`Case 6120'CV'00397'ADA D"wml‘llllllllllfilllflllllllflllllllfllfilillIfllfillll’lllllllflll'llll||||||||
`
`US0096151 l6B2
`
`(12) United States Patent
`US 9,615,116 B2
`(10) Patent N0.:
`
`Phadke et a].
`(45) Date of Patent:
`Apr. 4, 2017
`
`(54) SYSTEM, METHOD AND APPARATUS FOR
`SECURELY DISTRIBUTING CONTENT
`
`6,336,189 B1 *
`
`6,772,340 B1 *
`
`1/2002 Takeda ................ G06F 21/6209
`726/2
`8/2004 Peinado .................. G06F 2l/10
`
`(75)
`
`Inventors: Madhav S. Phadke, Colts Neck, NJ
`(US)- Kedar M. Phadke Colts Neck
`NJ (GS)
`’
`
`’
`
`.
`(73) ASSlgnee3 PASAFESHARE LLC: COItS NeCks NJ
`(Us)
`.
`.
`.
`.
`Subject to any d1scla1mer, the term of th15
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`.
`( * ) Not1ce:
`
`(21) Appl. No.: 13/162,209
`~
`.
`Ffled‘
`
`(22)
`
`Jun'16’ 2011
`,
`,
`,
`Pm" PUbhcatlon Data
`US 2012/0321083 A1
`Dec 20 2012
`.
`’
`
`(65)
`
`(51)
`
`Int Cl
`H04K 1/00
`H04N 21/254
`H04L 29/06
`H04N 21/4627
`(52) US. Cl,
`CPC ..... H04N 21/2541 (2013.01); H04L 63/0428
`(2013.01); H04N 21/4627 (2013.01); H04L
`2463/04] (2013.01)
`
`(2006.01)
`(2011.01)
`(2006.01)
`(2011.01)
`
`(58) Field of Classification Search
`CPC ......... H04L 2209/603; H04L 29/06482; H04L
`67/04; H04L 2463/0552; G06F 21/10
`USPC ..........................................................: . 380/255
`See appl1cat1on file for complete search h1story.
`,
`References Clted
`US. PATENT DOCUMENTS
`
`(56)
`
`6,069,957 A *
`
`6,185,684 B1*
`
`5/2000 Richards ............... H04L 9/0836
`380/210
`................ 713/182
`
`2/2001 Pravetz et a1.
`
`380/201
`7/2005 Doherty .................. G06F 21/10
`6,920,567 B1*
`707/999104
`7,130,831 B2* 10/2006 Howard .................. G06F 21/10
`705/57
`4/2008 Rowe .................. G06F 21/6218
`380/284
`3/2012 Zhu ..................... H04L 63/0853
`380/279
`1/2002 Nemovicher ....... H04L 12/5875
`713/155
`4/2002 Ginter et a1.
`................. 380/277
`
`7,359,517 131*
`
`8,132,020 B2*
`
`2002/0007453 A1*
`2002/0048369 A1 *
`
`9/2002 Samaan ............. H04N 7/17318
`2002/0138843 A1*
`725/87
`2002/0184517 A1 * 12/2002 Tadayon et a1.
`.............. 713/200
`
`2003/0009423 A1*
`1/2003 Wang et a1.
`..... 705/51
`2003/0023564 A1*
`l/2003 Padhye et a1.
`..... 705/54
`
`2003/0135466 A1*
`7/2003 Wang et a1.
`........ 705/51
`3/2004 Walker .................... H04L 63/10
`2004/0054930 A1*
`726/30
`
`..
`
`2004/0193546 A1 *
`
`9/2004 Tokutani
`c t.
`d
`( onlnue )
`
`................. G06F 2l/10
`705/59
`
`Primary Examiner 7 Glenton B Burgess
`Assistant Examiner 7 Tariq Najee-Ullah
`(74) Attorney, Agent, or Firm 7 Meagher Emanuel Laks
`Goldberg & Liao, LLP
`
`ABSTRACT
`(57)
`System, method and apparatus for securely distributing
`Content Via an encrypted file wherein a Publisher Key (PK)
`associated with an authorized publisher enables presentation
`of the content by the authorized user Via a Limited Capa-
`bility Viewer (LCV),
`the LCV lacking the capability to
`forward, print, copy or otherwise disseminate the content to
`be presented.
