WAI KING SUN (US)
POTOCKO EDWARD (US)
HO EDWIN (US)
WAI KING SUN (US)
POTOCKO EDWARD (US)
| WO2002019598A2 | 2002-03-07 |
| US20060161635A1 | 2006-07-20 | |||
| US20080235142A1 | 2008-09-25 | |||
| US20080306936A1 | 2008-12-11 | |||
| US20080020738A1 | 2008-01-24 |
| Claims: 1. A system for secure content delivery from a content system to a processing unit based computing device, the system comprising: a processing unit based computing device with a media player that requests a piece of content from a content system over a link; and the content system further comprises a content system manager that receives the request for the piece of content from the processing unit based computing device, sends a profile verification request to the processing unit based computing device, receives a profile verification request response from the processing unit based computing device and verifies that the processing unit based computing device is authorized to access the piece of content based on the profile verification request response and a content unit that delivers the requested piece of content to the processing unit based computing device only when the processing unit based computing device is authorized to access the piece of content. 2. The system of claim 1 , wherein the content system further comprises a device profile store that stores a profile of each processing unit based computing device wherein the stored profile for a particular processing unit based computing device is used by the content system manager to verify the access authority of the particular processing umt based computing device. 3. The system of claim 2, wherein each profile further comprises a plurality of properties associated with the particular processing unit based computing device, each profile verification request response further comprises a plurality of properties associated with the particular processing unit based computing device and wherein the content system manager compares the plurality of properties in the profile and the profile verification request response for the particular processing unit based computing device to determine if the particular processing unit based computing device is authorized to access the piece of content. 4. The system of claim 3, wherein the plurality of properties further comprise a platform of the processing unit based computing device, a set of plug-in installed on the processing unit based computing device, a behavior of the plug-in installed on the processing unit based computing device and a secure protocol negotiation of the processing unit based computing device. 5. The system of claim 1, wherein the content unit further comprising a streaming media unit. 6. The system of claim 1 , wherein the content is one of a movie, a television show and a video, music and images. 7. A method for secure content delivery from a content system to a processing unit based computing device with a media player, the method comprising: requesting, by a processing unit based computing device with a media player, a piece of content from a content system; generating, at the content system, a profile request; transmitting the profile request to the processing unit based computing device that is requesting the piece of content; receiving, at the content system, a response to the profile request from the processing unit based computing device; verifying, in the content system, the processing unit based computing device with the media player is authorized to access the piece of content based on the response to the profile request; and delivering the piece of content to the processing unit based computing device with the media player once the processing unit based computing device with the media player is verified. 8. The method of claim 7 further comprising storing, in a device profile of the content system, a profile of each processing unit based computing device wherein the stored profile for a particular processing unit based computing device is used by the content system to verify the access authority of the particular processing unit based computing device. 9. The method of claim 8, wherein each profile further comprises a plurality of properties associated with the particular processing unit based computing device, each profile verification request response further comprises a plurality of properties associated with the particular processing unit based computing device and wherein verifying the processing unit based computing device further comprises comparing the plurality of properties in the profile and the profile verification request response for the particular processing unit based computing device to determine if the particular processing unit based computing device is authorized to access the piece of content. 10. The method of claim 9, wherein the plurality of properties further comprise a platform of the processing unit based computing device, a set of plug-in installed on the processing unit based computing device, a behavior of the plug-in installed on the processing unit based computing device and a secure protocol negotiation of the processing unit based computing device. 11. The method of claim 7, wherein delivering the piece of content further comprises streaming the piece of content over a link to the processing unit based computing device. 12. The method o claim 7, wherein the content is one of a movie, a television show and a video, music and images. |
Ed Ho
King Sun Wai
Edward Potocko
Priority Claims/Related Applications
This application claims the benefit under 35 USC 119(e) and 120 to U.S.
Provisional Patent Application Serial No. 61/245,662 filed on September 24, 2009 and entitled "Secure Content Delivery System and Method", the entirety of which is incorporated herein by reference.
Field
The disclosure relates generally to a system and method for securely delivering content to a device.
Background
Content streaming systems and methods are known. In most of these systems, the content provider provides a client application so that they can securely stream content to a device. When the content provider controls the client application, a certificate at the content provider and on the client application can be used to provide secure streaming content to the device. However, if the content provider does not have control of the client application, then certificates cannot be used to provide secure streaming of content. It is desirable to provide a system and method that allow for the secure delivery of content to devices with the content player is not provided by the content provider and it is to this end that the disclosure is directed.
Brief Description of the Drawings Figure 1 illustrates a secure content delivery system;
Figure 2 illustrates a method for secure content delivery; and
Figures 3- 6 illustrate a device requesting and receiving a piece of content from the secure content delivery system.
Detailed Description of One or More Embodiments
WEST\222499232. I Figure 1 illustrates a secure content delivery system 10 that allows for the secure delivery of content from a content system 12 to one or more computing devices 14 over a public link 16, such as the Internet. In one embodiment, the system may be used to securely stream movies to mobile devices and it is this embodiment that is described below. However, the disclosure is not limited to this embodiment since the system and method can be used to securely deliver various types of digital content (movies, television shows, videos, etc), the system and method can be used to securely deliver content in a non-streaming manner and the system and method can be used to securely deliver content to various different processing unit based devices with at least a display, a media player and wired or wireless connectivity capabilities such as mobile phones, smart phones (such as the Apple iPhone, Blackberry devices or Palm devices), laptop computers, desktop computers, tablet computers, gaming consoles, terminals and any other processing unit based devices with media players and wired or wireless connectivity capabilities.
In the embodiment shown in Figure 1, the device with the media player 14 may be a wireless device that uses a digital data network such as 3G or the like, a wireless local area network, such as WiFi or a wired network to establish a connection with the content system 12. For example, as shown in Figures 3-6, an Apple® iPhone® can be the device with the media player 14. The system allows the content system 12 to verify that the device 14 is authorized to receive a piece of content and then securely stream the content to the device once the device has been verified. The system prevents someone from trying to steal the content by masquerading as an authorized device as described below.
The content system 12 may further include a device profile store 20, that may be implemented in various manners such as a software or hardware database, data structure or similar storage, that stores a profile for each device that may attempt to request content from the content system. The profiles have been gathered based on
characteristics/properties of each device with the media player that can be used to verify that the device is authorized to have content delivered to it. The profile for each device may include a plurality of properties for each device. In one implementation, there may be 20-60 property values associated with each device. For example, the properties may include a platform of the device, the plug-ins on the device, the behavior of the plug-ins on the device, the secure protocol negotiations of the device and the like. Plug-ins are used to extend the capabilities of browser and can be upgraded independently of them. An example of a common plug-in is Flash. For the platform property, an Apple® iPhone® may have an Apple platform value, a personal computer device may have a Win32 platform property, a Blackberry device may have a BB platform property, etc. As another example, for the protocol negotiation property, certain devices may negotiate encryption or a protocol in such a way that one can determine the type of device based on the protocol negotiation. Properties define unique behavior of individual browser engines on devices and platforms. It can come in the form of different results from a function call, or different levels of precision in a math request. The content system 12 may further comprise a content system manager 22, implemented as one or more server computers executing computer code in one implementation, that performs various operations to provide secure delivery of the content as described in more detail with reference to Figure 2. Briefly, the content system manager 22 perform profile verification as shown in Figure 1 and also controls a media unit 24 (that may be a media streaming unit that streams content in one implementation). The media unit 24, when the device 14 is authorized to receive the content, delivers the content to the device. The media unit 24 retrieves the content to be delivered from a media store 26 that is associated with the media unit.
Figure 2 illustrates a method 30 for secure content delivery between the content system 12 and the device 14. The device whose user wants to interact with content sends a request for the content to the content system (32) that may be delivered using various protocols such as HTTP and HTTPS. The content system (and in particular the content system manager 22) sends a response back to the device 14 that includes a profile verification request (34) that may be implemented, in one implementation, as Javascript that is sent to the device. The profile verification request requests a value of a plurality of properties of the device wherein the plurality of properties of the device are a subset of all of the properties stored in the device profile store. In addition, to enhance security of the system, each profile verification request sent out to each device may have a random number of properties, a random order of the properties and/or a different subset of the properties. Thus, even if the response from a device is intercepted, it cannot be used later to masquerade as an authorized device since each profile verification request is different in terms of the number of properties requested, in terms of the order of the property values requested and/or in terms of the particular properties contained in each request.
In response to the profile verification request, the device (using a browser application that can interpret the profile verification request), sends back a response with the profile request results (36). The profile request results may be a series of "1" and "0" that provide the values for each requested property. The content system manager 22, using the profile request results and the profile verification request for the particular device, verifies the profile of the device (37). In particular, the content system manager 22 compares the values for the requested properties in the profile request results against the values of the same properties as stored in the device profile store 20. If the values of the particular properties in the profile request results match (or are within a certain range) the values in the device profile store 20 for those same particular properties, then the content system manager 22 verifies that the device can have access to the content. Then, the content system (content system manager 22) can provide the authorization to the device (38). The authorization may be a link that allows the device to access the content or it may just allow the device to access the content over a previously provided link or path. Once authorized, the content can then be accessed by the device. If the device is not an authorized device, the content system manager 22 may send a dead link back to the device so that the device cannot access the content or the content system manager 22 may disable the content link in the media unit 24.
Figures 3- 6 illustrate a device requesting and receiving a piece of content from the secure content delivery system. In particular, Figure 3 shows a user browsing streaming movies on an Apple iPhone that are available through a service. Figure 4 shows the user interface of the device when the user has chosen a piece of content and, in the background unknown to the user, the content system is verifying the device. Once the device is verified, the user can play the content in the media player as shown in Figures 5 and 6.
While the foregoing has been with reference to a particular embodiment of the invention, it will be appreciated by those skilled in the art that changes in this embodiment may be made without departing from the principles and spirit of the disclosure, the scope of which is defined by the appended claims.