WO2004051443A1 - Secure download and server controlled access to proprietary data with limited bandwidth requirements - Google Patents
Secure download and server controlled access to proprietary data with limited bandwidth requirements Download PDFInfo
- Publication number
- WO2004051443A1 WO2004051443A1 PCT/SE2003/001884 SE0301884W WO2004051443A1 WO 2004051443 A1 WO2004051443 A1 WO 2004051443A1 SE 0301884 W SE0301884 W SE 0301884W WO 2004051443 A1 WO2004051443 A1 WO 2004051443A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- client
- server
- selected digital
- sending
- digital materials
- Prior art date
Links
- 239000000463 material Substances 0.000 claims abstract description 85
- 238000000034 method Methods 0.000 claims abstract description 44
- 230000004044 response Effects 0.000 claims abstract description 12
- 230000000977 initiatory effect Effects 0.000 claims abstract 7
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 claims 1
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 230000000694 effects Effects 0.000 description 6
- 241001441724 Tetraodontidae Species 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 230000036316 preload Effects 0.000 description 2
- 230000003405 preventing effect Effects 0.000 description 2
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 230000001627 detrimental effect Effects 0.000 description 1
- 239000012776 electronic material Substances 0.000 description 1
- 239000004615 ingredient Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000031068 symbiosis, encompassing mutualism through parasitism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/433—Content storage operation, e.g. storage operation in response to a pause request, caching operations
- H04N21/4331—Caching operations, e.g. of an advertisement for later insertion during playback
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/65—Transmission of management data between client and server
- H04N21/658—Transmission by the client directed to the server
- H04N21/6581—Reference data, e.g. a movie identifier for ordering a movie or a product identifier in a home shopping application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Definitions
- the present invention generally relates to restricting access in time and/or location to proprietary material which is stored and distributed in digital format using networks and computers. More particularly, this invention relates to systems and techniques for ensuring that such proprietary materials can, utilizing known and standardized protocols such as FTP and HTTP and known encryption methods such as Blowfish or TASC, be securely downloaded over a period of time before their use, and be stored in advance, thereby circumventing the need for the excessive bandwidth resources which would be required should the download be executed in real time.
- known and standardized protocols such as FTP and HTTP and known encryption methods such as Blowfish or TASC
- the present invention furnishes systems and methods for managing and controlling momentary access to the preloaded material as governed by an online process and transaction sequence involving a central server.
- the present invention also relates to the detailed management of an access control process in terms of timing and activities, such as when the process is initiated, opened, ongoing, changed, finalized or closed.
- the invention relates to all and any forms of digital communication of proprietary material where there is a need for momentary and timely control of access to the material, regardless of which type of computer system or operating system or other electronic means of digital communication or network or hardware environment or configuration.
- the present solution has sprung from -the need for a solution to such a specific and segmented digital distribution problem, namely the situation where there is a need for providing the client or customer with an advance copy of the proprietary material but where the said client or customer must not be granted access to the material at the same time.
- This is the case for instance when a limited bandwidth connection prevents access in real time, such as access to learning materials or a video movie or a high resolution image or similar digitized material.
- the natural solution when the real time execution of electronic material is prevented by limitations of the network connection is to preload the material. The material is pre- loaded while the user is doing something else and as soon as the preload is finished the users can start using or viewing the material.
- US 6,185,306 Bl discloses a method of transmitting protected video and/or graphic data over the Internet from a Web site, by encrypting the video and/or graphic data and storing it at a Web site associated with a server, and by encrypting a video player and storing it at the Web site. Both are then downloaded to a requesting computer via the Internet or Intranet.
- the requesting computer decrypts the video and/or graphic data and video player via a previously supplied decryption key, so that the video may be played back by the decrypted player.
- the user of the requesting computer is in full control of the playback and once the video and/or graphic data has been downloaded the sending party has no control of how the data is accessed.
- An object of the present invention is to provide a method and a system of the kind initially described wherein the above mentioned problems with prior art systems are solved or at least minimised.
- a first object is to provide a method and a system wherein proprietary material can be downloaded by a client or customer in advance, but where the client or customer must not be granted access to the material at the same time.
- a further object is to provide a method and a system wherein proprietary material previously encrypted and downloaded can be momentarily accessed.
- a yet further object is to provide a computer program product directly loadable into the internal memory of a server or client computer and which is used to implement the above mentioned methods .
- the present invention provides systems and methods for the control of the users as governed by certain transactions and an uninterrupted connection to an Access Control Server (ACS), which usually will be the same or a related server to the server from which the initial download was done.
- ACS Access Control Server
- the user has access to the material only during the specific time period when it is intended that the user should have access .
