Inter-server communication using request with encrypted parameter
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-017/60
G06F-011/30
G06F-012/14
H04K-001/00
H04L-009/32
출원번호
US-0604944
(2000-06-27)
발명자
/ 주소
DeMello, Marco A.
Zeman, Pavel
Krishnaswamy, Vinay
Byrum, Frank D.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Woodcock Washburn LLP
인용정보
피인용 횟수 :
58인용 특허 :
62
초록▼
A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activa
A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information. Upon following the link, the fulfillment site downloads the ordered content to the consumer, preparing the content if necessary in accordance with the type of security to be carried with the content. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items. An activation site provides an activation certificate and a secure repository executable to consumer content-rendering devices which enables those content rendering devices to render content having an enhanced level of copy-resistance. The activation site “activates” client-reading devices in a way that binds them to a persona, and limits the number of devices that may be activated for a particular persona, or the rate at which such devices may be activated for a particular persona.
대표청구항▼
1. A method of communicating with a first computing device, said method comprising the acts of:encrypting information destined for said first computing device;creating an HTTP request which includes an address of said first device and the encrypted information; andtransmitting a web page comprising
1. A method of communicating with a first computing device, said method comprising the acts of:encrypting information destined for said first computing device;creating an HTTP request which includes an address of said first device and the encrypted information; andtransmitting a web page comprising said HTTP request to a second computing device different from said first computing device,wherein said second computing device is associated with a purchaser of content, wherein said first computing device provides said content, and wherein the encrypted information includes a public portion of a key pair associated with said purchaser, said key pair having been issued to said purchaser for use on said second computing device upon condition of said purchaser tendering authenticatable credentials and upon further condition of said key pair not having been previously been issued for use by said purchaser on a number of devices that exceeds a limit.2. A computer readable medium having computer-executable instructions to perform the method of claim 1.3. A method of communicating with a first computing device through a second computing device, said method comprising the acts of:encrypting information such that the encrypted information is decryptable by a secret;transmitting the encrypted information to said second computing device, said encrypted information being transmittable to said first computing device upon instruction from a user operating said second computing device, wherein said secret is not accessible to either said second computing device or said user; andsharing said secret, wherein the encrypted information comprises a public portion of a key pair associated with a user of said second computing device, said key pair having been issued to said user and bound to said second computing device, a private portion of said key pair being usable only on devices to which said key pair is bound, said key pair having been bound to said second computing device on condition of said key pair not having previously been bound to a number of devices that exceeds a predefined or determinable limit.4. A method of communicating with a first computing device through a second computing device, said method comprising the acts of:encrypting information such that the encrypted information is decryptable by a secret;transmitting the encrypted information to said second computing device, said encrypted information being transmittable to said first computing device upon instruction from a user operating said second computing device, wherein said secret is not accessible to either said second computing device or said user, and wherein said encrypted information comprises a public portion of a key pair associated with said user, said key pair being bound to said second computing device, a private portion of said key pair not being usable on devices to which said key pair has not been bound, said key pair having been bound to said second device after satisfying a condition that said key pair has not previously been bound to a number of devices that exceeds a limit, and after satisfying a further condition that said user provide authenticatable credentials to an entity that binds said key pair to said second device; andsharing said secret by performing either of the following acts:providing said secret to said first computing device or to a party associated with said first computing device; orreceiving said secret from said first computing device or from a party associated with said first computing device,wherein said secret comprises a symmetric key, and wherein said encrypting act comprises encrypting said information with said symmetric key.5. The method of claim 4, further comprising the act of including a timestamp in the encrypted information.6. A method of facilitating electronic content distribution comprising the acts of:providing, to a first party for use on a first computing device, a first set of computer-executable instructions which encrypts information based on a unique id that maps into a shared secret, the encrypted information being includable in an HTTP request which includes a network address of a second computing device; andproviding, to a second party for use on said second computing device, a second set of computer-executable instructions which decrypts the encrypted information, said encrypted information comprising a public portion of a key pair, said key pair being associated with a third party who is distinct from both said first party and said second party, said key pair having been issued to said third party and bound to a third computing device that is distinct from both said first computing device and said second computing device, a private portion of said key pair being usable only on devices to which said key pair is bound, said key pair having been bound to said third computing device on condition of the number of devices to which said key pair has been previously bound not exceeding a limit.7. The method of claim 6, wherein said first party comprises a seller of electronic content, wherein said second party comprises a provider of electronic content sold by said first party, and wherein said encrypted information relates to a transaction between said first party and a consumer of electronic content.8. The method of claim 6, wherein said HTTP request comprises a POST request, and wherein said encrypted information is included in the body of said POST request.9. The method of claim 6, wherein said HTTP request comprises a GET request, and wherein said encrypted information is appended to said GET request as a parameter.10. The method of claim 6, wherein said first set of computer-executable instructions comprises a COM object.11. The method of claim 10, wherein said first set of computer-executable instructions exposes an ENCRYPT method for use by a third set of computer-executable instruction which runs on said first computing device.12. The method of claim 6, wherein a secret symmetric key is accessible to or known by each of said first computing device and said second computing device, and wherein said first set of computer-executable instructions uses said secret symmetric key to encrypt said information.13. The method of claim 6, wherein said information includes information identifying an item of content which said second computing device provides.14. The method of claim 6, wherein said information includes information identifying a purchaser of an item of content.15. A method of building a client-server request, said method comprising the acts of:encrypting first information so as to be decryptable by a secret accessible to a first server;including an address associated with said first server in said client-server request;including the encrypted information in said client-server request; andtransmitting said client-server request to a client on which said client-server request is executable to contact said first server and to transmit said encrypted information to said first server, wherein the encrypted information comprises a public portion of a key pair bound to said client, said key pair being bindable to a number of devices not in excess of a pre-defined or determinable limit, a private portion of said public key not being usable on devices to which said key pair is not bound, said key pair having been bound to said client upon determination that binding said key pair to said client would not cause the number of devices to which said key pair is bound to exceed said limit.16. The method of claim 15, wherein the encrypted information includes information relating to a transaction to purchase a content item, wherein said first server furthers at least some aspect of said transaction.17. The method of claim 16, wherein the encrypted information includes information which identifies a purchaser of said content item.18. The method of claim 16, wherein the encrypted information includes information which identifies said content item.19. The method of claim 16, wherein the encrypted information includes a timestamp.20. The method of claim 16, wherein said first server provides said content item.21. The method of claim 15, wherein said secret comprises a symmetric key, and wherein the encrypted information is generated by encrypting cleartext information with said symmetric key.22. The method of claim 15, wherein said client-server request comprises an HTTP request.23. The method of claim 22, wherein said HTTP request comprises a POST request, and wherein the encrypted information is included in the body of said POST request.24. The method of claim 22, wherein said HTTP request comprises a GET request, and wherein the encrypted information is appended to said GET request as a parameter.25. A computer-readable medium having computer-executable instructions to perform the method of claim 15.26. A method of distributing electronic content, said method comprising the acts of:receiving, at a first computing device from a second computing device, an order for a content item; andproviding, from said first computing device to said second computing device, data comprising:a network address of a third computing device; andencrypted information that comprises a public portion of a key pair associated with an entity that placed said order, said key pair being bound to one or more devices including said second computing device, said key pair being bindable to a number of devices not in excess of a limit, said key pair having been bound to said second computing device conditioned upon a determination that binding said key pair to said second computing device would not cause the number of devices to which said key pair is bound to exceed said limit;wherein said third computing device processes said order by using at least some of said encrypted information.27. The method of claim 26, wherein said data comprises an HTTP POST request, and wherein said encrypted information is included in the body of said POST request.28. The method of claim 26, wherein said data comprises an HTTP GET request.29. The method claim 26, wherein said encrypted information includes information identifying said content item.30. The method of claim 26, wherein said encrypted information includes information identifying the individual who issued said order for said content item.31. The method of claim 26, wherein said encrypted information includes a timestamp.32. The method of claim 26, wherein said data further comprises a hash of said encrypted information, said hash being computed prior to encryption of said information.33. The method of claim 32, wherein said hash is computed using an SHA1 algorithm.34. The method of claim 26, wherein said content item does not reside on said first computing device.35. A computer-readable medium having computer-executable instructions to perform the method of claim 26.36. A computer-readable medium having computer-executable instructions for performing steps comprising:receiving parameters that identify characteristics of a first transaction between a first client and a first server, said first transaction being a purchase transaction;encrypting one or more of said parameters, said one or more parameters including a public portion of a key pair bound to said first client, said key pair being bindable to a number of clients not in excess of a limit, a private portion of said key pair not being usable on clients to which said key pair is not bound, said key pair having been bound to said first client upon condition that binding said key pair to said first client would not cause the number of devices to which said key pair is bound to exceed said limit;returning said encrypted parameters to said first client in a format such that a second server may receive said encrypted parameters from said first client, validate said first transaction, and initiate a second transaction without any interaction with said first server.37. The computer-readable medium of claim 36, wherein said computer-executable instructions comprise a COM object.38. The computer-readable medium of claim 36, wherein said first transaction relates to the sale of electronic content.39. The computer-readable medium of claim 38, wherein said second transaction comprises downloading said electronic content from said second server to said first client.40. The computer-readable medium of claim 38, wherein said parameters comprise end-use information that enables the individualization of said electronic content.41. The computer-readable medium of claim 36, wherein said parameters include one or more of the following: information identifying a party to said first transaction, and information identifying an item purchased in said first transaction.42. The computer-readable medium of claim 36, wherein said steps further comprise including a timestamp in said encrypted parameters.43. The computer-readable medium of claim 36, wherein said steps further comprise computing a hash of at least some of said encrypted parameters.44. The computer-readable medium of claim 43, wherein said hash is computed using an SHA1 algorithm.45. The computer-readable medium of claim 36, wherein said encrypting act comprises applying a secret symmetric key shared between said first server and said second server.46. The computer-readable medium of claim 36, wherein said format comprises an HTTP request including an address of said first server.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (62)
Rohatgi Pankaj (Sunnyvale CA) Dureau Vincent (Vemas CA), Apparatus and method for authenticating transmitting applications in an interactive TV system.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Dutta, Rabindranath, Incremental updates of items and prices on a customer's computer to reduce download times for frequently purchased items in e-commerce transactions in a method, system and program.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Levergood Thomas Mark ; Stewart Lawrence C. ; Morris Stephen Jeffrey ; Payne Andrew C. ; Treese George Winfield, Internet server access control and monitoring systems.
Hershey Antoinette F. (Acton MA) French Andrew H. (Lexington MA) Boire Christopher P. (Westborough MA), License mangagement system and license storage key.
Khan Raheel Ahmed ; Burleson David Brent ; Filion John Thomas ; Cheek Donald Scott, Method and apparatus for a game delivery service including flash memory and a game back-up module.
Sachs James ; Pomeroy Thomas W. ; Novicov Aleksey ; Conboy Garth ; Walter Erik ; Leshner William S. ; Duga Brady ; Wotiz Richard, Method and apparatus for electronically distributing and viewing digital contents.
White Christopher M. ; Matheny John ; Bonnaure Patrick P. ; Perlman Stephen G., Method and apparatus for providing physical security for a user account and providing access to the user's environment a.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for reliable and scalable distribution of data files in distributed networks.
Lambert, Mark L.; van der Rijn, Daniel J. G.; Kemper, David J.; Verkler, Jay L., Method and apparatus for storing and delivering documents on the internet.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Kenneth L. Nash, System for monitoring the association of digitized information having identification indicia with more than one of uniquely identified computers in a network for illegal use detection.
Saigh Michael M. ; Chang Edward H. ; Brockhouse Douglas B. ; Chang Hsiao-Shih, Systems and apparatus for electronic communication and storage of information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Farrugia, Augustin J.; Taban, Gelareh; Kamel, Amine El; Fasoli, Gianpaolo; Vedula, Srinivas, Client-server version control system for software applications.
Sato, Takashi; Kanetsuna, Katsuyuki; Toriyama, Mitsuru; Kijima, Kaoru, Communication system, communication apparatus, communication method, storage medium, and package medium.
Corbett, Tim; Petrov, Julian; Rivera, Juan, Methods and systems for improving resource utilization by delaying rendering of three dimensional graphics.
Jueneman, Robert R.; Linsenbardt, Duane J.; Young, John N.; Carlisle, William Reid; Tregub, Burton George, Portable data encryption device with configurable security functionality and method for file encryption.
Shikuma, Theodore M.; Masek, Ben; Skeen, Philip David; Wong, Donald, Scheme for use with client device interface in system for providing dailies and edited video to users.
Shah, Milan; Hassounah, Khaled W., System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems.
Shah,Milan; Hassounah,Khaled W., System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems.
Kim, Sung-Woo; Seo, In-Wook; Back, Gap-Chun, System and method for providing continuous downloading service of large size contents through wireless network and computer readable medium for realizing the same.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.