111111111111111111111111111111111111111111111111111111111111111111111111111
`US007036011B2
`
`(12) United States Patent
`Grimes et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,036,011 B2
`Apr. 25, 2006
`
`(54) DIGITAL RIGHTS MANAGEMENT
`
`(56)
`
`References Cited
`
`(75)
`
`Inventors: Tom Grimes, Ottawa (CA); Khanh
`Mai, Alpharetta, GA (US)
`
`(73) Assignee: CacheStream Corporation, Newtown,
`PA (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the tenn of this
`patent is extended or adjusted under 35
`U.S.c. 154(b) by 841 days.
`
`(21) Appl. No.: 09/893,635
`
`(22) Filed:
`
`Jun. 29, 2001
`
`(65)
`
`Prior Publication Data
`
`US 2002/0002674 Al
`
`Jan. 3, 2002
`
`Related U.S. Application Data
`
`(60)
`
`Provisional application No. 60/214,726, filed on Jun.
`29,2000.
`
`(51)
`
`(52)
`
`(58)
`
`Int. Cl.
`(2006.01)
`H04L 9/00
`(2006.01)
`G06F 11/30
`U.S. Cl. ...................... 713/156; 7131167; 7131175;
`7131193
`Field of Classification Search ................ 7131156,
`7131167,175,193
`See application file for complete search history.
`
`10
`
`Broadcast
`Medium
`14
`
`12/1999
`712000
`1012002
`312003
`8/2003
`8/2003
`912003
`1212003
`912004
`
`U.S. PATENT DOCUMENTS
`6,005,939 A *
`6,088,797 A *
`6,470,086 Bl *
`6,532,542 Bl *
`6,611,498 Bl *
`6,611,812 Bl *
`6,615,171 Bl *
`6,668,325 Bl *
`6,789,189 Bl *
`* cited by examiner
`Primary Examiner-Kambiz Zand
`(74) Attorney, Agent, or Firm-Andrews Kurth LLP
`
`Fortenberry et al. .......... 705176
`Rosen ........................ 713/173
`Smith ......................... 3801255
`Thomlinson et al.
`....... 713/187
`Baker et al ................. 3701252
`Hurtado et al. ............... 705/26
`Kanevsky et al.
`.......... 704/246
`Collberg et al. ............ 713/194
`Wheeler et al.
`............ 713/156
`
`(57)
`
`ABSTRACT
`
`A method and system for digital rights management is
`disclosed. The method and system utilize standalone certifi(cid:173)
`cates linked with hardware profiles to provide and efficient
`mechanism for digital rights management. A method for
`digital rights management includes receiving content at a
`client computer. The content is encrypted with an encryption
`key. The method further includes the client computer
`requesting the encryption key from a digital rights manage(cid:173)
`ment (DRM) server using a digital certificate, the server
`receiving the request and the DRM server determining if the
`digital certificate is valid. The DRM server is remote from
`the client computer.
`
`26 Claims, 12 Drawing Sheets
`
`Virtual Channels 22
`
`Broadband
`ISP
`16
`
`Network
`Operations
`Center
`12
`
`Broadband
`ISP
`16
`1+---+--,
`Internet ~-h-------'
`26
`Broadband
`Medium 24
`
`Content 20
`
`Client
`18
`
`Personal
`Content
`28
`
`PETITIONERS Ex. 1005 Page 1
`
`
`US007036011B2
`
`(12) United States Patent
`Grimes et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,036,011 B2
`Apr. 25, 2006
`
`(54) DIGITAL RIGHTS MANAGEMENT
`
`(56)
`
`References Cited
`
`(75)
`
`Inventors: Tom Grimes, Ottawa (CA); Khanh
`Mai, Alpharetta, GA (US)
`
`(73) Assignee: CacheStream Corporation, Newtown,
`PA (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the tenn of this
`patent is extended or adjusted under 35
`U.S.c. 154(b) by 841 days.
`
`(21) Appl. No.: 09/893,635
`
`(22) Filed:
`
`Jun. 29, 2001
`
`(65)
`
`Prior Publication Data
`
`US 2002/0002674 Al
`
`Jan. 3, 2002
`
`Related U.S. Application Data
`
`(60)
`
`Provisional application No. 60/214,726, filed on Jun.
`29,2000.
`
`(51)
`
`(52)
`
`(58)
`
`Int. Cl.
`(2006.01)
`H04L 9/00
`(2006.01)
`G06F 11/30
`U.S. Cl. ...................... 713/156; 7131167; 7131175;
`7131193
`Field of Classification Search ................ 7131156,
`7131167,175,193
`See application file for complete search history.
