A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
The present invention relates generally to the field of content and/or data delivery over a network. More particularly, the present invention is related in one exemplary aspect to apparatus and methods for distributing programming content, media, data and other information services via a rights-managed apparatus.
Recent advances in digital information processing have made a whole range of services and functions available for delivery to consumers for very reasonable prices or subscription fees. These services and functions include digital programming (movies, etc.), digital video-on-demand (VOD), personal video recorder (PVR), Internet Protocol television (IPTV), digital media playback and recording, as well high-speed (broadband) internet access and IP-based telephony (e.g., VoIP).
Currently, many of these services are provided and delivered to the user via a wide variety of different equipment environments including, inter alia, cable modems, Wi-Fi hubs, Ethernet hubs, gateways, switches and routers, personal computers, laptop computers, servers, cable set-top boxes, PSTNs, cellular telephones/smartphones, PDAs, portable digital devices, miniature portable devices, etc. Additionally, the services associated with such technology are typically provided by multiple vendors including e.g., a cable service provider (e.g., MSO), cellular service provider (CSP), wireless service provider (WSP), VoIP service provider, music download service, Internet service provider (ISP), PSTN telephone service, etc.
The myriad of services, equipment and providers can easily create confusion and economic (and personal) inefficiency for someone using many of these services on a regular basis. In particular, a user may have to pay for each service or equipment separately, thus eliminating any economies of scale based on integration. For example, a cable network subscriber may have purchased access to certain content on his/her digital set top box (DSTB), but may not be able to view the same content on his or her personal computer from the Internet, or over their mobile phone or laptop.
Some improvements in digital service integration have been made over time. For example, cable system subscribers (such as those of the Assignee hereof) can now access VOD, PVR, PPV and broadcast (aka linear) services simultaneously, as well a Internet access via cable modem, and even digital telephony (e.g., VoIP). However, these functions are still substantially disparate in terms of their hardware and software environments (i.e., the user must have a cable modem, set-top box, VoIP telephony unit, PC, etc.), and “cross-over” between the environments (e.g., moving content or data from one environment to the other) can be quite limited.
Conditional access (CA) technologies are typically incorporated into content delivery networks, such technologies including the digital encoding of various types of data including audio and video programming and music. Conditional access can generally be defined as the control of when and how a user may view and use the associated programming or information. Different types of conditional access may be desirable in a network delivery system in order to, e.g., accommodate improvements in the technology over time, as well as different conditional access attributes such as security and category of programming or user access level.
A variety of traditional methods of conditional access exist including, e.g., “Powerkey”, NDS, and DigiCipher. A generalized conditional access model is also provided by the well-known DVB (Digital Video Broadcasting) Specification TS 101 197 V1.2.1 (February 2002), DVB SimulCrypt; Part 1: “Head-end architecture and synchronization”, and TS 103 197 V1.2.1 (February 2002): “Head-end Implementation of SimulCrypt”, each incorporated herein by reference in its entirety. These can be implemented using, for example, the so-called “CableCard” plug-in security module access technology (also known as “a point-of-deployment (POD) module”). See, e.g., the CableCard-Host interface specification, which defines the interface between a digital cable receiver or STB (Host device) and the CableCard device provided by the MSO/cable operator. Specifically, the CableCard contains conditional access functionality, as well as the capability of converting messages to a common format. Thus, the CableCard provides a cable operator with a secure device at the subscriber premises, and acts as a translator so that the host device needs to understand a single protocol, regardless of the type of the network to which it is connected.
However, conditional access (CA) paradigms currently in use are quite restricted, and not generally extensible beyond the user's set-top box, thus only support provision of content to a user at a single device. So, for example, the user would be prohibited from accessing content via the cable modem (e.g., streamed or downloaded content to their Wi-Fi enabled laptop or PC) which he/she would otherwise be entitled to via a set-top-box, since proper conditional access support does not exist in these heterogeneous device environments.
Thus, improved apparatus and methods for providing content across multiple, often different platforms to a user are needed. Such improved apparatus and services would ideally provide users with a set of rights to content, the rights being accessible in any number of diverse devices, thereby simplifying user access to the services, and allowing for substantially “unrestricted” access across multiple platforms. For example, the user or subscriber would be provided with a media device wherein access to content, whether via an MSO or a third party (including for example an Internet host server), would be readily available to the subscriber, subject to any authentication or subscription restrictions. The improved apparatus and methods also advantageously exploit the concept that a particular content identification is tied to the user (as opposed to a device). Hence, a user may be given a domain of content and a domain of devices which may consume the given content.
The present invention addresses the foregoing needs by disclosing apparatus and methods for distributing programming, data, media and other information services via a rights-managed mechanism in a content delivery network.
In a first aspect of the invention, a computer readable apparatus having a storage medium containing at least one computer program is disclosed. In one embodiment, the program, when executed on a host device: accesses a rights profile associated with at least one of a user and/or the host device; determines, based on the accessing, the use rights that the user and/or host device has with respect to a first content element; and accesses, based at least in part on the use rights, the first content element for playback to a user of the host device.
In one variant, the access of a rights profile comprises: generating a request for the profile; transmitting the request to a network entity; and receiving from the network entity or its proxy, the profile. The received rights profile may be encrypted using e.g., a public/private key pair, and the host device possesses a private key of the pair that enables the program to decrypt the rights profile.
In another variant, the rights profile is generated by a network operator based at least in part on a subscription of the user to a service provided by the operator. The program further comprises a module for generating a user interface, the user interface allowing a user of a content delivery network to log into a network server so that the rights profile can be provided to the host device.