- the present invention is designed to resolve the problem of controlling and permitting access in real time while pre- venting unauthorized access at other times, to proprietary materials in digital format while still making it possible to download and store such materials in advance of their actual use on a remote computer hard disk or mass storage device.
- a number of advantages are facilitated, such as the display and use, in real time, of materials which would otherwise be impossible to show due to bandwidth requirements; the possibility of downloading materials in advance but releasing it once payment has been made; the possibility of terminating access to materials once a certain time period has expired or as soon as a transactions signal is sent over the network or a network connection is interrupted.
- Fig. 1 shows a simplified outline of a system according to the invention comprising an Access Control Server and a remote client computer;
- Fig. 2 shows a flow diagram for logical circuitry of an automated client software residing in the remote client computer of Fig. 1;
- Fig. 3 shows a flow diagram for the logical circuitry of the Access Control Server of Fig. 1;
- Fig. 4 shows a principal flow diagram over the relationship between the remote client computer and the Access Control Server of Fig. 1.
- ACS Access Control Server
- Client software refers to a specific computer programme or software which cannot operate on its own but which operates as interdependent on software running on a server, in this case the Access Control Server.
- the present invention directs itself to the process of providing and controlling access to proprietary materials, which have been downloaded in advance, at a remote location.
- the present invention does not involve itself with the actual method or protocol of the downloading in itself .
- the inventor acknowledges that there are methods and protocols for the downloading process such as FTP or HTTP to give a few examples. That such methods and download protocols are readily available does not ensure that a prior download can be done without compromising or exposing the material being downloaded.
- the present invention does not involve itself with any actual encryption method or algorithm being used in order to prevent unauthorized access to the materials in question.
- the inventor acknowledges that there are methods readily available in order to securely lock any digital material from the unwanted access by an unauthorized user, such as Blowfish or TASC and other systems.
- Blowfish or TASC a digital material from the unwanted access by an unauthorized user
- TASC TASC
- the material is unlocked and usually free for the user to use in whichever way he wants to use it, to copy it, alter it or redistribute it, which is in itself a form of unauthorized access and which the present invention directs itself at preventing.
- the system comprises two main components, designed as hardware or software, which operate in symbiosis to achieve the desired result of being able to manage the access at a remote location to materials previously downloaded.
- the components of the invention are relying on the generic processing power of the computers they reside in, they do in themselves contain the needed logic and device capability for completing the entire access and control procedure.
- the system comprises a central computer called the Access Control Server or ACS 10 which is provided with an interface connecting it to the Internet or other Information Highway shown as Network 20 and which can be reached through an Internet Protocol address, through the DNS network or similar addressing system.
- the ACS contains one or more data bases which hold the names or identities in other forms of the individuals that have requested access to certain materials.
- the data bases also contain information on whether these individuals are to be granted access or not and define the conditions under which the individuals will be permitted access and to what materials.
- the ACS 10 further contains active server circuitry (not shown) which is controlling at each moment whether any of these individuals or individuals not yet registered is seeking access or is logged in or is connected to the server.
- the system also comprises a client computer 30 containing a mass storage device for harbouring downloads, client software for the automated downloads and integral execution software for the display of the materials during the periods for which utilization has been granted from the ACS 10.
- a segment 34 of the internal storage 32 of the client computer is utilized for an automated advanced download of proprietary materials in encrypted format. Access to the material is governed by the ACS 10.
- a transaction process which is outlined in Figs. 2 and 3, may start with that an individual visits a certain web page resident on or linking to the server.
- the visiting individual makes a selection, a selection to participate in a certain certification or assessment or a selection to join a certain educational activity or course or simply a choice to watch a certain cinematographic video or listen to choice music.
- the environment can be an assessment and certification environ- ment, an education environment, a music, video, photography or similar environment wherein secure download of proprietary material is required.
- the individual would identify him/herself as a prerequisite to continue the process and the server responds by generating a personal code which relates to the individual being registered as well as a code relating to the choice having been made by the individual.
- the client software is allowed to be manually downloaded from the web page by the individual and is installed as a normal software program on the client computer 30.
- the codes are received by the individual he/she must start the software previously downloaded and installed in order to activate the software using his personal identity code and selection code.
- the individuals computer must be connected to the Internet or to the network in question and the software verifies the connection. Having received the necessary codes, these are entered into appropriate fields displayed by the software and a personal password is chosen and entered, alternatively such a password is proposed by the server and is accepted or changed by the user.
- the download is of course interrupted if the Internet or other network connection is interrupted before the download is finished.
- the download is paused whenever the user pushes a key of his keyboard in order to not slow down the normal operation of the computer during the time of the download.