`
`10
`
`Broadcast
`Medium
`14
`
`12/1999
`712000
`1012002
`312003
`8/2003
`8/2003
`912003
`1212003
`912004
`
`U.S. PATENT DOCUMENTS
`6,005,939 A *
`6,088,797 A *
`6,470,086 Bl *
`6,532,542 Bl *
`6,611,498 Bl *
`6,611,812 Bl *
`6,615,171 Bl *
`6,668,325 Bl *
`6,789,189 Bl *
`* cited by examiner
`Primary Examiner-Kambiz Zand
`(74) Attorney, Agent, or Firm-Andrews Kurth LLP
`
`Fortenberry et al. .......... 705176
`Rosen ........................ 713/173
`Smith ......................... 3801255
`Thomlinson et al.
`....... 713/187
`Baker et al ................. 3701252
`Hurtado et al. ............... 705/26
`Kanevsky et al.
`.......... 704/246
`Collberg et al. ............ 713/194
`Wheeler et al.
`............ 713/156
`
`(57)
`
`ABSTRACT
`
`A method and system for digital rights management is
`disclosed. The method and system utilize standalone certifi(cid:173)
`cates linked with hardware profiles to provide and efficient
`mechanism for digital rights management. A method for
`digital rights management includes receiving content at a
`client computer. The content is encrypted with an encryption
`key. The method further includes the client computer
`requesting the encryption key from a digital rights manage(cid:173)
`ment (DRM) server using a digital certificate, the server
`receiving the request and the DRM server determining if the
`digital certificate is valid. The DRM server is remote from
`the client computer.
`
`26 Claims, 12 Drawing Sheets
`
`Virtual Channels 22
`
`Broadband
`ISP
`16
`
`Network
`Operations
`Center
`12
`
`Broadband
`ISP
`16
`1+---+--,
`Internet ~-h-------'
`26
`Broadband
`Medium 24
`
`Content 20
`
`Client
`18
`
`Personal
`Content
`28
`
`PETITIONERS Ex. 1005 Page 1
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 1 of 12
`
`US 7,036,011 B2
`
`10
`
`Broadcast
`Medium
`14
`
`Virtual Channels 22
`
`Broadband
`ISP
`16
`
`Network
`Operations
`Center
`12
`
`Broadband
`ISP
`16
`14---~-~
`Internet
`26
`
`Broadband
`Medium 24
`
`Client
`18
`
`Personal
`Content
`28
`
`Content 20
`
`FIGURE 1
`
`PETITIONERS Ex. 1005 Page 2
`
`
`
`I -
`I
`
`i
`
`-
`
`... -
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`CLIENT 18
`
`40
`
`42
`
`\
`
`- -,
`I
`
`Broadband
`Medium 24
`
`ISP 16
`
`:
`:
`
`I
`
`I
`
`56
`
`54
`
`43
`45
`
`52
`
`MEMORY
`WEB BROWSER
`
`OUTPUT
`DEVICE
`
`DISPLAY
`DEVICE
`
`INPUT
`DEVICE
`
`26
`
`e .
`7Jl .
`
`~
`~
`~
`
`~ = ~
`
`>
`'e :-:
`
`N
`~Ul
`N
`o
`o
`0\
`
`NOC 12
`
`rFJ =(cid:173)
`('D a
`o ....
`....
`
`N
`
`N
`
`"'--------- --------------------------------
`50
`
`I
`I
`I
`
`48
`
`FIGURE 2A
`
`USERN
`SYSTEM
`
`19
`
`d
`rJl
`
`-....l -= W
`0'1 -= """'"
`"""'" = N
`
`PETITIONERS Ex. 1005 Page 3
`
`
`
`ISP 16
`
`l
`
`60
`
`72
`
`24 /' II
`
`65
`( INT~~NET) ..
`
`DRM SERVER 58
`
`MEMORY
`
`APPLICATION
`
`DRM APP
`
`SECONDARY
`STORAGE
`
`--/1 An'T'THT'T' I
`
`I PROCESSOirf
`
`CLIENT 18 I
`
`~v ~~,.~~
`
`INPUT
`DEVICE
`
`66
`
`68
`
`59
`
`FIGURE 2B
`
`e .
`7Jl .
`
`~
`~
`~
`
`~ = ~
`
`>
`'e :-:
`
`N
`~Ul
`N
`0
`0
`0\
`
`62
`
`64
`
`('D
`
`(.H
`
`rFJ =-('D
`.....
`0 ....
`....
`
`N
`
`d
`rJl
`",-.....1 = w
`0'1 -= """'"
`"""'" = N
`
`PETITIONERS Ex. 1005 Page 4
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 4 of 12
`
`US 7,036,011 B2
`
`Order
`Purchase
`Content
`the Content ~
`83
`82
`
`80
`
`Generate a Digital
`Certificate
`84
`
`Create a
`Hardware Profile
`85
`
`Store the Digital Certificate
`and the Hardware Profile
`86
`
`Transmit the Digital
`Certificate to Client
`87
`-~
`
`Prepare and Encrypt the
`Content
`88
`
`TO FIG.
`38
`
`FIGURE 3A
`
`Generate
`Encryption Key
`881
`
`Encrypt One or More
`Packets With the
`Encryption Key
`882
`
`Package the Packets
`Together
`883
`
`PETITIONERS Ex. 1005 Page 5
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 5 of 12
`
`US 7,036,011 B2
`
`,
`
`Transmit the
`Content to
`the Client
`90
`
`Decrypt and
`Read Stream
`r--------~ Header
`93
`
`Receive the
`Content at the
`Client
`92
`+
`Request the Encryption
`Key With the Digital
`Certificate
`94
`
`Receive the Request
`and Validate the
`Certificate
`96
`
`If Not Valid then
`End
`
`Encrypt and
`Transmit the
`Encryption Key
`98
`
`Decrypt the
`Encryption Key
`100
`
`Decrypt the
`Content With the
`Encryption Key
`102
`
`- -
`
`(
`
`END
`
`FIGURE 3B
`
`PETITIONERS Ex. 1005 Page 6
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 6 of 12
`
`US 7,036,011 B2
`
`Program ID 1141
`Program Type 1142
`
`/~.crYPtion 118
`
`Multicast Stream Header
`114
`
`~~ ~------------~~/
`/
`~----------~~~,
`i l
`
`Encryption 116
`
`"'---_ '--_______ ----J~j
`
`~------- -~"
`!
`
`~'"
`~"'~
`Multicast Stream 110
`
`I
`
`I
`.---/
`
`FIGURE 4
`
`PETITIONERS Ex. 1005 Page 7
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 7 of 12
`
`US 7,036,011 B2
`
`Encryption
`Algorithm
`126
`
`Hardware
`Profile
`124
`
`P'
`
`Encrypt
`
`Hardware .--
`
`Profile
`(b)
`
`Generate
`Session
`Key
`(a)
`
`Session
`Key
`122
`
`Encrypt
`
`Session Key .--
`
`(d)
`
`120
`- -
`
`Retrieve
`Digital
`Certificate
`(c)
`
`PPV
`Public
`Key ~ Certificate
`128
`130
`
`- ---- ---- --- - - - - - - - - - --- --- -- --- - -- ------- - - - - --- - --
`.
`r
`.
`l
`Encrypted
`Hardware
`Profile 132
`
`Certificate
`Serial No.
`135
`
`•
`1<41 ... !-+-: --~
`
`r-------- - -
`·
`·
`:
`:
`:
`
`Encrypted
`Session
`Key 134
`
`· : Digitally Enveloped Message
`:
`·
`.
`:
`: (Layer2) 138
`1_------------------------------ _______________________________ ~
`
`Encrypt
`Dig. Env.
`Message
`(e)
`
`Static
`Application
`Key
`136
`
`Digitally Enveloped Message (Layer 1) 139
`
`Encryption
`Algorithm
`126
`
`Encrypted Dig. Enveloped Message 138
`
`FIGURE 5A
`
`PETITIONERS Ex. 1005 Page 8
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 8 of 12
`
`US 7,036,011 B2
`
`i
`----------------------------------------------------------------------------------------------;
`1 Digitally Enveloped Message {Layer 1} 139
`· ·
`· ·
`
`Encryption
`Algorithm
`126
`
`Encrypted Dig. Enveloped Message 138
`
`•
`_1.
`----------------------------------------------------------1r------------------------------
`Decrypt
`Dig. Env.
`Message
`(t)
`
`Static
`Application
`Key
`136
`
`----------------------------------------------------~---------,
`Digitally Enveloped Message (Layer 2) 138
`
`140
`
`Encrypted
`Hardware
`Profile 132
`
`Encrypted
`Session
`Key 134
`
`Certificate
`Serial No.
`135
`
`--------------------- --------------------t---------:.--------.
`.
`
`Retrieve
`PPV
`Digital
`Certificate ~
`142
`Certificate
`(g)
`
`Private
`Decrypt
`Key
`Session Key ~
`144
`(h)
`
`Session
`Key
`122
`
`Compare
`Hardware
`Profiles
`(j)
`
`FIGURE 58
`
`Decrypt
`Hardware
`Profile
`(i)
`
`r
`Hardware
`Profile
`124
`
`PETITIONERS Ex. 1005 Page 9
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 9 of 12
`
`US 7,036,011 B2
`
`Retrieve
`Symmetric
`Key
`(k)
`
`PPV
`Symmetric ~
`Key 152
`
`i
`
`Encrypt
`Symmetric Key
`(I)
`
`Encryption
`Algorithm
`126
`
`--------~------------------------------------
`
`Encrypted PPV
`Symmetric
`Key
`154
`
`Digitally Enveloped
`Message (Layer 3) 156
`
`--------~------------------------------------
`
`Encrypt·
`Dig. Env.
`Message
`(n)
`
`Session
`Key
`158
`
`..
`
`Encrypt
`Session Key
`(0)
`
`~
`
`~
`
`FIGURE 5C
`
`Hardware
`Profile
`124
`
`150
`---
`
`Generate
`Session Key
`(m)
`
`Private
`Key
`144
`
`PPV
`1- Certificate
`142
`
`---------- ------------------ ----------------------------------
`,
`Digitally
`~nveloped Message
`Layer 2) 160
`
`Encrypted
`Dig. Env.
`Mess. 162
`
`Encrypted
`Session
`Key 164
`
`Certificate
`Serial No.
`135
`
`, ,
`:
`,
`
`---------~---------------------------------------------------_.
`
`Encrypt
`Dig. Env.
`Message
`(p)
`
`Static
`Application
`Key 136
`
`-------- --------------------------,l~------------------------------------------------------------
`
`Digitally Enveloped Message (Layer 1) 166
`
`Encryption
`Algorithm
`126
`
`Encrypted Dig. Enveloped Message 160
`
`PETITIONERS Ex. 1005 Page 10
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 10 of 12
`
`US 7,036,011 B2
`
`Digitally Enveloped Message (Layer 1) 162
`
`Encryption
`Algorithm
`126
`
`Encrypted Dig. Enveloped Message 160
`
`----------------------------------------------~-----------------------------------
`
`Decrypt
`Dig. Env.
`f----~~~------~~~~-_.t ..
`Message (q)
`
`Static
`f<III..<L~---I Application
`Key 136
`
`Digitally Enveloped Message (Layer 2) 160
`
`----------------------------------------~-----------------------
`i
`, , , , . , , , , , ,
`
`Encrypted
`Dig. Env.
`Message 162
`
`Encrypted
`Session
`Key 164
`
`Certificate
`Serial No.
`135
`
`______________________________ t
`
`ppy
`Certificate
`128
`
`Retrieve
`Digital
`Certificate
`(r)
`
`Decrypt
`Session
`Key (s)
`
`. - . -
`
`Public
`Key
`130
`
`Decrypt
`Session
`Key
`Dig. Env. ~
`158
`Mess. (t)
`
`--------~---------------------------------
`
`FIGURE 50
`
`Encrypted
`PPV
`Symmetric Digitally Enveloped
`Key 154 Message (Layer 3) 156
`--------ir---------------------------------
`Decrypt
`Symmetric
`Key (u)
`
`,
`
`ppy
`Symmetric
`Key 152
`
`170
`
`Hardware
`Profile
`124
`
`PETITIONERS Ex. 1005 Page 11
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 11 of 12
`
`US 7,036,011 B2
`
`200
`
`FIGURE 6A
`
`START
`
`Create a Recorded
`Stream Header
`202
`
`Encrypt the
`Recorded Stream
`Header
`204
`
`Store the
`Recorded Stream
`Header
`206
`
`Scramble Packets of
`Content
`208
`
`Store the
`Scrambled Packets
`210
`+
`Encrypt the Scrambled
`Packets or the Packet
`Scramble Table
`212
`
`END
`
`PETITIONERS Ex. 1005 Page 12
`
`
`
`u.s. Patent
`
`Apr. 25, 2006
`
`Sheet 12 of 12
`
`US 7,036,011 B2
`
`Encryption
`
`Program ID
`Scramble Table
`
`.~-+----+--
`
`~
`
`Recorded Stream Header
`
`Recorded Stream
`
`Encryption
`
`FIGURE 68
`
`PETITIONERS Ex. 1005 Page 13
`
`
`
`US 7,036,011 B2
`
`1
`DIGITAL RIGHTS MANAGEMENT
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application hereby claims the benefit of the priority
`of U.S. Provisional Patent Application, Ser. No. 60/214,726,
`filed Jun. 29, 2000, which is hereby incorporated by refer(cid:173)
`ence. This application also hereby incorporates by reference
`U.S. patent application, Ser. No. 09/835,529, entitled "Chan- 10
`nel Dancer" and filed Apr. 17,2001, U.S. patent application,
`Ser. No. 09/878,232, entitled "Personal Content Manager"
`and filed Jun. 12,2000, and U.S. Patent Application entitled
`"Virtual Multicasting", invented by Khanh Mai, Roland
`Noll, Tom Grimes and Tom Dong, and filed on the same
`date, under separate cover, as the present application.
`
`BACKGROUND
`
`2
`These and other advantages of the present invention are
`achieved in a method for digital rights management includes
`receiving content at a client computer. The content is
`encrypted with an encryption key. The method further
`includes the client computer requesting the encryption key
`from a digital rights management (DRM) server using a
`digital certificate, the DRM server receiving the request and
`the DRM server determining if the digital certificate is valid.
`The DRM server is remote from the client computer.
`These and other advantages of the present invention are
`also achieved in a system for digital rights management
`comprising a client computer and a DRM server. The client
`computer includes software comprising instructions for
`receiving content. The content is encrypted with an encryp-
`15 tion key. The client computer software further comprises
`instructions for requesting the encryption key from a digital
`rights management (DRM) server using a digital certificate.
`The DRM server includes software comprising instructions
`for receiving the request and determining if the digital
`20 certificate is valid. The DRM server is remote from the client
`computer.
`These and other advantages of the present invention are
`also achieved in a computer-readable medium comprising
`instructions for digital rights management, by receiving
`25 content at a client computer. The content is encrypted with
`an encryption key. The computer-readable medium further
`comprises instructions for requesting the encryption key
`from a digital rights management (DRM) server using a
`digital certificate. The DRM server is remote from the client
`30 computer. The DRM server receives the request. The DRM
`server determines if the digital certificate is valid.
`These and other advantages of the present invention are
`also achieved in a computer-readable medium comprising
`instructions for digital rights management, by receiving a
`35 client computer request, at a digital rights management
`(DRM) server, for an encryption key using a digital certifi(cid:173)
`cate and determining if the digital certificate is valid. The
`client computer receives content that is encrypted with the
`encryption key.
`
`1. Technical Field
`The present invention is related to access to secure or
`restricted content, and more particularly to the management
`of digital rights to secure or restricted rich media and
`multimedia content available over high bandwidth connec(cid:173)
`tions.
`2. Description of Related Art
`Over the past ten years, the bandwidth capacity available
`to consumers for receiving content from the Internet and
`other networks has increased ten-fold and more. The
`increased bandwidth capacity has enabled consumers to
`download larger and larger files and other content, including
`rich media and multimedia content such as audio clips, video
`clips, songs, programs and movies (collectively, programs or
`content). This increased bandwidth capacity has increased
`Internet usage and the potential for enjoyable and productive
`usage.
`Often the content offered to users over the Internet or
`other networks is restricted or secured for any number of
`reasons. For example, the content may be secured since it is
`confidential and only intended for a certain user or users. 40
`Likewise, the content may be available only on a pay-per(cid:173)
`view or membership basis and, therefore, is restricted to
`only those users that pay for the content or are members of
`a particular group. Further, the content may be restricted
`since it is copyright protected. Also, the content may be
`restricted by age (e.g., adult-only content) and is, therefore,
`restricted to users above a certain age.
`Unfortunately, present systems for securing or restricting
`content are cumbersome and inefficient. The infrastructure
`to support secure distribution and provide ongoing enforce- 50
`ment of digital rights management is not in place. Existing
`systems are not flexible enough to provide an efficient
`system of digital rights management for a wide variety of
`types of content.
`What is needed is a mechanism for flexibly and efficiently 55
`providing secure access of protected content to users.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The detailed description will refer to the following draw(cid:173)
`ings, in which like numbers and letters refer to like items,
`45 and in which:
`FIG. 1 is a schematic diagram illustrating an exemplary
`content delivery system with which the present invention
`may be used.
`FIGS. 2A and 2B are block diagrams illustrating exem(cid:173)
`plary hardware components that support and enable the
`present invention.
`FIGS. 3A-3B are flowcharts illustrating an exemplary
`method of digital rights management.
`FIG. 4 is a block diagram illustrating an exemplary stream
`of content.
`FIGS. SA to SD are flow-block diagrams illustrating an
`exemplary method of digital rights management.
`FIG. 6A is a flowchart illustrating an exemplary method
`of digital rights management.
`FIG. 6B is a block diagram illustrating an exemplary
`recorded stream of content.
`
`SUMMARY OF THE INVENTION
`
`An advantage of the present invention is that it overcomes 60
`the disadvantages and shortcomings of the prior art. Another
`advantage of the present invention is that it provides generic
`digital rights management that may be used in providing
`protection for content disseminated in most any manner.
`Another advantage of the present invention is that it pro- 65
`vides conditional access to protected material on a standa(cid:173)
`lone digital certificate basis.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`FIG. 1 illustrates a broadband content delivery system 10
`with which the digital rights management system and
`
`PETITIONERS Ex. 1005 Page 14
`
`
`
`US 7,036,011 B2
`
`4
`3
`method of the present invention may be used to regulate and
`replicated for each client 18 that receives it). Furthermore,
`additional content 20 may be provided by third-parties as
`control access to broadband content delivered by the system
`on-demand broadband content selected from the Internet
`and other content (e.g., digital music or video files from
`websites on the Internet). The illustrative broadband content
`("edge-of-net") by a user at the client 18. For example, an
`delivery system 10 comprises a signal origination point 12,
`ISP 16 may provide the edge-of-net content. Likewise, the
`a transmission medium 14 (e.g., a satellite or a landline), one
`user may store selected content, such as portions of the
`real-time multicast or unicast streams in a local cache at the
`or more service providers 16, and one or more clients 18.
`client 18. This stored or personal content 28 may be kept on
`The client 18 typically includes a user machine (e.g., a PC)
`a user machine hard-drive or other storage medium.
`that includes resident client software. The client software
`FIGS. 2A and 2B are block diagrams illustrating exem-
`enables access to the broadband content, supports the broad- 10
`band content delivery system 10 and the digital rights
`plary hardware components of the broadband content deliv(cid:173)
`management system. Indeed, the client software is part of
`ery system 10 that may be used for implementing the digital
`the digital rights management system.
`rights management system. FIG. 2A includes the client 18,
`Typically, high bandwidth content 20 (e.g., video, audio
`comprising a user machine 40 connected with a network
`and web data) is transmitted from a signal origination point 15 such as the Internet 26, providing network connections to the
`12 such as a Network Operations Center ("NOC") on
`NOC 12 and the ISP 16. The user machine 40 includes the
`high-resolution ("high rez") virtual channels 22. The trans(cid:173)
`client software 43 that the user has downloaded from an ISP
`mission medium 14 is satellite, ether and/or landline, or a
`16 or portal or otherwise obtained (e.g., by loading from a
`combination thereof. The content 20 is received by a service
`CD-ROM or magnetic disk or by being pre-installed on the
`user machine 40). As mentioned, the client software 43
`provider 16, typically an edge-of-net broadband Internet 20
`service provider ("ISP") and transmitted over a broadband
`supports the broadband content delivery system 10 and is
`medium 24, such as a digital subscriber line ("DSL") or
`executed to perform functions of the digital rights manage(cid:173)
`coaxial cable, to a client 18. The broadband medium con(cid:173)
`ment system. Preferably, the client software 43 includes a
`nection may be maintained or "open" continuously or sub(cid:173)
`digital rights management ("DRM") module 45 that is
`programmed to perform the digital rights management meth(cid:173)
`stantially maintained continuously. Two-way communica- 25
`tions between the client 18 and the NOC 12 are maintained
`ods (or portions thereof) described below. Other clients 18,
`such as client 19 may also be connected with network and
`over the Internet 26. Content may also be received by the
`may include the same components as client 18.
`client 18 directly from the Internet 26 via the ISP 16.
`The user machine 40 illustrates typical components of a
`In addition to transmitting the content on virtual channels
`22, the broadband content delivery system 10 also transmits
`30 user machine. The user machine 40 typically includes a
`a control channel (signal) that is received by the client 18.
`memory 42, a secondary storage device 44, a processor 46,
`an input device 48, a display device 50, and an output device
`The control channel contains information and instructions
`that help enable the client 18 (i e., the client software) to
`52. Memory 42 may include random access memory (RAM)
`access and control the content 20 provided by the broadband
`or similar types of memory, and it may store one or more
`content delivery system 10. The control channel is used to
`35 applications 44, including client software 43, and a web
`issue commands or directives to the client 18. These com(cid:173)
`browser 56, for execution by processor 46. The secondary
`mands or directives may result in feedback or a report back
`storage device 44 may include a hard disk drive, floppy disk
`from the client 18 to the NOC 12 via the Internet. Signifi(cid:173)
`drive, CD-ROM drive, or other types of non-volatile data
`cantly, the control channel is used to deliver program
`storage. The local cache that includes a user's personal
`descriptors or "program nuggets", and digital messages,
`40 content 28, and a user's personal profile, may be stored on
`such as those described below (e.g., in FIGS. 5A-5D).
`the secondary storage device 44.
`Additionally, some commands or directives may report a
`The processor 46 may execute client software 43 (includ(cid:173)
`failed identity or digital rights check. For example, a com(cid:173)
`ing the DRM module 45) and other applications 44 stored in
`mand or directive may report an invalid digital certificate to
`memory 42 or secondary storage 50, or received from the
`the client 18. Digital certificates are described in detail
`45 Internet or other network 60. The processor 46 may execute
`below.
`client software 43, including the DRM module 45, in order
`Not necessarily all clients 18 of the broadband content
`to provide the functions described in this specification
`delivery system 10 will have the bandwidth capability or
`including the digital rights management functions described
`resources to receive the high bandwidth on high rez virtual
`below. The input device 48 may include any device for
`channels 22 (e.g., 512 Kbps or more). Accordingly, in
`50 entering information into the user machine 40, such as a
`keyboard, mouse, cursor-control device, touch-screen, infra(cid:173)
`addition to high bandwidth content 20, the broadband con(cid:173)
`tent delivery system 10 provides low bandwidth content 20
`red, microphone, digital camera, video recorder or cam(cid:173)
`on low-resolution ("low rez") virtual channels 22 (e.g.,
`corder. The display device 50 may include any type of
`approximately 200 Kbps) or other communications band(cid:173)
`device for presenting visual information such as, for
`55 example, a computer monitor or flat-screen display. The
`width to accommodate these clients. Consequently, when a
`output device 52 may include any type of device for pre(cid:173)
`client 18 signs-on, the broadband content delivery system 10
`preferably conducts a bandwidth test to measure client's 18
`senting a hard copy of information, such as a printer, and
`bandwidth capability ("available bandwidth"). Usually, the
`other types of output devices include speakers or any device
`available bandwidth is calculated as the maximum band(cid:173)
`for providing information in audio form.
`width content that the client 18 can consistently receive.
`The web browser 56 is used to access the client software
`Referring back to FIG. 1, content 20 may be transmitted
`43 and display interface screens through which the user can
`or broadcast by the NOC 12 on the virtual channels 22 as
`manage and access the broadband content broadcast by the
`real-time multicast or unicast streams. A multicast stream
`broadband content delivery system 10. The web browser 56
`also is used to access the NOC 12, the ISP 16, and third(cid:173)
`comprises streaming content that is directed to and available
`to multiple clients 18 that join a multicast group. A unicast 65
`party web sites including other content (e.g., digital music
`stream comprises streaming content that is directed to and
`and video files). Examples of web browsers 56 include the
`available to one client 18 (at a time unicast content must be
`Netscape Navigator program and the Microsoft Internet
`
`60
`
`PETITIONERS Ex. 1005 Page 15
`
`
`
`US 7,036,011 B2
`
`5
`Explorer program. The content broadcast on virtual channels
`and received by the client 18 may be displayed through the
`web-browser. The content may include "links", for example,
`HyperText Transport Protocol ("HTTP") hyperlinks to other
`content and/or Internet websites. Multimedia applications
`such as Microsoft Media Player™ and RealPlayer™ may be
`used to enable viewing of the real-time multicast stream.
`Any web browser, co-browser, or other application capable
`of retrieving content from a network (any wireline or
`wireless network may be used) and displaying pages or
`screens may be used.
`Examples of user machines 40 for interacting within the
`broadband content delivery system 10 include personal
`computers, laptop computers, notebook computers, palm top
`computers, network computers, Internet appliances, or any
`processor-controlled device capable of executing a web
`browser 56 or other type of application for interacting with
`the broadband content delivery system 10.
`The NOC 12 may comprise a plurality of servers. FIG. 2B
`illustrates typical hardware components of a digital rights
`management ("DRM") server 58 at the NOC 12. Other
`servers at the NOC 12, such as the channel controller, and at
`the ISP 16, such as a local system POP server, may have
`similar or the same hardware components. The DRM server
`58 typically includes a memory 60, a secondary storage
`device 62, a processor 64, an input device 66, a display
`device 68, and an output device 70. The memory 60 may
`include RAM or similar types of memory, and it may store
`one or more applications 72 for execution by processor 64.
`The applications 72 include a digital rights management
`("DRM") application 65 (or module) that is programmed to
`perform the digital rights management methods (or portions
`thereof) described below.
`The secondary storage device 62 may include a hard disk
`drive, floppy disk drive, CD-ROM drive, or other types of 35
`non-volatile data storage. The processor 64 executes DRM
`application 65, and other application(s) 72, that is stored in
`memory 60 or secondary storage 62, or received from the
`Internet 26 or other network. The input device 66 may
`include any device for entering infonnation into DRM
`server 58, such as a keyboard, mouse, cursor-control device,
`touch-screen, infrared, microphone, digital camera, video
`recorder or camcorder. The display device 68 may include
`any type of device for presenting visual infonnation such as,
`for example, a computer monitor or f1atscreen display. The
`output device 70 may include any type of device for pre(cid:173)
`senting a hard copy of infonnation, such as a printer, and
`other types of output devices include speakers or any device
`for providing information in audio fonn.
`The DRM server 58 may store a database structure in
`secondary storage 74, for example, for storing and main(cid:173)
`taining infonnation regarding the broadband content deliv(cid:173)
`ery system 10 and the clients 18. For example, it may
`maintain a relational, object-oriented, or other DRM data(cid:173)
`base for storing DRM information such as digital certificates
`with private keys and linked hardware profiles (see below).
`As mentioned above, processor 46 and/or processor 64
`may execute one or more software applications 44 or 72,
`such as DRM module 45 and DRM application 65, in order
`to provide the digital rights management system and meth(cid:173)
`ods, and other functions described in this specification. The
`processing may be implemented in software, such as soft(cid:173)
`ware modules, for execution by computers or other
`machines. Preferably, the DRM module 45 is a module or
`component of the client software 43.
`The processing by processor 46 and/or processor 64 may
`provide and support pages, windows and menus (collec-
`
`6
`tively, "screens ") described in this specification and other(cid:173)
`wise for display on display devices associated with the client
`18. The term "screen" refers to any visual element or
`combinations of visual elements for displaying infonnation
`or fonns; examples include, but are not limited to, graphical
`user interfaces on a display device or information displayed
`in web pages or in pop-up windows/menus on a display
`device. The screens may be fonnatted, for example, as web
`pages in HyperText Markup Language (HTML), Extensible
`10 Markup Language (XML) or in any other suitable fonn for
`presentation on a display device depending upon applica(cid:173)
`tions used by users to interact with the broadband content
`delivery system 10.
`Although only one DRM server 58 is shown, broadband
`15 content delivery system 10 may use multiple servers 59 as
`necessary or desired to support the users and may also use
`back-up or redundant servers to prevent network downtime
`in the event of a failure of a particular server. In addition,
`although the user machine 40 and DRM server 58 are
`20 depicted with various components, one skilled in the art will
`appreciate that the user machine 40 and the DRM server 58
`can contain additional or different components. In addition,
`although aspects of an implementation consistent with the
`present invention are described as being stored in memory,
`25 one skilled in the art will appreciate that these aspects can
`also be stored on or read from other types of computer
`program products or computer-readable media, such as
`secondary storage devices, including hard disks, floppy
`disks, or CD-ROM; a carrier wave from the Internet or other
`30 network; or other forms of RAM or ROM. The computer(cid:173)
`readable media may include instructions for controlling a
`computer system, such as user machine 40 and DRM server
`58, to perform a particular method or implementation, such
`as those described below.
`FIGS. 3A-3B are flowcharts illustrating a method 80 of
`digital rights management according to the present inven(cid:173)
`tion. Method 80 may be implemented, for example, with
`software modules for execution by processor 46, processor
`64, or a combination of the two processors. As shown, the
`40 method 80 preferably comprises the steps of: ordering
`content 82, which may include purchasing the content 83;
`generating a digital certificate 84; creating a hardware
`profile 85; storing the certificate and hardware profile 86;
`transmitting the certificate to client 87; preparing and
`45 encrypting the content 88; transmitting the content to the
`client 90; receiving the content at the client 92, which may
`include decrypting and reading a stream header 93; request(cid:173)
`ing an encryption key using digital certificate 94; receiving
`the encryption key request and validating the digital certifi-
`50 cate 96; encrypting and transmitting the encryption key 98;
`decrypting the encryption key 100; and, decrypting the
`content with the encryption key 102.
`Ordering content 82 comprises a user at the client 18
`ordering content, that is transmitted via a virtual channel 22,
`55 from the NOC 12. The content may be ordered from the
`NOC 12 via the Internet 26 using an interface screen
`displayed on the web browser 56. The interface screen may
`be, for example, any of the interface screens shown in
`related application Personal Content Management, Ser. No.
`60 09/878,232, filed Jun. 12, 2001, which is hereby incorpo(cid:173)
`rated by reference. Alternatively, ordering content 82 com(cid:173)
`prises a user at the client 18 ordering content from a
`third-party content provider, such as a from a third-party
`website accessible through the Internet 26.
`As noted above, ordering content 82 may include pur(cid:173)
`chasing the content 83. Purchasing the content 83 comprises,
`for example, the user purchasing pay-per-view ("PPV")
`
`65
`
`PETITIONERS Ex. 1005 Page 16
`
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