In a second aspect of the invention, consumer premises equipment (CPE) is disclosed. In one embodiment, the CPE is for use in a content delivery network, and comprises: a network interface adapted to: transmit a request for information regarding a subscriber's rights to content; receive the requested information; transmit a request for content; and receive the requested content; a storage apparatus adapted to store the information; and a digital processor adapted to determine, based at least in part on the information, whether the subscriber has a right to access the requested content, and if so providing the requested content to the user. The requested content is received irrespective of whether the subscriber has a right to access the requested content or not.
In a third aspect of the invention, a method for determining a set of rights for a subscriber to content in a content delivery network is disclosed. In one embodiment, the method comprises: receiving a request for the set of rights from the subscriber at a client device; associating the client device to the subscriber's account; determining the set of rights for the subscriber based at least in part on information obtained from the subscriber's account; and transmitting the set of rights to the subscriber at the client device.
In a fourth aspect of the invention, a method of determining a user's rights to access requested content at a client device is disclosed. In one embodiment, the method comprises: receiving a request for content; accessing a profile comprising the user's rights to access a plurality of content; and comparing information relating to the requested content to the profile. If the profile provides the user with a right to access the requested content, providing the requested content to the user; and if the profile fails to provide the user with the right to access the requested content, not providing the requested content to the user.
In a fifth aspect of the invention, a client device for use in a content delivery network is disclosed. In one embodiment, the client device comprises: a radio frequency (RF) front end interface; a plurality of back end interfaces; a storage apparatus; and a digital processor, the digital processor configured to run at least one computer program thereon. When executed, the program instructions: request information regarding a subscriber's rights to access a plurality of content via the RF front end interface; request one of the plurality of content from at least one content; determine based at least in part on the information whether the subscriber is given a right to access the requested one of the plurality of content; and if it is determined that the subscriber has the right, provide the subscriber with access to the requested one of the plurality of content.
In a further aspect of the invention, a method for providing content to individual ones of a plurality of client devices is disclosed. In one embodiment, the client devices are disposed within a content delivery network, and the method comprises: generating a plurality of profiles, each of the plurality of profiles comprising information regarding rights of one of a plurality of subscribers to access a plurality of content; sending individual ones of the plurality of profiles to respective ones of the individual ones of the plurality of client devices; sending the plurality of content to the individual ones of the plurality of client devices; and enabling the individual ones of the plurality of client devices to utilize the information contained in the individual ones of the plurality of profiles to determine whether to provide for display of individual ones of the plurality of content sent thereto.
In a another aspect of the invention, a content provisioning system is disclosed. In one embodiment, the content provisioning system is used in a content delivery network (e.g., satellite or cable delivery network), and is used to interface with a client device process to receive requests for access to content, and locate/generate user rights profiles for transmission to the client device.
In yet another aspect of the present disclosure, a method for providing digital content to a computerized device is disclosed. In one embodiment, the method includes: receiving, at an entity of a first data network, data representative of a request for the digital content; accessing profile data including data regarding rights of a user to access the digital content; performing an evaluation relating to the requested digital content and the profile data; and transmitting, from the entity of the first data network, a response to the request to an entity of a second data network, said response based at least on the evaluation and configured to cause provision of the digital content to the computerized device from the entity of the second data network.
In still a further aspect of the present disclosure, a method of managing provision of digital content to at least one computerized client device is disclosed. In one embodiment, the method includes: transmitting, via a first data network, a request for digital content for at least one computerized client device; determining an association between the at least one computerized client device and a user account within a second data network, the second data network having a prescribed preexisting relationship with the first data network but operated by a different network operator than that of the first data network; based at least in part on the determining, causing access via the second data network of data associated with a user account of the at least one computerized device; generating the digital content based at least on the accessed data; and utilizing, via the first data network, the digital content to enable provision of the digital content to the at least one computerized client device via the first data network.
Further, a computer-readable apparatus is disclosed. In one embodiment, the computer-readable apparatus is configured to manage digital content access of one or more computerized client devices, and includes: a storage apparatus in data communication with the processing apparatus, the storage apparatus comprising a plurality of instructions, the plurality of instructions being configured to, when executed on a processing apparatus of a computerized apparatus, cause the computerized apparatus to: obtain a request for access to a digital content element for at least one of the one or more computerized client devices; access a rights profile associated with an account of a user of the at least one of the one or more computerized client devices, wherein the account of the user comprises a subscriber account of a first data network; evaluate the rights profile against metadata of the digital content element; based at least on the evaluation, determine access rights of the user with respect to the digital content element; and cause transmission, via a second data network, of data related to the determined access rights of the user to the at least one of the one or more computerized client devices.
These and other aspects of the invention shall become apparent when considered in light of the disclosure provided herein.
Reference is now made to the drawings wherein like numerals refer to like parts throughout.
As used herein, the term “application” refers generally to a unit of executable software that implements a certain functionality or theme. The themes of applications vary broadly across any number of disciplines and functions (such as on-demand content management, e-commerce transactions, brokerage transactions, home entertainment, calculator etc.), and one application may have more than one theme. The unit of executable software generally runs in a predetermined environment; for example, the unit could comprise a downloadable Java Xlet™ that runs within the JavaTV™ environment.
As used herein, the terms “client device” and “end user device” include, but are not limited to, set-top boxes (e.g., DSTBs), personal computers (PCs), and minicomputers, whether desktop, laptop, or otherwise, and mobile devices such as handheld computers, PDAs, personal media devices (PMDs), and smartphones.