- the software is preferably registered as a service or auto start object on the computer. The download activity would then resume, if not finished, even after a reboot of the computer and would continue whether the display of the client software is visible on the users screen or not. When it is not shown, the software simply operates in the background.
- the software displays an indicator in the system tray of the computer or otherwise, for example an iconified light emitting diode showing a red light for ongoing download and a green light for a completed download.
- an iconified light emitting diode showing a red light for ongoing download and a green light for a completed download.
- the user is free to start using the materials so downloaded as soon as the indicator mentioned above has shown that the down- loading cycle has finished.
- the user starts the software at this stage its character has changed from a download manager client to an operational client.
- the user is requested to log in to the ACS using the same codes as when the download was started and to enter his/her personal password.
- An Inter- net or other network connection is a prerequisite at this time.
- the ACS verifies that all and any additional prerequisites, such as prior payment or procedures decided by the operator of the invention, have been met.
- the ACS generates the appropriate decryption key thereby enabling transparent decryption on the user's client machine.
- An automatic download of a control programme from the ACS then takes place .
- the control programme which is designed to regulate the display of the service is loaded into the RAM memory of the client computer 30 and is executed immediately. This programme may govern for example the rate and sequence with which the questions of an assessment are going to be presented or regulate some other feature of the previously downloaded resources.
- the desired service as governed by the control programme then starts, whether an assessment procedure, a training course segment, a cinematographic video show, a musical performance or something else.
- the service is allowed to continue as long as the control programme runs according to schedule and is terminated when that schedule terminates or when and if the Internet or network connection is broken. If the connection is accidentally broken or is broken due to technical difficulties beyond the control of the user i.e. in the middle of a training course segment, sufficient informa- tion will have been transmitted to the ACS during the activity of the control programme in order for the programme to be able to restart at the point where it was interrupted if that is the desired action to take.
- the encrypted materials residing on the hard disk or mass storage of the users computer remains encrypted at all times and exists in decrypted format only briefly in volatile memory, such as the RAM of the users computer during the display of the materials as governed by the control programme.
- Fig. 4 The principal operation of the procedure of how the materials are decrypted into RAM and are displayed on the screen of the user's computer is outlined in Fig. 4.
- Recordable activities of the user, while operating the client software, are registered by the ACS in appropriate data bases, for instance the progress of the user through the material; any responses given to questions; the time spent on each segment of the presentation etc.
- the ACS is also responsible for any interactive server responses that need to be given to the user at his request or as a response to specific steps of the procedure. This is not an indispensable ingredient of the invention but is more for the reason of optimizing security and operation of the procedure .
- the resources needed for the presentation are provided as previously encrypted and downloaded and any other responses are provided by the ACS directly.
- the ACS may also be required to redirect a response from the user to an online support person or to a queue for matters awaiting a manual response.
- the support line may or may not be equipped with voice and/or video capability.
- the resources downloaded on the user's computer are deleted, thus completing the entirety of the transactions .
- the operator of the service it may be desirable to download materials in excess of what the user has requested in order to be prepared for additional request which are anticipated by the user.
- the main reason for doing this would be to be able to provide a desired service faster at a time when the user wants it.
- the user should preferably be required to enter the amount of disk space which he/she is prepared to set aside for the service, already at the time when he first activates the client software handling the automated back- ground download cycle.
- control programme can be downloaded together with the materials instead and that its execution is started when the materials are accessed.
Abstract
The present invention provides a system and method for server side control of storage and momentary access to restricted material from a remote client side computer. The method comprises the following steps: sending an identification and selection code from a client to a server over a connection between the client and the server; sending selected digital materials in encrypted format from the server to the client in response to the reception of the identification and selection code; sending the information code and an initiation request from the client to the server; generating a decryption key at said server for decryption of the selected digital materials in response of the reception of the information code and an initiation request; executing a control programme in the client; sending the decryption key from the server to the client; and accessing the selected digital materials at the client under control of the control programme using the decryption key, and wherein the control programme is designed to regulate the display of a service connected with the selected digital materials. The present invention may as well provide a beneficial model for advance download and timed access of any digital material, where real time online access may be difficult due to bandwidth requirements.
Description
SECURE DOWNLOAD AND SERVER CONTROLLED ACCESS TO "PROPRIETARY DATA WITH LIMITED BANDWIDTH REQUIREMENTS
FIELD OF THE INVENTION The present invention generally relates to restricting access in time and/or location to proprietary material which is stored and distributed in digital format using networks and computers. More particularly, this invention relates to systems and techniques for ensuring that such proprietary materials can, utilizing known and standardized protocols such as FTP and HTTP and known encryption methods such as Blowfish or TASC, be securely downloaded over a period of time before their use, and be stored in advance, thereby circumventing the need for the excessive bandwidth resources which would be required should the download be executed in real time.
