IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0737677
(2007-04-19)
|
등록번호 |
US-7685416
(2010-04-21)
|
발명자
/ 주소 |
- Newcombe, Christopher Richard
- Jones, Paul David
- Ellis, Richard Donald
- Birum, Derrick Jason
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
11 인용 특허 :
110 |
초록
▼
A method and system are directed towards enabling content security in a distributed environment. The system includes a data store for content associated with an application that may be tagged as exclusively memory resident at a client. The content may also be encrypted and digitally signed. When an
A method and system are directed towards enabling content security in a distributed environment. The system includes a data store for content associated with an application that may be tagged as exclusively memory resident at a client. The content may also be encrypted and digitally signed. When an authenticated client requests the content, it is provided at a constrained rate that enables a portion of the content to start execution on the client before the application associated with the content is completely downloaded. Additional portions of the content are provided to the client when the additional portions are required for execution by the application.
대표청구항
▼
We claim: 1. A system for securing content over a network, comprising: a client device configured and arranged to receive content, comprising: a memory component that is arranged for temporal content storage; and a permanent-memory based storage component that is arranged for non-temporal content s
We claim: 1. A system for securing content over a network, comprising: a client device configured and arranged to receive content, comprising: a memory component that is arranged for temporal content storage; and a permanent-memory based storage component that is arranged for non-temporal content storage; and a secure content manager that is configured to perform actions, including: receiving a first portion of content of an application that is tagged to be exclusively memory resident at the memory component of the client device; receiving a second portion of the content of the application that is untagged, such that the second portion is enabled to be stored on the client device's permanent-memory based storage component; receiving a request for the content from the client device, wherein the request includes an authenticator associated with the client device, the authenticator determining if the client is authentic by: determining a remote address and a local address associated with the client device, concatenating the determined remote address and the local address, determining a digest based on the concatenation, determining a timestamp based on the digest and the authenticator, and employing the timestamp to determine whether the client device is authentic; if the client device is authentic based, in part, on the authenticator: providing, over the network, at least the first portion of the content and the second portion of the content to the client device, wherein the first portion of the content is exclusively memory resident at the memory component on the client device, and the second portion of the content is storable on the client device's permanent-memory based storage component; receiving, in response to a change in the content, another request from the client device for another portion of the content that is required for continued execution of the application at the client device; and providing, over the network, the other portion of the content to the client device. 2. The system of claim 1, wherein if the client device is authentic further comprises: employing at least one IP address associated with the client device to determine a digest; combining the authenticator with the digest to generate a timestamp; and examining a value of the timestamp to determine whether the value is within a window of time. 3. The system of claim 1, wherein an executable third portion of content associated with an application is absent from the client during execution of the application on the client device. 4. The system of claim 1, wherein the secure content manager is configured to perform actions, further including: receiving at least one of the client device's local address, or the client device's remote IP addresses from other than the client device. 5. The system of claim 1, wherein the first portion of content is further configured to be purged from the memory component of the client device upon a completion of execution of the first portion. 6. The system of claim 1, wherein if the client device is authentic further comprises: performing a request for a first remote address associated with the client device; examining a packet header associated with the request for content to determine a second remote address; and determining, in part, that the client device is authentic if the first remote address and the second remote address match. 7. The system of claim 1, wherein if the client device is authentic further comprises: receiving a content ticket associated with the request for content; invalidating access to the requested content if at least one of the following conditions exists: a time allocated to the content ticket is expired, the content ticket is revoked, or content ticket fails to grant access rights to the requested content. 8. A method of securing content over a network, comprising: tagging a first portion of content to be exclusively memory resident at a memory component arranged for temporal content storage at a client device; determining a second portion of the content to be untagged, such that the second portion is enabled to be stored on the client device's permanent data store device; receiving a request for the content from the client device, wherein the request includes an authenticator associated with the client device; determining if the client device is authentic based on the authenticator; and if the client device is authentic, providing, over the network, at least the first portion of the content and the second portion of the content to the client device, wherein the first portion of the content is loaded exclusively as memory resident on the memory component of the client device, and the second portion of the content is loaded on the client device's permanent data store device, wherein determining if the client is authentic further comprises: determining a remote address and a local address associated with the client device; concatenating the determined remote address and the local address; determining a digest based on the concatenation; determining a timestamp based on the digest and the authenticator; and employing the timestamp to determine whether the client device is authentic. 9. The method of claim 8, wherein the client device's permanent data store device comprises at least one of a hard disk, floppy disk, CD, tape, or DVD. 10. The method of claim 8, wherein the first portion of content is further configured to be purged from the memory component of the client device upon a completion of execution of the first portion. 11. The method of claim 8, further comprising: receiving a content ticket associated with the request for content; and inhibiting access to the requested content if at least one of the following is valid: a time allotted to the content ticket is expired, the content ticket is revoked, or the content ticket fails to include information granting access rights to the client device for the requested content. 12. The method of claim 8, wherein the request for content further comprises: receiving a content ticket that includes at least one of a client device's local address, client device's remote address, or a session key. 13. The method of claim 8, wherein receiving the request for content further comprises: receiving a content ticket having a client readable portion, a server readable portion and a modified authenticator. 14. A computer-readable storage medium having executable instructions for performing the method of claim 8. 15. An apparatus for securing content over a network, comprising: memory for storing data and instructions; and a processor that includes instructions for executing the instructions to perform actions, including: receiving a request for content from a client device having a permanent data storage component; tagging a portion of the content to be exclusively memory resident on a memory component arranged for temporal content storage at the client device, while another portion of the content remains untagged such that the other portion is configured to be storable on the permanent data storage component; receiving a content ticket that includes an authenticator; employing the content ticket and the authenticator to determine whether the client device is allowed access to the requested content; and if the client device is allowed access, providing, over the network, the tagged portion of the content and the untagged other portion of the content to the client device, wherein the tagged portion of the content is loaded as exclusively memory resident on the memory component of the client device, while the untagged other portion of the content is loadable on the client device's permanent data storage component, wherein employing the authenticator to determine whether the client device is allowed access further comprises: determining a remote address and a local address associated with the client device; concatenating the determined remote address and the local address; determining a digest based on the concatenation; determining a timestamp based on the digest and the authenticator; and employing the timestamp to determine whether the client device is authentic. 16. The apparatus of claim 15, wherein employing the content ticket to determine whether the client device is allowed access further comprises: allowing access if at least one of the following is valid: a time allotted to the content ticket is expired, the content ticket is revoked, or the content ticket fails to include information granting access rights to the client device for the requested content. 17. The apparatus of claim 15, wherein receiving a content ticket that includes an authenticator further comprises: decrypting a server portion of the content ticket to extract a session key; and employing the session key to decrypt the authenticator. 18. The apparatus of claim 15, wherein the content further comprises blocks of content that are arranged such that a first block is useable to cross validate another block of content by employing in the first block at least one of an executable or dynamic link library to validate a digital signature associated with the other block of content.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.