`
`32 Claims, 8 Drawing Sheets
`
`m
`, Recewe and examie PDF
`data auuaure ar PDP link
`
` 325
`- Publisher Key/
`iiered Fubhsher Key
`flCompare exisiine licenses (CCL(s))
`, License eiari and
`expiry date:
`1a PDP heens: vequ111111Is
`- Umnsa Dams and
`Miss
`- Omar
`
`
` ms
`
`17——
`iars new are or
`streaming media
`wimin encrypled
`«amp Package on
`lanai machms
`
`
`3§§
`
`-specmeu PubHshar
`enereie
`. on
`(mutant
`
` <7 D213
`0eeeeeee
`
`» Faymeni DeiaHs
`Luz/is: Request
`. Delively delzils
`§£LB 1m
`mars - Olhei
`
`mniem awner
`1
`310
`SigRemeve Nmned
`Send CCLR to
`comm: owner
`mode oiongme1
`capabihty Viewer
`program arviewev
`needed
`program it
`\l/
`Diagram
`imm ouniani
`owner
`
`
`
`
`
`
`Em
`
`0 y 915
`
`
`
`mG
`
`
`SIDE CCL
`391‘
`(_Ves
`
`
`CE)
`
`Retelved ?
`:59 ca
`
`
`
`
`
`
`
`m Wiltiarch
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 2 of 19
`Case 6:20-cv-00397-ADA Document 1—2 Filed 05/14/20 Page 2 of 19
`
`US 9,615,116 B2
`
`Page 2
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`2005/0185792 A1*
`
`8/2005 Tokutani
`
`2006/0080259 A1*
`
`2006/0080453 A1*
`
`4/2006 Thukral
`
`2007/0174203 A1*
`
`............. H04L 63/0442
`380/30
`4/2006 Wajs ....................... G06F 21/10
`705/51
`........... H04N21/47202
`709/231
`7/2007 Oho ........................ G06F 21/10
`705/59
`2007/0240203 A1* 10/2007 Beck ..................... G06F 19/322
`726/4
`2007/0269044 A1* 11/2007 Bruestle .................. G06F 21/10
`380/54
`2/2008 Morris .................... G06F 21/10
`705/59
`2008/0240447 A1* 10/2008 Zhu ..................... H04L 63/0853
`380/279
`5/2009 Patel
`............................... 463/29
`
`5/2011 Issa ................... G06F17/30011
`709/223
`................ 713/156
`713/176
`
`2008/0040283 A1*
`
`2009/0124375 A1*
`2011/0119361 A1*
`
`2012/0102317 A1*
`2012/0102329 A1*
`
`4/2012 Mathur et al.
`4/2012 Mittal et al.
`
`.
`
`* cited by examiner
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 3 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 3 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 1 of 8
`
`US 9,615,116 B2
`
`m
`
`J?
`
`"j
`
`l Serverflz l
`5
`'vf/
`Network
`106
`_
`
`
`
`T? I?
`UD
`l L.
`l
`3’ 1052
`l
`'3
`E
`E Lflflw)
`3
`1
`l
`i
`{__a
`
`UD
`105—3
`g
`a
`tl’
`UD
`105-N
`
`User Device (UD) 105—1
`
`a“
`
`I
`
`..
`
`.
`
`Programs __
`'
`'
`W
`- Publication Engine Pg
`— Licensing Engine i
`
`Content Consumer
`— Presentation Module m
`« License Request Module LRM
`»
`Data Storage fl
`
`W -
`
`Content Controt Data CCD
`
`- Authorization Data fl
`
`- Publisher Keys %
`
`Content Consumer
`
`- Content Consumer License(s) CCL
`
`Content Storage 1 3
`
`{'WM‘WMM
`
`I
`
`Presentation
`Device(s) @
`
`
`
`_
`
`M
`3
`Device(s) @J
`
`
`
`Input
`
`:1» v"
`
`m
`'
`
`Processor(s)
`Input! Output
`
`Interface(s)
`fig
`Memorym
`
` <—~~~~~~~~~~~~~ :
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 4 of 19
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 5 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 5 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 3 of 8
`
`US 9,615,116 B2
`
`2&9
`
`FIG 3
`
`
` 10
`
`- Receive and execute PDP
`
`
`data structure or PDP link
`
`
`Sfi
`
`
`
`
`
`30
`
`
`
`Compare existing licenses (CCL(s))
`
`to PDP license requirements
`
`— Publisher Key I
`Tiered Publisher Key
`— License start and
`
`expiry dates
`— License terms and
`
`types
`« Other
`
`
`
`35
`
`~ Specified Publisher
`Key
`- Content Consumer
`Details
`
`— Payment Details
`- Delivery details
`- Tiers
`- Other
`
`
` 350
`Generate
`| Store data file or
`
`streaming media
`Content
`
`“=62...”
