WO2006055544A2 - Methods and apparatus for enforcing application level restrictions on local and remote content - Google Patents
Methods and apparatus for enforcing application level restrictions on local and remote content Download PDFInfo
- Publication number
- WO2006055544A2 WO2006055544A2 PCT/US2005/041327 US2005041327W WO2006055544A2 WO 2006055544 A2 WO2006055544 A2 WO 2006055544A2 US 2005041327 W US2005041327 W US 2005041327W WO 2006055544 A2 WO2006055544 A2 WO 2006055544A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- permissions list
- receiving
- descriptor
- instructions
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000001514 detection method Methods 0.000 claims abstract description 60
- 238000012986 modification Methods 0.000 claims abstract description 60
- 230000004048 modification Effects 0.000 claims abstract description 60
- 238000009877 rendering Methods 0.000 claims abstract description 19
- 238000013475 authorization Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000027455 binding Effects 0.000 description 4
- 238000009739 binding Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000012552 review Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26603—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for automatically generating descriptors from content, e.g. when it is not made available by its provider, using content analysis techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/23418—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving operations for analysing video streams, e.g. detecting features or characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/44008—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving operations for analysing video streams, e.g. detecting features or characteristics in the video stream
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/4508—Management of client data or end-user data
- H04N21/4532—Management of client data or end-user data involving end-user characteristics, e.g. viewer profile, preferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/84—Generation or processing of descriptive data, e.g. content descriptors
- H04N21/8405—Generation or processing of descriptive data, e.g. content descriptors represented by keywords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
Definitions
- the present invention relates generally to the operation of data networks, and more particularly, to methods and apparatus for enforcing application level restrictions on local and remote content rendered on a device.
- wireless network environments a variety of wireless devices, such as wireless telephones, personal digital assistants (PDAs), and paging devices, communicate over a wireless network.
- the wireless network may also include network servers that operate to provide various network resources to the wireless devices.
- the wireless networks may also be coupled to a public network, such as the Internet, so that resources on the public network can be made available to the wireless devices on the wireless network.
- a wireless device may download and store an application program or multimedia content using the wireless network.
- the application or content may be downloaded for free or purchased by the user of the wireless device, who effectively obtains the rights to use the application or content for an unlimited, fixed, or usage count based expiration period.
- downloaded content has the potential to damage or delete information, or otherwise compromise the device that it is running on.
- the content may include scripting, animations, or other commands that may delete files, generate pop- ups, create loud sounds or display inappropriate content.
- device users cannot fully trust that downloaded applications or content will not access files or other personal information on their devices, or perform other undesirable functions.
- One technique that has been used to restrict downloaded content is to allow the device user to set general controls regarding device operation. For example, device users can block all scripting from functioning on the device. Unfortunately, this technique forces the device user to make decisions about how and when to use these types of controls. In most cases, device users are not well informed or do not have enough knowledge to make these decisions.
- setting general device controls may result in device users being unable to access content they would like to receive or unable to obtain certain application functionality without exposing the device to potential compromise.
- the system should allow the device user to access a wide range of network resources without having to worry about downloading unrestricted content that may compromise the device or corrupt valuable device information.
- the system should also operate without requiring the device user to make decisions about the types of restrictions that are required, or having to know which content requires specific restrictions. As a result, device users can be confident that the content they download will not damage or corrupt their devices or personal information stored on their devices.
- a restriction system is provided to enforce application level restrictions on local and remote content rendered on a device.
- the restriction system comprises a content descriptor, a permissions list and a modification detection indicator, (i.e., a digital signature) that binds the content descriptor and the permissions list.
- the content descriptor comprises actual content data to be rendered on the device, and in another embodiment, the content descriptor identifies the location of an application or multimedia content that is to be downloaded and rendered on the device.
- the permissions list is used by the restriction system to restrict the rendering, display and execution of the downloaded application or content.
- the permissions list is used to control the access rights and privileges of the application or content so that systems, features, settings, and information on the wireless device are protected against unauthorized access by the application or content.
- An authority such as a device service provider or other entity, approves the permissions list and generates the modification detection indicator that binds the permissions list and the content descriptor.
- a method for use in a device to enforce restrictions on content render on the device.
- the method comprises receiving a permissions list associated with the content, receiving a content descriptor that identifies the content, and receiving a modification detection indicator that was created by an authority, wherein the modification detection indicator binds the permissions list and the content descriptor.
- the method further comprises retrieving the content identified by the content descriptor, and rendering the content on the device, wherein the content is restricted based on the permissions list.
- a device for rendering content comprises receiving logic that operates to obtain a permissions list, content descriptor, and a modification detection indicator that was created by an authority.
- the device also comprises rendering logic that operates to verify the modification detection indicator, obtain content identified by the content descriptor, and render the content on the device, wherein the content is restricted based on the permissions list.
- a device that operates to enforce restrictions on rendered content.
- the device comprises means for receiving a permissions list associated with the content, means for receiving a content descriptor that identifies the content, and means receiving a modification detection indicator that was created by an authority, wherein the modification detection indicator binds the permissions list and the content descriptor.
- the device also comprises means for retrieving the content identified by the content descriptor, and means for rendering the content on the device, wherein the content is restricted based on the permissions list.
