EWS-001146
`
`Early Warning Services 1001
`IPR of U.S. Pat. No. 8,887,308
`
`

`

`U.S. Patent
`
`N
`
`41021,1
`
`teehS
`
`7f
`
`2B8039788,8SU
`
`W225E
`
`cosowccoo
`
`EBSEEE
`
`2:82
`
`3609
`
`228E
`
`EE
`
`M225EHmwscwm
`
`
`
`350m:vcooww
`
`228E
`
`
`
`w_:vo_>_mcficmhm
`
`TOE
`
`EWS—OO1 147
`
`EWS-001147
`
`

`

`U.S. Patent
`
`1,1V.0N
`
`7f02teehS
`
`8,8SU
`
`2B803,
`
`4228E228E228EmcouabocmwmmnfimocosmuEBmso
`
`
`cosoflwm
`
`228E
`
`2026me
`
`228E
`
`7IsN0E
`
`EWS—OO1 148
`
`EWS-001148
`
`

`

`US. Patent
`
`Nov. 11,2014
`
`Sheet 3 of7
`
`US 8,887,308 B2
`
`APiWEBSiTE .CGM GU!
`LOG [N TO CONTINUE.
`
`i1
`
`KODEKEY GU!
`
`"U ‘—
`EASE ENTER YOUR (300E
`AND PRESS THE REDEEM
`BUTTON.
`
`,
`
`1i i
`
`i
`i
`
`PWERJZSRJTKZS
`REDEEM
`
`DATABASE
`
`
`302
`
`BAYABASE
`
`
`
`PRODUCT METADATA
`
`FIG. 3
`
`EWS—OO1 149
`
`EWS-001149
`
`

`

`US. Patent
`
`Nov. 11,2014
`
`Sheet 4 of7
`
`US 8,887,308 B2
`
`491
`
`4G?
`mmmmmmmCWWW
`
`APIWEBSWE ‘COM GU!
`LOG [N TO CONTINUE.
`
`|
`|
`:
`: LOGIN ii):
`USEREMNLWEMBER'CW
`|
`|
`|
`|
`
`|
`|
`:
`=
`|
`|
`|
`|
`
`| |
`
`ACTiON '.
`ENABLER ACCESS REQUEST.
`
`
`
`
`409
`
`*
`
`BAYABASE
`
`
`402
`
`DATABASE
`
`‘ 405
`
`PRODUCT METADATA
`
`FIG. 4
`
`EWS—OO1 150
`
`EWS-001150
`
`

`

`US. Patent
`
`Nov. 11,2014
`
`Sheet 5 of7
`
`US 8,887,308 B2
`
`ST‘R3EM MACHINE
`8113
`
`,
`
`,
`,
`PLEASE CONNECT QR LOADA
`KEY FILE TO AUTHORiZE THIS
`DEVICE.
`
`,
`
`503
`
`|
`|
`
`APIWEBSITE .COM GUI
`LOG EN TO CONTINUE.
`
`|
`|
`
`l
`l
`I
`j
`I
`:
`} LOGIN 33:
`I USEREMAiLmEMBERCOM ,
`|
`|
`|
`|
`|
`|
`
`502
`
`1
`
`| |
`
`503
`
`
`
`
`CONNECT
`
`L
`
`BAYABASE DATABASE
`
`
`MACE-{WE MEMORY
`
`
`
`50?
`
`FIG. 5
`
`EWS—OO1 151
`
`EWS-001151
`
`

`

`US. Patent
`
`Nov. 11,2014
`
`Sheet 6 of7
`
`US 8,887,308 B2
`
`Receive a branding request from at least
`one communications console of the
`
`
`
`plurality of data processing devices
`
`Authenticate the membership verification
`token
`
`
`
`Establish connection with the at least
`
`one communications console
`
`_
`Request at least one electronic
`identification reference from the at least
`
`one communications console
`
`_
`_
`Receive the at least one electronic
`
`identification reference from the at least
`
`one communications console
`
`602
`
`604
`
`606
`
`608
`
`610
`
`612
`
`Brand metadata of the encrypted digital
`
`media
`
`End
`
`FIG.6
`
`EWS—OO1 152
`
`EWS-001152
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 7 of 7
`
`US 8,887,308 B2
`
`Select one or media items to form the
`
`
`
`encrypted digital media
`
`Enter a master password which provides
`access to the encrypted digital media for
`editing
`
`create the encrypted digital media
`
`Customize user access panel of the
`encrypted digital media
`
`Connect the encrypted digital media to a
`database of membership verification
`tokens
`
`Encrypt the one or more media items to
`
`702
`
`704
`
`706
`
`708
`
`710
`
`End
`
`FIG.7
`
`EWS—001 153
`
`EWS-001153
`
`

