A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding t
A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.
대표청구항▼
1. A computer-implemented method, comprising: receiving, with a first server, a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;transmitting, with
1. A computer-implemented method, comprising: receiving, with a first server, a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;transmitting, with the first server, a second request to a second server for a voucher template specified by the issue voucher;receiving, with the first server, the voucher template from the second server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;transmitting, with the first server, a third request for a first access token to a third server, the third request including the issue voucher;receiving, with the first server, the first access token from the third server as a result of validation of the issue voucher by the third server, the first access token being configured to allow access to a first endpoint associated with the second server, the first endpoint being configured to generate the class of vouchers;transmitting, with the first server, a fourth request for issuance of the new voucher to the first endpoint associated with the second server, the fourth request including the first access token and the voucher template; andreceiving, with the first server, the new voucher from the second server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the second server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object. 2. The method of claim 1, further comprising: transmitting, with the first server, a representation of the voucher template to a client device from which the first request was received; andreceiving, with the first server, input from the client device corresponding to the voucher template. 3. The method of claim 2, wherein the input from the client device includes one or more parameter values for one or more variables represented in the voucher template. 4. The method of claim 2, wherein the voucher template includes no variables, and wherein the input from the client device represents approval of the voucher template. 5. The method of claim 1, wherein the second request for the voucher template is directed to a second endpoint associated with the second server, the first and second endpoints corresponding to different uniform resource locators (URLs). 6. The method of claim 1, wherein the second request for the voucher template is directed to the first endpoint associated with the second server, and wherein the second request employs a first type of HTTP method, and the fourth request employs a second type of HTTP method. 7. The method of claim 1, further comprising facilitating, by the first server, redemption of the right to access the protected resource using the new voucher, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the third server. 8. The method of claim 7, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher. 9. The method of claim 1, further comprising: receiving, with the first server, a fifth request for access to the protected resource, the fifth request corresponding to the new voucher;transmitting, with the first server, a sixth request for a second access token to the third server, the sixth request including the new voucher;receiving, with the first server, the second access token from the third server as a result of validation of the new voucher by the third server, the second access token being configured to allow access to the protected resource; andtransmitting, with the first server, a seventh request for access to the protected resource to a fourth server that controls access to the protected resource, the seventh request including the second access token. 10. The method of claim 9, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the third server. 11. The method of claim 10, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher. 12. The method of claim 1, wherein redemption of the right to issue the new voucher results in replacement of the refresh value of the issue voucher with a new refresh value generated by the third server. 13. The method of claim 12, wherein the issue voucher also includes a sequence number, and wherein redemption of the right to issue the new voucher results in incrementing of the sequence number of the issue voucher. 14. A system, comprising one or more hardware computing devices configured to: receive a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;transmit a second request to a first server for a voucher template specified by the issue voucher;receive the voucher template from the first server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;transmit a third request for a first access token to a second server, the third request including the issue voucher;receive the first access token from the second server as a result of validation of the issue voucher by the second server, the first access token being configured to allow access to a first endpoint associated with the first server, the first endpoint being configured to generate the class of vouchers;transmit a fourth request for issuance of the new voucher to the first endpoint associated with the first server, the fourth request including the first access token and the voucher template; andreceive the new voucher from the first server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the first server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object. 15. The system of claim 14, wherein the one or more computing devices are further configured to: transmit a representation of the voucher template to a client device from which the first request was received; andreceive input from the client device corresponding to the voucher template. 16. The system of claim 15, wherein the input from the client device includes one or more parameter values for one or more variables represented in the voucher template. 17. The system of claim 15, wherein the voucher template includes no variables, and wherein the input from the client device represents approval of the voucher template. 18. The system of claim 14, wherein the second request for the voucher template is directed to a second endpoint associated with the first server, the first and second endpoints corresponding to different uniform resource locators (URLs). 19. The system of claim 14, wherein the second request for the voucher template is directed to the first endpoint associated with the first server, and wherein the second request employs a first type of HTTP method, and the fourth request employs a second type of HTTP method. 20. The system of claim 14, wherein the one or more computing devices are further configured to facilitate redemption of the right to access the protected resource using the new voucher, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the second server. 21. The system of claim 20, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher. 22. The system of claim 14, wherein the one or more computing devices are further configured to: receive a fifth request for access to the protected resource, the fifth request corresponding to the new voucher;transmit a sixth request for a second access token to the second server, the sixth request including the new voucher;receive the second access token from the second server as a result of validation of the new voucher by the second server, the second access token being configured to allow access to the protected resource; andtransmit a seventh request for access to the protected resource to a third server that controls access to the protected resource, the seventh request including the second access token. 23. The system of claim 22, wherein redemption of the right to access the protected resource results in replacement of the refresh value of the new voucher with a new refresh value generated by the second server. 24. The system of claim 23, wherein the new voucher also includes a sequence number, and wherein redemption of the right to access the protected resource results in incrementing of the sequence number of the new voucher. 25. The system of claim 14, wherein redemption of the right to issue the new voucher results in replacement of the refresh value of the issue voucher with a new refresh value generated by the second server. 26. The system of claim 25, wherein the issue voucher also includes a sequence number, and wherein redemption of the right to issue the new voucher results in incrementing of the sequence number of the issue voucher. 27. A computer program product, comprising one or more non-transitory computer-readable media having computer program instructions stored therein, the computer program instructions being configured such that, when executed by one or more computing devices, the computer program instructions cause the one or more computing devices to: receive a first request for issuance of a new voucher, the first request corresponding to an issue voucher, the issue voucher being a possession-based rights object representing a right to issue the new voucher;transmit a second request to a first server for a voucher template specified by the issue voucher;receive the voucher template from the first server, the voucher template corresponding to a class of vouchers to which the new voucher belongs, the voucher template being configured to specify one or more parameters associated with the class of vouchers;transmit a third request for a first access token to a second server, the third request including the issue voucher;receive the first access token from the second server as a result of validation of the issue voucher by the second server, the first access token being configured to allow access to a first endpoint associated with the first server, the first endpoint being configured to generate the class of vouchers;transmit a fourth request for issuance of the new voucher to the first endpoint associated with the first server, the fourth request including the first access token and the voucher template; andreceive the new voucher from the first server as a result of generation of the new voucher by the first endpoint using the voucher template, the new voucher representing a right to access a protected resource, the new voucher including a refresh value initialized by the first server, the refresh value being part of a mechanism that makes the new voucher a possession-based rights object.