- a computer-readable media comprises instructions, which when executed by a processor in a wireless device, enforce restrictions on content rendered by the device.
- the computer readable media comprises instructions for receiving a permissions list associated with the content, instructions for receiving a content descriptor that identifies the content, and instructions receiving a modification detection indicator that was created by an authority, wherein the modification detection indicator binds the permissions list and the content descriptor.
- the computer-readable media also comprises instructions for retrieving the content identified by the content descriptor, and instructions for rendering the content on the device, wherein the content is restricted based on the permissions list.
- a method is provided for generating a content package that is used to enforce restrictions on content rendered on a device. The method comprises receiving a permissions list associated with the content, receiving a content descriptor that describes the content, and generating a modification detection indicator that binds the permissions list and the content descriptor.
- apparatus for generating a content package that is used to enforce restrictions on content rendered on a device.
- the apparatus comprises receiving logic that operates to receive a permissions list associated with the content, and a content descriptor that describes the content.
- the apparatus also comprises generating logic that operates to generate a modification detection indicator that binds the permissions list and the content descriptor.
- apparatus for generating a content package that is used to enforce restrictions on content rendered on a device.
- the apparatus comprising means for receiving a permissions list associated with the content, means for receiving a content descriptor that describes the content, and means for generating a modification detection indicator that binds the permissions list and the content descriptor.
- a computer-readable media comprises instructions, which when executed by a processor, generate a content package that is used to enforce restrictions on content rendered on a device.
- the computer readable media comprises instructions for receiving a permissions list associated with the content, instructions for receiving a content descriptor that identifies the content, and instructions generating a modification detection indicator that binds the permissions list and the content descriptor.
- FIG. 1 shows a data network that comprises one embodiment of a restriction system to enforce application level restrictions on local and remote content rendered on a wireless device;
- FIG. 2 shows a functional diagram of one embodiment of a restriction system for use in an authority that operates to generate a content package that is downloaded to a device;
- FIG. 3 shows one embodiment of a content package for use with one or more embodiments of a restriction system
- FIG. 4 shows a functional diagram of one embodiment of a restriction system for use in a device that operates to provide application level restrictions to applications and content rendered on the device;
- FIG. 5 shows a data network that comprises one embodiment of a restriction system for use with a wireless device
- FIG. 6 shows one embodiment of a method for enforcing application level restrictions on applications and content rendered on a wireless device
- FIG. 7 shows one embodiment of an authority suitable for implementing one or more embodiments of a restriction system
- FIG. 8 shows one embodiment of device suitable for implementing one or more embodiments of a restriction system.
- the restriction system comprises a content viewer on the device to allow the device to access various network resources in an efficient and cost effective manner.
- the content viewer also enforces restrictions on downloaded content to prevent unauthorized operation of device systems or access to specific device information.
- the device may be any type of wired or wireless device, including but not limited to, a computer, a wireless telephone, a pager, a PDA, an email device, a tablet computer, or other type of wired or wireless device.
- the content viewer interacts with a runtime environment executing on the device that is used to simplify operation of the device, such as by providing generalized calls for device specific resources.
- a runtime environment executing on the device that is used to simplify operation of the device, such as by providing generalized calls for device specific resources.
- One such runtime environment is the Binary Runtime Environment for WirelessTM (BREWTM) software platform developed by QUALCOMM, Inc., of San Diego, California.
- BREWTM Binary Runtime Environment for WirelessTM
- BREW software platform BREW software platform.
- one or more embodiments of the restriction system are suitable for use with other types of content viewers and/or runtime environments to enforce application level restrictions on local and remote content rendered on wired and wireless devices.
- content is use herein to describe any type of application, multimedia content, image file, executable, web page, script, document, presentation, message, or any other type of information that may be rendered on a device.
- the restriction system operates to enforce application level restrictions on content rendered on a wireless device by performing one or more of the following steps.
- a wireless device downloads a content package associated with content to be viewed on the device.
- the content package includes a permissions list that describes the associated rights, restrictions, and privileges to be applied to the content.
- the content package also includes a content descriptor, which identifies the content, and a modification detection indicator (i.e., a digital signature) that binds the permissions list and the content descriptor.
- a content viewer application When the user attempts to view the content, a content viewer application is activated.
- the content viewer application uses the digital signature to verify the authenticity of the permissions list and the content descriptor.
- the content viewer application retrieves the content using the content descriptor and renders the content on the wireless device.
- the rendered content is governed by the rules enforced on the content viewer application that were provided in the permissions list.
- the content descriptor contains the actual content data.
- the content descriptor may be a document, image file, web page, or any other type of viewable content.
- the content descriptor is a content locator.
- the content viewer operates as a network browser and the content descriptor is a content locator, such as a universal resource locator (URL).
- the content viewer navigates to the network address provided by the content descriptor and displays content pages retrieved from that location.
- the content viewer operates to restrict the operation of the retrieved content pages according to the restrictions in the permissions list.
- the restriction system comprises a permissions list.
- the permissions list is a list of access rights, privileges, restrictions, or limitations that are applied to an application or content that is executed or rendered on a device. For example, when content and an associated permission list are installed on a device, the restriction system operates to allow the rendered content to access only the resources granted in the permission list.
- the developer of the application or content may create or provide input to creating the permissions list for the content.
