I IIIII IIIIIIII Ill lllll lllll lllll lllll lllll lllll lllll lllll 111111111111111111
`US008234302Bl
`
`c12) United States Patent
`Goodwin et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,234,302 Bl
`Jul. 31, 2012
`
`(54) CONTROLLING ACCESS TO ELECTRONIC
`CONTENT
`
`(75)
`
`Inventors: Robert L Goodwin, Mercer Island, WA
`(US); David Zhao, Bothell, WA (US);
`Adrian Tsang Kwong Chan, Bellevue,
`WA (US); Chieh Wang, Issaquah, WA
`(US); Michael V Rykov, Seattle, WA
`(US)
`
`(73) Assignee: Amazon Technologies, Inc., Reno, NV
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 434 days.
`
`(21) Appl. No.: 11/541,247
`
`(22) Filed:
`
`Sep.29,2006
`
`(51)
`
`Int. Cl.
`G06F 21/00
`(2006.01)
`G06F 17/30
`(2006.01)
`(52) U.S. Cl. ................ 707/783; 726/3; 726/28; 726/29;
`726/30; 707/913
`(58) Field of Classification Search .................. 707/913,
`707/783
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,619,708 A
`4/1997 Ho
`6,047,309 A
`4/2000 Dan et al.
`6,202,158 Bl*
`.................... 726/22
`3/2001 Urano et al.
`11/2001 Fletcher et al.
`6,321,264 Bl
`6/2003 Downs et al.
`6,574,609 Bl
`3/2004 Clark et al.
`6,704,733 B2
`11/2007 Hendricks et al.
`7,298,851 Bl
`
`7,437,438 B2
`7,506,246 B2
`2002/0099818 Al
`2003/0229695 Al
`2004/0024688 Al *
`2004/0030898 Al *
`2004/0103305 Al
`2005/0102352 Al
`2006/0037075 Al
`2006/0068769 Al
`2006/0153089 Al
`2006/0272031 Al *
`2007/0026371 Al
`2007/0061447 Al*
`2007/0156696 Al
`2008/0022003 Al *
`2008/0052394 Al
`2008/0104231 Al
`2008/0282091 Al *
`2009/0037 578 Al
`
`10/2008 Mogul et al.
`3/2009 Hollander et al.
`7/2002 Russell et al.
`12/2003 McBride
`.......................... 705/37
`2/2004 Bi et al.
`2/2004 Tsuriaetal ................... 713/171
`5/2004 Ginter
`5/2005 Zhang et al.
`2/2006 Frattura et al.
`3/2006 Adya et al.
`7/2006 Silverman
`11/2006 Ache et al. ...................... 726/28
`2/2007 Wood
`3/2007 Flores et al.
`7/2007 Lim
`1/2008 Alve ............................. 709/229
`2/2008 Bugenhagen et al.
`5/2008 Dey et al.
`11/2008 Ashoketal. .................. 713/183
`2/2009 Hattori et al.
`
`.................. 709/224
`
`OTHER PUBLICATIONS
`
`Roberts, Who Goes There? Building Smarter Authentication,
`Info World, Issue 30, Jul. 24, 2006, pp. 26-30 and 32.*
`
`* cited by examiner
`
`Primary Examiner -
`John E Breene
`Assistant Examiner - Albert Phillips, III
`(74) Attorney, Agent, or Firm -Knobbe Martens Olson &
`BearLLP
`
`ABSTRACT
`(57)
`A system and method for controlling access to electronic
`content stored on a content provider's server is provided. A
`content provider may control and restrict unauthorized access
`to electronic content through an identified user account by
`limiting a number of devices from which requests to access
`the content through the account have been received. A content
`provider may also collect usage information of interest by
`monitoring authorized access to electronic content.
`
`31 Claims, 6 Drawing Sheets
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 1
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 1 of 6
`
`US 8,234,302 Bl
`
`18
`
`16
`
`USER
`INFORMATION
`
`CONTENT
`DATA STORE
`
`100
`
`20 /
`
`CONTENT
`PROVIDER
`SERVER
`
`NETWORK
`
`22
`
`CLIENT DEVICES
`
`Fig.I.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 2
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 2 of 6
`
`US 8,234,302 Bl
`
`220
`
`(3) USER DATA:
`-Account ID
`-Password
`-Browser ID
`(content A requested)
`
`(2) VERIFICATION
`~ - - - ' - - - ' - -
`
`CONTENT
`PROVIDER
`
`(5) TRACK
`USAGE
`
`210
`
`(4) AUOW ACCESS TO A
`(DENY ACCESS TO B)
`
`(1) REQUEST TO ACCESS
`CONTENT A
`(CONTENTB)
`
`CLIENT DEVICE
`
`200
`
`Fig.2.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 3
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 3 of 6
`
`US 8,234,302 Bl
`
`CONTENT
`DATA
`STORE
`
`CONTENT A
`
`CONTENTB
`
`CONTENT
`PROVIDER
`
`Request Granted
`
`USER ACCOUNT
`
`50
`
`320
`
`DEVICES
`PER
`CONTENT A
`
`Fig.3A.
`
`332
`
`331
`
`330
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 4
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 4 of 6
`
`US 8,234,302 Bl
`
`CONTENT
`DATA
`STORE
`
`CONTENT A
`
`CONTENTB
`
`CONTENT
`PROVIDER
`
`Request Denied
`
`324
`
`USER ACCOUNT
`
`311
`
`310
`
`320
`
`DEVICES
`PER
`CONTENTB
`
`Fig.3B.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 5
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 5 of 6
`
`US 8,234,302 Bl
`
`RECEIVE ACCESS
`REQUEST
`
`AUTHENTICATE
`ACCOUNT ID
`
`400
`
`401
`
`410
`
`NO
`
`440
`
`YES
`
`ADD UNIQUE ID
`TO LIST
`
`DENY ACCESS TO
`CONTENT
`
`ALLOW ACCESS
`TO CONTENT
`
`460
`
`450
`
`TRACK USAGE,
`GEOGRAPHY
`
`470
`
`END
`
`Fig.4.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 6
`
`

`

`U.S. Patent
`
`Jul. 31, 2012
`
`Sheet 6 of 6
`
`US 8,234,302 Bl
`
`ADD UNIQUE ID
`TO LIST
`
`ALLOW ACCESS
`TO CONTENT
`
`570
`
`520
`
`YES
`
`540
`
`DENY ACCESS
`
`TRACK USAGE,
`GEOGRAPHY
`
`END
`
`Fig.5.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 7
`
`

`

`US 8,234,302 B 1
`
`2
`list of unique device identifiers identifying which devices
`have previously access the content through the account.
`In an alternative embodiment, tracking of geographic areas
`from which the electronic content is accessed is provided. The
`5 access to content can be limited by a predetermined number
`of geographic areas, in addition to, or in substitution of, the
`limit to the number of devices that may be used by a user to
`access a particular content.
`In accordance with another aspect of the present invention,
`10 a computer system is provided, wherein the computer system
`is configured to track and record usage associated with elec(cid:173)
`tronic content and process a request to access the content. The
`processing includes authenticating a user account, identify(cid:173)
`ing a unique device identifier associated with the user account
`15 that requested to access the electronic content, and granting or
`denying the request based on a determination of whether a
`number of unique device identifiers associated with the con(cid:173)
`tent and the user account exceeds a predetermined value
`within a predetermined time period.
`
`1
`CONTROLLING ACCESS TO ELECTRONIC
`CONTENT
`
`BACKGROUND
`
`With the expanding use of computer networks, such as the
`Internet, an increasing amount of commerce is conducted
`electronically. Online merchants, manufacturers, and others
`have made virtually every type of product and service avail(cid:173)
`able to consumers via computer networks. As more and more
`users turn to computer networks, such as the World Wide Web
`(hereinafter the "Web"), for information, content providers
`are increasingly converting traditional content ( e.g., printed
`materials, such as books, magazines, newspapers, newslet(cid:173)
`ters, manuals, guides, references, articles, reports, docu(cid:173)
`ments, and the like) to electronic form.
`An example of such electronic-form content is an
`"e-book," an electronic ( or digital) representation of a book.
`An e-book is commonly generated by a publisher for distri- 20
`bution via the Internet. Examples of the advantages resulting
`from providing content in an electronic form include reduced
`space, indefinite offering duration and quantity, adjustable
`type size and type face, instant distribution, etc.
`However, one disadvantage resulting from electronic dis- 25
`tribution of information is that it can potentially be stolen,
`disseminated, or accessed without approval from the author
`or publisher. The advent of personal computers, combined
`with the Internet and popular file sharing tools, have made
`unauthorized sharing of digital files ( often referred to as digi- 30
`ta! piracy) increasingly common.
`Specifically, in the instance where a business offers an
`online fee-based access to an electronic content stored on its
`server, the concern is that authors, publishers and other par(cid:173)
`ties involved in the distribution of said content may lose 35
`control of such distribution. For example, a customer who
`purchases online access to a particular item of content stored
`on a server of a content provider could potentially distribute
`his or her access information (user identification, password,
`etc.) to any number of people, thus providing them with 40
`unauthorized access to that content.
`
`SUMMARY
`
`DESCRIPTION OF THE DRAWINGS
`
`The foregoing aspects and many of the attendant advan(cid:173)
`tages of this invention will become more readily appreciated
`as the same become better understood by reference to the
`following detailed description, when taken in conjunction
`with the accompanying drawings, wherein:
`FIG. 1 is a pictorial diagram of one exemplary computing
`environment in which a method, such as the methods of FI GS.
`4 and 5 may be implemented in accordance with one or more
`embodiments of the present invention;
`FIG. 2 is a state diagram illustrating the controlled access
`to electronic content in accordance with one or more embodi(cid:173)
`ments of the present invention;
`FIGS. 3A and 38 are pictorial diagrams illustrating an
`exemplary embodiment for controlling access to electronic
`content, in accordance with one or more embodiments of the
`present invention;
`FIG. 4 is a flow diagram of a routine for controlling access
`to electronic content, in accordance with one or more embodi(cid:173)
`ments of the present invention; and
`FIG. 5 is a flow diagram of another embodiment of a
`routine for controlling access to content, in accordance with
`one or more embodiments of the present invention.
`
`DETAILED DESCRIPTION
`
`This summary is provided to introduce a selection of con- 45
`cepts in a simplified form that are further described below in
`the Detailed Description. This summary is not intended to
`identify key features of the claimed subject matter, nor is it
`intended to be used as an aid in determining the scope of the
`claimed subject matter.
`In accordance with an aspect of the present invention, a
`method for controlling access to electronic content stored on
`a content provider's server is provided. Generally described,
`the method includes receiving a request to access electronic
`content stored by the content provider, authenticating the user 55
`account from which the request has been received, and deter(cid:173)
`mining whether the received unique device identifier (unique
`device ID), such as a browser ID, associated with the request
`to access the content has previously been used to access the
`content. If the device is determined to have been previously 60
`used to access the content, the request to access the content is
`granted and the content provider may begin tracking usage
`behavior during the access. If the device has not accessed the
`content previously, it is determined whether allowing access
`to the content by the device would exceed the predetermined 65
`limit. If this is the case, the access to content is denied.
`Otherwise, the received unique device identifier is added to a
`
`The disclosure herein is directed to a computer-imple(cid:173)
`mented method and system that controls access to electronic
`50 content stored at a location remote from the access request.
`For example, the content may be stored on a server at a
`content provider and an access request may be received from
`a user associated with the content provider. Although specific
`embodiments will now be described with reference to the
`drawings, these embodiments are intended to illustrate, and
`not limit, the present invention.
`Prior to discussing the details of the invention, it is recog-
`nized by those skilled in the art that the following description
`is presented largely in terms of logic operations that may be
`performed by conventional computer components. These
`computer components, which may be grouped in a single
`location or distributed over a wide area, generally include
`computer processors, memory storage devices, display
`devices, input devices, etc. In distributed computer systems,
`the computer components are accessible to each other via
`communication links. Additionally, although numerous spe-
`cific details are set forth in order to provide a thorough under-
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 8
`
`

`

`US 8,234,302 B 1
`
`3
`standing of the invention, it will be apparent to one skilled in
`the art that the invention may be practiced without some or all
`of these specific details. In other instances, well-known pro(cid:173)
`cess elements have not been described in detail in order not to
`unnecessarily obscure the invention.
`FIG. 1 illustrates a sample operating environment for con(cid:173)
`trolling access to electronic content stored at a location
`remote from the access request in accordance with one or
`more embodiments of the present invention. An access
`request may be submitted by a user, such as an individual
`consumer seeking to access one or more items of electronic
`content. For example, a user may purchase access rights to a
`copyright-protected material that is maintained by a content
`provider, such as an e-book, and subsequently request access
`to that content. The operating environment shown in FIG. 1
`includes one or more users (not shown) who can request
`access via a client device 22 to electronic content stored, for
`example, in a content provider's content data store 16.A data
`store, such as the content data store as used herein, is any type,
`form, and structure of storage in which data is maintained. For
`example, the data store may maintain data in a database form,
`such as a relational database, or as images. Any form, type,
`and structure may be used for maintaining electronic content/
`information in accordance with one or more embodiments of
`the present invention. The computer system 20 may be asso(cid:173)
`ciated with a content provider, such as an online retailer
`offering to sell access rights to content, i.e., copyright-pro(cid:173)
`tected works including music, movies, books, etc.
`The client devices 22 and the content provider server(s) 14,
`depicted in FIG. 1, are configured to electronically commu- 30
`nicate with each other via a network 12. The network 12 may
`be a local area network (LAN) or a larger network, such as a
`wide area network (WAN) or the Internet, and the communi(cid:173)
`cation may occur using wired and/or wireless communication
`technology. The operating environment shown in FIG. 1 may
`be configured to communicate any type of electronic content,
`such as files, Web page documents, commands, and data
`between the client devices 22, the servers 14 and the data
`stores 16, 18.As will be appreciated by those skilled in the art,
`the operating environment shown in FIG. 1 provides a sim(cid:173)
`plified example of one suitable environment for implement(cid:173)
`ing one or more embodiments of the present invention and
`other operating environments may also be utilized with
`embodiments of the present invention.
`Having obtained access rights, a user account may be cre(cid:173)
`ated so that the individual user may later access the content.
`As used herein, a user account is designed to allow an indi(cid:173)
`vidual or a small set of individuals access to electronic con(cid:173)
`tent. Upon obtaining access rights and establishment of a user
`account, a user, via a client device 22, may contact the content
`provider to obtain access to selected electronic content. The
`access request is received by a content provider's computer
`system 20 that includes, for example, a server computing
`device 14 and one or more storage units, such as data stores 16
`and 18. Using the access request information and information
`contained in the user information data store 18, the content
`provider can determine if the client device requesting access
`should be allowed to access particular content stored in the
`content data store 16. For example, when access rights are
`obtained, a user may be provided or specify a user name and 60
`password that is associated with the user account. That infor(cid:173)
`mation may be maintained in the user information data store
`18, along with other user information, and used to determine
`whether access should be allowed.
`Before turning to FIG. 2 that illustrates an embodiment of
`the present invention, the basic principles of a browser iden(cid:173)
`tification, which are pertinent to the embodiment of the
`
`4
`present invention, will be explained. It will be appreciated by
`those skilled in the art that a browser identifier ("ID") is a type
`of unique device identifier due to the fact that it may contain
`HTTP information, such as a cookie, which may be used to
`5 uniquely identify a particular device. As it is known in the art,
`an HTTP cookie is a piece of text that a Web server can store
`on a client device and that can be subsequently retrieved. A
`cookie is sent by a server to a web browser on a device and
`then sent back unchanged by the device each time it accesses
`10 the server that provided the cookie. HTTP cookies may be
`used for authenticating, tracking, and maintaining specific
`information about devices.
`Consequently, cookies may be used by a server to recog(cid:173)
`nize devices that have been used by the individual user to
`15 access a particular user account and/or content accessed via a
`particular user account. For example, the content provider
`server 14 (FIG. 1) may receive an access request containing,
`among other data, a username and password, and check them
`against the user account data stored on the user information
`20 data store 18. If the username and password are correct, the
`server may send back a page confirming that logging has been
`successful together with a cookie, while storing the cookie on
`the client device 22 and on the server itself ( or on the client
`information data store 18). Every time the user requests
`25 access to electronic content using the same client device 22,
`the device 22 automatically sends the cookie back to the
`server and the server compares the cookie with the stored
`ones. If a match is found, the server knows which device has
`requested that page.
`Thus, a server can recognize a device and establish a "one-
`to-one" association between the user account, the client
`device, the browser that is used to request access, and the
`requested electronic content. When a subsequent access
`request to particular electronic content is received from the
`35 same client device 22 for the same account, the content pro(cid:173)
`vider recognizes the account and that it is the same accessing
`device and grants access to the content. By confirming that
`access to content via a specific account through the same
`device 22, it can be expected that the access is by the same
`40 authorized user, thereby controlling access to the content.
`If a subsequent access request to the same content using the
`same user account but a different client device is received, the
`content provider can determine that the request is from a
`different device and thereby potentially unauthorized. As dis-
`45 cussed below, additional consideration may be made before
`granting or denying access to electronic content through a
`new client device. One technique for identifying devices and
`associating those devices with user accounts is by tracking
`browser IDs for each device that uses a particular user
`50 account. Those skilled in the art will appreciate that a using a
`browser ID is one way of identifying a particular device, but
`that any type of device identifier may be used with embodi(cid:173)
`ments of the present invention.
`By assigning a threshold to the number of unique device
`55 IDs that may be used by a single account to access a particular
`item of electronic content, a provider can limit any potential
`unauthorized content. For example, if the threshold value is
`five, the particular content may be only accessed through that
`user account via five different devices. If a user distributes
`access to the content without authorization, only five devices
`will be able to actually gain access to the content. In some
`instances, the authorized user may be denied access as a result
`of access by unauthorized individuals. Thus, in addition to
`limiting unauthorized distribution, the potential of not being
`65 able to access the content is another deterrent to allowing
`unauthorized access. In sum, the unauthorized distribution of
`that content can be reduced or potentially eliminated.
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 9
`
`

`

`US 8,234,302 B 1
`
`5
`
`5
`With reference now to FIG. 2, illustrative interactions
`between a client device 200 and a content provider server 210
`for controlling access to electronic content in accordance
`with one or more embodiments of the present invention will
`be described. At an initial point, a user, via a client device 200,
`may submit a request to access a particular item of electronic
`content ("content A" in FIG. 2) to a content provider 210.
`Such request may include information corresponding to the
`user account, such as the user account ID, password, and a
`unique device identifier, such as a browser ID.
`Then, the content provider 210 may process the received
`request. In an illustrative embodiment, the processing may
`include a number of processing rules or instructions that can
`be executed by the content provider. Such instructions may
`include verification of the received user data, for example, the
`user account ID, password, and the unique device ID, by
`comparing it to the data stored in the user information data
`store 220. If the user account ID/password matches an
`account ID/password stored in the user information data
`store, the server executes the matching of the unique device 20
`IDs to the ones, if any, stored in the user information data store
`and associated with that account ID. If a match is not found,
`the total number of different devices that have been previ(cid:173)
`ously used to access that particular content via that account,
`including the current one, is determined and compared to a 25
`predetermined limit or threshold. If the total number of iden(cid:173)
`tified devices associated with the account ID plus the current
`device, which requested access, does not exceed the prede(cid:173)
`termined limit, the service provider grants access to the con(cid:173)
`tent. However, if the total number exceeds the predetermined 30
`limit, access will be denied. If a match is found between the
`received unique device identifier and the device identifiers
`currently associated with the account, access will be granted.
`Along with the decision to grant access, the server may
`begin tracking usage of the content during the access. The 35
`usage may include, for example, tracking geographic areas
`from which the content has been accessed (the detailed
`description of this embodiment is provided below with
`respect to FIG. 5), the sections of the content accessed, the
`duration of the access, and other types of usage behavior.
`Referring to FIGS. 3A and 38, the pictorial diagrams illus(cid:173)
`trate an embodiment wherein multiple requests to access
`content A and B stored on a data store 301 via a user account
`350 are processed in accordance with one or more embodi(cid:173)
`ments of the present invention. For purposes of this example,
`it is assumed that access via the user account 350 to contents
`A and B has previously occurred. More specifically, it is
`assumed that content A has been previously accessed by the
`user via devices lA 310, 2A 311, and 3A 312. Content B has
`been previously accessed via devices lB 320, 28 321, 38
`322, 48 323, and SB 324. The devices 310-312 and 320-324
`each maintain unique device identifiers, such as browser IDs
`330-332 and 340-344 as shown in FIG. 3. As discussed above,
`a predetermined limit or threshold indicating a maximum
`number of devices that the individual user can use to access
`content via a specific account is established. In this example,
`the threshold is set to five. It will be appreciated that a content
`provider may select and use any limit as the threshold.
`The example in FIG. 3A of the user requesting access to
`content A corresponds to the embodiment illustrated in FIG. 60
`2. If devices lA 310, 2A 311, and 3A 312 have previously
`been used by the user to access content via the user account
`350 and a request to access content A via the user account 350
`is received from a device having a unique device ID 4A 333,
`the content provider will grant permission to access content A 65
`because the total number of devices does not exceed the
`threshold.
`
`6
`However, referring to FIG. 38, if a request is received for
`access to content B from a device having a unique device ID
`of 68 344 and it is determined that devices lB 320, 28 321,
`38 322, 48 323, and SB 324 have already accessed content B
`through account 350, the service provider will deny access.
`Access in this example is denied because allowing access to
`the device submitting the request would result in exceeding
`the predetermined threshold.
`Referring now to the flow diagram of FIG. 4, one embodi-
`10 ment for controlling access to electronic content stored
`remotely is described. At block 400 a request to access con(cid:173)
`tent is received. The request may include, among other infor(cid:173)
`mation, a user account ID, password, and a unique device ID,
`such as a browser ID. At block 401 the routine authenticates
`15 the user account ID and the information associated with the
`account ID. For example, it may be determined whether the
`user account purchased the right to access the content. Once
`it is established that the user account has a valid account ID
`and there exists the right to access the requested content
`associated with that account ID, the routine continues at
`decision block 410, where it is determined whether the unique
`device ID received in the access request is new. The unique
`device ID may be, for example, a browser ID or any other type
`of identifier that can be associated with a device. Through use
`of a unique device ID it may be determined whether the
`device requesting access has previously accessed the content
`via the user account.
`If it is determined that the received unique device ID is
`already associated with the account, thereby indicating that
`the same device has been used to access that particular con(cid:173)
`tent through the account, the routine continues at block 460,
`where access to the content is allowed. In addition, at block
`470 usage of the content during the access is tracked. Such
`information may include, but is not limited to, geographic
`location of the device, sections of the content that are being
`accessed and other usage behavior that may be of interest.
`In one embodiment, the system may track the time and the
`location of the device accessing a particular content through
`a particular user account. This information can be used to
`40 compare it with similar data collected at a different point in
`time or location for the same user account accessing the same
`content. For example, if device lA 310, having a unique
`device ID lA 330 accessed a particular content through user
`account 350 in the U.S. for a certain period of time, and then
`45 a device 2A 311 having a unique device ID 2A 331 accessed
`the same content through the same user account 350 in
`Europe within minutes or hours, it can be determined that
`there are likely two different users, one in the U.S., and
`another in Europe. As a result, one of those users may be
`50 unauthorized and access may be denied, even though the
`threshold has not been exceeded. Generally, a set of rules and
`instructions may be developed that, based on the use of the
`combination time/area of access of a particular content in
`relation to previous times/areas of access of that content, can
`55 lead to a determination regarding validity of access of a par(cid:173)
`ticular content.
`In another embodiment, the system may track particular
`parts of content that are accessed, geographic areas from
`which the content has been accessed and/or the times of
`access. For example, if the same section of the content (e.g.,
`chapter 1 of a particular book) has been accessed by different
`devices from the same user account within a particular period
`of time and, perhaps, from different locations, a determina(cid:173)
`tion can be made regarding validity of such accesses based on
`the presumption that it would be unlikely that the same user
`would read the same section of the same content within a
`limited time period from different locations. As in the
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1032, p. 10
`
`

`

`US 8,234,302 B 1
`
`7
`example above, a set of rules and instructions may be devel(cid:173)
`oped such that, based on a combination of time, usage, and
`location, a determination may be made regarding validity of a
`particular access to a particular content through a particular
`account.
`In yet another embodiment, geographic areas from which
`access to a particular content occurred, may be tracked in
`addition to, or in substitution of, tracking the unique device
`IDs accessing the particular content. This embodiment is
`discussed below in greater detail.
`Returning to FIG. 4, if at decision block 410 it is deter(cid:173)
`mined that the unique device ID contained in the received
`access request has not yet been associated with the user
`account, the routine continues at decision block 420, where it
`is determined whether a total number of devices ( as identified 15
`by unique device IDs) that have been used to access the
`content through the user account, including the current
`requesting device, exceeds the predetermined limit of devices
`allowed to access the requested content from the user account
`authenticated in block 401. As it will be appreciated by those 20
`skilled in the art, such determination can be made in a number
`of different ways. For example, a list of unique device IDs per
`content per user account may be accumulated and maintained
`by the content provider for a limited period of time or indefi(cid:173)
`nitely. The description that follows illustrates alternative 25
`embodiments of this process. However, the process of deci(cid:173)
`sion block 420 is not limited to the embodiments presented
`below.
`In one embodiment, the total number of devices per content
`per user account can be accumulated over a predetermined
`"static" period of time, for example, one month. For the
`purposes of this particular example, it is assumed that the
`month begins January 1. If a request to access a particular
`content through the account is received from a new device
`within the time period of January 1 to January 31, the total 35
`number of devices that have previously accessed this particu-
`lar content from the particular user account is determined
`based on the number of unique device IDs accumulated from
`January 1 to the moment the new request was received. Then,
`the determination made in block 420 will amount to compar- 40
`ing the total number of devices counted over the accumula(cid:173)
`tion period, plus the current requesting device, with the pre(cid:173)
`determined limit of devices allowed to access a particular
`content from a particular user account.
`Similarly, a new accumulation period would start on Feb- 45
`ruary 1 and end on February 28, and the total number of
`devices per content per user account is calculated by adding
`all devices that accessed a particular content from the user
`account during the period beginning February 1 to the
`moment in February the new access request arrived. It is 50
`understood that an "accumulation" period can start on any
`date and last for any predetermined length of time.
`In another embodiment, a total number of devices per
`content per user account can be accumulated over a predeter(cid:173)
`mined "semi-rolling" period of time. This time period may 55
`start when the first request to access a particular content from
`a particular user account arrives and the respective unique
`device ID is recorded. The accumulation period may last as
`long as it is desired by the content provider. For example, the
`content provider may elect to use a 30-day long accumulation 60
`time period. Then, if a new request arrives within 30 days
`from the start of the accumulation period, the total number of
`devices is calculated for that period from its start to the
`moment the new request arrived.
`By the end of a 30-day period that started when the first 65
`unique device ID was recorded, the total number of devices
`per content per user account accumulated and stored over the
`
`8
`course o