As used herein, the term “codec” refers to an video, audio, or other data coding and/or decoding algorithm, process or apparatus including, without limitation, those of the MPEG (e.g., MPEG-1, MPEG-2, MPEG-4, etc.), Real (Real Video, etc.), AC-3 (audio), DiVX, XViD/ViDX, Windows Media Video (e.g., WMV 7, 8, or 9), ATI Video codec, or VC-1 (SMPTE standard 421M) families.
As used herein, the term “computer program” or “software” is meant to include any sequence or human or machine cognizable steps which perform a function. Such program may be rendered in virtually any programming language or environment including, for example, C/C++, Fortran, COBOL, PASCAL, assembly language, markup languages (e.g., HTML, SGML, XML, VoXML), and the like, as well as object-oriented environments such as the Common Object Request Broker Architecture (CORBA), Java™ (including J2ME, Java Beans, etc.) and the like.
As used herein, the term “conditional access” refers to any access control scheme, whether implemented in hardware, software, or firmware (or combinations thereof), including without limitation members of the “Powerkey” family (Powerkey Book 2, Powerkey Book 3, etc.), NDS (including VideoGuard, mVideoGuard, etc.), ANSI/SCTE Standard 52 2003 (DVS-042), incorporated herein by reference in its entirety, and Motorola/General Instrument DigiCipher® family (DigiCipher II, etc.). These can be implemented using, for example, the so-called “CableCard” plug-in security module access technology, a downloadable CA system (DCAS), or otherwise.
The terms “Customer Premises Equipment (CPE)” and “host device” refer to any type of electronic equipment located within a customer's or user's premises and connected to a network. The term “host device” refers generally to a terminal device that has access to digital television content via a satellite, cable, or terrestrial network. The host device functionality may be integrated into a digital television (DTV) set. The term “customer premises equipment” (CPE) includes such electronic equipment such as set-top boxes (e.g., DSTBs), televisions, cable modems (CMs), embedded multimedia terminal adapters (eMTAs), whether stand-alone or integrated with other devices, Digital Video Recorders (DVR), gateway storage devices (Furnace), and ITV Personal Computers.
As used herein, the term “display” means any type of device adapted to display information, including without limitation CRTs, LCDs, TFTs, plasma displays, LEDs, incandescent and fluorescent devices. Display devices may also include less dynamic devices such as, for example, printers, e-ink devices, and the like.
As used herein, the term “DOCSIS” refers to any of the existing or planned variants of the Data Over Cable Services Interface Specification, including for example DOCSIS versions 1.0, 1.1, 2.0 and 3.0. DOCSIS (version 1.0) is a standard and protocol for internet access using a “digital” cable network.
As used herein, the term “headend” refers generally to a networked system controlled by an operator (e.g., an MSO) that distributes programming to MSO clientele using client devices. Such programming may include literally any information source/receiver including, inter alia, free-to-air TV channels, pay TV channels, interactive TV, and the Internet.
As used herein, the terms “Internet” and “internet” are used interchangeably to refer to inter-networks including, without limitation, the Internet.
As used herein, the terms “microprocessor” and “digital processor” are meant generally to include all types of digital processing devices including, without limitation, digital signal processors (DSPs), reduced instruction set computers (RISC), general-purpose (CISC) processors, microprocessors, gate arrays (e.g., FPGAs), PLDs, reconfigurable compute fabrics (RCFs), array processors, and application-specific integrated circuits (ASICs). Such digital processors may be contained on a single unitary IC die, or distributed across multiple components. As used herein, the terms “MSO” or “multiple systems operator” refer to a cable, satellite, or terrestrial network provider having infrastructure required to deliver services including programming and data over those mediums.
As used herein, the terms “network” and “bearer network” refer generally to any type of telecommunications or data network including, without limitation, hybrid fiber coax (HFC) networks, satellite networks, telco networks, and data networks (including MANs, WANs, LANs, WLANs, internets, and intranets). Such networks or portions thereof may utilize any one or more different topologies (e.g., ring, bus, star, loop, etc.), transmission media (e.g., wired/RF cable, RF wireless, millimeter wave, optical, etc.) and/or communications or networking protocols (e.g., SONET, DOCSIS, IEEE Std. 802.3, ATM, X.25, Frame Relay, 3GPP, 3GPP2, WAP, SIP, UDP, FTP, RTP/RTCP, H.323, etc.).
As used herein, the term “network interface” refers to any signal or data interface with a component or network including, without limitation, those of the FireWire (e.g., FW400, FW800, etc.), USB (e.g., USB2), Ethernet (e.g., 10/100, 10/100/1000 (Gigabit Ethernet), 10-Gig-E, etc.), MoCA, Serial ATA (e.g., SATA, e-SATA, SATAII), Ultra-ATA/DMA, Coaxsys (e.g., TVnet™), radio frequency tuner (e.g., in-band or OOB, cable modem, etc.), Wi-Fi (802.11a,b,g,n), WiMAX (802.16), PAN (e.g., 802.15), or IrDA families.
As used herein, the term “QAM” refers to modulation schemes used for sending signals over cable networks. Such modulation scheme might use any constellation level (e.g. QPSK, 16-QAM, 64-QAM, 256-QAM, etc.) depending on details of a cable network. A QAM may also refer to a physical channel modulated according to the schemes.
As used herein, the term “server” refers to any computerized component, system or entity regardless of form which is adapted to provide data, files, applications, content, or other services to one or more other devices or entities on a computer network.