- a system administrator, or other authority such as a carrier or device manufacturer
- a device server may be used to create the permissions list based on the input from authorities, entities, or parties involved with creating the application or content.
- a content developer submits the content to an authority.
- the authority reviews or evaluates the content and determines what privileges to assign to the content. The privileges then become part of the permissions list. Thus, the authority operates to approve the content and authorizes the associated rights provided in the permissions list.
- a device may further limit or grant access to device resources beyond the scope of the permissions list. For example, a user may not have rights to a resource on the device to which the application has been granted permission by the permissions list. Thus, the device may provide additional rights or limitations and may therefore grant or refuse to grant access to resources even if permission has been granted in the permissions list.
- the restriction system comprises a modification detection indicator that is used to provide a binding between a permissions list and a content descriptor.
- any technique may be used to generate the modification detection indicator that binds the permissions list and the content descriptor.
- the modification detection indicator is a digital signature that is generated using the permissions list and the content descriptor.
- any type of signature, encoding, or other modification detection technique may be used to provide a binding between a permissions list and its associated content descriptor.
- FIG. 1 shows a data network 100 that comprises one embodiment of a restriction system to enforce application level restrictions on local and remote content rendered on a wireless device.
- the network 100 comprises a wireless device 102 that communicates with a data network 104 via a wireless communication channel 106.
- the data network 104 subsumes a wired and wireless data network that is private, public or both.
- the network 100 also comprises an authority 108 that operates to provide services to the wireless device 102.
- the wireless device 102 may be a wireless telephone, and the authority 108 may be part of a nationwide telecommunications network that provides telecommunication services to the device 102.
- a content server 110 Also in communication with the network 104 is a content server 110.
- the content server 110 operates to provide content, such as multimedia content, to devices that are in communication with the network 104.
- the authority 108 comprises logic to generate a content package 120 that comprises a permissions list, a content descriptor and a digital signature.
- the permissions list describes rendering and resource access restrictions that are applied to applications or content identified by the content descriptor.
- the content descriptor may comprise actual content data, such as an image file or document.
- the content descriptor may also comprise a content locator that identifies the location of the content. For example, the content descriptor may identify an application or multimedia content located at the content server 110.
- the content package 120 is downloaded from the authority 108 to the device 102.
- the device 102 launches a content viewer 116 that operates to retrieve the content identified by the content descriptor and renders the content on the device 102 while applying the restrictions provided in the permissions list.
- the content descriptor may be the actual content, which is rendered on the device by the content viewer 116.
- the content descriptor is a content locator, which is used by the content viewer 116 to obtain the content for rendering on the device 102.
- the restriction system operates to protect the resources on the wireless device 102 from unauthorized access by the downloaded content, and thereby removes this burden from the device user. This allows the device user to download applications and content for use on the wireless device 102 without having to worry that the downloaded application or content may compromise the operation of the device or corrupt important information stored on the device.
- the permissions list and content descriptor may be created by the authority 108 and bound together using the digital signature.
- the authority 108 may incorporate various security techniques, such as encoding, encryption, credentials, authentication signatures, or other modification detection/authentication techniques to transmit the content package 120 to the device 102.
- the device can be sure it is receiving the content package 120 from a trusted source.
- the authority 108, and the server 110 are distinct network servers located at different physical locations.
- the servers 108, 110 are located at the same physical location, and in still another embodiment, the servers 108 and 110 are the same server.
- the restriction system may be implemented using virtually any network configuration having a variety of servers that operate to provide the functions of the restriction system described herein.
- ElG. 2 shows a functional diagram of one embodiment of a restriction system for use in the authority 108 that operates to generate a content package that is downloaded to a device.
- the authority 108 operates to approve a permissions list and generate the content package for download to a wireless device, for example, the device 102.
- the authority comprises a content receiver 202 that receives content 212 from the content server 110.
- the authority also comprises a permission list receiver 204 that receives a proposed permission list 214 from the content server 110.
- the approval/creation logic 206 takes the content 212 and the received permission list 214, evaluates the permissions list, and either approves or disapproves it.
- the logic 206 operates to generate one based on the content itself and other parameters. For example, based on the type of content or the source of the content, the logic 206 generates an associated permissions list. Once an approved permissions list is obtained, the permission list and content go to the modification detection generator 208. The generator 208 generates a modification detection indicator that binds the permissions list to the content. For example, the modification detection indicator may be a digital signature. Finally, a package generator 210 generates a content package 216 that incorporates the content 214, the permission list 212, and modification detection indicator.
- the content 214 is a content descriptor that identifies the content and its location. In another embodiment, the content 214 contains the actual application or content data. Once the content package is generated it is made available to the wireless device 102 which downloads it and renders it.
- FIG. 3 shows one embodiment of a content package 300 for use with one or more embodiments of a restriction system.
- the content package 300 shown in FIG. 3 may be the content package 120 shown in FIG. 1.
- the content package comprises a permissions list 302, actual content or a content descriptor 306, a modification detection indicator 308, and additional information 310.
- the permissions list 302 comprises authorization settings 304 that indicate what restrictions, authorizations, or privileges are granted to the described application or content.
- the authorization settings 304 comprises a series of bits that when set to a value of "1" grant a particular authorization to the content based on the position of the bit.
