as specified in the metadata to generate the license. A license is bound to a particular client machine by the inclusion of a ClientInfo string generated on the requesting client machine. The string contains one or more pieces of data, such as an encrypted client ID, version information about given software on the end user's computer, other version information associated with the individual, or the like. The ClientInfo string is required to generate the license, and it ensures that the license is only good on the machine from which the end-user originally attempted to obtain the license. The particular manner by which the ClientInfo string is generated is DRM-implementation specific and outside the scope of the present invention.
  • In a representative embodiment, customer specific information is stored in per-customer metadata. A representative metadata file would include the following information: license key seed (the shared secret between the CDNSP and the customer for content encryption), the token salt (a value shared between the CDNSP and the customer to compute the token digest), a public key (used for signing the license), a customer code (used to identify the customer to the CDN), a fail action URL (the customer's Web site URL, as license requests with invalid tokens would be re-directed here), a Rijndael key (used to decrypt the license key seed if supplied as part of the token), a priority value (used if the customer has multiple licenses for a single content item), Rights ID, and Specification ID. The content provider can specify a list of rights-profiles. A rights-profile describes a specific set of rights to be issued with a license. A customer would typically set up one or more of such rights profiles in metadata and indicate the Rights ID to be used for a given license in the token sent with the license request. As noted above, users have an option to specify the encryption seed and public key through the query string or they can associate an encryption Seed and public key to the specification identifier passed as part of the query string. The CDN license server uses the specification identifier to choose the matching shared secrets from metadata and uses the secrets to generate the license. Although not required, by specifying a different Specification ID the shared secrets can be rotated. This is useful mainly for rotating the token generation related secrets. The CDN customer may require that the files be played only on an application that has been “individualized” by specifying a minimum individualization version number (this number may be included in the ClientInfo string). If a consumer tries to play a media file that requires individualization using a player that has not been individualized, a license is not issued and the player prompts the consumer to get a security upgrade.
  • The following provides details regarding the CDN license server. In an illustrative embodiment, the license server is a process running at an edge server acting as the license server. The process listens on a given port (e.g., port 8083) and accepts DRM requests from end user browser media players (or the like). If necessary, a customer site preferably contacts a license server process with the DRM request on port 80, and this request is then tunneled to the license server process on the given port. The edge server license process listens on the given port and accepts requests such as HTTP GET or POST requests. As has been described, the process takes input from a user supplied token and customer metadata parameters (e.g., encryption key seed, which is used to protect the content, and token salt, which is used to protect the token) to generate a license. In operation, there are two major steps performed during this process: validating the supplied token, and license generation and delivery. The token validation process is illustrated in the flowchart of FIG. 5, and the license generation and delivery process is illustrated in the flowchart of FIG. 6.
  • As illustrated in FIG. 5, a DRM request to the CDN license server process always contains a token in the form of query string. The request will not be processed if the token present is not valid. To check validity of the token, the edge server license process creates a dummy token digest using the same scheme mentioned in the token generation section above. It then compares the generated token digest with the supplied digest. If they match, the license server process assumes that the request is valid. Thus, with respect to FIG. 5, the routine starts at step 502 by extracting parameters from the request's query string. A test is then performed at step 504 to determine whether a given time associated with the token has expired. If so, the routine branches to step 506 and issues a “no license” redirect to the customer's site (and/or, in the alternative, logs an access denied error). If, however, the outcome of the test at step 504 is negative, the license server process computes the digest using the query parameter and the metadata information. This is step 508. A test is then performed at step 510 to determine if the digest matches that associated with the token. If the outcome of the test at step 508 is negative, the routine issues the “no license” redirect at step 506. If, however, the outcome of the test at step 510 is positive, the token is validated and the license is then generated at step 512.
  • FIG. 6 illustrates the license generation process. As noted above, the license includes at least the key to play the encrypted content, as well as the rights and conditions of the license, and it may also include other information (e.g., priority value, attributes identifying the CDN, or the like) as may be desired or required by the particular DRM solution. The routine begins after the server process has validated the token, as described in FIG. 5. At step 602, the routine extracts parameters from the request's query string. At step 604, a test is performed to check the ClientInfo string (e.g., client capability, version, etc.) or the like. If the outcome of the test at step 604 indicates an issue, the routine branches to step 606 and issues a “no license” redirect, logs an error, or the like. If, however, the outcome of the test at step 604 is positive, the routine continues at step 608 to create a key object using the Key_ID and license key seed. During this step the server process also creates a rights object using the Rights_ID and the defined license rights. At step 610, the server process then creates a license object using the key object, rights object and Key_ID, and signs the license. At step 612, a test is performed to determine if there were any errors in the creation of the various objects. If so, the routine branches back to step 606. If, however, the outcome of the test at step 612 is negative, the routine continues at step 614 to construct the license (preferably as an XML file) and to deliver that license to the requesting end user's browser media player (or other rendering engine, as the case may be).
  • Although the license server process has been described as a single entity, this is not a requirement. One or more of the functions may be implemented in one or more execution threads, or multiple threads or processes may be implemented. Generalizing, any set of one or more processes, programs, threads, or the like that provide the token validation and license generation functions may be implemented in a given edge server. The license server may also include ancillary functions such as data logging, load reporting, and the like, to store and export operational data to other CDN processes. Moreover, it is not required that the license server process be distinct from the other edge server processes (e.g., metadata handling, object caching, or the like). Further, it is not required that each edge server in the CDN (or even in a given region) support the server license process. There may be a dedicated subset of server license machines running in the CDN, albeit in a distributed manner. According to the invention, however, it is not anticipated that there will be any centralized place where license keys for the CDN-sourced content are generated. As used herein, a “license server process” should be broadly construed as given software instructions, program sequences, code portions, and the like, executable by one or more processors. According to the invention, a set of such processes provide distributed license serving and operate in a de-centralized manner, preferably without access to authentication information associated with end users requesting the given content.
  • According to another feature of the present invention, in addition to having license rights specified in the Rights_ID (which are available in metadata in the CDN license server), the system may be adapted to handle dynamic rights tokens. In this variant, the CDN license server process manages different rights dynamically, per request, which affords much greater flexibility in handling rights per license and avoids metadata rights provisioning. Preferably, dynamic rights are generated by the tokenizer tool, using advanced options and inputs. The token generator typically executes on the customer's Web site as illustrated in FIG. 4. When using dynamic rights, the Rights_ID is still needed in the license request. In this case, the license server process first applies the rights specified by the Rights_ID, and it then replaces or add rights as specified in the dynamic rights license request. Table 3 below lists representative dynamic rights and their semantics with given types of token generators (e.g., Perl, ASP and Java):
  • TABLE 3
    Representative Dynamic Rights
    ASP Properties to Java Methods of
    WM Series 9 Right Description Perl Input Options Dynamic Rights Object Dynamic Rights Class
    AllowBackupRestore Boolean allowbackuprestore AllowBackupRestore setAllowBackupRestore
    AllowBurnToCD Boolean allowburn AllowBurn setAllowBurn
    AllowPlayOnPC Boolean allowplay AllowPlay setAllowPlay
    BurnToCDCount Copy Count copycount CopyCount setCopyCount
    BeginDate Calendar begindate BeginDate setBeginDate
    Date
    DeleteOnClockRollback Boolean deleteonclockrollback DeleteOnClockRollback setDeleteOnClockRollback
    DisableOnClockRollback Boolean disableonclockrollback DisableOnClockRollback setDisableOnClockRollback
    ExpirationAfterFirstUse Calendar expirationafterfirstuse ExpirationAfterFirstUse setExpirationAfterFirstUse
    Date
    ExpirationDate Calendar expirationdate ExpirationDate setExpirationDate
    Date
    ExpirationOnStore Calendar expirationonstore ExpirationOnStore setExpirationOnStore
    Date
    MinimumAppSecurity Security minimumsecurity MinimumSecurity setMinimumSecurity
    Level
    MinimumClientSDKSecurity Client minimumclientsecurity MinimumClientSDKSecurity setMinimumClientSDKSecurity
    Version
    Playcount Play count playcount PlayCount setPlayCount
    ExcludeApplication Exclude excludeapplication ExcludeApplication excludeApplication
    app IDs
  • A representative example of how dynamic rights are established is illustrated by the dynamic rights object shown in FIG. 7. In this example, the content provider has created the object using an ASP token generator. The content provider then sets the desired properties with this object, and these properties may then be applied on a per license request basis.
  • The present invention has numerous advantages. As noted above, the invention provides for a highly scalable, highly-available, distributed license server infrastructure, together with the customary advantages of a CDN, which is used for the delivery of the protected content. As noted above, in the preferred embodiment, the invention provides that business logic (payment processing, and the like) are separate from content protection. This separation is enforced by having business logic handled by the content provider (or some entity on its behalf) while having the security (license serving) handed by the CDN, which is also responsible for serving the protected content. This enables CDN customers to implement flexible business rules that are appropriate for their business model. Preferably, the CDN is not involved in keeping track of its customer's end user's identity in a database.
  • The present invention is not limited for use with any particular type of content, such as streaming media, but is useful for delivery of any protected content, including Web content, software downloads, and the like. Also, as used herein, “protected” content should be broadly construed to cover known or later developed methods for securing content against unauthorized activities at a given end user machine.
  • In addition, if desired, the CDN may implement a key management infrastructure to manage the license keys generated by the CDN license server processes.