`
`
`within encrypted
`Consumer
`
`
`temp package on
`License Request
`
`
`
`locat machine
`91.2.3 for
`
`content owner
`
`
`
` 50
`fl
`
`
`3_5_5
`Present data file or
`
`Send CCLR to
`Retrieve limited
`media in protected
`
`
`
`
`content owner
`mode of original
`capability viewer
`
`
`
`program or viewer
`program if
`
`
`
`needed
`program
`
`
`
`
`3.119
`
`Wait for CCL
`
`from content
`
`owner
`
`
`£312 CCL
`Received ?
`
`
`
`\5’1
`
`395
`
`Exit
`
`fl
`
`Store CCL
`
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 6 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 6 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 4 of 8
`
`US 9,615,116 B2
`
`9&9
`
`FIGII
`
`
` 51E
`
`- Specified Publisher Key
` 410
`
`- Content Consumer
`Receive CCLR from
`Details
`
`
`content consumer
`
`
`
`- Payment Details
`- Delivery details
`- Tiers
`
`
`
`
`
`
`
` 25
` 4—20
`- Interact with
`
`
`content consumer if
`Determine validity of
`
`needed
`request and whether to
`
`
`- Default limitations
`adapt or constrain
`
`request
`and constraints
`
`
`— Other
`
`
`
`
`
`
`
`
`
`
`message
`
` 55
`
`
`
` - Interact with
`
`content owner if
`
`
`Generate Content
`needed
`
`
`
`Consumer License
`- Financial terms
`
`CCL
`
`- Other
`
`
`
` 60
`
`Transmit CCL
`
`
`towards requester
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 7 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 7 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 5 of 8
`
`US 9,615,116 B2
`
`00
`
`FIG 5
`
`fl
`
`
`
`Content Owner Information
`-
`identification
`- Website
`Address
`- Authorized Point of Contact
`- Authorlnformation
`
`- CopyrightIData rights info
`- Number of Pubiisher Keys
`requested and key type
`- Other
`
`5‘]
`
`Create Publisher
`
`Key Request (PKR)
`
`520
`
`Send PKR to Publisher Key
`. Vendor (PKV)
`
`53
`
`valid and adapt I constrain as
`needed
`
`
`
` PKV determines if request is
`
`
` i315.
`- interact with content owner if
`
`needed
`
`Default limitations and
`constraints
`
`- Other
`
`
`
`
`
`
`—‘ Generate encrypted Publisher
`
`5.65
`- Interact with content
`owner if needed
`
`-Financial Terms
`- Other
`
`.
`
`560
`
`5_50
`
`$49
`Valid?
`
`No
`
`'
`
`_
`" Send error I denial
`message
`
` 585
` — Colleague
`
`— CustomerIpartner
`- Authorized Publisher
`
`Key(s) PK of appropriate
`quantity and type; and Publisher
`Unique identification
`
`
`— Member of authorized group
`ransmit PK(s) to
`— Other
`the requestor
`
`
`
`
`
`
`
`
`58
`590
`
`Requester determines PK(s)
`
`
`
`Recipients I Distribution list
`distribution lists and
`members register PK(s) in
`distributes PK(s) as
`
` their respective PM(s)
`
`appropriate
`
`
`
`
`m T
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 8 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 8 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 6 0f 8
`
`US 9,615,116 B2
`
`@
`
`FIG. 6
`
`690
`
`Loca'
`-
`Encrypled
`He
`
`3
`
`
`
`40 Bit Encrypted
`File
`
` 128 Bit Encrypted
`605
`
`
`
`{WWW “W"
`packagetPDP)
`
`..