While such download methods are known and are frequently used, the present invention furnishes systems and methods for managing and controlling momentary access to the preloaded material as governed by an online process and transaction sequence involving a central server. The present invention also relates to the detailed management of an access control process in terms of timing and activities, such as when the process is initiated, opened, ongoing, changed, finalized or closed.
In addition to the fields covered above the invention relates to all and any forms of digital communication of proprietary material where there is a need for momentary and timely control of access to the material, regardless of which type of computer system or operating system or other electronic means of digital communication or network or hardware environment or configuration.
BACKGROUND
The lives of people and businesses are becoming increasingly dependent on the distribution of materials by electronic means . Concurrent with this digital evolution there is an increasing need to protect certain material from unauthorized access and for this purpose a number of encryption methods and security procedures have been developed by a large number of inventors. While these prior inventions cover a large part of the needs of a more computer dependent world, there are some specific needs and problems which the current invention intends to cover and solve.
Although more and more people, business and institutions which are linked up to the "Information Highway" or Internet at increasing bandwidths, it would be very limiting to certain operations to have to rely on being able to do business or deal only with clients and customers that are favourably in the possession of broadband connections. An example of where such limitation would be very detrimental is the e-learning environment. While learning and the access to knowledge, up to and including a large part of the previous century was largely confined to specific locations and learning institutions and libraries, such knowledge is now more and more widely available through electronic means and accessible from the home or work place. Distance learning is becoming one of the more favoured ways of obtaining skills and knowledge and universities are facing the challenge of providing service to an increasing part of their alumni over the Internet. Authors, artists and producers, are likewise facing the need for distributing their work by electronic means . While some are slow in adapting to these new channels for distribution, others have been fast in establishing new forms of businesses working mainly and sometimes entirely via electronic media. For each such effort there has most likely been a solution for
their specific needs, in part using already invented solutions.
The present solution has sprung from -the need for a solution to such a specific and segmented digital distribution problem, namely the situation where there is a need for providing the client or customer with an advance copy of the proprietary material but where the said client or customer must not be granted access to the material at the same time. This is the case for instance when a limited bandwidth connection prevents access in real time, such as access to learning materials or a video movie or a high resolution image or similar digitized material. The natural solution when the real time execution of electronic material is prevented by limitations of the network connection is to preload the material. The material is pre- loaded while the user is doing something else and as soon as the preload is finished the users can start using or viewing the material. This is all fine and workable as long as the material is not proprietary; the user is allowed to keep an unprotected copy of the material on his hard disc or mass storage device; there are no payment transactions or other prerequisite activities involved before access can be permitted. Often this is not the case. A company providing online certification or knowledge assessments over a network or Internet must ensure that the user is barred from access to the material except in the exact time frame in which the assessment is being carried out. Likewise, an institution providing learning materials over a network or Internet has a need for limiting access to certain parts of the material until certain requirements have been met by the user. An example is for instance if the course being provided over the Internet contains a several megabyte large real time video segment. It is inconceivable that the student should have to wait twenty minutes while the segment is being downloaded over
a slow modem. The preferred solution would be to let the student download all materials so that they are available instantly when they are called for. This however presents the problems described before, or more in detail:
Can the user be given access to the material as soon as it is downloaded?
Is it acceptable that the user can browse the material out of sequence?
Can the user be allowed to copy and redistribute the material?
Will the user have access to the material before he/she actually paid for it?
Should access be limited to a specific moment in time?
There are certainly other and similar issues involved but the above gives a fairly comprehensive picture of the problems being solved by the current invention.
US 6,185,306 Bl discloses a method of transmitting protected video and/or graphic data over the Internet from a Web site, by encrypting the video and/or graphic data and storing it at a Web site associated with a server, and by encrypting a video player and storing it at the Web site. Both are then downloaded to a requesting computer via the Internet or Intranet. The requesting computer decrypts the video and/or graphic data and video player via a previously supplied decryption key, so that the video may be played back by the decrypted player. The user of the requesting computer is in full control of the playback and once the video and/or graphic data has been downloaded the sending party has no control of how the data is accessed.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a method and a system of the kind initially described wherein the above mentioned problems with prior art systems are solved or at least minimised. Thus, a first object is to provide a method and a system wherein proprietary material can be downloaded by a client or customer in advance, but where the client or customer must not be granted access to the material at the same time.
A further object is to provide a method and a system wherein proprietary material previously encrypted and downloaded can be momentarily accessed.
A yet further object is to provide a computer program product directly loadable into the internal memory of a server or client computer and which is used to implement the above mentioned methods .