`

`US 8,887,308 B2
`
`1
`DIGITAL CLOUD ACCESS (PDMAS PART III)
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a continuation of and claims the priority
`benefit of US. patent application Ser. No. 13/740,086 filed
`Jan. 11, 2013 which is a continuation of and claims the pri-
`ority benefit of Ser. No. 13/397,517 filed Feb. 15, 2012 now
`issued as US. Pat. No. 8,402,555 on Mar. 19, 2013 which is
`a continuation of and claimed the priority benefit of Ser. No.
`12/985,351 filed Jan. 6, 2011 which was a continuation ofand
`claimed the priority benefit ofUS. patent application Ser. No.
`12/728,218 filed Mar. 21, 2010, which are incorporated
`herein by reference in their entirety.
`
`10
`
`15
`
`BACKGROUND OF THE INVENTION
`
`2
`
`protection schemes also recognized as an early form of DRM.
`With internet delivered music and video files, DRM schemes
`has been developed to lock acquired media to specific
`machines and most times limiting playback rights to a single
`machine or among a limited number of multiple machines
`regardless ofthe model number. This was achieved by writing
`the machine device ID to the metadata of the media file, then
`cross referencing with a trusted clearinghouse according to
`pre-set rules. DRM systems employed by DVD and CD tech-
`nologies consisted of scrambling (also known as encryption)
`disc sectors in a pattern to which hardware developed to
`unscramble (also known as decryption) the disc sectors are
`required for playback. DRM systems built into operating
`systems such as Microsoft Windows Vista block viewing of
`media when an unsigned software application is running to
`prevent unauthorized copying of a media asset during play-
`back. DRM used in computer games such as SecuROM and
`Steam are used to limit the amount of times a user can install
`
`1. Field of the Invention
`
`The present invention relates to the field of digital rights
`management schemes used by creators of electronic products
`to protect commercial intellectual property copyrights privy
`to illegal copying using computerized devices. More specifi-
`cally, the present invention teaches a more personal system of
`digital rights management which employs electronic ID, as
`part of a web service membership, to manage access rights
`across a plurality of devices.
`2. Description of the Prior Art
`Digital rights management (DRM) is a generic term for
`access control technologies used by hardware manufacturers,
`publishers, copyright holders and individuals to impose limi-
`tations on the usage of digital content across devices. DRM
`refers to any technology that inhibits undesirable or illegal
`uses ofthe digital content. The term generally doesn’t refer to
`forms of copy protection that can be circumvented without
`modifying the file or device, such as serial numbers or key
`files. It can also refer to restrictions associated with specific
`instances of digital works or devices.
`Traditional DRM schemes are defined as authentication
`
`components added to digital files that have been encrypted
`from public access. Encryption schemes are not DRM meth-
`ods but DRM systems are implemented to use an additional
`layer of authentication in which permission is granted for
`access to the cipher key required to decrypt files for access. A
`computer server is established to host decryption keys and to
`accept authentication keys from Internet connected client
`computers running client software in which handles the
`encrypted files. The server can administer different authori-
`zation keys back to the client computer that can grant different
`sets of rules and a time frame granted before the client is
`required to connect with the server to reauthorize access
`permissions. In some cases content can terminate access after
`a set amount of time, or the process can break if the provider