Rawat, Jai; Bhatia, Ajoy Kumar; Zissimopoulos, Vasileios Bill, Client-side form filler that populates form fields based on analyzing visible field labels and visible display format hints without previous examination or mapping of the form.
Steele,Nick; Hawkins,Stan; Maranville,Joe; Bradnan,Andrew, Consumer-controlled limited and constrained access to a centrally stored information account.
Lindsey James D. (Lubbock TX) Hutton Charles D. (Lubbock TX) Tubb Joe W. (Lubbock TX) Shipman Carol L. (Lubbock TX) Kyle ; III Albert S. (Lubbock TX), Goods database employing electronic title or documentary-type title.
Mellmer, Joseph Andrew; Young, Russell T.; Perkins, Arn D.; Robertson, John M.; Sabin, Jeffrey Neil; McDonald, Michael C.; Phillips, Douglas; Sheridan, Robert Michael; Nazeer, Nadeem Ahmad; Higley, DeeAnne Barker; Carter, Stephen R.; Earl, Douglas G.; Sonderegger, Kelly E.; Ferguson, Daniel T.; Brough, Farrell Lynn, Managing digital identity information.
Snyder J. Gary ; Brooks Peter P. ; Bliss Steven, Method and system for copy-tracking distributed software featuring tokens containing a key field and a usage field.
Shrader, Theodore Jack London; Nadalin, Anthony Joseph; Rich, Bruce Arland; Yarsa, Julianne, Method and system for presentation and manipulation of PKCS signed-data objects.
Roberts Neal ; Franklin Michael ; Runnels Charles ; Andrews James, Methods and investment instruments for performing tax-deferred real estate exchanges.
Shear, Victor H.; Van Wie, David M.; Weber, Robert P., Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Roever, Stefan; Collins, Kevin; Ding, Josh C.; Clark, Alex F.; Bruce, James, Methods of facilitating merchant transactions using a computerized system including a set of titles.
Roever, Stefan; Collins, Kevin; Ding, Josh C.; Clark, Alex F.; Bruce, James, Methods of facilitating merchant transactions using a computerized system including a set of titles.
Matyas, Jr., Stephen Michael; Peyravian, Mohammad; Roginsky, Allen Leonid; Zunic, Nevenko, Secure data storage and retrieval with key management and user authentication.
Doherty, Robert J.; Tierney, Peter L.; Arnaoutoglou-Andreou, Marios, System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files.
Iannacci,Gregory Fx, System and method for an automated benefit recognition, acquisition, value exchange, and transaction settlement system using multivariable linear and nonlinear modeling.
Rusnak David J. ; Zientara John T., System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet.
Gregory D. Linden ; Michael D. McDaniel ; Ryan J. Snodgrass ; Joel R. Spiegel, System and method for providing secure URL-based access to private resources.
Desai, Nimesh; Udani, Sanjay; Kimble, Jr., James David; Werges, Thomas P.; Richardson, David Dean; Gustafson, Jeffrey A., System and method for selective information exchange.
Mjolsnes Stig Frode,NOX ; Michelsen Rolf,NOX ; Revillet Marie-Josephe,FRX ; De Solages Aymeric,FRX, System of secured payment by the transfer of electronic money through an interbank network.
Bishop,Fred; Barrett,Michael R.; Armes,David; Wojciechowski,Lee A.; Madhineni,Madhukar; Krishnan,Vilayanur Parameswaran; McKay,Joshua B.; Gebb,Lucas, Systems and methods for facilitating commercial transactions between parties residing at remote locations.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Rosen Sholom S., Trusted agents for open electronic commerce where the transfer of electronic merchandise or electronic money is provisional until the transaction is finalized.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.