`.
`..
`a a an or
`.
`*
`
`, W di‘
`Specified
`View Data Files in
`
`
`
`Specified Publisher Key
`Publisher Key
`t Media
`V'EW'MOF‘B'
`
`
`
`
`
`PK
`fl
`File{s)
`Data Is View Only.
`
`
`”
`No Printing,
`
`
`
`One or More Data /
`Cepyin'g. Editing,
`
`
`
`f.-.
`.
`i Media Files Content
`CCL permits Content
`Consumer can view all
`data and media tiles in
`
`Security tier for
`Data/Media files
`
`
`
`PDP with the specified
`publisher key fl
`subject to license and
`PDP constraints. Each
`requested data or
`d
`d' H _
`me :8 ie is extracte
`from PDP in encrypted
`format for secure
`viewing.
`
`Engine EL to
`create Protected
`Document
`Package PDP
`
`
`
`
`Publication
`
`Engine E_E
`
`
`t 0
`C 1
`'
`.
`Content
`(
`Start Date and EXp'ry
`on en wner
`uses Publication
`
`
`
`
` )
`Date for PDP
`OWHEF
`
`
`
`
` . FlGZZZGO
`570
`FIG 3: 340 350
`
`
`
`Transmitted
`Vla email,
`WED CD! or
`other "‘9th
`FIG 3.
`540
`,
`360'
`License
`
`Request Module _ 370
`LRM (Content
`Consumer)
`
`.
`
`,
`
`
`
`
`Content
`Consumer
`creates
`request to
`view PDP
`
`W
`650
`
`.
`123 Bit Encrypted
`Ead‘age {Cfintent
`onsumer
`icense
`Request File CCLR}
`Specified Publisher
`K
`PK
`ey
`-
`Content Consumer
`Identifying Details:
`Name, Email,
`Computer Hardware
`Signature, User
`specific signature.
`etc
`
`
`
`128 Bit Encrypted
`package (Content
`Consumer License
`me Q)
`7
`Specified Publisher
`Keyfl<
`
`'
`
`(3:32:21: Eggfigg‘er
`.
`.
`Start and Expiry
`Date
`
`-
`
`License Type: User
`SpecificI Computer
`Specific. Both, or
`Neither (Open Key)
`
`FIG 3:
`94
`
`
`.
`
`
`Presentation
`Eaten?
`
`
`.Consumer)
`
`FIG 4.
`460
`
`'
`
`.
`Transmitted
`via email,
`web. CD, or
`other method
`660
`Licensin
`9
`.
`Engine LE
`(Content
`Owner)
`
`
`
`HG 4:
`410
`420
`
`-
`FIG 4,
`450
`_
`Content Owner Grants
`permission to content
`consumer. Permission can
`be pc specific. user specific.
`both. or neither. Other
`constraints such as tier and
`valid dates can also be
`specified.
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 9 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 9 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 7 of 8
`
`US 9,615,116 B2
`
`Fig. 7
`
`
`119.
` Content consumer
`
`
`selects specific
`
`content file for
`
`
`access from PDP
`
`
`
`r“
`’ 735
`_fi
`
` Presented using
`} methods for
`
`transferring data
`' between applications
`such as OLE, DDE,
`or other
`
`
`
` 720
` Selected content is
`
`
`decrypted to a
`
`temporary file on file
`
`
`system, RAM, or
`
`other.
`
`
`
` E
`
`Retrieve Limited
`
`"we
`
`
` Temp file is deleted.
`
`m
`Selected content is stored in a temp
`file (encrypted or unencrypted, stand
`alone file or database file) and
`presented in protected mode
`
`
`Capability Viewer
`
`program if needed
`
`
` 740
`
`
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 10 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 10 of 19
`
`U.S. Patent
`
`Apr. 4, 2017
`
`Sheet 8 of 8
`
`US 9,615,116 B2
`
`‘ 810
`
`Content consumer
`
`selects specific
`content file for
`
`access from PDP
`
`Fig. 8
`
`soo
`
`825
`
`Presented using
`
`! OLE, DDE, or other
`
`
`
`presented in
`protected mode
`
`
`
`
`
`
`£29
`
`Selected content
`
`Retrieve limited
`
`
`§21
`
`
`- capability viewer
`
`
`program if needed
`
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 11 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 11 of 19
`
`US 9,615,116 B2
`
`1
`SYSTEM, METHOD AND APPARATUS FOR
`SECURELY DISTRIBUTING CONTENT
`
`FIELD OF THE INVENTION
`
`The invention relates generally to the distribution of
`content and, more specifically but not exclusively, protecting
`such content from redistribution or re-presentation.
`
`BACKGROUND
`
`The various techniques exist for secure content distribu-
`tion. Such techniques include password protection of con-
`tent (e.g., password protection of a document or media file),
`access restrictions associated with content (e.g., username
`and password requirements associated with a web portal)
`and so on. Some of the techniques require proprietary
`software or middleware executed at a client device. Other
`
`10
`
`15
`
`techniques require real-time user authentication via an
`authentication server or other device connected to a client
`via a network such as the Internet.
`
`20
`
`SUMMARY
`
`Various deficiencies in the prior art are addressed by
`systems, methods and apparatus providing secure content
`publication and presentation capabilities. One embodiment
`of a method for securely distributing content, comprises
`generating an encrypted file including content or a link
`thereto, and a Publisher Key (PK) associated with presen-
`tation of said content by an authorized user via a Limited
`Capability Viewer (LCV); and propagating the generated
`encrypted file towards a user. The LCV may comprise 1) a
`program specifically designated to consume content while
`restrict editing, printing, copying, etc. of content; or 2) a
`native program for consuming content which is used in a
`restrictive mode to restrict editing, printing, copying, etc of
`content. Only users who have a Content Consumer License
`(CCL) compatible with the encrypted PK may access and
`consume the content. The CCL may be distributed via
`hardware or software.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The teachings herein can be readily understood by con-
`sidering the following detailed description in conjunction
`with the accompanying drawings, in which:
`FIG. 1 depicts a high-level block diagram of a system
`according to one embodiment;
`FIG. 2 depicts a flow diagram of a secure content publi-
`cation method according to one embodiment;
`FIG. 3 depicts a flow diagram of a secure content pre-
`sentation method according to one embodiment;
`FIG. 4 depicts a flow diagram of a method for processing
`a content consumer license request suitable for use in
`various embodiments;
`FIG. 5 depicts a flow diagram of a method for processing
`a publisher key request suitable for use in various embodi-
`ments; and
`FIG. 6 graphically depicts an embodiment of the inven-
`tion;
`FIG. 7 depicts a flow diagram of a method for opening a
`Protected Document Package (PDP) and presenting content
`via a temporary file; and
`FIG. 8 depicts a flow diagram of a method for opening a
`Protected Document Package PDP and presenting content
`directly.
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`To facilitate understanding, identical reference numerals
`have been used, where possible,
`to designate identical
`elements that are common to the figures.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`A secure content distribution capability is depicted and
`described herein. The secure content distribution capability
`enables efficient and secure distribution of content to spe-
`cific users for a limited purpose, such as presentation of a
`securely distributed document upon a presentation device.
`The securely distributed documents may not be printed by
`specific users or forwarded to other users for presentation,
`printing or other purposes.
`Although the secure content distribution capability is
`primarily depicted and described herein within the context
`of a specific document format, it will be appreciated that the
`secure content distribution capability may be used for dis-
`tributing documents according to various other formats.
`Broadly speaking, the secure content distribution capability
`may be used to securely distribute any type of content
`including documents or files according to various formats,
`as well as streaming media such as audio and/or video and
`other active content.
`
`The various embodiments include methodologies imple-
`mented in software and/or hardware for securely distributing
`content such as documents between content owners or other
`content source entities and content consumers. These secu-
`
`rity methodologies provide user specific authentication,
`machine specific authentication and the like to ensure that
`only a specific user, or a specific user machine, or a specific
`user on a specific user machine is authenticated to access the
`secure content. Moreover, the security methodologies pre-
`vent users from printing, copying, modifying or saving the
`protected documents, and are capable of providing security
`within and across corporate networks and other domains.