Claims (7)

1. Apparatus operative in a distributed network in which content providers offload given content for delivery from servers managed by a content delivery network service provider, wherein the given content is secured by a digital rights management scheme, comprising:
a distributed set of license server processors that operate autonomously from one another to enable decryption keys to be generated and managed from individual license server processors in a de-centralized manner and without access to authentication information associated with end users requesting the given content;
wherein at least one license server processor comprises a processor, and computer memory associated with the processor and holding computer program instructions that when executed by the processor generates a license by which an end user client obtains rights for content.
2. The apparatus as described in claim 1 wherein one or more rights in the license are established by the license server processor dynamically on a per request basis.
3. Apparatus operative in a distributed network in which content providers offload given content for delivery from servers managed by a content delivery network service provider, wherein authorization to access the given content is obtained through business logic and the given content is secured by a rights management (DRM) scheme, comprising:
a distributed set of license server processors that operate autonomously from one another to enable DRM licenses to be generated and managed from individual license server processors in a de-centralized manner and without access to the business logic or any authentication information associated with end users requesting the given content:
wherein at least one license server processor comprises a processor, and computer memory associated with the processor and holding computer program instructions that when executed by the processor generates a license by which an end user client obtains rights for content.
4. The apparatus as described in claim 3 wherein the rights in the license are established by the license server processor based on data in a metadata file associated with the license server processor.
5. The apparatus as described in claim 3 wherein the rights in the license are established by the license server processor dynamically on a per request basis based on data in a token.
6. The apparatus as described in claim 5 wherein, following verification of the token, the license server processor generates the license by extracting one or more parameters from a request query, creating a key object, and creating a rights object.
7. The apparatus as described in claim 6 wherein the license server processor generates the license by creating a license object from the key object and the rights object.
US12/772,404 2004-06-10 2010-05-03 Digital rights management in a distributed network Abandoned US20100211776A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/772,404 US20100211776A1 (en) 2004-06-10 2010-05-03 Digital rights management in a distributed network

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US57867004P 2004-06-10 2004-06-10
US11/148,899 US7711647B2 (en) 2004-06-10 2005-06-09 Digital rights management in a distributed network
US12/772,404 US20100211776A1 (en) 2004-06-10 2010-05-03 Digital rights management in a distributed network

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/148,899 Continuation US7711647B2 (en) 2004-06-10 2005-06-09 Digital rights management in a distributed network

Publications (1)

Publication Number Publication Date
US20100211776A1 true US20100211776A1 (en) 2010-08-19

Family

ID=35461685

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/148,899 Active 2028-05-19 US7711647B2 (en) 2004-06-10 2005-06-09 Digital rights management in a distributed network
US12/772,404 Abandoned US20100211776A1 (en) 2004-06-10 2010-05-03 Digital rights management in a distributed network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/148,899 Active 2028-05-19 US7711647B2 (en) 2004-06-10 2005-06-09 Digital rights management in a distributed network

Country Status (4)

Country Link
US (2) US7711647B2 (en)
EP (1) EP1759350A4 (en)
CN (1) CN101065768B (en)
WO (1) WO2005124637A2 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080120412A1 (en) * 2006-11-20 2008-05-22 Novell, Inc. System and method for providing a hypertext transfer protocol service multiplexer
US20090249486A1 (en) * 2008-03-28 2009-10-01 Alexander Steven Johnson System and method for digital rights management control using video analytics
US20100199095A1 (en) * 2009-01-30 2010-08-05 Texas Instruments Inc. Password-Authenticated Association Based on Public Key Scrambling
US20120079578A1 (en) * 2010-09-29 2012-03-29 Verizon Patent And Licensing , Inc. Web browser playback for a video provisioning system
US20130297934A1 (en) * 2012-05-02 2013-11-07 Nokia Siemens Networks Oy Method and apparatus
US8751800B1 (en) * 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US20140280479A1 (en) * 2013-03-15 2014-09-18 Edgecast Networks, Inc. Dynamic Tag Management for Optimizing Content Delivery
US20150095646A1 (en) * 2009-08-14 2015-04-02 Azuki Systems, Inc. Method and system for unified mobile content protection
WO2016068577A1 (en) * 2014-10-27 2016-05-06 엘지전자(주) Method and apparatus for managing content in storage-based security system
US10992741B2 (en) 2018-08-13 2021-04-27 Wickr Inc. System and method for providing a configuration file to client devices
US11057489B2 (en) * 2017-04-14 2021-07-06 Huawei Technologies Co., Ltd. Content deployment method and delivery controller
US20220116371A1 (en) * 2010-05-28 2022-04-14 Iii Holdings 12, Llc Method and Apparatus for Providing Enhanced Streaming Content Delivery with Multi-Archive Support Using Secure Download Manager and Content-Indifferent Decoding
US11425122B2 (en) * 2018-08-13 2022-08-23 Amazon Technologies, Inc. System and method for providing a configuration file to client devices
US20230379399A1 (en) * 2022-05-20 2023-11-23 Samsung Electronics Co., Ltd. Application server assisted content management in cellular network