- the first bit position may grant or deny access to selected device files
- the second bit may grant or deny access to device hardware, such as a modem
- the third bit may grant or deny access to particular device settings, and so on.
- the content section 306 comprises a content descriptor that describes the application or content.
- the content descriptor may comprise the actual application or content data downloaded to the device.
- the content descriptor may include multimedia content, such as a MPEG or MIDI file, or may include an application, such as a gaming program.
- the content descriptor may comprise a content locator (i.e., a URL) that identifies an application or content and/or its location on a data network that the device has access to.
- the content descriptor may comprise the link (http://www.foo.com/videos/movie.mpg) that when accessed by the device, will cause "movie.mpg" to be downloaded to the device.
- the content descriptor describes a set of content pages or addresses, a domain name, or any other type of information set.
- the content descriptor may be the actual application or content data, or a content locator that identifies the location of an application or content, or a content group that can be accessed and downloaded by the device.
- the modification detection indicator 308 comprises a digital signature and/or other security information that binds the permissions list with the content descriptor so that it is possible to verify their authenticity. Virtually any type of modification detection technique may be used to produce the modification detection indicator 308.
- the additional information section 310 comprises additional information about the application or content that is associated with the content package.
- the information section 310 may include file size, version, or other information relative to the content package 120 or the associated application or content.
- the additional information section 310 may also include license information associated with the application or content.
- the license information may include the type of license granted, the date granted, the duration of the license, the cost of the license, or other license information.
- the content package is generated by the package generation logic 212 at the authority 108.
- application or content developers may generate a permissions list for their application or content.
- the permissions list may be transmitted to the wireless device in several ways.
- the application or content developer may transmit the permissions list to the authority 108 where it is evaluated, authorized and stored until the wireless device requests to download the associated content.
- a permissions list authorized by an authority is stored with the application or content at their respective servers. When the wireless device attempts to download the application or content, the associated permissions list is also downloaded to the wireless device.
- the modification detection indicator 308 generated by the authority is used to bind them and to allow the device to authenticate them as unmodified originals. Furthermore, the authority operates to create, evaluate, and/or authorize the permissions list so that regardless of where it is stored, the permissions list only grants authorized permissions to the associated application or content.
- FIG. 4 shows a functional diagram of one embodiment of a restriction system for use in the device 102 that operates to provide application level restrictions to applications and content rendered on the device.
- the content viewer 116 receives the content package 120 via a content receiver 402.
- the content package 120 is transferred to the content viewer 116, which takes the package apart and verifies the digital signature. If the content is not in the package, then the content viewer 116 fetches the content using content request logic 404.
- the content descriptor may be an address where the content is stored.
- the content request logic 404 operates to transmit a request 408 to retrieve the content 410 from this address.
- the content viewer 116 operates to render the content on the device and restrict the rendering operation based on the permission list 402 in the content package 120.
- the runtime/OS 406 is not directly involved and only supports the content viewer 116.
- the content package is received by the receiver 402 and is handed off to the runtime/OS 406.
- the runtime/OS takes apart the package 120 and verifies the digital signature 408 in it. It also extracts the permission list 402. It then invokes the content viewer 116 handing it the content descriptor 406. It also restricts the operation of the content viewer 116 based on the permission list 402.
- the restrictions in the permission list are partly imposed by the content viewer 116 and partly by the runtime/OS 406.
- FIG. 5 shows a data network 500 that comprises one embodiment of a restriction system for use with a wireless device.
- the network 500 comprises a general purpose data network 502 that includes connections to an authority 504 and a content server 506.
- the data network 502 may be private or public or both and may be wired or wireless or both.
- the authority 504 may be a carrier server, device server, or other authority.
- the network 502 also communicates with a wireless device 508 via a wireless communication channel 510.
- wireless device 508 includes a runtime environment, such as that provided by the BREW software platform.
- ElG. 6 shows one embodiment of a method 600 for enforcing application level restrictions on applications and content rendered on a wireless device.
- the method 600 is suitable for use with the network 500 shown in FlG. 5. Therefore, for added clarity, the following detailed description of the method 600 includes additional references to the network 500.
- the method 600 begins at block 602, when a content server submits a request to the restriction system to authorize content so that a wireless device may render it without concern.
- the content server 506 submits a request, as shown at path 5a, to register content with the authority 504.
- the request may include a content descriptor that comprises the actual content data, or a content locator, and may also include a permissions list for the content. In one embodiment, if the permissions list is not provided, the authority 504 generates the permissions list for the content.
- the authority operates to create/evaluate an authorized permissions list. For example, in one embodiment, the authority 504 evaluates the content and/or other information related to the content and generates an authorized permissions list that is associated with the content. In another embodiment, the content provider 506 provides a permissions list and the authority operates to evaluate the provided permissions list and determine whether the permissions list should be authorized. Thus, any privileges granted to the content via the permissions list are first authorized by the authority 504.
- the authority generates a modification detection indicator that binds the content descriptor and the permissions list.
- the authority 504 generates a digital signature using the content descriptor and the permissions list.
- any other modification detection technique could be used.
- the content descriptor, permissions list and the digital signature form a content package that may be transmitted to a wireless device or any other entities on the network 502.
- the content descriptor may be the actual content or a content locator.