`of the DRM server ever ceases to offer services.
`
`In the present scenario, consumer entertainment industries
`are in the transition of delivering products on physical media
`such as CD and DVD to Internet delivered systems. The
`Compact Disc, introduced to the public in 1982, was initially
`designed as a proprietary system offering strict media to
`player compatibility. As the popularity of home computers
`and CD-ROM drives rose, so did the availability of CD rip-
`ping applications to make local copies ofmusic to be enjoyed
`without the use of the disc. After a while, users found ways to
`share digital versions of music in the form of MP3 files that
`could be easily shared with family and friends over the Inter-
`net. The DVD format introduced in 1997 included a new
`
`apparatus for optical discs technology with embedded copy
`
`20
`
`a game on a machine. DRM schemes for e-books include
`embedding credit card information and other personal infor-
`mation inside the metadata area of a delivered file format and
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`restricting the compatibility of the file with a limited number
`of reader devices and computer applications.
`In a typical DRM system, a product is encrypted using
`Symmetric block ciphers such as DES and AES to provide
`high levels of security. Ciphers known as asymmetric or pub-
`lic key/private key systems are used to manage access to
`encrypted products. In asymmetric systems the key used to
`encrypt a product is not the same as that used to decrypt it. If
`a product has been encrypted using one key of a pair it cannot
`be decrypted even by someone else who has that key. Only the
`matching key of the pair can be used for decryption. After
`receiving an authorization token from a first-use action are
`usually triggers to decrypt block ciphers in most DRM sys-
`tems. User rights and restrictions are established during this
`first-use action with the corresponding hosting device of a
`DRM protected product.
`Examples of such prior DRM art include Hurtado (US.
`Pat. No. 6,611,812) who described a digital rights manage-
`ment system, where upon request to access digital content,
`encryption and decryption keys are exchanged and managed
`via an authenticity clearing house. Other examples include
`Alve (US. Pat. No. 7,568,111) who teaches a DRM and
`Tuoriniemi (US. Pat. No. 20090164776) who described a
`management scheme to control access to electronic content
`by recording use across a plurality oftrustworthy devices that
`has been granted permission to work within the scheme.
`Recently, DRM schemes have proven unpopular with con-
`sumers and rights organizations that oppose the complica-
`tions with compatibility across machines manufactured by
`different companies. Reasons given to DRM opposition
`range from limited device playback restrictions to the loss of
`fair-use which defines the freedom to share media products
`will family members.
`Prior art DRM methods rely on content providers to main-
`tain computer servers to receive and send session authoriza-
`tion keys to client computers with an Internet connection.
`Usually rights are given from the server for an amount oftime
`or amount of access actions before a requirement to reconnect
`with the server is required for reauthorization. At times, con-
`tent providers will discontinue servers or even go out of
`business some years after DRM encrypted content was sold to
`consumers causing the ability to access files to terminate.
`In the light ofthe foregoing discussion, the current states of
`DRM measures are not satisfactory because unavoidable
`issues can arise such as hardware failure or property theft that
`could lead to a paying customer loosing the right to recover
`
`EWS-OO1 154
`
`EWS-001154
`
`

`

`US 8,887,308 B2
`
`3
`purchased products. The current metadata writable DRM
`measures do not offer a way to provide unlimited interoper-
`ability between different machines. Therefore, a solution is
`needed to give consumers the unlimited interoperability
`between devices and “fair use” sharing partners for an infinite
`time frame while protecting commercial digital media from
`unlicensed distribution to sustain long-term return of invest-
`ments.
`
`SUMMARY OF THE INVENTION
`
`An object of the present invention is to provide unlimited
`interoperability of digital media between unlimited machines
`with management of end-user access to the digital media.
`In accordance with an embodiment of the present inven-
`tion, the invention is a process of an apparatus which in
`accordance with an embodiment, another apparatus, tangible
`computer medium, or associated methods (herein referred to
`as The App) is used to: handle at least one branding action
`which could include post read and write requests of at least
`one writable metadata as part of at least one digital media
`asset to identify and manage requests from at least one excel-
`sior enabler, and can further identify and manage requests
`from a plurality of connected second enablers; with at least
`one token and at least one electronic identification reference
`
`received from the at least one excelsior enabler utilizing at
`least one membership. Here, controlled by the at least one
`excelsior enabler, The App will proceed to receive the at least
`one token to verify the authenticity ofthe branding action and
`further requests; then establish at least one connection with at
`least one programmable communications console of the at
`least one membership to request and receive the at least one
`electronic identification reference; and could request and
`receive other data information from the at least one member-
`
`ship. The method then involves sending and receiving vari-
`able data information from The App to the at least one mem-
`bership to verify a preexisting the at least one branding action
`of the at least one writable metadata as part of the at least one
`digital media asset; or to establish permission or denial to
`execute the at least one branding action or the post read and
`write requests ofthe at least one writable metadata. To do this,
`controlled by the at least one excelsior enabler. The App may
`establish at least one connection, which is usually through the
`Internet, with a programmable communications console,
`which is usually a combination of an API protocol and
`graphic user interface (GUI) as part of a web service. In
`addition, the at least one excelsior enabler provides reestab-
`lished credentials to the programmable communications con-
`sole as part of the at least one membership, in which The App
`is facilitating and monitoring, to authenticate the data com-
`munications session used to send and receive data requests
`between the at least one membership and The App.
`In accordance with another embodiment of the present
`invention, the present invention teaches a method for moni-
`toring access to an encrypted digital media and facilitating
`unlimited interoperability between a plurality of data pro-
`cessing devices. The method comprises receiving a branding
`request from at least one communications console of the
`plurality of data processing devices, the branding request
`being a read and write request of metadata of the encrypted
`digital media, the request comprising a membership verifica-
`tion token corresponding to the encrypted digital media. Sub-
`sequently, the membership verification token is authenti-
`cated, the authentication being performed in connection with
`a token database. Thereafter, connection with the at least one
`communications console is established. Afterwards, at least
`one electronic identification reference is requested from the at
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`least one communications console. Further, the at least one
`electronic identification reference is received from the at least
`
`one communications console. Finally, branding metadata of
`the encrypted digital media is performed by writing the mem-
`bership verification token and the electronic identification
`reference into the metadata.
`
`The present invention is particularly useful for giving users
`the freedom to use products outside ofthe device in which the
`product was acquired and extend unlimited interoperability
`with other compatible devices.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For a more complete understanding of the present inven-
`tion, the needs satisfied thereby, and the objects, features, and
`advantages thereof, reference now is made to the following
`description taken in connection with the accompanying draw-
`ings.
`FIG. 1 shows a system for monitoring access to an
`encrypted digital media according to an embodiment of the
`present invention.
`FIG. 2 shows a system for authoring an encrypted digital
`media according to an embodiment of the present invention.
`FIG. 3 shows a flow chart giving an overview ofthe process
`of digital media personalization according to an embodiment
`of the present invention.
`FIG. 4 shows a flow chart giving an overview ofthe process
`of an access request made by an enabler according to an
`embodiment of the present invention.
`FIG. 5 shows personalized digital rights management com-
`ponent as part of a compatible machine with writable static
`memory.
`FIG. 6 shows a flowchart for monitoring access to an
`encrypted digital media according to an embodiment of the
`present invention
`FIG. 7 shows a flowchart showing authoring an encrypted
`digital media according to an embodiment of the present
`invention.
`
`Skilled artisans will appreciate that elements in the figures
`are illustrated for simplicity and clarity and have not neces-
`sarily been drawn to scale. For example, the dimensions of
`some of the elements in the figures may be exaggerated rela-
`tive to other elements to help to improve understanding of
`embodiments of the present invention
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`the particular system and
`Before describing in detail
`method for personalised digital media access system in accor-
`dance with an embodiment of the present invention, it should
`be observed that the present invention resides primarily in
`combinations of system components related to the device of
`the present invention.
`Accordingly, the system components have been repre-
`sented where appropriate by conventional symbols in the
`drawings, showing only those specific details that are perti-
`nent to understanding the present invention so as not to
`obscure the disclosure with details that will be readily appar-
`ent to those of ordinary skill in the art having the benefit ofthe
`description herein.
`In this document, relational terms such as ‘first’ and ‘sec-
`ond’, and the like may be used solely to distinguish one entity
`or action from another entity or action without necessarily
`requiring or implying any actual such relationship or order
`between such entities or actions. The terms ‘comprises’,
`‘comprising’, or any other variation thereof, are intended to
`cover a non-exclusive inclusion, such that a process, method,
`
`EWS-OO1 155
`
`EWS-001155
`
`

`

`US 8,887,308 B2
`
`5
`article, or apparatus that comprises a list of elements does not
`include only those elements but may include other elements
`not expressly listed or inherent to such process, method,
`article, or apparatus. An element proceeded by ‘comprises .
`.
`. a’ does not, without more constraints, preclude the existence
`of additional
`identical elements in the process, method,
`article, or apparatus that comprises the element.
`The present invention is directed at providing infinite access
`rights of legally acquired at least one encrypted digital media
`asset to the content acquirer, explained in this document as the
`excelsior enabler, and optionally to their recognized friends
`and family, explained in this document as a plurality of sec-
`ondary enablers. To explain further, the excelsior enabler and
`secondary enablers defined comprises human beings or com-
`puterized mechanisms programmed to process steps of the
`invention as would normally be done manually by a human
`being. Additionally, an apparatus used alone or in accordance
`with an embodiment, another apparatus, tangible computer
`medium, or associated methods with a connection are needed
`(herein referred to as The App). To deliver the requirements of
`the invention, communicative and connected elements com-
`prise: verification, authentication, electronic ID metadata
`branding, additional technical branding, and cross-referenc-
`ing. The connection handling the communicative actions of
`the invention will usually be the Internet and can also be an
`internal apparatus cooperative. The App can further be
`defined as a Windows OS, Apple OS, Linux OS, and other
`operating systems hosting software running on a machine or
`device with a capable CPU, memory, and data storage. The
`App can be even further defined as a system on a chip (SOC),
`embedded silicon, flash memory, programmable circuits,
`cloud computing and runtimes, and other systems of auto-
`mated processes.
`The digital media assets used in this system are encrypted
`usually with an AES cipher and decryption keys are usually
`stored encoded, no encoded, encrypted, or no encrypted as
`part of the apparatus or as part of a connection usually an
`Internet server. As explained earlier, the system we will dis-
`cuss will work as a front-end to encrypted files as an autho-
`rization agent for decrypted access.
`FIG. 1 shows a system 100 for monitoring access to an
`encrypted digital media according to an embodiment of the
`present invention. The system 100 includes a first recipient
`module 102, an authentication module 104, a connection
`module 106, a request module 108, a second receipt module
`110 and a branding module 112. The first receipt module 102
`receives a branding request from at least one communications
`console ofthe plurality of data processing devices. The brand-
`ing request is a read and write request of metadata of the
`encrypted digital media and includes a membership verifica-
`tion token corresponding to the encrypted digital media.
`Examples ofthe encrypted digital media includes, and are not
`limited to, one or more of a video file, audio file, container
`format, document, metadata as part of video game software
`and other computer based apparatus in which processed data
`is facilitated.
`
`Subsequently, the authentication module 104 authenticates
`the membership verification token. The authentication is per-
`formed in connection with a token database. Further, the
`connection module 106 establishes communication with the
`at least one communication console.
`
`According to an embodiment of the present invention, the
`connection is established through one of internet, intranet,
`Bluetooth, VPN, Infrared and LAN.
`According to another embodiment ofthe present invention,
`the communication console is a combination of an Applica-
`tion Programmable interface (API) protocol and graphic user
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`interface (GUI) as a part of web service. The API is a set of
`routines, data structures, object classes, and/or protocols pro-
`vided by libraries and/or operating system services. The API
`is either one of language dependent or language independent.
`The request module 108 requests at least one electronic
`identification reference from the at least one communication
`
`console. The second receipt module 110 receives the at least
`one electronic identification reference from the least one
`
`communication console. The branding module 112 brands
`metadata of the encrypted digital media by writing the mem-
`bership verification token and the electronic identification
`into the metadata.
`
`FIG. 2 shows a system 200 for authoring an encrypted
`digital media according to an embodiment of the present
`invention. The figure includes a selection module 202, a pass-
`word module 204, a customization module 206, a database
`module 208 and an encryption module 210. The selection
`module 202 facilitates selection ofone or more media items to
`
`form the encrypted digital media. Examples of the one or
`media items include, and are not limited to, one or more of a
`video, an audio and a game.
`According to an embodiment of the present invention, the
`one or more media items are one or more ofremote URL links
`and local media files.
`
`The password module 204 prompts the user to enter a
`master pas sword which provides access to the encrypted digi-
`tal media. Subsequently,
`the customization module 206
`allows the user to customize the user access panel of the
`encrypted digital media.
`According to an embodiment of the present invention, the
`customization module 206 facilitates adding one or more of a
`banner, a logo, an image, an advertisement, a tag line, a header
`message and textual information to the user access panel of
`the encrypted digital media.
`Further, the database module 208 connects the encrypted
`digital media to a database of membership verification token
`required for decrypting the encrypted digital media.
`According to an embodiment of the present invention, the
`membership verification token is a kodekey. The kodekey is a
`unique serial number assigned to the encrypted digital media.
`The encryption module 210 encrypts the one or more
`media items to create the encrypted digital media.
`According to an embodiment of the present invention, the
`system 200 further includes a watermark module. The water-
`mark module watermarks information on the encrypted digi-
`tal media, wherein the watermark is displayed during play-
`back of the encrypted digital media.
`According to another embodiment ofthe present invention,
`the system 200 further includes an access module. The access
`module allows the user to define access rights. Examples of
`the access rights include, but are not limited to, purchasing
`rights, rental rights and membership access rights.
`According to yet another embodiment ofthe present inven-
`tion, the system 200 further includes a name module. The
`name module allows the user to name the encrypted digital
`media.
`
`FIG. 3 shows a flow chart giving an overview ofthe process
`of digital media personalization according to an embodiment
`ofthe present invention. The process is achieved by way of an
`enabler using an apparatus or otherwise known as an appli-
`cation in which facilitates digital media files. The apparatus
`interacts with all communicative parts required to fulfill the
`actions ofthe invention. The figure shows a Kodekey Graphi-
`cal User Interface (GUI) 301, a product metadata 302, a
`networking card 303, internet 304, 306 and 308, database 305
`and 309 and an APIwebsite.com GUI 307. A user posts a
`branding request via the Kodekey GUI interface 301. The
`
`EWS-OO1 156
`
`EWS-001156
`
`

`

`US 8,887,308 B2
`
`8
`tions can be saVed for access of the digital media. The API-
`website.com GUI 509 is connected to the STR3EM machine
`
`GUI through the intemet 508. Further, APIwebsite.com GUI
`509 is connected to the database 511 through the internet 510.
`The APIwebsite.com GUI 509 prompts the user to enter the
`login id and a password to authorize the access to digital
`media. The database 511 is the database connected to the web
`
`serVice membership in which the user’s electronic ID is que-
`ried from.
`
`FIG. 6 shows a flowchart for monitoring access to an
`encrypted digital media according to an embodiment of the
`present inVention. At step 602, a branding request is made by
`a user from at least at least one communications console ofthe
`
`7
`Kodekey GUI interface 301 is the GUI for entering token. The
`Kodekey GUI interface 301 prompts the user to enter the
`token and press the redeem button present on the Kodekey
`GUI interface 301. The product metadata 302 is read/writable
`metadata associated with the digital media to be acquired.
`The networking card 303 facilitates querying of optional
`metadata branding process and referenced. The Kodekey GUI
`interface is connected to the database 305 Via the intemet 304
`
`through the networking card 303. The database 305 is the
`database used to read/write and store the tokens, also referred
`to as token database. The user is redirected to the APIweb-
`
`10
`
`site.com GUI 307 through the intemet 306. The APIwebsite-
`.com is the GUI to the membership API in which the elec-
`tronic ID is collected and sent back to the Kodekey GUI
`interface 3 01. The APIwebsite.com GUI 307 prompts the user
`to enter a login id and a password to access the digital media
`which is acquired from the database 309 through the internet
`308. The database 309 is the database connected to the web
`
`serVice membership in which the user’s electronic ID is que-
`ried from.
`
`20
`
`Examples ofthe encrypted digital files include, and are not
`limited to, a Video file, an audio file, container formats, docu-
`ments, metadata as part of Video game software and other
`computer based apparatus in which processed data is facili-
`tated.
`
`25
`
`15
`
`plurality of data processing deVices. The branding request is
`a read and write request of metadata of the encrypted digital
`media.
`
`According to an embodiment of the present inVention, the
`request
`includes a membership Verification token corre-
`sponding to the encrypted digital media.
`Subsequently,
`the membership Verification token is
`authenticated at step 604. The authentication is performed in
`connection with a token database. Further, connection with
`the at least communication console is established at step 606.
`Afterwards, at least one electronic identification reference is
`requested from the at least one communications console at the
`step 608. At step 610, at least one electronic identification
`reference in receiVed from the at least one communication
`
`console. Finally, metadata of the encrypted digital media is
`branded by writing the membership Verification token and the
`electronic identification reference into the metadata at the
`
`30
`
`step 612.
`FIG. 7 shows a flowchart showing authoring an encrypted
`digital media according to an embodiment of the present
`inVention. At step 702, one or more media items are selected
`by the user to form the encrypted digital media. Subsequently,
`a master password is entered for pr0Viding access to the
`encrypted digital media for editing at step 704. Afterwards,
`the user customizes the user panel of the encrypted digital
`media at step 706. Further, the encrypted digital media is
`connected to a database of membership Verification tokens
`required for decrypting the encrypted digital media at the step
`708. Finally, the one or more media items are encrypted to
`create the encrypted digital media at the step 710.
`According to Various embodiments of the present inVen-
`tion,
`the Verification is facilitated by at
`least one token
`handled by at least one excelsior enabler. Examples of the
`token include, and are not limited to, a structured or random
`password, e-mail address associated with an e-commerce
`payment system used to make an authorization payment, or
`other redeemable instruments of trade for access rights of
`digital media. Examples of e-commerce systems are PayPal,
`Amazon Payments, and other credit card serVices.
`According to an embodiment of the present inVention, an
`identifier for the digital media is stored in a database with
`another database of a list of associated tokens for cross-
`reference identification for Verification.
`
`According to an embodiment of the present inVention, the
`database of a list of associated tokens includes Instant Pay-
`ment Notification (IPN) receiVed from successful financial
`e-commerce transactions that includes the identifier for the
`
`digital media; import of CSV password lists, and manually
`created reference phrases.
`For this discussion, the structured or random password
`example will be used as reference. The structured or random
`passwords can be deVised in encoded schemes to flag the
`apparatus of permission type such as: l) Purchases can start a
`password sequence with “P” following a random number, so
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`EWS-OO1 157
`
`FIG. 4 shows a flow chart giVing an 0VerView ofthe process
`of an access request made by an enabler according to an
`embodiment ofthe present inVention. Subsequently, the com-
`municatiVe parts to cross-reference information stored in the
`metadata of the digital media asset are checked which has
`been preViously handled by the process of FIG. 1. The figure
`shows an enabler access request 401, a product metadata 402,
`a networking card 403, an internet 404, 406 and 408, a data-
`base 405 and 409 and an APIwebsite.com GUI 407, The
`enabler access request 401 facilitates the user to make a
`request for the digital media. The product metadata 402 is
`read/writable metadata associated with the digital media to be
`acquired. The networking card 403 facilitates querying of
`optional metadata branding process and referenced. The data-
`base 405 is the database used to read/write and store the
`tokens. The APIwebsite.com GUI 407 is the GUI in which the
`
`electronic ID is collected and sent back to the Kodekey GUI
`interface 3 01. The APIwebsite.com GUI 407 prompts the user
`to enter a login id and a password to access the digital media
`from the database 409 through the internet 408. The database
`409 is the database connected to the web serVice membership
`in which the user’s electronic ID is queried from.
`FIG. 5 shows personalized digital rights management com-
`ponent as part of a compatible machine with writable static
`memory. The figure represents an authorization sequence
`action in which a machine is authorized to accept a person-
`alized digital media file. The figure includes STR3EM
`Machine GUI 501 including the connect icon 502, a load key
`file icon 503, a networking card 504, an intemet 505, 508 and
`510, a database 506 and 511, a machine memory 507 and a
`APIwebsite.com GUI 509. The STR3EM Machine GUI 501
`
`prompts the user to connect or load a key file to authorize the
`deVice through the connect icon 502 and the load key file icon
`503. The STR3EM Machine GUI 501 is connected to the
`
`networking card 504. The networking card 504 facilitates
`querying of optional metadata branding process and refer-
`enced. Further, the STR3EM machine GUI 501 is connected
`to the database 506 Via the intemet 505. The database 506 is
`the database used to read/write and store the tokens. More-
`0Ver, STR3EM Machine GUI 501 is connected to the
`machine memory 507. The machine memory 507 represents
`the internal memory of the machine or deVice so authoriza-
`
`EWS-001157
`
`

`

`US 8,887,308 B2
`
`9
`further example would be “PSJD42349MFJDF”. 2) Rentals
`can start or end a password sequence with “R” plus (+) the
`number of days a rental
`is allowed, for example “R7”
`included in “R7SJDHFG5 8473” flagging a seven day rental.
`3) Memberships can