Families Citing this family (243)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7149797B1 (en) * 2001-04-02 2006-12-12 Akamai Technologies, Inc. Content delivery network service provider (CDNSP)-managed content delivery network (CDN) for network service provider (NSP)
US7581255B2 (en) * 2003-01-21 2009-08-25 Microsoft Corporation Systems and methods for licensing one or more data streams from an encoded digital media file
CA2519116C (en) 2003-03-13 2012-11-13 Drm Technologies, Llc Secure streaming container
CN103001923B (en) * 2003-06-05 2016-03-30 英特特拉斯特技术公司 For controlling the method and system of the access to digital content fragment on the computer systems
US7516147B2 (en) * 2003-10-23 2009-04-07 Sumisho Computer Systems Corporation URL system and method for licensing content
US9219729B2 (en) 2004-05-19 2015-12-22 Philip Drope Multimedia network system with content importation, content exportation, and integrated content management
US8312267B2 (en) 2004-07-20 2012-11-13 Time Warner Cable Inc. Technique for securely communicating programming content
US10862994B1 (en) * 2006-11-15 2020-12-08 Conviva Inc. Facilitating client decisions
US8266429B2 (en) 2004-07-20 2012-09-11 Time Warner Cable, Inc. Technique for securely communicating and storing programming material in a trusted domain
KR100636169B1 (en) * 2004-07-29 2006-10-18 삼성전자주식회사 Method for transmitting content which is processed by various DRM System, and the method for reproducing the contents
DE102005022834A1 (en) * 2005-05-11 2006-11-16 Deutsche Telekom Ag Method for disseminating DRM-based digital content
US20070038578A1 (en) * 2005-08-10 2007-02-15 Huizhuo Liu Method and system for digital content distribution
US20070055743A1 (en) * 2005-09-02 2007-03-08 Pirtle Ross M Remote control media player
US8306918B2 (en) 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
US9626667B2 (en) * 2005-10-18 2017-04-18 Intertrust Technologies Corporation Digital rights management engine systems and methods
KR101285946B1 (en) * 2005-10-18 2013-08-23 인터트러스트 테크놀로지즈 코포레이션 Methods for digital rights management
US20070204078A1 (en) * 2006-02-09 2007-08-30 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8893302B2 (en) * 2005-11-09 2014-11-18 Motorola Mobility Llc Method for managing security keys utilized by media devices in a local area network
US7853945B2 (en) 2006-02-22 2010-12-14 Michael Kramer Integrated computer server imaging
US20070198427A1 (en) * 2006-02-22 2007-08-23 Microsoft Corporation Computer service licensing management
US20070198428A1 (en) * 2006-02-22 2007-08-23 Microsoft Corporation Purchasing of computer service access licenses
EP1999883A4 (en) 2006-03-14 2013-03-06 Divx Llc Federated digital rights management scheme including trusted systems
CN100454921C (en) * 2006-03-29 2009-01-21 华为技术有限公司 Digital copyright protecting method and system
US20070245152A1 (en) * 2006-04-13 2007-10-18 Erix Pizano Biometric authentication system for enhancing network security
US8370416B2 (en) * 2006-04-26 2013-02-05 Hewlett-Packard Development Company, L.P. Compatibility enforcement in clustered computing systems
US8224751B2 (en) * 2006-05-03 2012-07-17 Apple Inc. Device-independent management of cryptographic information
US8108315B2 (en) * 2006-06-19 2012-01-31 Hewlett-Packard Development Company, L.P. Discovering software code subject to licenses
US7881315B2 (en) * 2006-06-27 2011-02-01 Microsoft Corporation Local peer-to-peer digital content distribution
US20080066181A1 (en) * 2006-09-07 2008-03-13 Microsoft Corporation DRM aspects of peer-to-peer digital content distribution
US8520850B2 (en) * 2006-10-20 2013-08-27 Time Warner Cable Enterprises Llc Downloadable security and protection methods and apparatus
US8732854B2 (en) 2006-11-01 2014-05-20 Time Warner Cable Enterprises Llc Methods and apparatus for premises content distribution
US8751605B1 (en) 2006-11-15 2014-06-10 Conviva Inc. Accounting for network traffic
US9264780B1 (en) 2006-11-15 2016-02-16 Conviva Inc. Managing synchronized data requests in a content delivery network
US8874725B1 (en) 2006-11-15 2014-10-28 Conviva Inc. Monitoring the performance of a content player
US8069408B2 (en) * 2006-11-16 2011-11-29 Novell, Inc. Representing extensible markup language (XML) as an executable having conditional authentication or policy logic
CN101637005B (en) * 2007-01-17 2014-04-09 英特托拉斯技术公司 Methods, systems, and apparatus for fragmented file sharing
US8621540B2 (en) 2007-01-24 2013-12-31 Time Warner Cable Enterprises Llc Apparatus and methods for provisioning in a download-enabled system
CN101231731B (en) * 2007-01-25 2015-10-21 运软网络科技(上海)有限公司 The general business method of a kind of applying virtual on public network and mini server thereof
US20080222044A1 (en) * 2007-03-05 2008-09-11 Microsoft Corporation Protected content renewal
US20080235142A1 (en) * 2007-03-20 2008-09-25 Yahoo! Inc. System and methods for obtaining rights in playlist entries
US20080235141A1 (en) * 2007-03-21 2008-09-25 Microsoft Corporation License manager and schema
US20080301058A1 (en) * 2007-04-04 2008-12-04 Arbinet-Thexchange, Inc. Method and system for negotiating digital media licenses and distributing digital media
US9805374B2 (en) 2007-04-12 2017-10-31 Microsoft Technology Licensing, Llc Content preview
US8539543B2 (en) * 2007-04-12 2013-09-17 Microsoft Corporation Managing digital rights for multiple assets in an envelope
US7949788B2 (en) * 2007-05-18 2011-05-24 The Pnc Financial Services Group, Inc. Apparatus, systems and methods for transformation services
US9311492B2 (en) 2007-05-22 2016-04-12 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US8347098B2 (en) * 2007-05-22 2013-01-01 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US8028090B2 (en) 2008-11-17 2011-09-27 Amazon Technologies, Inc. Request routing utilizing client location information
US7991910B2 (en) 2008-11-17 2011-08-02 Amazon Technologies, Inc. Updating routing information based on client location
US9129284B2 (en) * 2007-09-06 2015-09-08 Shaunt Mark Sarkissian Systems, methods and apparatuses for secure digital transactions
US20090070269A1 (en) * 2007-09-06 2009-03-12 Shaunt Mark Sarkissian Systems, methods and apparatuses for secure digital transactions
US9177313B1 (en) * 2007-10-18 2015-11-03 Jpmorgan Chase Bank, N.A. System and method for issuing, circulating and trading financial instruments with smart features
US20090119121A1 (en) * 2007-11-02 2009-05-07 Mwstory Co., Ltd. Peer-to-peer service providing system and method for preventing contents from being illegally distributed
US8584212B1 (en) 2007-11-15 2013-11-12 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
US8875259B2 (en) * 2007-11-15 2014-10-28 Salesforce.Com, Inc. On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
JP5579073B2 (en) 2007-11-16 2014-08-27 トムソン ライセンシング System and method for session management of streaming media
US8856861B2 (en) * 2007-12-20 2014-10-07 Samsung Electronics Co., Ltd. Generic rights token and DRM-related service pointers in a common protected content file
US20090183000A1 (en) * 2008-01-16 2009-07-16 Scott Krig Method And System For Dynamically Granting A DRM License Using A URL
EP2083370B1 (en) 2008-01-16 2012-10-31 Broadcom Corporation Method and system for dynamically granting a DRM license using a URL
US8606996B2 (en) 2008-03-31 2013-12-10 Amazon Technologies, Inc. Cache optimization
US8156243B2 (en) 2008-03-31 2012-04-10 Amazon Technologies, Inc. Request routing
US7962597B2 (en) 2008-03-31 2011-06-14 Amazon Technologies, Inc. Request routing based on class
US8601090B1 (en) 2008-03-31 2013-12-03 Amazon Technologies, Inc. Network resource identification
US7970820B1 (en) * 2008-03-31 2011-06-28 Amazon Technologies, Inc. Locality based content distribution
US20090249327A1 (en) * 2008-03-31 2009-10-01 International Business Machines Corporation Method for metering an extensible license for java applications
US8447831B1 (en) 2008-03-31 2013-05-21 Amazon Technologies, Inc. Incentive driven content delivery
US8533293B1 (en) 2008-03-31 2013-09-10 Amazon Technologies, Inc. Client side cache management
US8321568B2 (en) 2008-03-31 2012-11-27 Amazon Technologies, Inc. Content management
US8666824B2 (en) * 2008-04-23 2014-03-04 Dell Products L.P. Digital media content location and purchasing system
US9407681B1 (en) 2010-09-28 2016-08-02 Amazon Technologies, Inc. Latency measurement in resource requests
US9912740B2 (en) 2008-06-30 2018-03-06 Amazon Technologies, Inc. Latency measurement in resource requests
US7925782B2 (en) 2008-06-30 2011-04-12 Amazon Technologies, Inc. Request routing using network computing components
US8281382B1 (en) * 2008-06-30 2012-10-02 Amazon Technologies, Inc. Dynamic throttling systems and services
US8793193B2 (en) * 2008-09-09 2014-07-29 Adobe Systems Incorporated Digital rights management distribution system
WO2010040133A2 (en) * 2008-10-03 2010-04-08 Limelight Networks, Inc. Content delivery network encryption
US9466037B2 (en) * 2008-11-13 2016-10-11 Oracle International Corporation Versioning and effectivity dates for orchestration business process design
US8732309B1 (en) 2008-11-17 2014-05-20 Amazon Technologies, Inc. Request routing utilizing cost information
US8060616B1 (en) 2008-11-17 2011-11-15 Amazon Technologies, Inc. Managing CDN registration by a storage provider
US8073940B1 (en) 2008-11-17 2011-12-06 Amazon Technologies, Inc. Managing content delivery network service providers
US8521880B1 (en) 2008-11-17 2013-08-27 Amazon Technologies, Inc. Managing content delivery network service providers
US8065417B1 (en) 2008-11-17 2011-11-22 Amazon Technologies, Inc. Service provider registration by a content broker
US8122098B1 (en) 2008-11-17 2012-02-21 Amazon Technologies, Inc. Managing content delivery network service providers by a content broker
US8291504B2 (en) * 2008-12-31 2012-10-16 Akamai Technologies, Inc. Enforcing single stream per sign-on from a content delivery network (CDN) media server
US8402494B1 (en) 2009-03-23 2013-03-19 Conviva Inc. Switching content
US8688837B1 (en) 2009-03-27 2014-04-01 Amazon Technologies, Inc. Dynamically translating resource identifiers for request routing using popularity information
US8412823B1 (en) 2009-03-27 2013-04-02 Amazon Technologies, Inc. Managing tracking information entries in resource cache components
US8756341B1 (en) 2009-03-27 2014-06-17 Amazon Technologies, Inc. Request routing utilizing popularity information
US8521851B1 (en) 2009-03-27 2013-08-27 Amazon Technologies, Inc. DNS query processing using resource identifiers specifying an application broker
US20130132232A1 (en) * 2009-04-22 2013-05-23 Florian Pestoni System And Method For Digital Rights Management With Delegated Authorization For Content Access
WO2010124446A1 (en) * 2009-04-27 2010-11-04 华为技术有限公司 Method, device and system for issuing license
US8800017B2 (en) * 2009-05-29 2014-08-05 Ncomputing, Inc. Method and apparatus for copy protecting a digital electronic device
US9602864B2 (en) 2009-06-08 2017-03-21 Time Warner Cable Enterprises Llc Media bridge apparatus and methods
US9866609B2 (en) 2009-06-08 2018-01-09 Time Warner Cable Enterprises Llc Methods and apparatus for premises content distribution
US8782236B1 (en) 2009-06-16 2014-07-15 Amazon Technologies, Inc. Managing resources using resource expiration data
US8886761B2 (en) * 2009-07-01 2014-11-11 Level 3 Communications, Llc Flexible token for use in content delivery
US9203913B1 (en) 2009-07-20 2015-12-01 Conviva Inc. Monitoring the performance of a content player
US8397073B1 (en) 2009-09-04 2013-03-12 Amazon Technologies, Inc. Managing secure content in a content delivery network
US8433771B1 (en) 2009-10-02 2013-04-30 Amazon Technologies, Inc. Distribution network with forward resource propagation
US8799674B1 (en) * 2009-12-04 2014-08-05 Akamai Technologies, Inc. Method and system for handling sensitive data in a content delivery network
EP2507995A4 (en) 2009-12-04 2014-07-09 Sonic Ip Inc Elementary bitstream cryptographic material transport systems and methods
US9401893B2 (en) 2009-12-29 2016-07-26 International Business Machines Corporation System and method for providing data security in a hosted service system
US9495338B1 (en) 2010-01-28 2016-11-15 Amazon Technologies, Inc. Content distribution network
US20110247084A1 (en) * 2010-04-06 2011-10-06 Copyright Clearance Center, Inc. Method and apparatus for authorizing delivery of streaming video to licensed viewers
JP5430752B2 (en) * 2010-04-28 2014-03-05 パナソニック株式会社 License server and content usage system
US9906838B2 (en) 2010-07-12 2018-02-27 Time Warner Cable Enterprises Llc Apparatus and methods for content delivery and message exchange across multiple content delivery networks
US8925109B2 (en) * 2010-07-30 2014-12-30 Adobe Systems Incorporated Client-side player file and content license verification
US8756272B1 (en) 2010-08-26 2014-06-17 Amazon Technologies, Inc. Processing encoded content
EP2429189A1 (en) * 2010-09-09 2012-03-14 Irdeto B.V. Method and system for providing content to a recipient device
US9003035B1 (en) 2010-09-28 2015-04-07 Amazon Technologies, Inc. Point of presence management in request routing
US8819283B2 (en) 2010-09-28 2014-08-26 Amazon Technologies, Inc. Request routing in a networked environment
US8938526B1 (en) 2010-09-28 2015-01-20 Amazon Technologies, Inc. Request routing management based on network components
US8577992B1 (en) * 2010-09-28 2013-11-05 Amazon Technologies, Inc. Request routing management based on network components
US8924528B1 (en) 2010-09-28 2014-12-30 Amazon Technologies, Inc. Latency measurement in resource requests
US8930513B1 (en) 2010-09-28 2015-01-06 Amazon Technologies, Inc. Latency measurement in resource requests
US9712484B1 (en) 2010-09-28 2017-07-18 Amazon Technologies, Inc. Managing request routing information utilizing client identifiers
US8468247B1 (en) 2010-09-28 2013-06-18 Amazon Technologies, Inc. Point of presence management in request routing
US10097398B1 (en) 2010-09-28 2018-10-09 Amazon Technologies, Inc. Point of presence management in request routing
US10958501B1 (en) 2010-09-28 2021-03-23 Amazon Technologies, Inc. Request routing information based on client IP groupings
US8452874B2 (en) 2010-11-22 2013-05-28 Amazon Technologies, Inc. Request routing processing
US8970668B2 (en) * 2010-11-29 2015-03-03 Verizon Patent And Licensing Inc. High bandwidth streaming to media player
US8626950B1 (en) 2010-12-03 2014-01-07 Amazon Technologies, Inc. Request routing processing
US9391949B1 (en) 2010-12-03 2016-07-12 Amazon Technologies, Inc. Request routing processing
US9247312B2 (en) 2011-01-05 2016-01-26 Sonic Ip, Inc. Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol
JP2012160004A (en) * 2011-01-31 2012-08-23 Sony Computer Entertainment Inc Method for providing content with identifier and id management device
US20120197785A1 (en) * 2011-01-31 2012-08-02 Keith Cooper Apparatus and method for management of intellectual property rights
US20120255036A1 (en) * 2011-03-29 2012-10-04 Mobitv, Inc. Proprietary access control algorithms in content delivery networks
CN103597488B (en) 2011-04-11 2016-08-24 英特托拉斯技术公司 Information safety system and method
US8867337B2 (en) 2011-04-26 2014-10-21 International Business Machines Corporation Structure-aware caching
US10467042B1 (en) 2011-04-27 2019-11-05 Amazon Technologies, Inc. Optimized deployment based upon customer locality
US9400851B2 (en) 2011-06-23 2016-07-26 Incapsula, Inc. Dynamic content caching
US9467708B2 (en) 2011-08-30 2016-10-11 Sonic Ip, Inc. Selection of resolutions for seamless resolution switching of multimedia content
US8909922B2 (en) 2011-09-01 2014-12-09 Sonic Ip, Inc. Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
US8964977B2 (en) 2011-09-01 2015-02-24 Sonic Ip, Inc. Systems and methods for saving encoded media streamed using adaptive bitrate streaming
WO2013046204A1 (en) * 2011-09-26 2013-04-04 Gilat Satcom Ltd. Methods and systems of controlling access to distributed content
US10733151B2 (en) 2011-10-27 2020-08-04 Microsoft Technology Licensing, Llc Techniques to share media files
JP5795690B2 (en) * 2011-11-02 2015-10-14 アカマイ テクノロジーズ インコーポレイテッド Multi-domain configuration processing on edge network servers
US8763154B2 (en) * 2012-01-23 2014-06-24 Verizon Patent And Licensing Inc. Federated authentication
US8904009B1 (en) 2012-02-10 2014-12-02 Amazon Technologies, Inc. Dynamic content delivery
US9172711B2 (en) 2012-02-13 2015-10-27 PivotCloud, Inc. Originator publishing an attestation of a statement
US9092780B2 (en) 2012-02-13 2015-07-28 PivotCloud, Inc. User-mediator monitoring and controlling access to electronic content
US9219715B2 (en) 2012-02-13 2015-12-22 PivotCloud, Inc. Mediator utilizing electronic content to enforce policies to a resource
US10021179B1 (en) 2012-02-21 2018-07-10 Amazon Technologies, Inc. Local resource delivery network
CN103294935B (en) * 2012-02-29 2016-03-09 北大方正集团有限公司 A kind of control method of digital content read right, Apparatus and system
US8892870B2 (en) * 2012-03-12 2014-11-18 Sony Corporation Digital rights management for live streaming based on trusted relationships
US9083743B1 (en) 2012-03-21 2015-07-14 Amazon Technologies, Inc. Managing request routing information utilizing performance information
US10623408B1 (en) 2012-04-02 2020-04-14 Amazon Technologies, Inc. Context sensitive object management
US9613042B1 (en) 2012-04-09 2017-04-04 Conviva Inc. Dynamic generation of video manifest files
DE102012104481A1 (en) * 2012-05-24 2013-11-28 Deutsche Telekom Ag Method for importing a replacement clip into the ongoing transmission of a video clip
US9154551B1 (en) 2012-06-11 2015-10-06 Amazon Technologies, Inc. Processing DNS queries to identify pre-processing information
US20130346318A1 (en) * 2012-06-26 2013-12-26 Incapsula Inc. Secure transaction systems and methodologies
US9992260B1 (en) 2012-08-31 2018-06-05 Fastly Inc. Configuration change processing for content request handling in content delivery node
US9525659B1 (en) 2012-09-04 2016-12-20 Amazon Technologies, Inc. Request routing utilizing point of presence load information
US9246965B1 (en) * 2012-09-05 2016-01-26 Conviva Inc. Source assignment based on network partitioning
US10182096B1 (en) 2012-09-05 2019-01-15 Conviva Inc. Virtual resource locator
US9323577B2 (en) 2012-09-20 2016-04-26 Amazon Technologies, Inc. Automated profiling of resource usage
US9135048B2 (en) 2012-09-20 2015-09-15 Amazon Technologies, Inc. Automated profiling of resource usage
JP5486659B2 (en) * 2012-09-21 2014-05-07 株式会社 ディー・エヌ・エー Playback management apparatus and program used therefor
US9143383B2 (en) * 2012-11-01 2015-09-22 Miiicasa Taiwan Inc. Method and system for managing device identification
US9177158B2 (en) * 2012-11-07 2015-11-03 Theplatform, Llc Methods and systems for processing content rights
US9565472B2 (en) 2012-12-10 2017-02-07 Time Warner Cable Enterprises Llc Apparatus and methods for content transfer protection
US10205698B1 (en) 2012-12-19 2019-02-12 Amazon Technologies, Inc. Source-dependent address resolution
US9191457B2 (en) 2012-12-31 2015-11-17 Sonic Ip, Inc. Systems, methods, and media for controlling delivery of content
US20140282786A1 (en) 2013-03-12 2014-09-18 Time Warner Cable Enterprises Llc Methods and apparatus for providing and uploading content to personalized network storage
US9066153B2 (en) 2013-03-15 2015-06-23 Time Warner Cable Enterprises Llc Apparatus and methods for multicast delivery of content in a content delivery network
US10368255B2 (en) 2017-07-25 2019-07-30 Time Warner Cable Enterprises Llc Methods and apparatus for client-based dynamic control of connections to co-existing radio access networks
US9317677B1 (en) * 2013-05-24 2016-04-19 Inkling Systems, Inc. Access control for content delivery networks
US9811644B1 (en) * 2013-05-27 2017-11-07 Telefonaktiebolaget Lm Ericsson (Publ) Method for distribution of licenses based on geographical location
US9094737B2 (en) 2013-05-30 2015-07-28 Sonic Ip, Inc. Network video streaming with trick play based on separate trick play files
US9294391B1 (en) 2013-06-04 2016-03-22 Amazon Technologies, Inc. Managing network computing components utilizing request routing
US9443093B2 (en) * 2013-06-20 2016-09-13 Amazon Technologies, Inc. Policy enforcement delays
US9047482B2 (en) * 2013-07-17 2015-06-02 Wowza Media Systems, LLC Token-based security for links to media streams
US9313568B2 (en) 2013-07-23 2016-04-12 Chicago Custom Acoustics, Inc. Custom earphone with dome in the canal
CN103427998B (en) * 2013-08-20 2016-12-28 航天恒星科技有限公司 The authentication of a kind of Internet data distribution and data ciphering method
CN104809364A (en) * 2014-01-24 2015-07-29 中辉世纪传媒发展有限公司 Method and device for processing of application program of digital rights management (DRM) client
US9424083B2 (en) 2014-03-14 2016-08-23 Google Inc. Managing metadata for a distributed processing system with manager agents and worker agents
US9866878B2 (en) 2014-04-05 2018-01-09 Sonic Ip, Inc. Systems and methods for encoding and playing back video at different frame rates using enhancement layers
CN105024970B (en) * 2014-04-18 2018-07-13 中国电信股份有限公司 The control method of mobile application data copy, system, client and server
US9621940B2 (en) 2014-05-29 2017-04-11 Time Warner Cable Enterprises Llc Apparatus and methods for recording, accessing, and delivering packetized content
CN103997681B (en) * 2014-06-02 2016-02-17 合一网络技术(北京)有限公司 Net cast is carried out to method and the system thereof of door chain process
US11540148B2 (en) 2014-06-11 2022-12-27 Time Warner Cable Enterprises Llc Methods and apparatus for access point location
US9935833B2 (en) 2014-11-05 2018-04-03 Time Warner Cable Enterprises Llc Methods and apparatus for determining an optimized wireless interface installation configuration
US10305955B1 (en) 2014-12-08 2019-05-28 Conviva Inc. Streaming decision in the cloud
US10178043B1 (en) 2014-12-08 2019-01-08 Conviva Inc. Dynamic bitrate range selection in the cloud for optimized video streaming
US10091096B1 (en) 2014-12-18 2018-10-02 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10033627B1 (en) 2014-12-18 2018-07-24 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10097448B1 (en) 2014-12-18 2018-10-09 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
EP4340378A2 (en) 2014-12-31 2024-03-20 DISH Technologies L.L.C. Automated video content processing
US9135412B1 (en) 2015-02-24 2015-09-15 Wowza Media Systems, LLC Token-based security for remote resources
US10225326B1 (en) 2015-03-23 2019-03-05 Amazon Technologies, Inc. Point of presence based data uploading
US9887931B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9887932B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9819567B1 (en) 2015-03-30 2017-11-14 Amazon Technologies, Inc. Traffic surge management for points of presence
US20160306955A1 (en) * 2015-04-14 2016-10-20 Intel Corporation Performing user seamless authentications
US9832141B1 (en) 2015-05-13 2017-11-28 Amazon Technologies, Inc. Routing based request correlation
US10616179B1 (en) 2015-06-25 2020-04-07 Amazon Technologies, Inc. Selective routing of domain name system (DNS) requests
US10097566B1 (en) 2015-07-31 2018-10-09 Amazon Technologies, Inc. Identifying targets of network attacks
US9742795B1 (en) 2015-09-24 2017-08-22 Amazon Technologies, Inc. Mitigating network attacks
US9794281B1 (en) 2015-09-24 2017-10-17 Amazon Technologies, Inc. Identifying sources of network attacks
US9774619B1 (en) 2015-09-24 2017-09-26 Amazon Technologies, Inc. Mitigating network attacks
US10666755B2 (en) * 2015-10-23 2020-05-26 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for secure content caching and delivery
CN105306959B (en) * 2015-10-24 2018-08-21 广东医群科技有限公司 A kind of low delay network self-adapting live broadcast system
CN105592065B (en) * 2015-11-05 2019-03-15 中国银联股份有限公司 A kind of Website logging method and its login system based on SMS
US10270878B1 (en) 2015-11-10 2019-04-23 Amazon Technologies, Inc. Routing for origin-facing points of presence
US9986578B2 (en) 2015-12-04 2018-05-29 Time Warner Cable Enterprises Llc Apparatus and methods for selective data network access
US10049051B1 (en) 2015-12-11 2018-08-14 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10257307B1 (en) 2015-12-11 2019-04-09 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10348639B2 (en) 2015-12-18 2019-07-09 Amazon Technologies, Inc. Use of virtual endpoints to improve data transmission rates
US9918345B2 (en) 2016-01-20 2018-03-13 Time Warner Cable Enterprises Llc Apparatus and method for wireless network services in moving vehicles
US10492034B2 (en) 2016-03-07 2019-11-26 Time Warner Cable Enterprises Llc Apparatus and methods for dynamic open-access networks
US10162943B2 (en) 2016-04-27 2018-12-25 Comcast Cable Communications, Llc Streamlined digital rights management
US10644875B2 (en) * 2016-04-28 2020-05-05 International Business Machines Corporation Pre-authorization of public key infrastructure
US10075551B1 (en) 2016-06-06 2018-09-11 Amazon Technologies, Inc. Request management for hierarchical cache
US10164858B2 (en) 2016-06-15 2018-12-25 Time Warner Cable Enterprises Llc Apparatus and methods for monitoring and diagnosing a wireless network
US10110694B1 (en) 2016-06-29 2018-10-23 Amazon Technologies, Inc. Adaptive transfer rate for retrieving content from a server
US9992086B1 (en) 2016-08-23 2018-06-05 Amazon Technologies, Inc. External health checking of virtual private cloud network environments
US10033691B1 (en) 2016-08-24 2018-07-24 Amazon Technologies, Inc. Adaptive resolution of domain name requests in virtual private cloud network environments
US10635828B2 (en) * 2016-09-23 2020-04-28 Microsoft Technology Licensing, Llc Tokenized links with granular permissions
US10616250B2 (en) 2016-10-05 2020-04-07 Amazon Technologies, Inc. Network addresses with encoded DNS-level information
US10719616B2 (en) * 2016-10-25 2020-07-21 Beatport, LLC Secure content access system
CN106604070B (en) * 2016-11-24 2019-10-29 中国传媒大学 The distributed key management system and key management method of Streaming Media under cloud environment
US10831549B1 (en) 2016-12-27 2020-11-10 Amazon Technologies, Inc. Multi-region request-driven code execution system
US10372499B1 (en) 2016-12-27 2019-08-06 Amazon Technologies, Inc. Efficient region selection system for executing request-driven code
US10938884B1 (en) 2017-01-30 2021-03-02 Amazon Technologies, Inc. Origin server cloaking using virtual private cloud network environments
US10503613B1 (en) 2017-04-21 2019-12-10 Amazon Technologies, Inc. Efficient serving of resources during server unavailability
US10645547B2 (en) 2017-06-02 2020-05-05 Charter Communications Operating, Llc Apparatus and methods for providing wireless service in a venue
US10638361B2 (en) 2017-06-06 2020-04-28 Charter Communications Operating, Llc Methods and apparatus for dynamic control of connections to co-existing radio access networks
US11113366B2 (en) * 2017-06-06 2021-09-07 Infosys Limited Cryptographic mechanisms for software setup using token-based two-factor authentication
US11075987B1 (en) 2017-06-12 2021-07-27 Amazon Technologies, Inc. Load estimating content delivery network
US10447648B2 (en) 2017-06-19 2019-10-15 Amazon Technologies, Inc. Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP
WO2019006131A1 (en) * 2017-06-30 2019-01-03 Idac Holdings, Inc. Methods and apparatus for secure content delegation via surrogate servers
US10742593B1 (en) 2017-09-25 2020-08-11 Amazon Technologies, Inc. Hybrid content request routing system
CA3021890A1 (en) * 2017-10-26 2019-04-26 Christie Digital Systems Usa, Inc. Devices, systems and methods for distribution of digital content
US10592578B1 (en) 2018-03-07 2020-03-17 Amazon Technologies, Inc. Predictive content push-enabled content delivery network
CN108882055B (en) * 2018-06-28 2022-09-30 广州虎牙信息科技有限公司 Video live broadcast method and system, and method and device for synthesizing video stream
CA3118593A1 (en) * 2018-11-02 2020-05-07 Verona Holdings Sezc A tokenization platform
US10862852B1 (en) 2018-11-16 2020-12-08 Amazon Technologies, Inc. Resolution of domain name requests in heterogeneous network environments
US11025747B1 (en) 2018-12-12 2021-06-01 Amazon Technologies, Inc. Content request pattern-based routing system
US11481825B1 (en) 2019-03-29 2022-10-25 Amazon Technologies, Inc. Transaction processing at edge servers in a content distribution network
US11157633B1 (en) * 2019-06-26 2021-10-26 Amazon Technologies, Inc. Digital content delivery system
US11075891B1 (en) 2020-12-02 2021-07-27 Theta Labs, Inc. Non-fungible token (NFT) based digital rights management in a decentralized data delivery network
US11811944B2 (en) 2021-07-15 2023-11-07 Bank Of America Corporation Electronic system for resource origination tracking
US20230142278A1 (en) * 2021-11-10 2023-05-11 Synamedia Limited Secure Content Distribution and Trusted Recording of Content Consumption
WO2023102510A1 (en) * 2021-12-04 2023-06-08 Element 360, Inc. System for Accessing Audio File Based on Geolocation Data