The above objects are attained by a method, a system, and a computer program product as defined in the appended claims 1, 8, 9, and 10, respectively.
From this aspect the present invention provides systems and methods for the control of the users as governed by certain transactions and an uninterrupted connection to an Access Control Server (ACS), which usually will be the same or a related server to the server from which the initial download was done. This feature of the present invention ensures that:
The user has access to the material only during the specific time period when it is intended that the user should have access .
There is no access to the material in unencrypted form either before or after the period of access.
Unauthorized use of the material during the actual access period is made extremely difficult if not impossible.
The present invention is designed to resolve the problem of controlling and permitting access in real time while pre- venting unauthorized access at other times, to proprietary materials in digital format while still making it possible to download and store such materials in advance of their actual use on a remote computer hard disk or mass storage device. Thereby a number of advantages are facilitated, such as the display and use, in real time, of materials which would otherwise be impossible to show due to bandwidth requirements; the possibility of downloading materials in advance but releasing it once payment has been made; the possibility of terminating access to materials once a certain time period has expired or as soon as a transactions signal is sent over the network or a network connection is interrupted.
BRIEF DESCRIPTION OF DRAWINGS
The invention is now described, by way of example, with reference to the accompanying drawings , in which:
Fig. 1 shows a simplified outline of a system according to the invention comprising an Access Control Server and a remote client computer;
Fig. 2 shows a flow diagram for logical circuitry of an automated client software residing in the remote client computer of Fig. 1;
Fig. 3 shows a flow diagram for the logical circuitry of the Access Control Server of Fig. 1; and
Fig. 4 shows a principal flow diagram over the relationship between the remote client computer and the Access Control Server of Fig. 1.
DETAILED DESCRIPTION OF THE INVENTION
In the following a detailed description of preferred embodiments of the present invention will be given. In this description, "ACS" or "Access Control Server" refers to a central computer which may or may not harbour the material which is being secured and which governs the downloading processes and remote access of those materials at a client computer while "Client software" refers to a specific computer programme or software which cannot operate on its own but which operates as interdependent on software running on a server, in this case the Access Control Server.
As described previously, the present invention directs itself to the process of providing and controlling access to proprietary materials, which have been downloaded in advance, at a remote location.
It must be noted that the present invention does not involve itself with the actual method or protocol of the downloading in itself . The inventor acknowledges that there are methods and protocols for the downloading process such as FTP or HTTP to give a few examples. That such methods and download protocols are readily available does not ensure that a prior download can be done without compromising or exposing the material being downloaded.
Again, it must be noted that the present invention does not involve itself with any actual encryption method or algorithm being used in order to prevent unauthorized access to the materials in question. The inventor acknowledges that there are methods readily available in order to securely lock any digital material from the unwanted access by an unauthorized user, such as Blowfish or TASC and other systems. Immediately when such an algorithm has been used in order to decrypt the material however, the material is unlocked and usually free
for the user to use in whichever way he wants to use it, to copy it, alter it or redistribute it, which is in itself a form of unauthorized access and which the present invention directs itself at preventing.
The system according to the invention comprises two main components, designed as hardware or software, which operate in symbiosis to achieve the desired result of being able to manage the access at a remote location to materials previously downloaded. Although the components of the invention are relying on the generic processing power of the computers they reside in, they do in themselves contain the needed logic and device capability for completing the entire access and control procedure. As shown in Fig. 1, the system comprises a central computer called the Access Control Server or ACS 10 which is provided with an interface connecting it to the Internet or other Information Highway shown as Network 20 and which can be reached through an Internet Protocol address, through the DNS network or similar addressing system. The ACS contains one or more data bases which hold the names or identities in other forms of the individuals that have requested access to certain materials. The data bases also contain information on whether these individuals are to be granted access or not and define the conditions under which the individuals will be permitted access and to what materials. The ACS 10 further contains active server circuitry (not shown) which is controlling at each moment whether any of these individuals or individuals not yet registered is seeking access or is logged in or is connected to the server.
The system also comprises a client computer 30 containing a mass storage device for harbouring downloads, client software for the automated downloads and integral execution software for the display of the materials during the periods for which
utilization has been granted from the ACS 10. A segment 34 of the internal storage 32 of the client computer is utilized for an automated advanced download of proprietary materials in encrypted format. Access to the material is governed by the ACS 10.
Even though that is not a prerequisite, a transaction process, which is outlined in Figs. 2 and 3, may start with that an individual visits a certain web page resident on or linking to the server. The visiting individual makes a selection, a selection to participate in a certain certification or assessment or a selection to join a certain educational activity or course or simply a choice to watch a certain cinematographic video or listen to choice music. Thus, the environment can be an assessment and certification environ- ment, an education environment, a music, video, photography or similar environment wherein secure download of proprietary material is required.
At that stage the individual would identify him/herself as a prerequisite to continue the process and the server responds by generating a personal code which relates to the individual being registered as well as a code relating to the choice having been made by the individual. At this stage, or later if the operator of the invention so wishes, the client software is allowed to be manually downloaded from the web page by the individual and is installed as a normal software program on the client computer 30.
The identity code and selection code which were generated by the sever, in a format decided by the operator of the invention, are then forwarded, preferably as an electronic mail or in any other way, to the individual wishing to register for the service.
When the codes are received by the individual he/she must start the software previously downloaded and installed in order to activate the software using his personal identity code and selection code. At that time the individuals computer must be connected to the Internet or to the network in question and the software verifies the connection. Having received the necessary codes, these are entered into appropriate fields displayed by the software and a personal password is chosen and entered, alternatively such a password is proposed by the server and is accepted or changed by the user.
At this point the software is activated and the identity of the user and his/her choice is known to the ACS. The download of the materials needed for the selected service starts in the background and continues until it is downloaded in its entirety in a format utilizing encryption techniques such as
Blowfish or TASC. The download is of course interrupted if the Internet or other network connection is interrupted before the download is finished. Preferably the download is paused whenever the user pushes a key of his keyboard in order to not slow down the normal operation of the computer during the time of the download. In order to make sure that the download is really completed even if the user decides to restart his/her computer, the software is preferably registered as a service or auto start object on the computer. The download activity would then resume, if not finished, even after a reboot of the computer and would continue whether the display of the client software is visible on the users screen or not. When it is not shown, the software simply operates in the background.
To keep the user informed of the current status of the down- load it is intended that the software displays an indicator in the system tray of the computer or otherwise, for example an
iconified light emitting diode showing a red light for ongoing download and a green light for a completed download.
The user is free to start using the materials so downloaded as soon as the indicator mentioned above has shown that the down- loading cycle has finished. When the user starts the software at this stage, its character has changed from a download manager client to an operational client. The user is requested to log in to the ACS using the same codes as when the download was started and to enter his/her personal password. An Inter- net or other network connection is a prerequisite at this time. The ACS verifies that all and any additional prerequisites, such as prior payment or procedures decided by the operator of the invention, have been met. When the prerequisites have been verified as met, the ACS generates the appropriate decryption key thereby enabling transparent decryption on the user's client machine. An automatic download of a control programme from the ACS then takes place . The control programme which is designed to regulate the display of the service is loaded into the RAM memory of the client computer 30 and is executed immediately. This programme may govern for example the rate and sequence with which the questions of an assessment are going to be presented or regulate some other feature of the previously downloaded resources. The desired service, as governed by the control programme then starts, whether an assessment procedure, a training course segment, a cinematographic video show, a musical performance or something else. The service is allowed to continue as long as the control programme runs according to schedule and is terminated when that schedule terminates or when and if the Internet or network connection is broken. If the connection is accidentally broken or is broken due to technical difficulties beyond the control of the user i.e. in the middle of a training course segment, sufficient informa-
tion will have been transmitted to the ACS during the activity of the control programme in order for the programme to be able to restart at the point where it was interrupted if that is the desired action to take.
It should also be noted that the encrypted materials residing on the hard disk or mass storage of the users computer remains encrypted at all times and exists in decrypted format only briefly in volatile memory, such as the RAM of the users computer during the display of the materials as governed by the control programme.
The principal operation of the procedure of how the materials are decrypted into RAM and are displayed on the screen of the user's computer is outlined in Fig. 4. Recordable activities of the user, while operating the client software, are registered by the ACS in appropriate data bases, for instance the progress of the user through the material; any responses given to questions; the time spent on each segment of the presentation etc. The ACS is also responsible for any interactive server responses that need to be given to the user at his request or as a response to specific steps of the procedure. This is not an indispensable ingredient of the invention but is more for the reason of optimizing security and operation of the procedure . Preferably it is thus seen that the resources needed for the presentation, especially the resources which require time and bandwidth to download, are provided as previously encrypted and downloaded and any other responses are provided by the ACS directly. In this context the ACS may also be required to redirect a response from the user to an online support person or to a queue for matters awaiting a manual response. The support line may or may not be equipped with voice and/or video capability.
At a time when such is required by the schedule of an automatically downloaded control programme or as scheduled by data in the data bases of the ACS, the resources downloaded on the user's computer are deleted, thus completing the entirety of the transactions . If so is desired by the operator of the service according to the invention however, it may be desirable to download materials in excess of what the user has requested in order to be prepared for additional request which are anticipated by the user. This could be for instance an automated download of musical items that are in alignment with the user's musical taste, a list of video films present on a film of the week list or a follow up training course in addition to a course the user has chosen to do. The main reason for doing this would be to be able to provide a desired service faster at a time when the user wants it. In order to facilitate this, the user should preferably be required to enter the amount of disk space which he/she is prepared to set aside for the service, already at the time when he first activates the client software handling the automated back- ground download cycle.
While a number of interacting processes have been described above as being contained and being interoperable in the execution and use of this invention, the key to the invention as stated in the claims below, should be recognized as being the way in which an ACS is governing the distribution of selective decryption keys and the way it is monitoring and controlling the momentary and timely access to proprietary materials during such time that the users computer is online with the Access Control Server.
It has been stated that an automatic download of the control programme from the ACS takes place when the user starts the software for accessing the materials. It will be appreciated
that the control programme can be downloaded together with the materials instead and that its execution is started when the materials are accessed.
Claims
1. A method for automated remote control of scheduled access to digital materials, comprising the following steps:
a) sending an identification and selection code from a client to a server over a connection between the client and the server;
b) sending selected digital materials in encrypted format from the server to the client in response to the reception of the identification and selection code;
c) sending the information code and an initiation request from the client to the server;
d) generating a decryption key at said server for decryption of the selected digital materials in response of the reception of the information code and an initiation request;
e) executing a control programme in the client;
f) sending the decryption key from the server to the client; and
g) accessing the selected digital materials at the client under control of the control programme using the decryption key, and wherein the control programme is designed to regulate the display of a service connected with the selected digital materials.
2. The method according to claim 1, wherein the execution of the control programme is halted when the connection between the client and the server is broken.
3. The method according to claim 1 or 2 , wherein the accessed selected digital materials exists in decrypted format only in volatile memory.
4. The method according to any of claims 1-3, wherein step b) of sending selected digital materials in encrypted format from the server to the client is performed as a background task.
5. The method according to any of claims 1-4, wherein step f ) of sending the decryption key is preceded by a step of verifying that all prerequisites, such as prior payment, for sending the decryption key are met.
6. The method according to any of claims 1-5, wherein the step g) of accessing the selected digital materials comprises accessing only part of the selected digital materials at a time.
7. The method according to any of claims 1-6, comprising the additional step of deleting the selected digital materials at the client under control of the control programme.
8. A system for automated remote control of scheduled access to digitally stored materials, comprising:
a server computer (10)
a client computer (30)
a network (20) interconnecting the server computer and the client computer,
wherein the server computer and client computer are arranged to perform the method according to claim 1.
9. A computer program product directly loadable into the internal memory of a digital server computer (10) connected to a communication network (20), said computer program product comprising software code portions -for performing the following steps :
a) receiving an identification and selection code from a client;
b) sending selected digital materials in encrypted format from to the client in response to the reception of the identification and selection code;
c) receiving the information code and an initiation request from the client;
d) generating a decryption key at said server for decryption of the selected digital materials in response of the reception of the information code and an initiation request;
e) sending a control programme to the client for execution;
f) sending the decryption key to the client; and
g) initiate execution of the control programme for accessing the selected digital materials at the client under control of the control programme using the decryption key, and wherein the control programme is designed to regulate the display of a service connected with the selected digital materials .
10. A computer program product directly loadable into the internal memory of a digital client computer (30) connected to a communication network (20), said computer program product comprising software code portions for performing the following steps:
a) sending an identification and selection code to a server; b) receiving selected digital materials in encrypted format from the server;
c ) sending the information code and an initiation request to the server;
d) receiving a control programme from the server;
e) receiving a decryption key from the server; and
f) accessing the selected digital materials at the client under control of the control programme using the decryption key, and wherein the control programme is designed to regulate the display of a service connected with the selected digital materials .