`For example, where protected documents or files are sent to
`other users via email or other transfer means, the documents
`or files are unreadable by recipient without permission of
`content owner.
`
`The various embodiments contemplate that securely dis-
`tributed content, documents or other files is presented using
`Limited Capability Viewer LCV for viewing in a native
`content, document or other file format. For example, a
`Microsoft PowerPoint file protected according to various
`embodiments may be viewed using the end user’s Microsoft
`PowerPoint or Microsoft PowerPoint Viewer program.
`Thus, all animations, multimedia, and other dynamic content
`are preserved and the end user will get a true presentation
`experience. However, all content
`is fully encrypted and
`protected while opened by the user and also during trans-
`mission from the content owner to the user. Similarly,
`Microsoft Word, Excel, Visio, and other files which are
`protected by the software will be viewed using correspond-
`ing native programs while protected.
`A protected document package can have one or multiple
`files. These files can be grouped into tiers of security level
`so that end users can access only the files they are specifi-
`cally authorized to access. A protected document package
`may comprise a database including varying one or more
`content files, wherein the one or more content files are
`extracted from the database prior to secure presentation via
`the Limited Capability Viewer LCV program.
`It is noted that the content owner does not need to know
`
`all the end users before creating the protected document
`packages. In this manner, the various embodiments elimi-
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 12 of 19
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 12 of 19
`
`US 9,615,116 B2
`
`3
`nate a need for a common, central user management service
`while allowing for easy within domain, cross-domain, and
`cross-company sharing of protected documents.
`It is noted that there is no requirement for online verifi-
`cation of a user prior to secure presentation of a protected
`document package. Keys and other data structures adapted
`for enabling secure presentation of the protected document
`package may be distributed prior to secure content presen-
`tation or after an attempt to securely present the content.
`Moreover, multiple keys of different types are employed
`within the context of the various embodiments to enable a
`
`flexible mechanism for securely presenting content.
`FIG. 1 depicts a high-level block diagram of a system
`according to one embodiment. Specifically, the system 100
`of FIG. 1 contemplates a plurality of user devices 105
`communicating with each other via the network 106. In
`various embodiments, the user devices 105 optionally com-
`municate with a server 107 via the network 106.
`
`The plurality of user devices 105 are denoted as user
`devices 105-1, 105-2, 105-3 and so on up to 105-N. In the
`embodiments discussed herein, each of the user devices 105
`is configured in substantially the same manner in terms of
`hardware, software, resources and the like. However, it will
`be appreciated by those skilled in the art that the various user
`devices 105 may comprise different classes of user devices
`such as computers, mobile devices, smart phones, set-top
`terminals, heavy clients, light clients and so on. Generally
`speaking, a user device 105 is simply a device capable of
`operating in accordance with one or more aspects of the
`present invention, and many different user device configu-
`rations may be used at the same time.
`As depicted in FIG. 1, each user device 105 includes a
`processor 110, a memory 120, communications interfaces
`130 and an input-output (I/O) interface 140. The processor
`110 is coupled to each of memory 120, communication
`interfaces 130, and I/O interface 140.
`The processor 110 is configured for controlling the opera-
`tion of user device 105, including operations supporting the
`secure content publication and presentation capabilities
`described herein with respect to the various embodiments.
`The memory 120 is configured for storing information
`suitable for use in providing the advertising presentation and
`transaction capability. Memory 120 may store programs
`121, data 122, content 123 and the like. Within the context
`of the various embodiments, the programs 121 and data 122
`may vary depending upon whether the user device 105 is
`operating as a content owner, or a content consumer or both.
`When a user device 105 operates in a content owner or
`content source mode of operation, the programs 121 may
`comprise a publication engine PE, a licensing engine LE
`and/or other programs adapted for implementing the secure
`content
`sourcing/publication methodologies
`described
`herein. Similarly, in the content owner or content source
`mode of operation,
`the data storage 122 may comprise
`content control data CCD, publisher keys PK, authorization
`data AD and/or other data adapted for implementing the
`secure
`content
`sourcing/publication methodologies
`described herein. The content storage 123 may include
`content, uniform resource locators (URLs) or other data
`structures pointing to content, to be securely published and
`transmitted toward one or more user devices 105 operating
`in a content consumer mode.
`
`When a user device 105 operates in a content consumer or
`content destination mode of operation, the programs 121
`may comprise a presentation module PM, a license request
`module LRM and/or other programs adapted for implement-
`ing the secure content consumption/presentation methodolo-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`gies described herein. Similarly, in a content consumer mode
`of operation, the data storage 122 may comprise one or more
`Content Consumer Licenses CCL and/or other data adapted
`for implementing the secure content consumption/presenta-
`tion methodologies described herein.
`Generally speaking,
`the memory 120 may store any
`information suitable for use by the user device 105 in
`implementing one or more of the secure content sourcing/
`publication methodologies described herein, the secure con-
`tent consumption/presentation methodologies described
`herein or other functions.
`
`The communications interfaces 130 may include a loca-
`tion signaling interface such as a global positioning GPS and
`or cellular telephone tower triangulation system to deter-
`mine the location of the user device 105.
`The communications interfaces 130 include one or more
`
`services signaling interface such as a Wi-Fi or WiMAX
`interface, a 3 G wireless interface, a 4 G wireless interface,
`an Ethernet
`interface and the like for supporting data/
`services signaling between user device 105 and the network
`106. It will be appreciated that fewer or more, as well as
`dilferent, communications interfaces may be supported. The
`various communications interfaces 130 are adapted to facili-
`tate the transfer of files, data structures, messages, request
`and the like between various entities in accordance with the
`embodiments discussed herein.
`
`It will be appreciated that the various embodiments do not
`require a continual online presence. Once content consumer
`has received CCL from content owner (whether via hard-
`ware or software), the content consumer can be completely
`disconnected from all networks and communication inter-
`
`faces depending on the embodiment and configuration of
`user device 105. For example, a recipient presenting content
`in a protected manner does not need to be communicating
`with another entity at the time such content is processed
`and/or presented by a user device. The I/O interface 140 may
`be coupled to presentation devices PD interface(s) such as
`associated with display devices for presenting information to
`a user, input devices ID such as touch screen or keypad input
`devices for enabling user input, and/or interfaces enabling
`communication between the user device 105 and other
`
`computing or input/output devices (not shown).
`Presentation devices PD may include a display screen, a
`projector, one or more speakers, and the like, which may be
`used for displaying data, displaying video, playing audio,
`and the like, as well as various combinations thereof. The
`typical presentation interfaces of user devices, including the
`design and operation of such interfaces, will be understood
`by one skilled in the art.
`Input devices ID may include any user control devices
`suitable for use in enabling the user of the user device 105
`to interact with the user device 105. For example, the input
`devices IDs may include touch screen based user controls,
`stylus-based user controls, a keyboard and/or mouse, voice-
`based user controls, and the like, as well as various combi-
`nations thereof. The typical user control interfaces of user
`devices, including the design and operation of such inter-
`faces, will be understood by one skilled in the art.
`Although primarily depicted and described as having
`specific types and arrangements of components, it will be
`appreciated that any other suitable types and/or arrange-
`ments of components may be used for user device 105.
`It will be appreciated that the functions depicted and
`described herein may be implemented in software and/or
`hardware, e.g., using a general purpose computer, one or
`more application specific integrated circuits (ASIC), and/or
`any other hardware equivalents. In one embodiment, the
`
`
`
`Case 6:20-cv-00397-ADA Document 1-2 Filed 05/14/20 Page 13 of 19
`Case 6:20-cv-00397-ADA Document 1—2 Filed 05/14/20 Page 13 of 19
`
`US 9,615,116 B2
`
`5
`various programs depicted as loaded within memory 120 are
`executed by the processor 110 to implement their respective
`functions. It will also be appreciated that the various pro-
`grams may be stored on a computer readable storage
`medium prior to being loaded into memory 120; such
`computer readable storage media comprising semiconductor
`memory devices, magnetic media, optical media, electro-
`magnetic media and the like. Generally speaking, any form
`of tangible computer memory may be used to store computer
`instructions which, when executed by the processor 110,
`operate to perform the various methods and functions
`described herein.
`
`It is contemplated that some of the steps discussed herein
`as software methods may be implemented within hardware,
`for example, as circuitry that cooperates with the processor
`to perform various method steps. Portions of the functions/
`elements described herein may be implemented as a com-
`puter program product wherein computer instructions, when
`processed by a computer, adapt the operation of the com-
`puter such that the methods and/or techniques described
`herein are invoked or otherwise provided. Instructions for
`invoking the inventive methods may be stored in tangible
`fixed or removable media, transmitted via a data stream in
`a broadcast or other tangible signal-bearing medium, and/or
`stored within a memory within a computing device operat-
`ing according to the instructions.
`In various embodiments, the server 107 may operate as a
`content owner or content source as described above with
`
`respect to the user device 105. That is, the server 107 may
`include the various functionality described above with
`respect to user device 105 such that the server 107 may
`implement the secure content sourcing/publication method-
`ologies as described herein.
`In various embodiments, the server 107 cooperates with
`one or more user devices 105 to implement the secure
`content
`sourcing/publication methodologies
`described
`herein. For example, the server 107 may be used to perform
`the function of a publication engine PE, licensing engine LE
`and/or other content owner functions on behalf of a source
`
`user device 105. The securely published content may then be
`transmitted to recipient user devices via the source user
`device 105 or via the server 107.
`
`In various embodiments, the server 107 cooperates with
`one or more user devices 105 to implement the secure
`content consumption/presentation methodologies described
`herein. For example, the server 107 may be used to assist in
`the performance of the functions of a presentation module
`PM, a license request module LRM and/or other content
`consumer functions on behalf of a destination user device
`105.
`
`It is noted that the presentation module PM associated
`with a destination user device operates in a manner prevent-
`ing further conveyance of securely published content to
`other entities, storage of the securely published content to
`the destination user device, printing of the securely pub-
`lished content and so on.
`
`As an example, the PDP may define a specific Microsoft
`PowerPoint file that
`is authorized for presentation by a
`particular user (e.g., user machine initially executing the
`received file including the PDP), using a particular type of
`presentation program (e.g., the limited function Microsoft
`PowerPoint viewer), and only within a particular time period
`(e.g., within the next 48 hours).
`It
`is noted that upon
`receiving the PDP, the specific computer executing the PDP
`container file is examined to determine,
`illustratively, a
`processor identification number or other identifier associated
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`with the computer to establish thereby the one computing
`device authorized to present the securely published content.
`The CCL may be delivered via email, web, optical media,
`magnetic media, semiconductor media or any other elec-
`tronic transmission, software or hardware delivery method.
`For example, the CCL may be delivered via a hardware
`means such as a USB memory device, an SD memory device
`or other semiconductor memory device; a CD ROM, DVD
`or other optical memory device; or a hard disk drive, mass
`storage device or other media including thereon software
`instructions representing the CCL.
`A hardware device provided the CCL may be constrained
`to a particular type of device (i.e., an approved device), such
`as a specific type or capacity of memory device. In various
`embodiments, the hardware device is merely used to deliver
`the CCL. In other embodiments, the hardware device includ-
`ing the CCL is necessary for presentation by the LCV. That
`is, the CCL operates as a hardware key to provide secure
`access or presentation of content.
`For example, in one embodiment an entity such as an
`employer (content source) provides its employees (content
`consumers) with a specific type of hardware key that must
`be used to present the content. The employee must have the
`hardware key inserted in the computer to present the content.
`Thus,
`in various embodiments, a Content Consumer
`License (CCL) is generated for each authorized user and
`distributed for each authorized user via a computer readable
`medium. The CCL provided in this manner is effective to
`enable secure content viewing by the authorized user only
`when the computer readable medium including the CCL is
`operatively connected to a computing device associated with
`the authorized user.
`
`FIG. 2 depicts a flow diagram of a secure content publi-
`cation method according to one embodiment. Specifically,
`the method 200 of FIG. 2 is adapted to publishing content in
`a secure manner and distribute that content toward content
`
`consumers for secure presentation. The method 200 may be
`invoked within the context of a publication engine PE of a
`user device 105 or server 107 implementing the secure
`content sourcing/publication methodologies of the various
`embodiments.
`
`At step 210, content to be published or a URL identifying
`content to be sourced or published is received or selected by,
`illustratively, a user device 105 or server 107 operating in a