- an indication is provided to the wireless device that the content is available for download. For example, the device 508 may browse a catalog of available content provided by the authority 504.
- the authority 504 transmits an icon, as shown at path 5b, for display on the wireless device 508 that the user may select to access the content, hi one embodiment, the runtime environment executing on the device 508 receives and displays the icon to the device user.
- the wireless device user submits a request to the authority to download an application or multimedia content. For example, the device user selects the icon displayed on the device 508 and the runtime environment executing on the device 508 transmits a request, as shown at path 5c, to the authority 504 using the network 502 to download the application or multimedia content associated with the displayed icon.
- a content package is transmitted to the device.
- the authority 504 responds to the device's 508 request by transmitting to the device 508 (as shown at path 5d) a content package that includes the content descriptor, the permissions list and the digital signature.
- the content package may also include additional information about the content or additional security information used, such as a key or credential to verify that the device has received the content package from the authority 504.
- the credential allows the device to verify that it has received the content package from a trusted source.
- the runtime environment running on the wireless device launches a content viewer that operates to process the content package to allow the device user to view the requested content.
- the BREW runtime environment running on the wireless device 508 launches the content viewer 116.
- the content viewer uses the digital signature to verify the authenticity of the permissions list and the content descriptor.
- the content viewer 116 uses the permissions list and the content descriptor to generate a second digital signature that is compared to the digital signature received from the authority 504 in the content package. Assuming the permissions list and the content descriptor are authentic, the method proceeds to block 616.
- the content viewer processes the content package and determines that it contains a content descriptor that identifies the content data.
- the content descriptor is an address (URL) to the content, which is located at the content server 506.
- the content viewer transmits a request to the content server to receive the content.
- the content viewer 514 transmits a request to the content server 506 over the wireless network 502, as shown at path 5e.
- the request is a request to receive the content pointed to by the content descriptor.
- the content server transmits the content to the wireless device.
- the content server 506 receives the request, and in response, transmits the content identified by the content descriptor to the wireless device 508, as shown at path 5f.
- the content viewer then renders the content on the device.
- the content viewer uses the restrictions provided in the permission list to apply to the content so that the content is restricted from accessing selected functions, features, device settings, and/or specific information stored on the device.
- Virtually any type of resource or operational restriction may be provided based on the permissions in the permissions list.
- the restriction system allows the device 508 to download content from remote servers and render the content knowing that the restriction system has restricted the content so that device resources or information will not be access without proper authorization.
- the restriction of the content occurs without burdening the device user with having to determine when and how to restrict the content.
- the method 600 describes the use of a content package that comprises a permissions list, content descriptor and digital signature
- a content package is not used.
- the permissions list, content descriptor, and modification detection indicator may be transmitted to the wireless device from the same or different sources.
- a content provider may transmit the content descriptor
- a device server may transmit the permissions list
- an authority may transmit the modification detection indicator.
- the modification detection indicator is incorporated into the permissions list and/or the content descriptor. Virtually any combination of the information is possible, and the information may be transmitted to the device from one or any number of transmitting sources.
- the wireless device operates to authenticate that the modification detection indicator was generated by the proper authority. For example, any type of encoding, encryption, credentials, etc., may be used to authenticate the modification detection indicator. Once the modification detection indicator is authenticated, it is used to authenticate the permissions list and the content descriptor. Thus, no matter how the information is transmitted to the device, the authentication process allows the device to verify that it has the authentic information, which may be used to safely render the content on the device.
- FlG. 7 shows one embodiment of an authority 700 suitable for implementing one or more embodiments of a restriction system as described herein.
- the authority 700 and all its functional blocks may be implemented as software, hardware, or both.
- the functional blocks are implemented as instructions stored in memory 708 and executed by processing logic 702.
- some of the functional blocks such as the package generator 712 may be implemented as special purpose hardware (i.e., a gate array) or any other hardware, logic, or circuit capable of providing the described functionality.
- a network interface 706 operates to provide communications 714 between the authority and a data network.
- the network interface 706 allows the authority 700 to communicate with content servers, devices, and other network entities.
- a user interface 710 operates to provide interaction between the authority 700 and a user via the user input 716.
- the user interface 710 is used to allow a user to communicate operating parameters to the processing logic 702.
- the package generator logic 712 operates to receive content and a permissions list, evaluate the permissions list, and approve or disapprove it. In another embodiment, the package logic 712 operates to generate a permissions list based on the received content and other parameters. Once an authorized permissions list is obtained, the logic 712 operates to binding the permissions list and the content using a modification detection indicator, such as a digital signature. The content, permissions list, and digital signature are then combined into a content package that is transmitted to a device via the network interface 706.
- a modification detection indicator such as a digital signature
- FIG. 8 shows one embodiment of device 800 suitable for implementing one or more embodiments of a restriction system as described herein.
- the device 800 comprises processing logic 802, internal bus 804, network interface 806, rendering logic 812, memory 808, and user interface 810.
- all the functional blocks of the device 800 are implemented as instructions stored in the memory 808 and executed by processing logic 802.
- some of the functional blocks such as the content viewer 116 may be implemented as special purpose hardware (i.e., a gate array) connected to the bus 804, or as any other hardware circuit capable of providing the required functionality.
- the network interface 806 may use any means of transferring, storing or copying data including a network connection 816 that may be coupled to local or remote networks, devices, or systems.
- the processing logic 802 executes program instructions stored in the memory 808 that cause a runtime environment 814 to be activated.
- the runtime environment 814 processes a content package received via the network interface 806, and in response, activates a content viewer 116.
- the content viewer 116 operates to render content contained in the content package using the rendering logic 812.
- the content viewer renders the content using restrictions based on a permissions list provided in the content package.
- the content package includes a content descriptor that identifies the location of the content to be rendered.
- the content viewer 116 uses the content descriptor to obtain the content from the specified location via the network interface 806. Once obtained, the content is rendered via the rendering logic 812.
- the device 800 illustrates just one embodiment of a device suitable for implementing a restriction system as described herein. It is also possible to implement a restriction system using different functional elements, rearranging the elements, or using a different type of device. Thus, the embodiments described herein are not limited to the implementation shown in FIG. 8.
- the device user may override access rights or restrictions provided in the permissions list. For example, by providing specific user inputs, the user may override access rights provided in the permissions list to prevent an application or content from accessing a specific device resource or stored information. Thus, the device user maintains the ability to control access to device resources even if access to those resources is not granted in the permissions list.
- a restriction system has been described that includes methods and apparatus to enforce application level restrictions on local and remote applications and content rendered on a wireless device.
- the system is suitable for use with all types of wireless devices and is especially well suited for use with mobile telephones to provide access to a wide range of network resources while providing restrictions to protect feature, functions, settings, information and other device systems.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05851662A EP1813108A4 (en) | 2004-11-16 | 2005-11-15 | Methods and apparatus for enforcing application level restrictions on local and remote content |
KR1020077013650A KR100875798B1 (en) | 2004-11-16 | 2005-11-15 | Method and apparatus for enforcing application level restrictions on local and remote content |
BRPI0518017-1A BRPI0518017A (en) | 2004-11-16 | 2005-11-15 | methods and equipment for enforcing application restrictions on local and remote content |
CN2005800464772A CN101099385B (en) | 2004-11-16 | 2005-11-15 | Methods and apparatus for enforcing application level restrictions on local and remote content |
JP2007543171A JP2008521134A (en) | 2004-11-16 | 2005-11-15 | Method and apparatus for enforcing application level restrictions on local and remote content |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/990,664 | 2004-11-16 | ||
US10/990,664 US20060107327A1 (en) | 2004-11-16 | 2004-11-16 | Methods and apparatus for enforcing application level restrictions on local and remote content |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006055544A2 true WO2006055544A2 (en) | 2006-05-26 |
WO2006055544A3 WO2006055544A3 (en) | 2007-03-29 |
Family
ID=36388006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2005/041327 WO2006055544A2 (en) | 2004-11-16 | 2005-11-15 | Methods and apparatus for enforcing application level restrictions on local and remote content |
Country Status (8)
Country | Link |
---|---|
US (1) | US20060107327A1 (en) |
EP (1) | EP1813108A4 (en) |
JP (2) | JP2008521134A (en) |
KR (1) | KR100875798B1 (en) |
CN (1) | CN101099385B (en) |
BR (1) | BRPI0518017A (en) |
TW (1) | TW200633530A (en) |
WO (1) | WO2006055544A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100998923B1 (en) * | 2006-12-05 | 2010-12-09 | 삼성전자주식회사 | Method and Apparatus for transmitting contents with authorized control of system |
US8370957B2 (en) * | 2006-12-05 | 2013-02-05 | Samsung Electronics Co., Ltd | Method and apparatus for transmitting contents with limited system permissions |
US9100403B2 (en) | 2008-12-28 | 2015-08-04 | Qualcomm, Incorporated | Apparatus and methods for providing authorized device access |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100680296B1 (en) * | 2005-04-15 | 2007-02-07 | 주식회사 케이티프리텔 | Method for providing continuous downloading service of large size contents through wireless network and record media recored program for realizing the same |
JP2008515046A (en) * | 2005-04-15 | 2008-05-08 | ケーティーフリーテル・カンパニー・リミテッド | How to provide content |
EP1944726A4 (en) * | 2005-11-02 | 2010-05-05 | Panasonic Corp | Information communicating device, server, and content presenting method |
US20070150617A1 (en) * | 2005-12-22 | 2007-06-28 | Innopath Software, Inc. | Resource application program interface utility for changing user interface elements on wireless devices |
US20070150816A1 (en) * | 2005-12-22 | 2007-06-28 | Innopath Software, Inc. | User interface authoring utility for changing user interface elements on wireless devices |
US8326296B1 (en) | 2006-07-12 | 2012-12-04 | At&T Intellectual Property I, L.P. | Pico-cell extension for cellular network |
US8312518B1 (en) * | 2007-09-27 | 2012-11-13 | Avaya Inc. | Island of trust in a service-oriented environment |
EP2045756A3 (en) | 2007-10-04 | 2011-11-23 | Samsung Electronics Co., Ltd. | Method and apparatus for transmitting contents with limited system permissions |
US8041372B1 (en) | 2007-11-26 | 2011-10-18 | Adobe Systems Incorporated | Selecting data in a mobile information system |
US8677476B2 (en) * | 2007-11-26 | 2014-03-18 | Adobe Systems Incorporated | Providing remotely defined security data to a local application extension |
US8281390B1 (en) | 2007-11-26 | 2012-10-02 | Adobe Systems Incorporated | Remotely defining security data for authorization of local application activity |
US8413233B1 (en) | 2007-11-26 | 2013-04-02 | Adobe Systems Incorporated | Authorizing local application activity using remotely defined security data |
US8214619B1 (en) | 2007-11-26 | 2012-07-03 | Adobe Systems Incorporated | Memory allocation in a mobile device |
US8094551B2 (en) | 2008-05-13 | 2012-01-10 | At&T Mobility Ii Llc | Exchange of access control lists to manage femto cell coverage |
US8719420B2 (en) | 2008-05-13 | 2014-05-06 | At&T Mobility Ii Llc | Administration of access lists for femtocell service |
US20100041365A1 (en) | 2008-06-12 | 2010-02-18 | At&T Mobility Ii Llc | Mediation, rating, and billing associated with a femtocell service framework |
US8520570B2 (en) * | 2008-06-17 | 2013-08-27 | Nintendo Co., Ltd. | Data communication system, information processing apparatus and storage medium having stored thereon information processing program |
JP4334602B1 (en) * | 2008-06-17 | 2009-09-30 | 任天堂株式会社 | Information processing apparatus, information processing system, and information processing program |
US8510838B1 (en) * | 2009-04-08 | 2013-08-13 | Trend Micro, Inc. | Malware protection using file input/output virtualization |
US8433296B2 (en) | 2009-05-01 | 2013-04-30 | Ryan Hardin | Exclusive delivery of content within geographic areas |
US8510801B2 (en) | 2009-10-15 | 2013-08-13 | At&T Intellectual Property I, L.P. | Management of access to service in an access point |
US8799355B2 (en) * | 2009-11-03 | 2014-08-05 | Microsoft Corporation | Client server application manager |
US20110239270A1 (en) * | 2010-03-26 | 2011-09-29 | Nokia Corporation | Method and apparatus for providing heterogeneous security management |
US9721090B2 (en) * | 2010-04-29 | 2017-08-01 | Safend Ltd. | System and method for efficient inspection of content |
US9652542B2 (en) * | 2011-04-06 | 2017-05-16 | Teradata Us, Inc. | Securely extending analytics within a data warehouse environment |
US8818339B2 (en) * | 2011-10-10 | 2014-08-26 | Blackberry Limited | Capturing and processing multi-media information using mobile communication devices |
JP6261933B2 (en) * | 2012-10-16 | 2018-01-17 | 日本放送協会 | Broadcast communication cooperative receiver and broadcast communication cooperative system |
US9058493B1 (en) * | 2013-01-16 | 2015-06-16 | Amdocs Software Systems Limited | System, method, and computer program for conditionally implementing protected content |
US20140282886A1 (en) * | 2013-03-14 | 2014-09-18 | TollShare, Inc. | Content list sharing |
JP2016540287A (en) | 2013-10-18 | 2016-12-22 | ノキア テクノロジーズ オサケユイチア | Method and system for running applications on electronic devices and monitoring permissions |
US9342672B2 (en) * | 2014-01-29 | 2016-05-17 | Dspace Digital Signal Processing And Control Engineering Gmbh | Computer-implemented method for managing at least one data element in control unit development |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6345288B1 (en) * | 1989-08-31 | 2002-02-05 | Onename Corporation | Computer-based communication system and method using metadata defining a control-structure |
US6505300B2 (en) * | 1998-06-12 | 2003-01-07 | Microsoft Corporation | Method and system for secure running of untrusted content |
JP3992396B2 (en) * | 1999-03-31 | 2007-10-17 | 株式会社リコー | Electronic document management apparatus, electronic document management method, and computer-readable recording medium storing program for causing computer to execute the method |
US6981262B1 (en) * | 2000-06-27 | 2005-12-27 | Microsoft Corporation | System and method for client interaction in a multi-level rights-management architecture |
US6704024B2 (en) * | 2000-08-07 | 2004-03-09 | Zframe, Inc. | Visual content browsing using rasterized representations |
US7743259B2 (en) * | 2000-08-28 | 2010-06-22 | Contentguard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
WO2002065258A2 (en) * | 2001-02-13 | 2002-08-22 | Qualcomm Incorporated | Method and apparatus for authenticating embedded software in a remote unit over a communications channel |
WO2002088911A2 (en) * | 2001-04-30 | 2002-11-07 | Nokia Corporation | Protection of content reproduction using digital rights |
US7099663B2 (en) * | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
BR0211884A (en) * | 2001-08-13 | 2004-09-21 | Qualcomm Inc | Using Permissions to Allocate Device Resources for an Application |
US7921287B2 (en) * | 2001-08-13 | 2011-04-05 | Qualcomm Incorporated | Application level access privilege to a storage area on a computer device |
JP2003202929A (en) * | 2002-01-08 | 2003-07-18 | Ntt Docomo Inc | Distribution method and distribution system |
JP2005517244A (en) * | 2002-02-07 | 2005-06-09 | クアルコム ケンブリッジ リミテッド | Method and apparatus for providing content to portable terminal |
WO2003083646A1 (en) * | 2002-04-03 | 2003-10-09 | Ntt Docomo, Inc. | Distribution method, distribution system, and terminal device |
US7529929B2 (en) * | 2002-05-30 | 2009-05-05 | Nokia Corporation | System and method for dynamically enforcing digital rights management rules |
JP3819345B2 (en) * | 2002-08-30 | 2006-09-06 | 株式会社エヌ・ティ・ティ・データ | IC chip and application providing system |
US20040148356A1 (en) * | 2002-11-04 | 2004-07-29 | Bishop James William | System and method for private messaging |
JP4176533B2 (en) * | 2003-03-31 | 2008-11-05 | 株式会社エヌ・ティ・ティ・ドコモ | Terminal device and program |
US8041957B2 (en) * | 2003-04-08 | 2011-10-18 | Qualcomm Incorporated | Associating software with hardware using cryptography |
US7500267B2 (en) * | 2004-04-30 | 2009-03-03 | Microsoft Corporation | Systems and methods for disabling software components to protect digital media |
US7761863B2 (en) * | 2004-06-08 | 2010-07-20 | Covia Labs, Inc. | Method system and data structure for content renditioning adaptation and interoperability segmentation model |
-
2004
- 2004-11-16 US US10/990,664 patent/US20060107327A1/en not_active Abandoned
-
2005
- 2005-11-14 TW TW094139993A patent/TW200633530A/en unknown
- 2005-11-15 CN CN2005800464772A patent/CN101099385B/en active Active
- 2005-11-15 JP JP2007543171A patent/JP2008521134A/en active Pending
- 2005-11-15 BR BRPI0518017-1A patent/BRPI0518017A/en not_active IP Right Cessation
- 2005-11-15 WO PCT/US2005/041327 patent/WO2006055544A2/en active Application Filing
- 2005-11-15 EP EP05851662A patent/EP1813108A4/en not_active Ceased
- 2005-11-15 KR KR1020077013650A patent/KR100875798B1/en active IP Right Grant
-
2011
- 2011-10-21 JP JP2011231756A patent/JP2012053894A/en active Pending
Non-Patent Citations (1)
Title |
---|
See references of EP1813108A4 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100998923B1 (en) * | 2006-12-05 | 2010-12-09 | 삼성전자주식회사 | Method and Apparatus for transmitting contents with authorized control of system |
US8370957B2 (en) * | 2006-12-05 | 2013-02-05 | Samsung Electronics Co., Ltd | Method and apparatus for transmitting contents with limited system permissions |
US9100403B2 (en) | 2008-12-28 | 2015-08-04 | Qualcomm, Incorporated | Apparatus and methods for providing authorized device access |
Also Published As
Publication number | Publication date |
---|---|
KR100875798B1 (en) | 2008-12-26 |
TW200633530A (en) | 2006-09-16 |
EP1813108A4 (en) | 2013-01-02 |
WO2006055544A3 (en) | 2007-03-29 |
CN101099385B (en) | 2013-03-27 |
JP2012053894A (en) | 2012-03-15 |
EP1813108A2 (en) | 2007-08-01 |
US20060107327A1 (en) | 2006-05-18 |
KR20070086318A (en) | 2007-08-27 |
CN101099385A (en) | 2008-01-02 |
JP2008521134A (en) | 2008-06-19 |
BRPI0518017A (en) | 2008-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100875798B1 (en) | Method and apparatus for enforcing application level restrictions on local and remote content | |
US9985969B1 (en) | Controlling use of computing-related resources by multiple independent parties | |
Jackson et al. | Subspace: secure cross-domain communication for web mashups | |
KR101219819B1 (en) | Flexible licensing architecture for licensing digital application | |
KR101409634B1 (en) | Methods and apparatus for content protection in a wireless network | |
US7540024B2 (en) | Security features for portable computing environment | |
EP0845733B1 (en) | Implementing digital signatures for data streams and data archives | |
EP2334027B1 (en) | Method for scalable access control decisions | |
EP1132796A1 (en) | Mobile code and method for resource management for mobile code | |
AU2001244194A1 (en) | Mobile code and method for resource management for mobile code | |
JPH09288575A (en) | System and method for managing try-and-by usage for application program | |
US20090125987A1 (en) | Digital rights management | |
AU2005222507B2 (en) | Portable computing environment | |
CN101547202A (en) | Method for processing security level of device on the net | |
US8474055B2 (en) | Method and apparatus for managing digital content | |
KR20060108093A (en) | Method and apparatus for presenting contents service using drm | |
EP1462909B1 (en) | A computer for managing data sharing among application programs | |
KR101249343B1 (en) | Method for protection of a digital rights file | |
JP3888273B2 (en) | External program operation control method, operation control program, operation control apparatus, and operation control program providing apparatus | |
US20080282258A1 (en) | Sharing the common session between two applications on the same server | |
KR100662460B1 (en) | Method and system of content download | |
KR20060117786A (en) | Method and apparatus for providing multi-media contents service using drm | |
JP2006058994A (en) | Module starting device, method and system | |
JP2007525738A (en) | Download multiple objects |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005851662 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007543171 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4241/DELNP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020077013650 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580046477.2 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2005851662 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: PI0518017 Country of ref document: BR |