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2003283925A AU2003283925A1 (en) | 2002-12-04 | 2003-12-04 | Secure download and server controlled access to proprietary data with limited bandwidth requirements |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| SE0203592-1 | 2002-12-04 | ||
| SE0203592A SE524738C2 (en) | 2002-12-04 | 2002-12-04 | Secure download and server controlled access to proprietary data with limited bandwidth requirements |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2004051443A1 true WO2004051443A1 (en) | 2004-06-17 |
Family
ID=20289763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/SE2003/001884 WO2004051443A1 (en) | 2002-12-04 | 2003-12-04 | Secure download and server controlled access to proprietary data with limited bandwidth requirements |
Country Status (3)
| Country | Link |
|---|---|
| AU (1) | AU2003283925A1 (en) |
| SE (1) | SE524738C2 (en) |
| WO (1) | WO2004051443A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10412429B1 (en) * | 2015-09-25 | 2019-09-10 | Amazon Technologies, Inc. | Predictive transmitting of video stream data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0907120A2 (en) * | 1997-10-02 | 1999-04-07 | Tumbleweed Software Corporation | Method amd apparatus for delivering documents over an electronic network |
| US6185306B1 (en) * | 1995-12-07 | 2001-02-06 | Hyperlock Technologies, Inc. | Method of secure server control of local media via a trigger through a network for local access of encrypted data on an internet webpage |
| US20010052077A1 (en) * | 1999-01-26 | 2001-12-13 | Infolio, Inc. | Universal mobile ID system and method for digital rights management |
| WO2002001335A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for activating a rendering device in a multi-level rights-management architecture |
| WO2002052853A1 (en) * | 2000-12-27 | 2002-07-04 | Margent Development, Llc | Digital rights management with access control using physical key |
-
2002
- 2002-12-04 SE SE0203592A patent/SE524738C2/en not_active IP Right Cessation
-
2003
- 2003-12-04 WO PCT/SE2003/001884 patent/WO2004051443A1/en not_active Application Discontinuation
- 2003-12-04 AU AU2003283925A patent/AU2003283925A1/en not_active Abandoned
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6185306B1 (en) * | 1995-12-07 | 2001-02-06 | Hyperlock Technologies, Inc. | Method of secure server control of local media via a trigger through a network for local access of encrypted data on an internet webpage |
| US6463467B1 (en) * | 1995-12-07 | 2002-10-08 | Hyperlock Technologies, Inc. | Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on an internet webpage |
| EP0907120A2 (en) * | 1997-10-02 | 1999-04-07 | Tumbleweed Software Corporation | Method amd apparatus for delivering documents over an electronic network |
| US20010052077A1 (en) * | 1999-01-26 | 2001-12-13 | Infolio, Inc. | Universal mobile ID system and method for digital rights management |
| WO2002001335A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for activating a rendering device in a multi-level rights-management architecture |
| WO2002052853A1 (en) * | 2000-12-27 | 2002-07-04 | Margent Development, Llc | Digital rights management with access control using physical key |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10412429B1 (en) * | 2015-09-25 | 2019-09-10 | Amazon Technologies, Inc. | Predictive transmitting of video stream data |
Also Published As
| Publication number | Publication date |
|---|---|
| SE0203592D0 (en) | 2002-12-04 |
| SE0203592L (en) | 2004-06-05 |
| AU2003283925A1 (en) | 2004-06-23 |
| SE524738C2 (en) | 2004-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170154170A1 (en) | Computer architecture for managing courseware in a shared use operating environment | |
| CN101421974B (en) | Secure multimedia transfer system | |
| US7089425B2 (en) | Remote access authorization of local content | |
| US6058399A (en) | File upload synchronization | |
| US7370071B2 (en) | Method for serving third party software applications from servers to client computers | |
| US20010052077A1 (en) | Universal mobile ID system and method for digital rights management | |
| US20050195978A1 (en) | Method and apparatus for encoding and selective distribution of licensed digital content | |
| US20130133084A1 (en) | Digital rights management of content when content is a future live event | |
| US20100115253A1 (en) | Method and system for securely distributing content | |
| JP2004517377A (en) | Control and management of digital assets | |
| US20100312819A1 (en) | Method and system for distributing images to client systems | |
| CN103999090A (en) | Improving startup times of streaming digital media playback | |
| US7114081B2 (en) | Outside leakage preventing system of confidential information | |
| JPH10333769A (en) | Multi-media data distribution system and multi-media data reproduction terminal | |
| WO2004051443A1 (en) | Secure download and server controlled access to proprietary data with limited bandwidth requirements | |
| US20040015565A1 (en) | Software executable module for acting as a web-based content bridge | |
| EA005838B1 (en) | System and method for distributing data | |
| JP2004310269A (en) | Contents distributing system, method, program, and one time url managing device | |
| CN100388272C (en) | Information providing system | |
| JP4739741B2 (en) | Playback apparatus and playback method | |
| SHARED | Darago et al. | |
| US20110119772A1 (en) | Media Content Transfer and Remote License Acquisition | |
| JP2003188869A (en) | System and method for providing contents, and program | |
| WO2005088480A1 (en) | Method for providing curriculum enhancement using a computer-based media access system | |
| KR20020051142A (en) | Method for certifying a justness of a electronic publication user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| 122 | Ep: pct application non-entry in european phase | ||
| NENP | Non-entry into the national phase |
Ref country code: JP |
|
| WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |