`Case 612°‘CV'00397'ADA D(””1111lllllllllfllllllllfllllll’llllflllllIlllilllillllllillfilll||||||||
`
`US009455961B2
`
`(12) United States Patent
`US 9,455,961 B2
`(10) Patent No.:
`Phadke et al.
`(45) Date of Patent:
`Sep. 27, 2016
`
`(54) SYSTEM, METHOD AND APPARATUS FOR
`SECURELY DISTRIBUTING CONTENT
`
`(56)
`
`References Cited
`U. S. PATENT DOCUMENTS
`
`(71) Applicant: paSafeShare LLC, Colts Neck, NJ
`(US)
`
`(72)
`
`Inventors: Madhav S Phadke, Colts Neck, NJ
`(US); Kedar M Phadke, Colts Neck,
`NJ (US)
`
`(73) Assignee: PASAFESHARE LCC, Colts Neck, NJ
`(US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 172 days.
`
`(21) Appl. No.: 14/029,021
`
`(22)
`
`Filed:
`
`Sep. 17, 2013
`
`6,185,684 B1
`6,389,538 B1 *
`
`7,016,498 B2 *
`
`7,174,373 B1 *
`7,203,966 B2 *
`
`7,272,723 B1 *
`7,296,296 B2 *
`
`7,383,205 B1 *
`
`7,571,467 B1 *
`
`7,660,902 B2 *
`
`2/2001 Pravetz et a1.
`5/2002 Gruse ..................... G06F 21/10
`705/51
`3/2006 Peinado .................. G06F 21/10
`380/277
`2/2007 Lausier ......................... 709/223
`4/2007 Abburi .................... G06F 21/10
`380/201
`................ 713/185
`9/2007 Abbott et a1.
`11/2007 Dunbar ................... G06F 21/10
`380/201
`6/2008 Peinado .................. G06F 21/10
`705/37
`8/2009 Priestley .............. G06Q 20/206
`380/277
`............... 709/229
`
`2/2010 Graham et a1.
`
`(Continued)
`OTHER PUBLICATIONS
`
`(65)
`
`Prior Publication Data
`
`US 2014/0019758 A1
`
`Jan. 16, 2014
`
`Merriam-Webster, “processor”, 2014*
`(Continued)
`
`Related US. Application Data
`
`(63) Continuation-in-part of application No. 13/162,209,
`filed on Jun. 16, 2011.
`
`(60) Provisional application No. 61/702,292, filed on Sep.
`18, 2012.
`
`(51)
`
`(2006.01)
`(2011.01)
`(2011.01)
`
`Int. Cl.
`H04L 29/06
`H04N 21/254
`H04N 21/4627
`(52) US. Cl.
`CPC ...... H04L 63/0428 (2013.01); H04N 21/2541
`(2013.01); H04N 21/4627 (2013.01); H04L
`2463/04] (2013.01)
`(58) Field of Classification Search
`
`H04L 63/0428
`CPC .....
`USPC .......................................................... 713/1 68
`
`Primary Examiner 7 O. C. Vostal
`(74) Attorney, Agent, or Firm iMeagher Emanuel Laks
`Goldberg & Liao, LLP
`
`(57)
`
`ABSTRACT
`
`System, method and apparatus for securely distributing
`content Via an encrypted file wherein a Publisher Key (PK)
`associated with an authorized publisher enables presentation
`of the content by the authorized user Via a Limited Capa-
`bility Viewer (LCV),
`the LCV lacking the capability to
`forward, print, copy or otherwise disseminate the content to
`be presented. Various embodiments provided enhanced user
`authentication or authorization, VPN functions, collabora-
`tion techniques, automatic distribution of licenses, water-
`marking of documents, rules pertaining to content transfer
`between secure and insecure domains and combinations
`thereof.
`
`See application file for complete search history.
`
`20 Claims, 11 Drawing Sheets
`
`91L)
`
`1 ‘ Rename «m exams PD?
`1 (HA: mmdtum nr PDP "nk
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(‘5?!
`Remeve Ixmllefl
`capehlrw vlewer
`vwsram it
`"ended
`
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 2 of 25
`Case 6:20-cv-00397-ADA Document 1—1 Filed 05/14/20 Page 2 of 25
`
`US 9,455,961 B2
`
`Page 2
`
`(56)
`
`References Cited
`
`US. PATENT DOCUMENTS
`
`.................. 726/1
`11/2006 Schaefer et al.
`2006/0259949 A1 *
`2007/0240203 A1* 10/2007 Beck ..................... G06F 19/322
`726/4
`4/2008 Britt ................................ 725/87
`
`2008/0092181 A1*
`
`8,495,751 B2 >x<
`8,627,485 B1*
`
`.................... 726/29
`7/2013 Joyce et 31.
`1/2014 Phelan ............. H04N 21/26225
`380/201
`................ 709/217
`
`2001/0051996 A1 * 12/2001 Cooper et a1.
`2002/0048369 A1
`4/2002 Ginter et a1.
`2002/0059144 A1*
`5/2002 Meffert
`................... G06F 21/10
`705/51
`8/2002 Wong .................... H04L 9/0894
`380/286
`
`2002/0101998 A1*
`
`............... 709/229
`
`12/2002 Tadayon et 31.
`2002/0184517 A1
`2002/0198846 A1 * 12/2002 Lao ................................. 705/54
`2003/0009423 A1
`1/2003 Wang et 31.
`2003/0023564 A1
`1/2003 Padhye et al.
`2003/0079030 A1*
`4/2003 Cocotis et a1.
`2003/0135466 A1
`7/2003 Wang et 31.
`2003/0200177 A1* 10/2003 Kugai
`................ G06Q 20/3674
`705/51
`2003/0202679 A1* 10/2003 Rodriguez ......... H04N 1/32144
`382/100
`................. G06F21/10
`705/59
`4/2005 Woo ........................ G06F21/10
`713/189
`5/2005 speare .................... G06F 21/10
`726/4
`8/2005 Benson ................... G06F 21/ 10
`713/189
`9/2005 Reddel """""""""" 1104717037282
`9/2005 Wormington .......... G06Q 30/02
`726/27
`4/2006 Wajs ....................... G06F 21/10
`705/51
`
`2004/0193546 A1*
`
`9/2004 Tokutani
`
`2005/0086501 A1*
`
`zoos/0097359 A1*
`
`2005/0177742 A1*
`*
`
`2005/0198165 A1
`2005/0204405 A1 *
`2006/0080259 A1*
`
`2008/0240447 A1* 10/2008 Zhu ..................... H04L 63/0853
`380/279
`2008/0256368 A1* 10/2008 Ross ....................... G06F 21/10
`713/193
`
`2009/0124375 A1
`2009/0196426 A1*
`
`2010/0008500 A1*
`
`2010/0017599 A1*
`
`2010/0161997 A1*
`
`5/2009 Patel
`8/2009 Walker ................. H04N 7/1675
`380/278
`1/2010 Lisanke .................. G06F 21/10
`380/201
`1/2010 Sellars ................... G06Q 20/02
`713/ 156
`6/2010 Lee ........................... H04L 9/32
`713/189
`
`2012/0102317 A1
`2012/0102329 A1
`2012/0121236 A1*
`
`4/2012 Mathur 6t al~
`4/2012 Mlttal et a1.
`5/2012 Jeong ~~~~~~~~~~~~~~~~~~~~~~~ H04N 9/87
`386/259
`................ 709/219
`2012/0317239 A1* 12/2012 Mulder et a1.
`
`2012/0321083 A1* 12/2012 Phadke ...............
`04L 63/0428
`380/255
`
`OTHER PUBLICATIONS
`_
`_
`_
`”
`_
`DCL “DCI SpeClficatlon Errata Llstlng , 2006*
`DCI, “Digital Cinema System Specification”, “Version 1.2”, 2012.*
`Wang et a1., “A Digital Cinema Playback System Compliant with
`the DCI Specification”, 2009*
`Simeonidou et a1., “Optical Network Services for Ultra High
`Defin‘tl‘ff‘ Plgltal Med” D‘smbunon 22008
`,,
`Bloom, D1g1tal C1nema Content Securlty and the DCI , 2006*
`
`* cited by examiner
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 3 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 3 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 1 of 11
`
`US 9,455,961 B2
`
`r...“
`
`1 Server 3133:.
`
`war k
`
`
`
`€16,
`
`
`
`a,
`E“
`
`i 1 E
`
`
`
`Fig.1
`
`
`
`input
`U {DEL a":52 .n ;\J
`g
`x.
`I
`:
`L
`,
`,
`J
`
`P.“mm.
`’
`
`
`
`i UserDevice(UL})1DE§»1
`
`
`
`lntefiaces €30
`:ngmt 1" Output
`;
`Enteriaceis}
`]
`
`Communications
`
`
`
`E
`
`
`
`C-:>m eat 0 wner
`
`AME):iciaiion Engine PE
`
`
`
`MW
`Content Ccntmi Dam COD
`- Publisher Keys L321
`-~ Authorizatien Data fl...’
`
`- Come-r12 Simsumer Licensefis) CC _.
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 4 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 4 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 2 of 11
`
`US 9,455,961 B2
`
`E
`
`
`
`
`22E)-
`
`2
`
`Determine Pubiésher Key
`Associated wiih the conieni
`
`
`
`.15
`2‘0
`
`
`_ Data Fiie
`“m. .. R Receive :’ Seieet (lenient or
`
`_ Streaming Media Link 2‘ URL
`Cement Link fer Puhiicaiien
`' iI
`
`
`E.
`
`
`Ceniem Owner informaiim‘:
`
`
`
`~ Unique ED
`i
`i —Website
`3
`- Address
`§
`— Emaii
`— Author Enfonnaiien
`
` "mi
` Determine License Start and
`
`
`- Other
`3 13:5,
`
`
`
`230
`
`Lflepyright/‘Daia rights. info
`
`
`
`-9
`'.~.3rc_
`‘ “ acrypaien Type
`. resentaiioi. E legram iype
`— 5P Address Range
`~- Aim-wed {fie-mains
`
`Pam—pm...“
`
`- {3:18 or mere flies e: Einks
`
`~- Specified Pubiésher Key
`- Specified Stam'Expiry
`- Tiefed keys {types
`-v Other censsii‘eiriis.
`
`
`
`
`Expire Dates {Times
`
`249
`
`,_
`Determine any oiher iieense
`conszramts
`
`‘W
`
`Creaie Preteefied Basement
`
`
`
`3' Package
`
`-» ()ihei‘
`
`285
`
`— Emaii
`
`
`
`— FTP
`, Sireaming media
`_ Combinaiien
`
`
`Send Pretecied Document
`
`. Package'ioward autherized
`content (:orasumersl
`presenéers
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 5 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 5 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 3 of 11
`
`US 9,455,961 B2
`
`fl
`
`we 3
`
`
`
`£31.52
`
`datastructure or PDP tink
`
`i
`
`— Receive and execute PD?
`
`
`E
`
`— Guhiieher Key!
`Tiered P‘Lit)Eisré‘er Key
`E~i<.Lceraee start and
`E expiry dates
`— Lice:wee terms and
`types
`5
`~ Other
`
`
`, "1
`
`
`
`,9
`
`
`
`
`Cempare existing ticenses 031(5))
`t0 PEEP iicense requirements
`
`
`
`
`' 34c:
`
`Store data file or
`
`
`
`
`
` Generate
`
`
`Content
`§ Ceneumer
`
`
`License Request
`Sgt—fife?
`
`
`cement cawrter
`
`
`
`
`
`
`
`Send CCLR to
`Retrieve Simrteci
`inertia in pretreated
`
`
`
`content owner
`viewer
`mode of ortginat
`
`
`3 program or viewer
`
`
`program“
`
`
`
`« {lenient Consumer
`
`~ Specified Publisher
`Key
`
`Vi Deteiis
`E
`— Daymertt Beta?:3
`E Delivery detaiis:
`E Tiers
`— Other
`
`'
`E
`,
`
`streaming media
`wittm: encrypted
`temp package on
`
`lace? machine
`
`
`Present date fiie or
`
`
`
`Wait for GEE.
`
`
`from sentient
`
`
` ‘
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 6 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 6 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 4 of 11
`
`US 9,455,961 B2
`
`SEE!
`
`HG 4
`
`
`
`.:
`
`.
`
`1..
`
` — Specified Pubiisher Key
`.4.
` O
`Receive CCLR from
`
`cement mneumer
`
`-~ (hymen: Consumer
`Detaiis
`
`— Payment Detaiis
`- Beiivery deiaiis
`— Tiers
`-- Other
`
`
`42 .
`
`
`i
`
`- Interact with
`5
`cement consumer if
`‘
`
`flawed
`_ Defauyg {imfiafigns
`
`and constrais‘ds
`
`-» Other
`
`E
`I
`
`rm
`E
`g
`
`‘2
`”“3":
`§
`g
`
`‘
`
`52:3
`
`.
`_
`_
`betermme vaiidsty 9?
`request and whether to
`adapt
`c-r' c-zmsta‘ain
`
`“aqua-'3?
`
`:
`
`
`
`g
`'
`I
`5W.
`.
`
`
`
`455
`- Irzteyact with
`
`content owner if
`needed
`_ Financia! terms
`
`— Diner
`
`
`
`w...
`
`,
`m
`
`Generate Lament
`Lonsumer LECGHSQ
`
`
`E
`
`Ti'eansmifi CCL
`towards requesior
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 7 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 7 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 5 of 11
`
`US 9,455,961 B2
`
`5m}
`
`Fifi 5
`
`
`
`E i3
`
`Content Own-:2: information
`—
`ideniifieation
`,
`— waists:
`» Addre3s
`— Auiharized Paint of Contact
`- Emaii
`» Author information
`
`-- {Sagayrightfil‘esia rights; info
`~ Number of Pubiisher Keys
`requested and key iypis‘:
`
`
`51:)
`
`a
`'
`/ g
`
`Create Pubiiqher
`J ‘7
`“,..'.
`ixe Recues'i PKR‘:
`y
`“‘4
`i
`’
`-
`
`U"
`
`
`
`53
`— interact with content owner if
`ieeded
`.
`.
`,
`{Jefauit iimitatiens and
`constraints
`
`i
`
`i
`
`“*5:
`it“ ’
`
`
`PKV determines; if request is
`vaiici and zidapi f constrain as;
`
`g
`
`
`C)55
`
`- Other
`
`N0
`
`“ " '5‘5' “end ermr 1' ciemzii
`
`/ x.)\
`g “18532.98WWW
`
`
`N,
`,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
`r
`
`
`generate encrypted Put-fisher
`
`
`
`quantity and iype: and Publisher
`
`
`
`Unique Scientificaiion
`
`
`
`
`
`'i'i‘anesmii F’Ki's} in:
`
`the requesior
`
` Requester determines PKfis)
`
`
` -
`
`
`iiiszii'ibiii'icm iistss and
`
`disiiibutes PMS)- as
`
`
`
`aperopi'iaie
`
`
`
`q (
`
`! Keyis} PKofappmpriate
`
`_
`
`owneiifneeded
`Jfinanciai Terms
`wither
`
`'
`i
`
`
`
`
`
`~ Coiieague
`— Cusiemeifpastner
`~ Authorized Pubiisher
`
`»- Menibizzr 0f euthgiized group
`~ Gther
`
`Recipients 1' Distribution iisi
`members register PMS.) m
`their respective PM(S)
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 8 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 8 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 6 of 11
`
`US 9,455,961 B2
`
`690
`
`45 Eli Eneiygied
`riie
`
`
`
`\
`,
`H9 3-
`"40
`;
`'
`“50
`
`3
`L
`
`636
`
`
`128 Bit Encryptetfi
`Local
`
`
`pa ckage EH23}
`File View Data Fiies in
`
`Enenjp led
`n
`"View Mode“.
`
`
`‘ Sph‘pifififll Publisher Key
`E PK
`
`Data is View Only.
`
`NU Piintirig,
`“W 1
`1,
`.
`.
`
`r
`
`
`E One or Mme Data i Ewing: ECWHQ-
`
`Media; Files (lenient
`
` , J su 191’ can View ail
`.__ peiz'riils Curileni
`
`
`Security tier for
`dale and media files in
`
`Publicaiion
`
`PUP wnh 2m specified
`
`
`Lialailviedia {has
`_
`,
`.
`publisher key Eéi
`Engme 33E;
`
`T
`.
`.
`,
`("on‘lept
`Siibjeai if: license and
`
`
`btarl Date and EXP“
`I
`U ~
`I
`PD? conslwinls. Each
`Date for PDP
`Ow near)
`aequeslati data 01
`
`
`media He is exlracied
`
`from PUP in encrypted
`Docurnem
`
`Burma! fur seuuse
`
`Package PD?
`Viewing.
`
`
`lu-It-huinwnmmud
`V
`
`
`6‘58
`
`128 Bit Encrypted
`package {Conteni
`Consumer Ligense
`file gm
`
`
`
`LEW W“
`
`4 .\o\yil~l\.
`
`3‘94
`
`Fla 4:
`1‘50
`,,
`
`Preseniaiior:
`aduie PM
`
`VM
`
`,‘
`‘umlieni
`Camsumer)
`
`E
`
`
`Transmitlet?
`via Emaii
`web, CD, or
`Giiier meihod
`
`611G!
`
`3
`1
`
`
`-
`
`fig: 3-
`‘
`l_i(,€l
`:7:-
`,
`_
`“W
`a Requesi i‘ifloduiszs
`
`
`. LRM gCQnieni
`§ n
`,
`5 bonsumer)
`...
`
`
`
`r
`Csnienl
`\
`r
`,
`,.
`Lonsume.
`“84183
`“fl“???
`,r‘ ..
`x
`wuw.
`:
`
`
`
`
`
`~
`
`_
`:
`-
`
`,
`
`123 Bit Encrypted
`package (Cement.
`Cansumes‘ License
`Cr 6
`i :3
`'- i
`-
`.
`t,,s£,<:._i.o(:l Fuelshor
`hey PK
`'* mm
`Content Consumer
`identifying Deiaiis:
`,
`,
`Name, Email,
`,
`.
`Cornpuzer ivlar-zware
`Signaling, User
`specific signatur".
`‘
`53:1:
`
`U:
`‘EsType, User
`
`-
`1:. Compuiez.’
`Specific, Both, or
`
`Neiiher (Open Key)
`
`I5
`
`)
`
`
`
`
`
`'l‘i'ansmiiled
`via email,
`web, CD. or
`other method
`
`630-
`
`
`
`
`
`
`
`F163 4:
`Licensing
`Pic 4’;
`5450
`$15 3% Engine LE.
`r ‘.«.»+
`-
`1
`'
`:1! Owner Grams
`42C-
`RC’U” ”gm
`peimmbmn if} cunlent
`Owner)
`
`consumer. Fem sion 1:2m
`he pc Spec.
`. _
`.r specsfic.
`
`
`btrlli. or rae' Ker. Oziier
`Cf.
`lrainls such as tier and
`'vc. Sales can else be
`
`eti.
`
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 9 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 9 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 7 of 11
`
`US 9,455,961 B2
`
`Fig.1?
`
`2139,
`
`(31311113111 coneumer
`seéects szpemfic
`cement €119
`€131
`accese from PEP
`
`.726
`
`Se.e! cied c011feet is
`
`deg:mypted it) 21
`temporary file on iiie
`system RAM, or
`either
`
`a
`
`,m
`
`g Presen ted using
`methode 1‘01
`trensferré11g data
`’ be?ween app'ications
`
`such as OLE. SDE.
`3 01011113;
`
`23c:
`
`”we
`
`5
`
`Seiecfiedee:atent is stared in a temp
`1‘11e (encrypted 01' unencrypted, Stand
`aicne fiie er database €116): and
`presented in protected made
`
`
`J
`
`
`1131
`Rei1123115 Limited
`
`(32113511311111; Viewer
`14-:0:11am 1f11‘eded
`
`g
`
`
`
`
`
`D
`
`Temp {He is deleted.
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 10 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 10 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 8 of 11
`
`US 9,455,961 B2
`
`Fig. 8
`
`£9.91
`
`§Z§
`
`Presented using
`OLE, DEE er oiher
`
`”numnmmmm
`
`,,,,,,,,,,
`
`
`Centem censumer
`
`
`
`selects specific
`centem féie for
`access from PEEP
`
`
`
`
`..........
`
`
`
`
`Retrieve {imited
`Seiemed comem
`
`
`presented in
`eapebiiifiy viewer
`program if needed
`preteefied mode
`
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 11 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 11 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 9 of 11
`
`US 9,455,961 B2
`
`
`
`- Receive and execute PDP
`data structure or PDP link
`
`
`
`
`Compare existing licenses (CCL(s))
`to PDP license requirements
`
`\¢
`'- \\\\xx“““m““““““mmmm“““mmmxx““mmm
`
`\\\\\\\\\\\\\\\\\\m\\\\\\\\\\\\\\\\\\\m\\\\\\\\\\\\x
`
`- Publisher Key/
`Tiered Publisher Key
`_- License start and
`expiry dates
`- License terms and
`
`types
`- Other
`
`
`,1IIrmI”I’mrflz/Imtaamflflflm
`
`\‘ ‘3‘;
`Yes £\
`\\\\\\\\x\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
`\\\\\\\\
`fl \\\No
`OK?
`xxx/xxx/x/mmd
`
`.
`
`
`
`\\\\\\\\\\\\\m\\\\\\\\\\\\ /azzz/
`
`\x“‘
`
`rm\\\\\\\\\\\mw§wm\\\\\\\\\\\
`00 0)O
`
`onsumer
`
`License Request
`
`
`m-
`
`Enhanced User
`Authorization and
`. Authentication EUAA
`-Biometric
`-Smartcard/USB
`
`”44/11/1111,
`
`
`
` rF xxm
`
`3 0
`
`Store data file or
`
`\ 7
`
`streaming media
`within encrypted
`temp package on
`local machine
`11,111,”5
`
`
`,,
`E
`
`Present data file
`E E
`or media in
`Retrieve limited
`
`
`
`
`will/”Wanyway/ml,
`
`/
`
`
`, M‘s\
`
`A
`\\\\\\\\\‘
`
`
`
`E
`
`- Specified Publisher
`Key
`- Content Consumer
`E
`.
`\ Details
`E
`- Payment Details
`- Delivery details
`- Tiers
`E
`- Other
`I
`kxxxmxxxxxxxxxxxxxxxxxxmxxxxxxxxxxxmxxxxxmxxx
`
`900
`
`\maI”ll/1,11,,””mum/”lam
`
`.IIIIIIIIIIIIIIIIIIWIWfllllllmnmmflm, I”,/WW””.mflfimmumflm
`II/16mlllllllllllllllllllmlllll/Illllll
`
`-GPS coordinates
`-other
`
`content owner
`7
`mm\\
`\
`\\m\\\\x EF
`
`/ I
`
`protected mode
`of original
`program or
`vrewer program
`
`
`\\\:‘xxx
`E
`E
`
`capability viewer
`program if
`needed
`\\\\\\\\\\\\x\\\\\\m\\\\\\\\\\\\\\\\\\m\\\\\
`
`Send CCLR to
`content owner
`E,2
`Er5
`
`
`
`\\\\\\\\\\\\W\\“\“\\“
`
`
`
`xx“
`.
` Yes
`
`\\\\\\\\\\\\\\\\\\‘
`- No\\
`fl
`CCL
`
`
`\\\\\\\\\\\\\\\W\\\\\\\\\\\\\\\\“
`Received ? f ‘
`
`
`
`Wait for CCL
`from content
`owner
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 12 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 12 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 10 of 11
`
`US 9,455,961 B2
`
`
`
`x“axxx\“axx“m“\mxmu“\\mxxxxmxxmnxxmnxxxmx“
`
`410
`
`Receive CCLR from
`content consumer
`
`mxxmxxmxxmxxmxxw\\\m\\m\\m\\m\\m
`\
`(/nv
`
`my,,m,,,,,,,,,,,,m,,,,,,,,,,,,,mm”,,
`
`
`
`fl
`
`- Specified Publisher Key
`- Content Consumer
`Details
`
`- Payment Details
`- Delivery details
`- Tiers
`- Other
`. \\\\w\\\\w\\\\vs\\\\w\\\\w\\\\vs\\\\\vs\\\\w\\\\vs\\\\\vs\\\\w\\\\w\\
`
`g -
`
`71w1[Imam/Ia]III/mIII/wliz/ma/Imz/Ima/Mm/I/.
`
`Interact with
`content consumer if
`needed
`-
`-
`-
`- Defaultllmltatlons
`and constraints
`W\\m\\m\\W\\\W\\m\\m\\w\\m\\m\\w
`th
`
`”Ml/IIMIIIIAIIIIIIAIIIIIMl/llm/I/IM/IIMIIIIMIIIIn
`
`IIImIIIImlIIImlIImlIIImlIIIacr/IImil/IMIIIIMVIIIIMVIIIMIIII
`m\\\\v\\\\\\,m,,,”m,,méfflnflflmflflmm
`//I//////I////////////I
`
`
`fl
`
`
`zwn/mw/mw/I/
`
`Determine validity of
`“Mk;
`request and whether to
`\\\“‘“
`§
`ada t or constrain
`E
`re upest
`3
`q
`w\\\\w\\\wux\\x\w\\\w\\\\w\\\\w:\\\\zzwx\\\\w\\\\w:\\\\\w\\\w\\\\w\\\\w\\\
`”11/
`Qs\
`w“\
`x \
`430
`“‘
`«4"»
`—
`g
`\
`v?“
`\\ Valid? We"
`.919“
`w“
`
`anwmmnwmnwm/Itmmnwmnwmm
`
`l M
`
`1010
`
`- Enhanced User
`Authentication and
`Authorization EUAA
`
`mmmmnwmnwmmmnwmnwmmm
`
`Databases
`-Biometric data
`-GPS coordinates
`-Other
`
`
`\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\:
`
`”luau/11111111; \‘
`-<mflay/9”,”
`
`“w.\\\\v.“WNW“\\\\\m\\m\\\m\\\\m\\\\m\\\-
`
`m
`
`owl/vimmnv/Iwnvllvlm
`
`Send error / denial
`
`message
`\\\\“\\\\m\\\\m\\\\“\\\\\“\\\\m\\\\m\\\\“\\\\m\\\\\
`
`I
`
`—
`
`m\\\\m\\\m\\\\m\\\\m\\\
`
`\xxxmxxxxmxxxxmxxxmxxw
`
`@ G
`
`“
`
`warm/”twin”
`gymmlulww/
`
`enerate Content
`Consumer License
`\\\w\\m\\m\\w\\m\\m\\w\\m\\m\\
`CCL
`
`‘IIAWMWIMIAWIMIAWMWIM
`
`limit/11y/.
`xx“mx“m“xm“x“xxmmwmxxxmmm ‘
`5’“
`§i
`
`fl
`
`Transmit CCL
`
`towards requestor
`§
`ti.“xxxxmxxxmxxxwxxxxmxm\xxmxxxmxxmmxm
`
`I”m”mowImw/Imv/I/mw/I/
`
`t g
`
`,t
`gtt
`gtt
`gt
`gtt
`g,§
`§§
`t,§
`t,§
`
`4i
`
`- Interact with
`content owner if
`needed
`- Financial terms
`- Other
`\m\\woA\m\\m\\m\\m\\m\\m\\\m\\m\\
`
`t_
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 13 of 25
`Case 6:20-cv-00397-ADA Document 1—1 Filed 05/14/20 Page 13 of 25
`
`U.S. Patent
`
`Sep. 27, 2016
`
`Sheet 11 0f 11
`
`US 9,455,961 B2
`
`z\W\\\\\\\\\\\\W\\\\\\\\\\\\W\\\\\\\\
`5
`
`1110
`
`z”a”anally/mum”
`
`Content (Data,
`documents, etc)
`
`IIIII/Illlllilllllmllllll
`
` w
`
`ublisher Keys PKs
`
`lP
`
`l
`
`iVV
`ES
`gV
`
`t aS gt
`
`Content Transfer (Email,
`device interface , USB, CD,
`Web Transfer, File Transfer,
`Messaging, data download
`from VPN, other)
`
`4
`
`V,IWill/IIIIIIII(till/WIII/III/Illllllllllmllll
`
`Inside Network,
`Domain, “Trusted
`area”, other
`
`oI,,5»o“~°"”§|§:ta MM
`No
`@1130 allowed for \\\\
`unprotected
`Q\\
`\ \Transfer7 “as”
`
`\\\\
`
`—\ i .p.c
`
`,,,,,,m,,,,/&,,,,,,,,,,,,......um\\\\\\\\\\\m§m\\\\\\\\\\
`Create PDP with the
`
`Content
`
`“Trusted Area” Boundary
`VVV
`VVV \VV VV VVV
`\VV \VV VVV VVV
`\VV VVV NV VVV VVV
`
`VVV
`
`VVV
`
`.VVV
`
`VVV
`
`.VVV
`
`.VVV
`
`VVV
`
`VVVV
`
`VVV
`
`“VV VV VVV VV- m VV VVV
`
`VVV
`
`VVV
`
`\VV VVV VV
`
`
`.VV VVV VVV VVV
`
`
`
`Outside Network,
`OutSide Domain,
`“Non Trusted area”,
`other
`
`r\\\\\\\m\\\\\\\\\\\\\\\\\\\
`\\\\\\\\\\\\\\\\m\\\\\\\\
`
`
`1150
`
`Content Consumer
`
`III/IlllllilllllmwlIII/Illllllll/
`
`A\\\\\\\W\\\\\\\\\\\\\\\\\\W\\\\\\\\\\\\\\\\\\W\\\\\\\\\\
`
`«s;_____
`
`,m,,,,,,,,,,,,,,7wm”WW/,2/
`
`FIG. 11
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 14 of 25
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 14 of 25
`
`US 9,455,961 B2
`
`1
`SYSTEM, METHOD AND APPARATUS FOR
`SECURELY DISTRIBUTING CONTENT
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a continuation-in-part of pending US.
`patent application Ser. No. 13/162,209, filed on Jun. 16,
`2011, entitled SYSTEM, METHOD AND APPARATUS
`FOR SECURELY DISTRIBUTING CONTENT, and claims
`the benefit of Provisional Patent Application Ser. No.
`61/702,292,
`filed on Sep. 18, 2012, entitled SYSTEM,
`METHOD AND APPARATUS FOR SECURELY DIS-
`
`10
`
`TRIBUTING CONTENT; both prior applications are incor-
`porated herein by reference in their entireties.
`
`15
`
`FIELD OF THE INVENTION
`
`The invention relates generally to the distribution of
`content and, more specifically but not exclusively, protecting
`such content from redistribution or re-presentation.
`
`BACKGROUND
`
`The various techniques exist for secure content distribu-
`tion. Such techniques include password protection of con-
`tent (e.g., password protection of a document or media file),
`access restrictions associated with content (e.g., usemame
`and password requirements associated with a web portal)
`and so on. Some of the techniques require proprietary
`software or middleware executed at a client device. Other
`
`techniques require real-time user authentication via an
`authentication server or other device connected to a client
`via a network such as the Internet.
`
`SUMMARY
`
`Various deficiencies in the prior art are addressed by
`systems, methods and apparatus providing secure content
`publication and presentation capabilities. One embodiment
`of a method for securely distributing content, comprises
`generating an encrypted file including content or a link
`thereto, and a Publisher Key (PK) associated with presen-
`tation of said content by an authorized user via a Limited
`Capability Viewer (LCV); and propagating the generated
`encrypted file towards a user. The LCV may comprise 1) a
`program specifically designated to consume content while
`restrict editing, printing, copying, etc. of content; or 2) a
`native program for consuming content which is used in a
`restrictive mode to restrict editing, printing, copying, etc of
`content. Only users who have a Content Consumer License
`(CCL) compatible with the encrypted PK may access and
`consume the content. The CCL may be distributed via
`hardware or
`software. Various embodiments provided
`enhanced user authentication or authorization, VPN func-
`tions, collaboration techniques, automatic distribution of
`licenses, watermarking of documents, rules pertaining to
`content transfer between secure and insecure domains and
`combinations thereof.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The teachings herein can be readily understood by con-
`sidering the following detailed description in conjunction
`with the accompanying drawings, in which:
`FIG. 1 depicts a high-level block diagram of a system
`according to one embodiment;
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`FIG. 2 depicts a flow diagram of a secure content publi-
`cation method according to one embodiment;
`FIG. 3 depicts a flow diagram of a secure content pre-
`sentation method according to one embodiment;
`FIG. 4 depicts a flow diagram of a method for processing
`a content consumer license request suitable for use in
`various embodiments;
`FIG. 5 depicts a flow diagram of a method for processing
`a publisher key request suitable for use in various embodi-
`ments;
`FIG. 6 graphically depicts an embodiment of the inven-
`tion;
`FIG. 7 depicts a flow diagram of a method for opening a
`Protected Document Package (PDP) and presenting content
`via a temporary file;
`FIG. 8 depicts a flow diagram of a method for opening a
`Protected Document Package PDP and presenting content
`directly;
`FIG. 9 depicts a flow diagram of a secure content pre-
`sentation method according to one embodiment;
`FIG. 10 depicts a flow diagram of a method for processing
`a content consumer license request suitable for use in
`various embodiments; and
`FIG. 11 graphically depicts an embodiment of the inven-
`tion.
`
`To facilitate understanding, identical reference numerals
`have been used, where possible,
`to designate identical
`elements that are common to the figures.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`A secure content distribution capability is depicted and
`described herein. The secure content distribution capability
`enables efficient and secure distribution of content to spe-
`cific users for a limited purpose, such as presentation of a
`securely distributed document upon a presentation device.
`The securely distributed documents may not be printed by
`specific users or forwarded to other users for presentation,
`printing or other purposes.
`Although the secure content distribution capability is
`primarily depicted and described herein within the context
`of a specific document format, it will be appreciated that the
`secure content distribution capability may be used for dis-
`tributing documents according to various other formats.
`Broadly speaking, the secure content distribution capability
`may be used to securely distribute any type of content
`including documents or files according to various formats,
`as well as streaming media such as audio and/or video and
`other active content.
`
`The various embodiments include methodologies imple-
`mented in software and/or hardware for securely distributing
`content such as documents between content owners or other
`content source entities and content consumers. These secu-
`
`rity methodologies provide user specific authentication,
`machine specific authentication and the like to ensure that
`only a specific user, or a specific user machine, or a specific
`user on a specific user machine is authenticated to access the
`secure content. Moreover, the security methodologies pre-
`vent users from printing, copying, modifying or saving the
`protected documents, and are capable of providing security
`within and across corporate networks and other domains.
`For example, where protected documents or files are sent to
`other users via email or other transfer means, the documents
`or files are unreadable by recipient without permission of
`content owner.
`
`
`
`Case 6:20-cv-00397-ADA Document 1-1 Filed 05/14/20 Page 15 of 25
`Case 6:20-cv-00397-ADA Document 1—1 Filed 05/14/20 Page 15 of 25
`
`US 9,455,961 B2
`
`3
`The various embodiments contemplate that securely dis-
`tributed content, documents or other files is presented using
`Limited Capability Viewer LCV for viewing in a native
`content, document or other file format. For example, a
`Microsoft PowerPoint file protected according to various
`embodiments may be viewed using the end user’s Microsoft
`PowerPoint or Microsoft PowerPoint Viewer program.
`Thus, all animations, multimedia, and other dynamic content
`are preserved and the end user will get a true presentation
`experience. However, all content
`is fully encrypted and
`protected while opened by the user and also during trans-
`mission from the content owner to the user. Similarly,
`Microsoft Word, Excel, Visio, and other files which are
`protected by the software will be viewed using correspond-
`ing native programs while protected.
`A protected document package can have one or multiple
`files. These files can be grouped into tiers of security level
`so that end users can access only the files they are specifi-
`cally authorized to access. A protected document package
`may comprise a database including varying one or more
`content files, wherein the one or more content files are
`extracted from the database prior to secure presentation via
`the Limited Capability Viewer LCV program.
`It is noted that the content owner does not need to know
`
`all the end users before creating the protected document
`packages. In this manner, the various embodiments elimi-
`nate a need for a common, central user management service
`while allowing for easy within domain, cross-domain, and
`cross-company sharing of protected documents.
`It is noted that there is no requirement for online verifi-
`cation of a user prior to secure presentation of a protected
`document package. Keys and other data structures adapted
`for enabling secure presentation of the protected document
`package may be distributed prior to secure content presen-
`tation or after an attempt to securely present the content.
`Moreover, multiple keys of different types are employed
`within the context of the various embodiments to enable a
`
`flexible mechanism for securely presenting content.
`FIG. 1 depicts a high-level block diagram of a system
`according to one embodiment. Specifically, the system 100
`of FIG. 1 contemplates a plurality of user devices 105
`communicating with each other via the network 106. In
`various embodiments, the user devices 105 optionally com-
`municate with a server 107 via the network 106.
`
`The plurality of user devices 105 are denoted as user
`devices 105-1, 105-2, 105-3 and so on up to 105-N. In the
`embodiments discussed herein, each of the user devices 105
`is configured in substantially the same manner in terms of
`hardware, software, resources and the like. However, it will
`be appreciated by those skilled in the art that the various user
`devices 105 may comprise different classes of user devices
`such as computers, mobile devices, smart phones, set-top
`terminals, heavy clients, light clients and so on. Generally
`speaking, a user device 105 is simply a device capable of
`operating in accordance with one or more aspects of the
`present invention, and many different user device configu-
`rations may be used at the same time.
`As depicted in FIG. 1, each user device 105 includes a
`processor 110, a memory 120, communications interfaces
`130 and an input-output (I/O) interface 140. The processor
`110 is coupled to each of memory 120, communication
`interfaces 130, and I/O interface 140.
`The processor 110 is configured for controlling the opera-
`tion of user device 105, including operations supporting the
`secure content publication and presentation capabilities
`described herein with respect to the various embodiments.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`The memory 120 is configured for storing information
`suitable for use in providing the advertising presentation and
`transaction capability. Memory 120 may store programs
`121, data 122, content 123 and the like. Within the context
`of the various embodiments, the programs 121 and data 122
`may vary depending upon whether the user device 105 is
`operating as a content owner, or a content consumer or both.
`When a user device 105 operates in a content owner or
`content source mode of operation, the programs 121 may
`comprise a publication engine PE, a licensing engine LE
`and/or other programs adapted for implementing the secure
`content
`sourcing/publication methodologies
`described
`herein. Similarly, in the content owner or content source
`mode of operation,
`the data storage 122 may comprise
`content control data CCD, publisher keys PK, authorization
`data AD and/or other data adapted for implementing the
`secure
`content
`sourcing/publication methodologies
`described herein. The content storage 123 may include
`content, uniform resource locators (URLs) or other data
`structures pointing to content, to be securely published and
`transmitted toward one or more user devices 105 operating
`in a content consumer mode.
`
`When a user device 105 operates in a content consumer or
`content destination mode of operation, the programs 121
`may comprise a presentation module PM, a license request
`module LRM and/or other programs adapted for implement-
`ing the secure content consumption/presentation methodolo-
`gies described herein. Similarly, in a content consumer mode
`of operation, the data storage 122 may comprise one or more
`Content Consumer Licenses CCL and/or other data adapted
`for implementing the secure content consumption/presenta-
`tion methodologies described herein.
`Generally speaking,
`the memory 120 may store any
`information suitable for use by the user device 105 in
`implementing one or more of the secure content sourcing/
`publication methodologies described herein, the secure con-
`tent consumption/presentation methodologies described
`herein or other functions.
`
`The communications interfaces 130 may include a loca-
`tion signaling interface such as a global positioning GPS and
`or cellular telephone tower triangulation system to deter-
`mine the location of the user device 105.
`The communications interfaces 130 include one or more
`
`services signaling interface such as a Wi-Fi or WiMAX
`interface, a 3G wireless interface, a 4G wireless interface, an
`Ethernet interface and the like for supporting data/services
`signaling between user device 105 and the network 106. It
`will be appreciated that fewer or more, as well as different,
`communications interfaces may be supported. The various
`communications interfaces 130 are adapted to facilitate the
`transfer of files, data structures, messages, request and the
`like between various entities in accordance with the embodi-
`ments discussed herein.
`
`It will be appreciated that the various embodiments do not
`require a continual online presence. Once content consumer
`has received CCL from content owner (whether via hard-
`ware or software), the content consumer can be completely
`disconnected from all networks and communication inter-