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020059440A1 (en) * 2000-09-06 2002-05-16 Hudson Michael D. Client-side last-element cache network architecture
US20020107806A1 (en) * 2001-02-02 2002-08-08 Akio Higashi Content usage management system and content usage management method
US20020146122A1 (en) * 2000-03-03 2002-10-10 Steve Vestergaard Digital media distribution method and system
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20020178271A1 (en) * 2000-11-20 2002-11-28 Graham Todd D. Dynamic file access control and management
US20030028490A1 (en) * 2001-07-31 2003-02-06 Koji Miura System, apparatus, and method of contents distribution, and program and program recording medium directed to the same
US20030191946A1 (en) * 2000-06-12 2003-10-09 Auer Anthony R. System and method controlling access to digital works using a network
US6640304B2 (en) * 1995-02-13 2003-10-28 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US20040024688A1 (en) * 2000-11-10 2004-02-05 Depeng Bi Digital content distribution and subscription system
US20040128499A1 (en) * 2002-12-30 2004-07-01 General Instrument Corporation System for digital rights management using distributed provisioning and authentication
US6777891B2 (en) * 1997-08-26 2004-08-17 Color Kinetics, Incorporated Methods and apparatus for controlling devices in a networked lighting system
US20050114440A1 (en) * 2003-11-26 2005-05-26 Peter Waxman Asynchronous processing of task components in connection with rights management system and the like
US7171692B1 (en) * 2000-06-27 2007-01-30 Microsoft Corporation Asynchronous communication within a server arrangement
US20070174471A1 (en) * 2003-04-30 2007-07-26 Cedric Van Rossum Secure, continous, proxy-optimized, device-to-device data download reception system and method of use
US20070289025A1 (en) * 2001-02-09 2007-12-13 Sony Corporation Information processing method, information processing apparatus and recording medium

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US6003030A (en) 1995-06-07 1999-12-14 Intervu, Inc. System and method for optimized storage and retrieval of data on a distributed computer network
US5774668A (en) 1995-06-07 1998-06-30 Microsoft Corporation System for on-line service in which gateway computer uses service map which includes loading condition of servers broadcasted by application servers for load balancing
US6073124A (en) * 1997-01-29 2000-06-06 Shopnow.Com Inc. Method and system for securely incorporating electronic information into an online purchasing application
US6421726B1 (en) 1997-03-14 2002-07-16 Akamai Technologies, Inc. System and method for selection and retrieval of diverse types of video data on a computer network
US6044469A (en) * 1997-08-29 2000-03-28 Preview Software Software publisher or distributor configurable software security mechanism
US6185598B1 (en) 1998-02-10 2001-02-06 Digital Island, Inc. Optimized network resource location
US6282653B1 (en) * 1998-05-15 2001-08-28 International Business Machines Corporation Royalty collection method and system for use of copyrighted digital materials on the internet
US6108703A (en) 1998-07-14 2000-08-22 Massachusetts Institute Of Technology Global hosting system
CN1304977C (en) * 1999-07-06 2007-03-14 索尼株式会社 Data providing system, device, and method
US7299291B1 (en) 2000-05-18 2007-11-20 Akamai Technologies, Inc. Client-side method for identifying an optimum server
US7155723B2 (en) 2000-07-19 2006-12-26 Akamai Technologies, Inc. Load balancing service
US8099364B2 (en) * 2001-05-31 2012-01-17 Contentguard Holdings, Inc. Digital rights management of content when content is a future live event
WO2003087997A2 (en) 2002-04-10 2003-10-23 Akamai Technologies, Inc. Method and system for enhancing live stream delivery quality using prebursting
JP2004032307A (en) * 2002-06-25 2004-01-29 Ntt Docomo Inc Method and server for delivering content, computer-readable storage medium recording content delivery processing program and content delivery processing program
CN1685706A (en) 2002-09-23 2005-10-19 皇家飞利浦电子股份有限公司 Domain based on certificate granting
US7310729B2 (en) * 2003-03-12 2007-12-18 Limelight Networks, Inc. Digital rights management license delivery system and method
US7536725B2 (en) 2003-07-28 2009-05-19 Limelight Networks, Inc. Authentication of content download
US7389273B2 (en) 2003-09-25 2008-06-17 Scott Andrew Irwin System and method for federated rights management

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6640304B2 (en) * 1995-02-13 2003-10-28 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US6777891B2 (en) * 1997-08-26 2004-08-17 Color Kinetics, Incorporated Methods and apparatus for controlling devices in a networked lighting system
US20020146122A1 (en) * 2000-03-03 2002-10-10 Steve Vestergaard Digital media distribution method and system
US20030191946A1 (en) * 2000-06-12 2003-10-09 Auer Anthony R. System and method controlling access to digital works using a network
US7171692B1 (en) * 2000-06-27 2007-01-30 Microsoft Corporation Asynchronous communication within a server arrangement
US20020059440A1 (en) * 2000-09-06 2002-05-16 Hudson Michael D. Client-side last-element cache network architecture
US20040024688A1 (en) * 2000-11-10 2004-02-05 Depeng Bi Digital content distribution and subscription system
US20020178271A1 (en) * 2000-11-20 2002-11-28 Graham Todd D. Dynamic file access control and management
US20020107806A1 (en) * 2001-02-02 2002-08-08 Akio Higashi Content usage management system and content usage management method
US20070289025A1 (en) * 2001-02-09 2007-12-13 Sony Corporation Information processing method, information processing apparatus and recording medium
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20030028490A1 (en) * 2001-07-31 2003-02-06 Koji Miura System, apparatus, and method of contents distribution, and program and program recording medium directed to the same
US20040128499A1 (en) * 2002-12-30 2004-07-01 General Instrument Corporation System for digital rights management using distributed provisioning and authentication
US20070174471A1 (en) * 2003-04-30 2007-07-26 Cedric Van Rossum Secure, continous, proxy-optimized, device-to-device data download reception system and method of use
US20050114440A1 (en) * 2003-11-26 2005-05-26 Peter Waxman Asynchronous processing of task components in connection with rights management system and the like

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080120412A1 (en) * 2006-11-20 2008-05-22 Novell, Inc. System and method for providing a hypertext transfer protocol service multiplexer
US8583793B2 (en) * 2006-11-20 2013-11-12 Apple Inc. System and method for providing a hypertext transfer protocol service multiplexer
US20090249486A1 (en) * 2008-03-28 2009-10-01 Alexander Steven Johnson System and method for digital rights management control using video analytics
US9769542B2 (en) * 2008-03-28 2017-09-19 Verint Americas Inc. System and method for digital rights management control using video analytics
US20100199095A1 (en) * 2009-01-30 2010-08-05 Texas Instruments Inc. Password-Authenticated Association Based on Public Key Scrambling
US20150095646A1 (en) * 2009-08-14 2015-04-02 Azuki Systems, Inc. Method and system for unified mobile content protection
US9858396B2 (en) * 2009-08-14 2018-01-02 Ericsson Ab Method and system for unified mobile content protection
US10417394B2 (en) 2009-08-14 2019-09-17 Ericsson Ab Method and system for unified mobile content protection
US20220116371A1 (en) * 2010-05-28 2022-04-14 Iii Holdings 12, Llc Method and Apparatus for Providing Enhanced Streaming Content Delivery with Multi-Archive Support Using Secure Download Manager and Content-Indifferent Decoding
US20120079578A1 (en) * 2010-09-29 2012-03-29 Verizon Patent And Licensing , Inc. Web browser playback for a video provisioning system
US8627432B2 (en) * 2010-09-29 2014-01-07 Verizon Patent And Licensing Inc. Web browser playback for a video provisioning system
US9129092B1 (en) 2011-12-12 2015-09-08 Google Inc. Detecting supported digital rights management configurations on a client device
US10452759B1 (en) 2011-12-12 2019-10-22 Google Llc Method and apparatus for protection of media objects including HTML
US10645430B2 (en) 2011-12-12 2020-05-05 Google Llc Reducing time to first encrypted frame in a content stream
US10572633B1 (en) 2011-12-12 2020-02-25 Google Llc Method, manufacture, and apparatus for instantiating plugin from within browser
US9110902B1 (en) 2011-12-12 2015-08-18 Google Inc. Application-driven playback of offline encrypted content with unaware DRM module
US10102648B1 (en) 2011-12-12 2018-10-16 Google Llc Browser/web apps access to secure surface
US9183405B1 (en) 2011-12-12 2015-11-10 Google Inc. Method, manufacture, and apparatus for content protection for HTML media elements
US9223988B1 (en) 2011-12-12 2015-12-29 Google Inc. Extending browser functionality with dynamic on-the-fly downloading of untrusted browser components
US9239912B1 (en) 2011-12-12 2016-01-19 Google Inc. Method, manufacture, and apparatus for content protection using authentication data
US9311459B2 (en) 2011-12-12 2016-04-12 Google Inc. Application-driven playback of offline encrypted content with unaware DRM module
US9326012B1 (en) 2011-12-12 2016-04-26 Google Inc. Dynamically changing stream quality when user is unlikely to notice to conserve resources
US9003558B1 (en) 2011-12-12 2015-04-07 Google Inc. Allowing degraded play of protected content using scalable codecs when key/license is not obtained
US8984285B1 (en) 2011-12-12 2015-03-17 Google Inc. Use of generic (browser) encryption API to do key exchange (for media files and player)
US10212460B1 (en) 2011-12-12 2019-02-19 Google Llc Method for reducing time to first frame/seek frame of protected digital content streams
US9542368B1 (en) 2011-12-12 2017-01-10 Google Inc. Method, manufacture, and apparatus for instantiating plugin from within browser
US9686234B1 (en) 2011-12-12 2017-06-20 Google Inc. Dynamically changing stream quality of protected content based on a determined change in a platform trust
US9697185B1 (en) * 2011-12-12 2017-07-04 Google Inc. Method, manufacture, and apparatus for protection of media objects from the web application environment
US9697363B1 (en) 2011-12-12 2017-07-04 Google Inc. Reducing time to first encrypted frame in a content stream
US8891765B1 (en) 2011-12-12 2014-11-18 Google Inc. Method, manufacture, and apparatus for content decryption module
US9785759B1 (en) 2011-12-12 2017-10-10 Google Inc. Method, manufacture, and apparatus for configuring multiple content protection systems
US8751800B1 (en) * 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US9875363B2 (en) 2011-12-12 2018-01-23 Google Llc Use of generic (browser) encryption API to do key exchange (for media files and player)
US20130297934A1 (en) * 2012-05-02 2013-11-07 Nokia Siemens Networks Oy Method and apparatus
US9961152B2 (en) * 2013-03-15 2018-05-01 Verizon Digital Media Services Inc. Dynamic tag management for optimizing content delivery
US20160359988A1 (en) * 2013-03-15 2016-12-08 Verizon Digital Media Services Inc. Dynamic Tag Management for Optimizing Content Delivery
US9424363B2 (en) * 2013-03-15 2016-08-23 Verizon Digital Media Services Inc. Dynamic tag management for optimizing content delivery
US20150178299A1 (en) * 2013-03-15 2015-06-25 Edgecast Networks, Inc. Dynamic Tag Management for Optimizing Content Delivery
US9037643B2 (en) * 2013-03-15 2015-05-19 Edgecast Networks, Inc. Dynamic tag management for optimizing content delivery
US20140280479A1 (en) * 2013-03-15 2014-09-18 Edgecast Networks, Inc. Dynamic Tag Management for Optimizing Content Delivery
WO2016068577A1 (en) * 2014-10-27 2016-05-06 엘지전자(주) Method and apparatus for managing content in storage-based security system
US11057489B2 (en) * 2017-04-14 2021-07-06 Huawei Technologies Co., Ltd. Content deployment method and delivery controller
US10992741B2 (en) 2018-08-13 2021-04-27 Wickr Inc. System and method for providing a configuration file to client devices
US11425122B2 (en) * 2018-08-13 2022-08-23 Amazon Technologies, Inc. System and method for providing a configuration file to client devices
US20230379399A1 (en) * 2022-05-20 2023-11-23 Samsung Electronics Co., Ltd. Application server assisted content management in cellular network
US11895213B2 (en) * 2022-05-20 2024-02-06 Samsung Electronics Co., Ltd. Application server assisted content management in cellular network

Also Published As

Publication number Publication date
EP1759350A2 (en) 2007-03-07
EP1759350A4 (en) 2012-06-20
CN101065768B (en) 2010-12-22
US20050278259A1 (en) 2005-12-15
CN101065768A (en) 2007-10-31
WO2005124637A8 (en) 2007-01-18
WO2005124637A2 (en) 2005-12-29
WO2005124637A3 (en) 2006-12-07
US7711647B2 (en) 2010-05-04

Similar Documents

Publication Publication Date Title
US7711647B2 (en) Digital rights management in a distributed network
JP4463998B2 (en) Protected online music distribution system
US7631318B2 (en) Secure server plug-in architecture for digital rights management systems
AU2007237159B2 (en) Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (DRM)
TW578417B (en) Unique on-line provisioning of user terminals allowing user authentication
EP1579624B1 (en) System for digital rights management using distributed provisioning and authentication
US7774611B2 (en) Enforcing file authorization access
US7543145B2 (en) System and method for protecting configuration settings in distributed text-based configuration files
CN1656772B (en) Association of security parameters for a collection of related streaming protocols
US20070250904A1 (en) Privacy protection system
MXPA04007546A (en) Method and system for providing third party authentification of authorization.
US20030161476A1 (en) Method and system to store and distribute encryption keys
US20130167193A1 (en) Security policy editor
JP2004046833A (en) Publishing of contents related to digital copyright management (drm) system
JP2008500589A (en) Secure communication with changing identifiers and watermarking in real time
AU2753402A (en) Methods and arrangements for protecting information in forwarded authentication messages
AU2001269856A1 (en) Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (drm)
JP2004295846A (en) System, server, and method for managing license, program, and recording medium
EP3185465A1 (en) A method for encrypting data and a method for decrypting data
US9875371B2 (en) System and method related to DRM
Guo et al. Using blockchain to control access to cloud data
US20030059053A1 (en) Key management interface to multiple and simultaneous protocols
WO2023093772A1 (en) Request scheduling method and apparatus, electronic device, and storage medium
US7409063B2 (en) Contents distribution system
JP2011145754A (en) Single sign-on system and method, authentication server, user terminal, service server, and program

Legal Events

Date Code Title Description
AS Assignment

Owner name: AKAMAI TECHNOLOGIES, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PADINJAREVEETIL, ABDUL SALAM FAISAL;REEL/FRAME:024324/0154

Effective date: 20090209

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION