`
`Early Warning Services 1004
`IPR of U.S. Pat. No. 8,887,308
`
`
`
`}SdI4
`
`UONOSUUOS)
`
`9inpow
`
`uoleoquayyny
`
`aINpoy|
`
`19994
`
`ainpow
`
`Patent Application Publication
`
`Apr.28, 2011 Sheet 1 of 7
`
`US 2011/0099382 A1
`
`
`
`a|npow1senbsy
`
`
`
`}d1I9991Pu0DsS
`
`a]npow
`
`
`
`a|Npoy,|Bulpuesg
`
`Old
`
`EWS-001566
`
`EWS-001566
`
`
`
`US 2011/0099382 Al
`
`FIG.2
`
`EWS-001567
`
`Selection
`
`DSe
`
`o =DoOo
`
`u
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 2 of 7
`
`Encryption
`
`Database
`
`EWS-001567
`
`
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 3 of 7
`
`US 2011/0099382 Al
`
`|
`|
`KODEKEY GUI
`|
`|
`|
`|
`| PLEASE ENTER YOUR CODE |
`!
`AND PRESS THE REDEEM |
`BUTTON.
`PWERJ2SRITK23—
`
`|
`
`|
`
`r
`|
`|
`|
`|
`
`306
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`LOGINID:
`[USEREMAIL@MEMBER.CON]
`PASSWORD:
`XV7087654307
`
`|
`|
`|
`|
`I
`SIGNIN
`|
`Lo-_~__ 4
`
`7
`|
`|
`|
`|
`|
`,
`|
`|
`|
`|
`
`
`
`DATABASE
`
`305
`
`DATABASE
`
`
`
`PRODUCT METADATA
`
`|-302
`
`FIG. 3
`
`EWS-001568
`
`|
`|
`|
`|
`|
`L-____ 4
`
`|!
`
`|
`
`EWS-001568
`
`
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 4 of 7
`
`US 2011/0099382 Al
`
`ACTION:
`ENABLER ACCESS REQUEST.
`
`|
`|
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`|
`| LOGINID:
`|
`[USEREMAIL@MEMBER.COM}
`| PASSWORD:
`1
`[X¥Z987654321
`|
`
`SIGNIN)
`
`|
`|
`
`|
`|
`|
`!
`
`|
`
`407aCU
`
`
`L___TTT J
`
`DATABASE
`
`
`
`DATABASE
`
`PRODUCT METADATA
`
`|—-402
`
`
`
`FIG. 4
`
`EWS-001569
`
`EWS-001569
`
`
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 5 of 7
`
`US 2011/0099382 Al
`
`STR3EM MACHINE
`GUI
`
`|
`|
`|
`I
`l
`L___
`
`DATABASE
`
`71
`r
`|
`|
`|
`|
`|
`|
`|PLEASE CONNECT OR LOAD A |
`| KEY FILE TO AUTHORIZETHIS !
`DEVICE.
`CONNECT
`
`508
`
`}1~802
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`r
`|
`|
`|
`|
`| LOGINID:
`|
`[USEREMAIL@MEMBER.COM]
`|
`PASSWORD:
`XYZ987654321
`|
`|
`I
`l
`
`AUTHORIZE
`
`71
`|
`|
`|
`|
`!
`|
`|
`|
`|
`I
`l
`4
`
`|
`
`|
`
`LOAD KEY FILE} ~503
`
` DATABASE
`
`FIG. 5
`
`EWS-001570
`
`EWS-001570
`
`
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 6 of 7
`
`US 2011/0099382 Al
`
`
`
`Receive a branding request from at least
`one communications console of the
`plurality of data processing devices
`
`Authenticate the membership verification
`token
`
`Establish connection with the at least
`one communications console
`
`
`
`Requestat least one electronic
`identification reference from the at least
`one communications console
`
`Receive the at least one electronic
`identification reference from the at least
`one communications console
`
`Brand metadata of the encrypted digital
`
`media
`
`End
`
`FIG.6
`
`602
`
`604
`
`606
`
`608
`
`610
`
`612
`
`EWS-001571
`
`EWS-001571
`
`
`
`Patent Application Publication
`
`Apr. 28,2011 Sheet 7 of 7
`
`US 2011/0099382 Al
`
` 702
`
`Select one or media items to form the
`encrypted digital media
`
`create the encrypted digital media
`
`Enter a master password which provides
`accessto the encrypted digital media for
`editing
`
`Customize user access panel of the
`encrypteddigital media
`
`—
`Connect the encrypted digital media to a
`database of membership verification
`tokens
`
`Encrypt the one or more media items to
`
`End
`
`FIG.7
`
`704
`
`706
`
`708
`
`710
`
`EWS-001572
`
`EWS-001572
`
`
`
`US 2011/0099382 Al
`
`Apr. 28, 2011
`
`PERSONALIZED DIGITAL MEDIA ACCESS
`SYSTEM (PDMAS)
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`[0001] This application is a continuation of, and claims the
`priority benefit of, U.S. patent application Ser. No. 12/728,
`218 filed Mar. 21, 2010.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`[0002]
`[0003] The present invention relates to the field of digital
`rights management schemes used by creators of electronic
`products to protect commercial intellectual property copy-
`rights privy to illegal copying using computerized devices.
`Morespecifically, the present invention teaches a more per-
`sonal system of digital rights management which employs
`electronic ID,as part ofa web service membership, to manage
`accessrights across a plurality of devices.
`[0004]
`2. Description of the Prior Art
`[0005] Digital rights management (DRM)is a generic term
`for access control technologies used by hardware manufac-
`turers, publishers, copyright holders and individuals to
`impose limitations on the usage of digital content across
`devices. DRMrefers to any technologythat inhibits undesir-
`able orillegal uses of the digital content. The term generally
`doesn’t refer to forms of copy protection that can be circum-
`vented without modifying the file or device, such asserial
`numbersorkeyfiles. It can alsoreferto restrictions associated
`with specific instances of digital works or devices.
`[0006] Traditional DRM schemesare defined as authenti-
`cation components added to digital files that have been
`encrypted from public access. Encryption schemes are not
`DRM methods but DRM systemsare implementedto use an
`additional layer of authentication in which permission is
`granted for access to the cipher key required to decryptfiles
`for access. A computer server is established to host decryp-
`tion keys and to accept authentication keys from Internet
`connected client computers running client software in which
`handles the encryptedfiles. The server can administer differ-
`ent authorization keys back to the client computer that can
`grant different sets of rules and a time frame granted before
`the client is required to connect with the server to reauthorize
`access permissions. In some cases content can terminate
`access after a set amountoftime, or the process can break if
`the provider of the DRM serverever ceasesto offer services.
`[0007]
`In the present scenario, consumer entertainment
`industries are in the transition of delivering products on
`physical media such as CD and DVDto Internet delivered
`systems. The CompactDisc, introduced to the public in 1982,
`was initially designed as a proprietary system offering strict
`media to player compatibility. As the popularity of home
`computers and CD-ROMdrivesrose, so did the availability of
`CD ripping applications to make local copies of music to be
`enjoyed withoutthe useofthe disc. After a while, users found
`ways to share digital versions of music in the form of MP3
`files that could be easily shared with family and friends over
`the Internet. The DVD formatintroduced in 1997 included a
`new apparatus for optical discs technology with embedded
`copy protection schemesalso recognized as an early form of
`DRM.With internet delivered music and video files, DRM
`schemes has been developed to lock acquired media to spe-
`cific machines and most times limiting playback rights to a
`
`single machine or among a limited number of multiple
`machinesregardless ofthe model number. This was achieved
`by writing the machine device ID to the metadata ofthe media
`file,
`then cross referencing with a trusted clearinghouse
`according to pre-set rules. DRM systems employed by DVD
`and CD technologies consisted of scrambling (also known as
`encryption) disc sectors in a pattern to which hardware devel-
`oped to unscramble (also known as decryption) the disc sec-
`tors are required for playback. DRM systemsbuilt into oper-
`ating systems such as Microsoft Windows Vista block
`viewing of media when an unsigned software application is
`running to prevent unauthorized copying of a media asset
`during playback. DRM used in computer games such as Secu-
`ROMandSteam are used to limit the amountof times a user
`
`can install a game on a machine. DRM schemesfor e-books
`include embedding credit card information and other per-
`sonal information inside the metadata area of a delivered file
`format andrestricting the compatibility of the file with a
`limited numberof reader devices and computer applications.
`[0008]
`In a typical DRM system, a product is encrypted
`using Symmetric block ciphers such as DES and AESto
`provide high levels of security. Ciphers known as asymmetric
`or public key/private key systems are used to manage access
`to encrypted products. In asymmetric systems the key used to
`encrypt a productis not the sameas that used to decryptit. If
`a producthas been encrypted using one key of a pair it cannot
`be decrypted even by someoneelse whohasthat key. Only the
`matching key of the pair can be used for decryption. After
`receiving an authorization token from a first-use action are
`usually triggers to decrypt block ciphers in most DRM sys-
`tems. Userrights andrestrictions are established during this
`first-use action with the corresponding hosting device of a
`DRMprotected product.
`[0009] Examples of such prior DRM art include Hurtado
`(U.S. Pat. No. 6,611,812) who described a digital rights man-
`agement system, where upon request to access digital con-
`tent, encryption and decryption keys are exchanged and man-
`aged via an authenticity clearing house. Other examples
`include Alve (U.S. Pat. No. 7,568,111) who teaches a DRM
`and Tuoriniemi (U.S. Pat. No. 20090164776) who described
`a management schemeto control accessto electronic content
`by recording use across a plurality oftrustworthy devices that
`has been granted permission to work within the scheme.
`[0010] Recently, DRM schemes have proven unpopular
`with consumers and rights organizations that oppose the com-
`plications with compatibility across machines manufactured
`by different companies. Reasons given to DRM opposition
`range from limited device playbackrestrictions to the loss of
`fair-use which defines the freedom to share media products
`will family members.
`[0011]
`Prior art DRM methodsrely on content providers to
`maintain computerservers to receive and send session autho-
`rization keysto client computers with an Internet connection.
`Usually rights are given from the server for an amountoftime
`or amountofaccess actions before a requirement to reconnect
`with the serveris required for reauthorization. At times, con-
`tent providers will discontinue servers or even go out of
`business someyears after DRM encrypted content was sold to
`consumers causing the ability to access files to terminate.
`[0012]
`In thelight of the foregoing discussion, the current
`states of DRM measures are not satisfactory because
`unavoidable issues can arise such as hardwarefailure or prop-
`erty theft that could lead to a paying customer loosing the
`right to recover purchased products. The current metadata
`
`EWS-001573
`
`EWS-001573
`
`
`
`US 2011/0099382 Al
`
`Apr. 28, 2011
`
`writable DRM measuresdo notoffer a way to provide unlim-
`ited interoperability between different machines. Therefore, a
`solution is needed to give consumers the unlimited interop-
`erability between devices and “fair use” sharing partners for
`an infinite time frame while protecting commercial digital
`media from unlicensed distribution to sustain long-term
`return ofinvestments.
`
`SUMMARYOF THE INVENTION
`
`[0013] An object of the present invention is to provide
`unlimited interoperability ofdigital media between unlimited
`machines with managementof end-user access to the digital
`media.
`
`In accordance with an embodimentofthe present
`[0014]
`invention, the invention is a process of an apparatus which in
`accordance with an embodiment, another apparatus, tangible
`computer medium,or associated methods (herein referred to
`as The App) is used to: handle at least one branding action
`which could include post read and write requests of at least
`one writable metadata as part of at least one digital media
`asset to identify and manage requests from at least one excel-
`sior enabler, and can further identify and manage requests
`from a plurality of connected second enablers; with at least
`one token andat least one electronic identification reference
`received from the at least one excelsior enabler utilizing at
`least one membership. Here, controlled by the at least one
`excelsior enabler, The App will proceedto receive the at least
`one tokento verify the authenticity ofthe branding action and
`further requests; then establish at least one connection with at
`least one programmable communications console of the at
`least one membership to request and receive the at least one
`electronic identification reference; and could request and
`receive other data information from the at least one member-
`ship. The method then involves sending and receiving vari-
`able data information from The Appto the at least one mem-
`bership to verify a preexisting the at least one branding action
`of the at least one writable metadata aspart of the at least one
`digital media asset; or to establish permission or denial to
`execute the at least one branding action or the post read and
`write requests ofthe at least one writable metadata. To dothis,
`controlled by the at least one excelsior enabler. The App may
`establish at least one connection, whichis usually through the
`Internet, with a programmable communications console,
`which is usually a combination of an API protocol and
`graphic user interface (GUI) as part of a web service. In
`addition, the at least one excelsior enabler provides reestab-
`lished credentials to the programmable communications con-
`sole as part of the at least one membership, in which The App
`is facilitating and monitoring, to authenticate the data com-
`munications session used to send and receive data requests
`between the at least one membership and The App.
`[0015]
`In accordance with another embodiment of the
`present invention, the present invention teaches a method for
`monitoring access to an encrypted digital media and facilitat-
`ing unlimited interoperability between a plurality of data
`processing devices. The method comprises receiving a brand-
`ing request from at least one communications console of the
`plurality of data processing devices, the branding request
`being a read and write request of metadata of the encrypted
`digital media, the request comprising a membership verifica-
`tion token corresponding to the encrypted digital media. Sub-
`sequently, the membership verification token is authenti-
`cated, the authentication being performed in connection with
`a token database. Thereafter, connection with the at least one
`
`communications console is established. Afterwards, at least
`one electronic identification reference is requested from the at
`least one communications console. Further, the at least one
`electronic identification reference is received from theatleast
`
`one communications console. Finally, branding metadata of
`the encrypted digital media is performed by writing the mem-
`bership verification token and the electronic identification
`reference into the metadata.
`[0016] The present inventionis particularly useful for giv-
`ing users the freedom to use products outside of the device in
`whichthe product was acquired and extend unlimited interop-
`erability with other compatible devices.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For a more complete understanding of the present
`[0017]
`invention, the needs satisfied thereby, and the objects, fea-
`tures, and advantages thereof, reference now is made to the
`following description taken in connection with the accompa-
`nying drawings.
`[0018]
`FIG. 1 shows a system for monitoring access to an
`encrypted digital media according to an embodimentof the
`present invention.
`[0019]
`FIG. 2 shows a system for authoring an encrypted
`digital media according to an embodiment of the present
`invention.
`
`FIG. 3 showsa flow chart giving an overview ofthe
`[0020]
`process of digital media personalization according to an
`embodimentof the present invention.
`[0021]
`FIG. 4 showsa flow chart giving an overview ofthe
`process of an access request made by an enabler according to
`an embodimentof the present invention.
`[0022]
`FIG. 5 showspersonalized digital rights manage-
`ment componentas part of a compatible machine with writ-
`able static memory.
`[0023]
`FIG. 6 showsa flowchart for monitoring access to an
`encrypted digital media according to an embodimentof the
`present invention
`[0024]
`FIG. 7 shows a flowchart showing authoring an
`encrypted digital media according to an embodimentof the
`present invention.
`[0025]
`Skilled artisans will appreciate that elements in the
`figures are illustrated for simplicity and clarity and have not
`necessarily been drawnto scale. For example, the dimensions
`of some of the elements in the figures may be exaggerated
`relative to other elements to help to improve understanding of
`embodiments of the present invention
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`[0026] Before describing in detail the particular system and
`methodfor personalised digital media access system in accor-
`dance with an embodiment ofthe present invention,it should
`be observed that the present invention resides primarily in
`combinations of system componentsrelated to the device of
`the present invention.
`[0027] Accordingly, the system components have beenrep-
`resented where appropriate by conventional symbols in the
`drawings, showing only those specific details that are perti-
`nent to understanding the present invention so as not to
`obscure the disclosure with details that will be readily appar-
`ent to those of ordinary skill in the art having the benefit ofthe
`description herein.
`[0028]
`Inthis document,relational terms suchas‘first’ and
`‘second’, and the like may be usedsolely to distinguish one
`
`EWS-001574
`
`EWS-001574
`
`
`
`US 2011/0099382 Al
`
`Apr. 28, 2011
`
`entity or action from anotherentity or action without neces-
`sarily requiring or implying any actual such relationship or
`order between such entities or actions. The terms ‘com-
`prises’, ‘comprising’, or any other variation thereof, are
`intended to cover a non-exclusive inclusion, such that a pro-
`cess, method, article, or apparatus that comprises a list of
`elements does not include only those elements but may
`include other elements not expressly listed or inherent to such
`process, method,article, or apparatus. An element proceeded
`by ‘comprises .
`.
`. a’ does not, without more constraints,
`preclude the existence of additional identical elements in the
`process, method,article, or apparatus that comprises the ele-
`ment.
`
`[0029] The present invention is directed at providing infi-
`nite access rights of legally acquired at least one encrypted
`digital media asset to the content acquirer, explained in this
`document as the excelsior enabler, and optionally to their
`recognized friends and family, explained in this documentas
`a plurality of secondary enablers. To explain further, the
`excelsior enabler and secondary enablers defined comprises
`human beings or computerized mechanisms programmedto
`process steps of the invention as would normally be done
`manually by a human being. Additionally, an apparatus used
`alone or in accordance with an embodiment, another appara-
`tus, tangible computer medium,or associated methods with a
`connection are needed (herein referred to as The App). To
`deliver the requirements ofthe invention, communicative and
`connected elements comprise: verification, authentication,
`electronic ID metadata branding, additional technical brand-
`ing, and cross-referencing. The connection handling the com-
`municative actions of the invention will usually be the Inter-
`net and can also be an internal apparatus cooperative. The
`App can further be defined as a Windows OS, Apple OS,
`Linux OS, and other operating systems hosting software run-
`ning on a machine or device with a capable CPU, memory,
`and data storage. The App can be even further defined as a
`system on a chip (SOC), embeddedsilicon, flash memory,
`programmable circuits, cloud computing and runtimes, and
`other systems of automated processes.
`[0030] The digital media assets used in this system are
`encrypted usually with anAES cipher and decryption keys are
`usually stored encoded, no encoded, encrypted, or no
`encrypted as part of the apparatus or as part of a connection
`usually an Internet server. As explainedearlier, the system we
`will discuss will work as a front-end to encryptedfiles as an
`authorization agent for decrypted access.
`[0031]
`FIG. 1 shows a system 100 for monitoring access to
`an encrypted digital media according to an embodimentofthe
`present invention. The system 100 includesa first recipient
`module 102, an authentication module 104, a connection
`module 106, a request module 108, a second receipt module
`110 and a branding module 112. Thefirst receipt module 102
`receives a branding request from at least one communications
`console ofthe plurality of data processing devices. The brand-
`ing request is a read and write request of metadata of the
`encrypted digital media and includes a membership verifica-
`tion token corresponding to the encrypted digital media.
`Examples ofthe encrypted digital media includes, and are not
`limited to, one or moreof a video file, audio file, container
`format, document, metadata as part of video game software
`and other computer based apparatus in which processed data
`is facilitated.
`
`the authentication module 104
`Subsequently,
`[0032]
`authenticates the membership verification token. The authen-
`
`tication is performed in connection with a token database.
`Further, the connection module 106 establishes communica-
`tion with the at least one communication console.
`
`[0033] According to an embodimentof the present inven-
`tion, the connection is established through one ofinternet,
`intranet, Bluetooth, VPN, Infrared and LAN.
`[0034] According to another embodiment of the present
`invention, the communication console is a combination of an
`Application Programmable interface (API) protocol and
`graphic user interface (GUI) as a part ofweb service. The API
`is a set of routines, data structures, object classes, and/or
`protocols provided by libraries and/or operating system ser-
`vices. The API is either one of language dependentor lan-
`guage independent.
`[0035] The request module 108 requests at least one elec-
`tronic identification reference from the at least one commu-
`
`nication console. The second receipt module 110 receives the
`at least one electronic identification reference from the least
`one communication console. The branding module 112
`brands metadata ofthe encrypted digital media by writing the
`membership verification token and the electronic identifica-
`tion into the metadata.
`
`FIG. 2 shows a system 200 for authoring an
`[0036]
`encrypted digital media according to an embodimentof the
`present invention. The figure includes a selection module
`202, a password module 204, a customization module 206, a
`database module 208 and an encryption module 210. The
`selection module 202 facilitates selection of one or more
`
`media itemsto form the encrypted digital media. Examples of
`the one or media itemsinclude, andare not limited to, one or
`more of a video, an audio and a game.
`[0037] According to an embodimentof the present inven-
`tion, the one or more media items are one or more of remote
`URLlinks and local mediafiles.
`
`[0038] The password module 204 prompts theuser to enter
`a master password which provides access to the encrypted
`digital media. Subsequently, the customization module 206
`allows the user to customize the user access panel of the
`encrypted digital media.
`[0039] According to an embodimentof the present inven-
`tion, the customization module 206 facilitates adding one or
`more of a banner, a logo, an image, an advertisement, a tag
`line, a header message and textual information to the user
`access panel of the encrypted digital media.
`[0040]
`Further,
`the database module 208 connects the
`encrypted digital media to a database of membership verifi-
`cation token required for decrypting the encrypted digital
`media.
`
`[0041] According to an embodimentof the present inven-
`tion, the membership verification token is a kodekey. The
`kodekeyis a unique serial numberassigned to the encrypted
`digital media.
`[0042] The encryption module 210 encrypts the one or
`more media itemsto create the encrypted digital media.
`[0043] According to an embodimentof the present inven-
`tion, the system 200 further includes a watermark module.
`The watermark module watermarks information on the
`encrypted digital media, wherein the watermark is displayed
`during playback of the encrypted digital media.
`[0044] According to another embodiment of the present
`invention, the system 200 further includes an access module.
`The access module allows the user to define access rights.
`Examplesof the access rights include, but are not limited to,
`purchasingrights, rental rights and membership accessrights.
`
`EWS-001575
`
`EWS-001575
`
`
`
`US 2011/0099382 Al
`
`Apr. 28, 2011
`
`[0045] According to yet another embodimentofthepresent
`invention, the system 200 further includes a name module.
`The name module allows the user to name the encrypted
`digital media.
`[0046]
`FIG. 3 showsa flow chart giving an overview ofthe
`process of digital media personalization according to an
`embodimentofthe present invention. The processis achieved
`by way of an enabler using an apparatus or otherwise known
`as an application in which facilitates digital media files. The
`apparatus interacts with all communicative parts required to
`fulfill the actions of the invention. The figure shows a Kode-
`key Graphical User Interface (GUI) 301, a product metadata
`302, a networking card 303, internet 304, 306 and 308, data-
`base 305 and 309 and an APIwebsite.com GUI 307. A user
`
`posts a branding request via the Kodekey GUIinterface 301.
`The Kodekey GUIinterface 301 is the GUIfor entering token.
`The Kodekey GUIinterface 301 prompts the user to enter the
`token and press the redeem button present on the Kodekey
`GUlinterface 301. The product metadata 302 is read/writable
`metadata associated with the digital media to be acquired.
`The networking card 303 facilitates querying of optional
`metadata branding process and referenced. The Kodekey GUI
`interface is connectedto the database 305via the internet 304
`
`through the networking card 303. The database 305 is the
`database used to read/write and store the tokens, also referred
`to as token database. Theuseris redirected to the APIwebsite.
`
`com GUI 307 through the internet 306. The APIwebsite.com
`is the GUIto the membership API in whichthe electronic ID
`is collected and sent back to the Kodekey GUIinterface 301.
`The APIwebsite.com GUI 307 prompts the user to enter a
`login id and a passwordto access the digital media whichis
`acquired from the database 309 throughthe internet 308. The
`database 309 is the database connected to the web service
`
`membership in which the user’s electronic ID is queried from.
`[0047] Examples of the encrypted digital files include, and
`are notlimited to, a video file, an audiofile, container formats,
`documents, metadata as part of video game software and
`other computer based apparatus in which processed data is
`facilitated.
`
`FIG. 4 showsa flow chart giving an overview ofthe
`[0048]
`process of an access request made by an enabler according to
`an embodimentof the present invention. Subsequently, the
`communicative parts to cross-reference information stored in
`the metadata ofthe digital media asset are checked which has
`been previously handled by the process of FIG. 1. The figure
`showsan enabler access request 401, a product metadata 402,
`a networking card 403, an internet 404, 406 and 408, a data-
`base 405 and 409 and an APIwebsite.com GUI 407. The
`
`enabler access request 401 facilitates the user to make a
`request for the digital media. The product metadata 402 is
`read/writable metadata associated with the digital media to be
`acquired. The networking card 403 facilitates querying of
`optional metadata branding process and referenced. The data-
`base 405 is the database used to read/write and store the
`tokens. The APIwebsite.com GU]407 is the GU]in which the
`
`electronic ID is collected and sent back to the Kodekey GUI
`interface 301. The APIwebsite.com GUI 407 prompts the user
`to enter a login id and a passwordto access the digital media
`from the database 409 throughthe internet 408. The database
`409is the database connectedto the web service membership
`in which the user’s electronic ID is queried from.
`[0049]
`FIG. 5 shows personalized digital rights manage-
`ment componentas part of a compatible machine with writ-
`able static memory. The figure represents an authorization
`
`sequence action in which a machineis authorized to accept a
`personalized digital mediafile. The figure includes STR3EM
`Machine GUI 501 including the connect icon 502,a load key
`file icon 503, a networking card 504, an internet 505, 508 and
`510, a database 506 and 511, a machine memory 507 and a
`APIwebsite.com GUI 509. The STR3EM Machine GUI 501
`
`prompts the user to connector load a key file to authorize the
`device through the connect icon 502 andthe load keyfile icon
`503. The STR3EM Machine GUI 501 is connected to the
`
`networking card 504. The networking card 504 facilitates
`querying of optional metadata branding process andrefer-
`enced. Further, the STR3EM machine GUI 501 is connected
`to the database 506 via the internet 505. The database 506 is
`the database used to read/write and store the tokens. More-
`over, STR3EM Machine GUI 501 is connected to the
`machine memory 507. The machine memory 507 represents
`the internal memory of the machine or device so authoriza-
`tions can be saved for access of the digital media. The API-
`website.com GU] 509 is connected to the STR3EM machine
`
`GUIthroughthe internet 508. Further, APIwebsite.com GUI
`509 is connected to the database 511 throughthe internet 510.
`The APIwebsite.com GUI 509 prompts the user to enter the
`login id and a password to authorize the access to digital
`media. The database 511 is the database connected to the web
`service membership in which the user’s electronic ID is que-
`ried from.
`
`FIG. 6 showsa flowchart for monitoring access to an
`[0050]
`encrypted digital media according to an embodimentof the
`present invention. At step 602, a branding request is made by
`auser from at least at least one communications console ofthe
`
`plurality of data processing devices. The branding requestis
`a read and write request of metadata of the encrypted digital
`media.
`
`[0051] According to an embodimentof the present inven-
`tion, the request includes a membership verification token
`corresponding to the encrypted digital media.
`[0052]
`Subsequently, the membership verification token is
`authenticated at step 604. The authentication is performedin
`connection with a token database. Further, connection with
`the at least communication console is established at step 606.
`Afterwards, at least one electronic identification reference is
`requested from the at least one communications console at the
`step 608. At step 610, at least one electronic identification
`reference in received from the at least one communication
`console. Finally, metadata of the encrypted digital media is
`branded by writing the membership verification token and the
`electronic identification reference into the metadata at the
`
`step 612.
`FIG. 7 shows a flowchart showing authoring an
`[0053]
`encrypted digital media according to an embodimentof the
`present invention. At step 702, one or more media items are
`selected by the user to form the encrypted digital media.
`Subsequently, a master password is entered for providing
`access to the encrypted digital media for editing at step 704.
`Afterwards,
`the user customizes the user panel of the
`encrypted digital media at step 706. Further, the encrypted
`digital media is connected to a database of membership veri-
`fication tokens required for decrypting the encrypted digital
`mediaatthe step 708. Finally, the one or more media itemsare
`encrypted to create the encrypted digital media at the step
`710.
`
`[0054] According to various embodiments of the present
`invention, the verification is facilitated by at least one token
`handled by at least one excelsior enabler. Examples of the
`
`EWS-001576
`
`EWS-001576
`
`
`
`US 2011/0099382 Al
`
`Apr. 28, 2011
`
`token include, and are not limited to, a structured or random
`password, e-mail address associated with an e-commerce
`payment system used to make an authorization payment, or
`other redeemable instruments of trade for access rights of
`digital media. Examples of e-commerice systems are PayPal,
`Amazon Payments, and other credit card services.
`[0055] According to an embodimentof the present inven-
`tion, an identifier for the digital media is stored in a database
`with another database ofa list of associated tokensfor cross-
`reference identification for verification.
`
`[0056] According to an embodimentof the present inven-
`tion, the database of a list of associated tokens includes
`Instant Payment Notification (IPN) received from successful
`financial e-commercetransactions that includesthe identifier
`
`for the digital media; import of CSV password lists, and
`manually created reference phrases.
`[0057]
`For this discussion, the structured or random pass-
`word example will be used as reference. The structured or
`random passwords can be devised in encoded schemesto flag
`the apparatus of permission type such as: 1) Purchases can
`start a password sequence with “P”following a random num-
`ber, so further example would be “PSJD42349MFJDF”. 2)
`Rentals can start or end a password sequence with “R”plus
`(+) the numberof daysa rental is allowed, for example “R7”
`included in “R7SJDHFG58473”flagging a seven day