As used herein, the term “storage device” refers to without limitation computer hard drives, DVR device, memory, RAID devices or arrays, optical media (e.g., CD-ROMs, Laserdiscs, Blu-Ray, etc.), or any other devices or media capable of storing content or other information.
As used herein, the term “Wi-Fi” refers to, without limitation, any of the variants of IEEE-Std. 802.11 or related standards including 802.11 a/b/g/n.
As used herein, the term “wireless” means any wireless signal, data, communication, or other interface including without limitation Wi-Fi, Bluetooth, 3G, HSDPA/HSUPA, TDMA, CDMA (e.g., IS-95A, WCDMA, etc.), FHSS, DSSS, GSM, PAN/802.15, WiMAX (802.16), 802.20, narrowband/FDMA, OFDM, PCS/DCS, analog cellular, CDPD, satellite systems, millimeter wave or microwave systems, acoustic, and infrared (i.e., IrDA).
Overview
The present invention comprises in one salient aspect, methods and apparatus for providing access to content across a plurality of devices and environments by utilizing a downloadable or transferrable rights profile coupled with a “smart” media player application. The rights profile contains information regarding the specific rights of a device and/or a subscriber to access content. It is via the rights profile that the device (via the media player and its associated rights management application) determines whether to provide content to a subscriber. In one implementation, the rights profile is utilized by the media player to provide access to encoded content which would be otherwise inaccessible.
In one embodiment, a device is registered to a content delivery network (e.g., cable television or satellite network) which has both RF and IP delivery capability (e.g., via in-band and DOCSIS QAMs). The same device may then request a profile of the rights of the subscriber associated with the device from an entity of the network, such as by providing device and/or user specific information (such as MAC address, and/or user login or digital signature information). The device may for example be registered either directly at a billing or authorization entity of an MSO when a subscriber leases the device therefrom, or may be registered indirectly when the subscriber purchases or leases the device from a third party.
In response to the profile request, a profile specific to the subscriber and/or device is generated and transmitted for storage at the device. A first (authorized) device may also request and store a rights profile on behalf of a second device in communication therewith (e.g., a gateway may store a profile on behalf of a client device such as a DSTB or PC/laptop).
When a user subsequently requests access to content, the stored rights profile is consulted in order to determine whether such access should be provided. According to this embodiment, upon user request, content may be provided to the device and it is the device, and not the network, which determines whether content may be accessed (and which enables access).
In an alternative embodiment, the determination may be made at an entity associated with the network. According to this embodiment, requested content will not be sent to the device unless the rights of the subscriber indicate the content may be accessed by the device.
The rights profile may also be configured for conditional implementation; e.g., valid only for a pre-determined length of time, only for a predetermined number of plays, only on certain days, etc., thus enabling a subscriber's rights to be updated or vary as a function of time and/or other factors (including being revoked). Security and fraud prevention mechanisms may also be utilized consistent with the invention to ensure access to content is limited only to authorized subscribers (or that the content is not distributed outside designated authorized domains where so restricted).
In another implementation, the rights profile and content access are device agnostic; i.e., can be resident on literally any compatible device, with content access being purely user-based (e.g., based on the subscription status of the user, regardless of what platform they are requesting the content from).
In another embodiment, the gateway device translates the user and content rights that are received from an MSO or the content into a link protection, such as DTCP over IP.
Detailed Description of Exemplary Embodiments
Exemplary embodiments of the apparatus and methods of the present invention are now described in detail. While these exemplary embodiments are described in the context of the aforementioned hybrid fiber coax (HFC) cable system or satellite network architecture having an multiple systems operator (MSO), digital networking capability, IP delivery capability, and plurality of client devices/CPE, the general principles and advantages of the invention may be extended to other types of networks and architectures, whether broadband, narrowband, wired or wireless, or otherwise, the following therefore being merely exemplary in nature.
It will also be appreciated that while described generally in the context of a consumer (i.e., home) end user domain, the present invention may be readily adapted to other types of environments (e.g., commercial/enterprise, government/military, etc.) as well. Myriad other applications are possible.
It is further noted that while described primarily in the context of a cable system with 6 MHz RF channels, the present invention is applicable to literally any network topology or paradigm, and any frequency/bandwidth, such as for example 8 MHz channels. Furthermore, as referenced above, the invention is in no way limited to traditional cable system frequencies (i.e., below 1 GHz), and in fact may be used with systems that operate above 1 GHz band in center frequency or bandwidth, to include without limitation so-called ultra-wideband systems.
Also, while certain aspects are described primarily in the context of the well-known Internet Protocol (described in, inter alia, RFC 791 and 2460) and Session Initiation Protocol (SIP), it will be appreciated that the present invention may utilize other types of protocols (and in fact bearer networks to include other internets and intranets) to implement the described functionality.
Other features and advantages of the present invention will immediately be recognized by persons of ordinary skill in the art with reference to the attached drawings and detailed description of exemplary embodiments as given below.
Network—
The data/application origination point 102 comprises any medium that allows data and/or applications (such as a VOD-based or “Watch TV” application) to be transferred to a distribution server 104. This can include for example a third party data source, application vendor website, CD-ROM, external network interface, mass storage device (e.g., RAID system), etc. Such transference may be automatic, initiated upon the occurrence of one or more specified events (such as the receipt of a request packet or ACK), performed manually, or accomplished in any number of other modes readily recognized by those of ordinary skill.
The application distribution server 104 comprises a computer system where such applications can enter the network system. Distribution servers are well known in the networking arts, and accordingly not described further herein.
The VOD server 105 comprises a computer system where on-demand content can be received from one or more of the aforementioned data sources 102 and enter the network system. These servers may generate the content locally, or alternatively act as a gateway or intermediary from a distant source.
The CPE 106 includes any equipment in the “customers' premises” (or other locations, whether local or remote to the distribution server 104) that can be accessed by a distribution server 104. Exemplary embodiments of the “rights-managed” CPE 106 of the invention are described subsequently herein with respect to
Referring now to
The exemplary architecture 150 of
It will also be recognized, however, that the multiplexing operation(s) need not necessarily occur at the headend 150 (e.g., in the aforementioned MEM 162). For example, in one variant, at least a portion of the multiplexing is conducted at a BSA switching node or hub (see discussion of
Content (e.g., audio, video, data, files, etc.) is provided in each downstream (in-band) channel associated with the relevant service group. To communicate with the headend or intermediary node (e.g., hub server), the CPE 106 may use the out-of-band (OOB) or DOCSIS channels and associated protocols. The OCAP 1.0, 2.0, 3.0 (and subsequent) specification provides for exemplary networking protocols both downstream and upstream, although the invention is in no way limited to these approaches.
It will also be recognized that the multiple servers (broadcast, VOD, or otherwise) can be used, and disposed at two or more different locations if desired, such as being part of different server “farms”. These multiple servers can be used to feed one service group, or alternatively different service groups. In a simple architecture, a single server is used to feed one or more service groups. In another variant, multiple servers located at the same location are used to feed one or more service groups. In yet another variant, multiple servers disposed at different location are used to feed one or more service groups.
“Switched” Networks—
Switching architectures allow improved efficiency of bandwidth use for ordinary digital broadcast programs. Ideally, the subscriber is unaware of any difference between programs delivered using a switched network and ordinary streaming broadcast delivery.
Co-owned U.S. patent application Ser. No. 09/956,688 filed Sep. 20, 2001 and entitled “Technique For Effectively Providing Program Material In A Cable Television System”, which issued as U.S. Pat. No. 8,713,623 on Apr. 29, 2014 and is incorporated herein by reference in its entirety, describes one exemplary broadcast switched digital architecture useful with the present invention, although it will be recognized by those of ordinary skill that other approaches and architectures may be substituted.
In addition to “broadcast” content (e.g., video programming), the systems of
Referring again to
The edge switch 194 forwards the packets receive from the CMTS 199 to the QAM modulator 189, which transmits the packets on one or more physical (QAM-modulated RF) channels to the CPE. The IP packets are typically transmitted on RF channels that are different that the RF channels used for the broadcast video and audio programming, although this is not a requirement. The CPE 106 are each configured to monitor the particular assigned RF channel (such as via a port or socket ID/address, or other such mechanism) for IP packets intended for the subscriber premises/address that they serve.
“Packetized” Networks—
While the foregoing network architectures described herein can (and in fact do) carry packetized content (e.g., IP over MPEG for high-speed data or Internet TV, MPEG2 packet content over QAM for MPTS, etc.), they are often not optimized for such delivery. Hence, in accordance with another embodiment of the present invention, a “packet optimized” delivery network is used for carriage of the packet content (e.g., IPTV content).
Rights-Managed Network—
As will be discussed in greater detail below, each of the headend entities 202, 204, 206, 208 works with the others to provide authorization and content to the CPE 106. Although illustrated at the headend 150, it is appreciated that one or more of these components 202, 204, 206, 208 may be disposed at various other locations as desired consistent with the architecture implemented (e.g., at the BSA hub in a BSA network).
In order for content to be provided to a CPE 106, it must be determined that the CPE 106 is “entitled” to the content. In one embodiment, this is accomplished via the methods and apparatus disclosed in co-owned U.S. patent application Ser. No. 12/536,724 filed on Aug. 6, 2009 and entitled “SYSTEM AND METHOD FOR MANAGING ENTITLEMENTS TO DATA OVER A NETWORK”, issued as U.S. Pat. No. 8,341,242 on Dec. 25, 2012, which has been previously incorporated herein by reference in its entirety. As discussed therein, in one embodiment, a request for content is received from the CPE 106 at an entity of the CPS 204. The CPS 204 entity obtains information identifying the user account (such as subscriber identification number, account number, etc.) and uses this information to request entitlements from an entitlements server (also located at the headend in one embodiment). Based on the results returned from the entitlements server, the CPS 204 will either grant or deny the request. The entitlements server accesses subscription information in a subscriber database to obtain sufficient information to determine the entitlements of the subscriber.
The CPS 204 comprises one or more entities responsible for providing data and/or content to the CPE 106. The CPS 204 may be used to collectively refer to one or more of the headend entities discussed above with respect to
The authorization server 202 may comprise one or more software applications which utilize information received from the billing system to generate a rights profile for individual ones of the client devices 106. As will be discussed in greater detail below, the authorization server 202 receives requests for access to content from various ones of the CPE 106. The authorization server 202 uses information in the request to query the billing system 208. The authorization server 202 first queries the billing system 208 to determine whether the CPE 106 is registered to a subscriber account. If the device is not registered to a subscriber additional information and/or information present in the request is used to register the device. Once registered, the authorization server 202 receives from the billing system 208 a set of rights associated to the given subscriber account. As noted above, the authorization server 202 uses these rights to generate a rights profile which is transmitted to the CPE 106. The CPE 106 uses the rights profile when determining whether content may be displayed, as will be discussed below.
The content server 206 and authorization server 202 of the illustrated network 200 are communicatively coupled to one another. These are also coupled to the billing system 208. The billing system 208 maintains records regarding subscriber accounts and CPE 106 within each subscriber account and is well known to those of ordinary skill in the art, thus will not be discussed in further detail herein. If a subscriber's account is changed (such as by adding new CPE 106, changing or adding services or subscription levels, etc.), then information regarding the change is updated at the billing system 208 and propagated to the authorization server 202 and the content server 206 of the CPS 204.
In another aspect, the CPE 106 of the present invention may be also compatible with the methods and apparatus disclosed in co-owned U.S. patent application Ser. No. 11/363,578 filed Feb. 27, 2006, issued as U.S. Pat. No. 8,170,065 on May 1, 2012 and entitled “Methods And Apparatus For Selecting Digital Access Technology For Programming And Data Delivery”, which is incorporated herein by reference in its entirety. Specifically, a plurality of CPE 106 (electronic devices such as set-top boxes, PMDs, etc.) containing one or more hardware and software functions or modules are used; the hardware and software functions/modules of the different CPE 106 on the network contain various capabilities and options, including conditional access capabilities, video coding or compression capabilities, encryption schema, and network interfaces. These capabilities may be utilized by the content server 206 as a basis for determining which conditional access, coding, encryption, and/or network interfaces to utilize for delivery of content to each particular CPE 106. The CPE 106 of the present invention can accordingly be equipped with such capability if desired in order to, inter alia, profile the CPE 106 for tailoring content or other functions (e.g., CA) to that specific CPE 106 environment. For example, if the CPE 106 (or any of its connected “client devices”) has only an MPEG-2 decoder, only MPEG-2 encoded content would be sent to that CPE 106 (or passed on to the client devices), or alternatively the CPE or devices would obtain the necessary codec (e.g., MPEG-4 or Real) from another source, such as an MSO or third party.
Still further, the content server 206 of the CPS 204 may in one embodiment be adapted to utilize the information regarding the CPE 106 capabilities (e.g., capabilities profile) to perform de-encapsulation/re-encapsulation of content where necessary as is disclosed in co-owned U.S. patent application Ser. No. 12/582,619 filed on Oct. 20, 2009, issued as U.S. Pat. No. 9,027,062 on May 5, 2015, and entitled “GATEWAY APPARATUS AND METHODS FOR DIGITAL CONTENT DELIVERY IN A NETWORK”, which is incorporated herein by reference in its entirety. As discussed therein, the content server 206 of the present invention may be configured to process content including de-encapsulating the content from a first media file container format and subsequently re-encapsulating the content to a second media file container format which is known to be compatible with the requesting CPE 106. For example, content which is delivered from a host server or other content source may be encapsulated in e.g., MP4, if the receiving CPE 106 is not capable of reading the MP4 files, the content server 206 may re-encapsulate the content to e.g., MPEG-2 or to another format that the receiving CPE 106 is capable of reading. The content server 206 may process received content automatically into various alternative encapsulation formats or, may encapsulate as needed to the format of the specific requesting CPE 106. The processed content may be stored for future use for transmission to other CPE 106 requesting the same content in the particular new format. In yet another embodiment, the content server 206 may further de-encode the content to one or more different codecs. For example, in certain instances receiving CPE 106 may not be configured to read content in H.264, hence, the content is decoded by the content server 206 from H.264 and re-encoded into one or more of a plurality of different codecs such as Real, MPEG-2, WMV, etc.
Referring now to
In the illustrated embodiment, a CPD 203 may be in communication with the authorization server 202 of the CPS 204 via the network 101. The CPD 203 may for example be of the type described in co-owned U.S. patent application Ser. No. 11/378,129 filed Mar. 16, 2006, issued as U.S. Pat. No. 8,347,341 on Jan. 1, 2013, and entitled “METHODS AND APPARATUS FOR CENTRALIZED CONTENT AND DATA DELIVERY”, incorporated herein by reference in its entirety. As discussed therein, the CPD 203 comprises a WLAN (e.g., Wi-Fi) and/or PAN (e.g., Bluetooth or 802.15) wireless interface. Packetized (e.g., IP) traffic may be exchanged between the CPD 203 and a portable media device (PMD) 205 via, e.g. the WLAN/PAN interface. Hence, in one embodiment, the PMD 205 may request content from the CPD 203. The PMD 205 may be configured in one embodiment to store a rights profile received from the network 101 or, alternatively, the CPD 203 may store the rights profile associated with each device (e.g., PMD 205) requesting access to content. The content may then be sent to the PMD 205 having a suitable complementary wireless interface (which may include e.g., a cellular telephone, smartphone, personal media player, handheld computers, PDA, etc.) via a wireless connection.
Also illustrated at
In yet another embodiment (not shown), the CPE 106 may comprise a personal video encoder (PVE) or comparable device. For example, the “Slingbox” device manufactured by Sling Media of San Mateo, Calif. is one such exemplary device which is capable of enabling a user to watch TV programming from various locations via an Internet-connected PC or similar device. The device is generally connected between the subscriber's cable/satellite video drop and DSTB, and has a TV tuner inside. The user tunes to a given channel, and the device encodes the video streamed over the cable/satellite in Windows Media or similar format. The encoded content is streamed to a client application on a Windows XP-based or similar PC via an IP network such as the Internet, and hence the user can view the data locally (i.e., at the same premises) or remotely so long as they have access to the IP distribution network. This functionality can be made part of a separate physical component, or alternatively have some or all of its functionality disposed within the CPE 106 itself. It may also be integrated with other devices (such as connected CPE 106 or PMDs 205). It will be appreciated that the PVE may also be configured to store a rights profile regarding itself and/or regarding other connected devices.
Referring now to
In one embodiment, data and/or content is distributed to the CPE 106 via a headend gateway device 207. According to this embodiment, the CPE 106 communicates with the gateway device 207 via pathway A1; which in turn communicates with the content source 220 via the internet at pathway A2. The gateway device 207 of
In a second embodiment, the CPE 106 may be configured to communicate directly to the internet (via pathway B) in order to request content from one or more internet content sources 222. As noted previously, data/content may be provided to the CPE 106 from the internet content source 222 only after authorization has been established given information obtained from the authorization server 202 (accessed via the gateway device 207). In another embodiment, restrictions to the provision of content to a CPE 106 are determined by a utilization of rights policies stored at the CPE 106. Both of these models will be discussed herein in greater detail below.
In the embodiment of
In the context of the present invention for example, the CPE 106, media bridge 201, and/or CPD 203 might transmit rights profile requests destined for the authorization server 202 via the cable network 101, yet receive the requested rights profile via the WIMAX broadband interface. Alternatively, the WiMAX interface could be used to transmit the requests to the authorization server 202 (via a WiMAX interface associated with the latter), with delivery of the requested content being via in-band RF QAMs. The above-described WiMAX embodiment may likewise be applied to the transmission and receipt of content via the content server 206. Various permutations of the foregoing will be recognized by those of ordinary skill given the present disclosure.
In another embodiment, the network architecture described in co-owned, U.S. Provisional Application Ser. No. 61/256,903 filed on Oct. 30, 2009 and entitled “Methods and Apparatus for Packetized Content Delivery Over a Content Delivery Network”, previously incorporated herein by reference, may be utilized in conjunction with the present invention. As discussed therein, a substantially session-based and packetized content delivery approach (e.g., using the well known Internet Protocol) which allows for temporal, device, and location flexibility in the delivery of the content, and transportability/migration of user sessions (i.e., the “four-anys” previously described), as well as service/content personalization (e.g., on a per-session/user basis) and blending (integration) may be utilized. This approach uses a common or unified delivery architecture in providing what were heretofore heterogeneous services supplied by substantially different, and often vendor-specific, networks.
Moreover, the apparatus and methods discussed in the aforementioned provisional application disclose providing enhanced content access, reproduction, and distribution control (via e.g., a DRM-based approach and other security and content control measures), as well as quality-of-service (QoS) guarantees which maintain high media quality and user experience, especially when compared to prior art “Internet TV” paradigms. In one exemplary implementation, the network is based on an IMS (IP Multimedia System) which includes SIP session protocols, as well as a Service Delivery Platform (SDP). The IMS/SDP also uses a common control plane and service layer, which advantageously provide a high level of service integration, and greatly enhanced opportunities for truly “blended” content delivery and service control. In another implementation, the network comprises both “managed” and “unmanaged” (or off-network) services, so that a network operator can utilize both its own and external infrastructure to provide content delivery to its subscribers in various locations and use cases (thereby providing content to media player running on a plurality of different devices). In one variant of this approach, network services are sent “over the top” of other provider's infrastructure, thereby making the service network substantially network-agnostic. In another variant, a cooperative approach between providers is utilized, so that features or capabilities present in one provider's network (e.g., authentication of mobile devices) can be leveraged by another provider operating in cooperation therewith.
In another aspect of the invention, a substantially network-based user interface (UI) architecture (running in conjunction with the media player application) is employed which permits the network operator (or a designated proxy entity) to manage and rapidly reconfigure the UI for particular premises, subscribers (or even particular devices of that subscriber/premises), thereby greatly aiding personalization and service velocity. For example, a new service selected by a user can be reflected in that user's UI simply based on a download and installation from a network “UI” server, so that no service call or “truck roll” is needed. Moreover, the different UIs of the network operator can be adapted to different device paradigms (e.g., premises DSTB/HDTV monitor, PC, laptop, handheld mobile device, etc.), so that a common user and/or account “theme” and preference set is maintained across the different devices. This UI architecture can also leverage next-generation content display, organization, interactivity, and recommendation engine technologies, thereby providing for a richer and more subscriber-specific (personalized) media experience.
The foregoing components and methods also advantageously provide significant new opportunities for business models and increased revenue/subscriber retention, including for example blended service offerings (i.e., heretofore distinct services being highly integrated with one another both at the application layer and control plane), and unification of device hardware and software environments, including reduction of the different types of hardware/software needed to access the various services.
Media Player—
In one aspect of the invention, a media player capable of implementing the content access methods of the present invention is disclosed. In one embodiment, the media player comprises a software application configured to be stored on a storage device of a host CPE or client device (e.g., portable wireless device, laptop computer, desktop computer, set top box, gateway, converged premises device, etc.), and executed by the processor of the host, although it will be appreciated that various aspects of the functionality of the media player may be embodied in firmware or even hardware.
When executed, the media player provides a number of functions, including a directory service for the host device media storage (i.e., that which is stored on the host or a connected storage device). For example, the well known DLNA (Digital Living Network Alliance) protocols described in DLNA Networked Device Interoperability Guidelines Expanded, March 2006 and subsequent expanded version dated October 2006, each of which is incorporated herein by reference in its entirety, may be used to provide such a directory function on another DLNA-compatible device, A network based directory function may also be utilized to provide the user with a directory of the content available for download if not resident on the host (e.g., akin to an program guide or EPG).
When content is selected by the user, the applicable methodology described elsewhere herein (i.e., access of local content, or request and download of remote content) is performed as applicable. For instance, in one variant, the encoded content is already resident on the host device, and the media player attempts to access that content at its prescribed storage location. Specifically, the player checks its current resident rights profile (or request one from the network to which it is connected) to determine if the device and/or user (depending on whether a device-based, user-based or composite (e.g., device- and user-based hybrid) approach is implemented) has the right to access the content unencoded, and if so, whether any restrictions or limitations apply. If access is permissible, the media player utilizes an indigenous content decoding function (e.g., key) to decode and play the content. This decoding function or key may be for example part of a symmetric or asymmetric encryption key or pair, a digital certificate, etc., or any number of other functions known to those of ordinary skill in the data encoding/encryption arts. For instance, the key or other decoding information may be held resident within a secure microprocessor (SM, or “secure micro”, such as that described in co-owned U.S. patent application Ser. No. 11/584,208 entitled “Downloadable Security and Protection Methods and Apparatus” filed Oct. 20, 2006, which issued as U.S. Pat. No. 8,520,850 on Aug. 27, 2013 and is incorporated herein by reference in its entirety.
In another variant, the content is not present on the host, and the user selects the content for playback via the aforementioned network directory function. The host device (media player) then establishes communication with the CPS (e.g., via establishment of a SIP session or other session-based protocol), and requests download of the selected content to a local storage device (e.g., flash memory or the like on the host). The encoded content is downloaded via an IP transport, in-band channel, OOB channel, WiMAX transport, etc. to the host and stored. The media player then checks the rights profile (or otherwise obtains it from the network), and then accesses the content if permissible as described above.
In one embodiment, content protection is signaled in the content directory service. The individual content that the UPnP client accesses is marked accordingly.
In one access paradigm, the media player is completely device agnostic, and the access to content is purely user-based. For instance, the media player can be downloaded (e.g., as a open or commodity software application akin to the well known Adobe™ Reader application), and run on any device (whether registered within the network to the subscriber wishing to access content, or not), and the desired content accessed via a user authentication procedure. For example, the media player may be configured to display a user interface such as a window or other login screen upon startup of the application, or upon selection of content from a directory function. The user then enters a user name and password, which the media player sends back to the CPS 204 (authorization server 202) to determine if the user name/password match any entries in the subscriber database and if so, what rights profile is associated with that entry/account. Other security features such as challenge questions, icons or images which must be selected by the user, etc. can also be used in authenticating the user, as can yet other types of information such as biometric data. The media player then, upon successful authentication of the user, receives the rights profile for that user (which may be encrypted or otherwise protected as desired so as to prevent MITM or spoofing attacks and/or provide data confidentiality and integrity; e.g., via a cryptographic residue of the type well known in the cryptographic arts), and filters the content directory based on the profile (e.g., removes or makes inaccessible any content to which the user has no access rights).
When the user selects an encoded content element to which they do have access rights, that content is downloaded if not resident on the host, and decoded by the media player. Any other use restrictions (e.g., limited time or number of plays, etc.) are also imposed by the media player as applicable. Specifically, in one embodiment, the media player application imposes the rights profile rules via the software and user interface; e.g., by preventing the user from initiating too many plays, playing the content too long, attempting to copy the media content data to another location or platform, etc.
The decoding key may also be downloaded with the rights profile (or via separate transport) once the user has been authenticated to the CPS. In another variant, however, the decoding key or algorithm is indigenous to the media player irrespective of who uses it or where it is used; the communication from the authorization server merely enables the media player to use its indigenous decoding function. In yet another variant, the authentication of the user enables the download of a seed which is used as an input to a cryptographic hashing algorithm, the output of which provides a unique hash which can be used to decode the content.
Using the foregoing device-agnostic approach advantageously allows a subscriber to access MSO content anywhere, and on any device, whether registered to that user in the parent network or not. The decoding capability of the media player, coupled with the rights profile and user authentication procedure, ensures that only a valid subscriber can download and decode the requested MSO content. However, in one variant, intra-session device continuity is required; e.g., by transmitting the MAC address or other unique identifying information of the device as part of each user authentication request and request for content, so as to ensure that the same device from which the user authentication request was generated is used to receive the cryptographic information, and the encoded content (as applicable). Other mechanisms for enforcing device continuity within a session will be recognized by those of ordinary skill, given the present disclosure.
In another variant, a device-based authentication is used (whether alone or in conjunction with the aforementioned user-based authentication). For example, the device on which the media player application is disposed may have a certain MAC address or other unique identifying information, which is registered with the MSO (e.g., in a subscriber database or other entity accessible to the authorization server 202). When the user requests a content element (or wants to implement a directory function), the request includes the MAC address of the requesting host on which the media player is disposed (if not already known to the AS 202). This address is validated against a subscriber or other database (e.g., IMS HSS) which correlates the MAC address with the account, thereby authenticating the device to the network (and permitting further access to the current rights profile associated with that device/account).
In yet another embodiment, the download of content from the network after user and/or device authentication is permitted only to a trusted domain (TD). For example, the techniques for enforcing a trusted domain described in co-owned U.S. patent application Ser. No. 11/584,208 filed Oct. 20, 2006 and entitled “Downloadable Security and Protection Methods and Apparatus”, which issued as U.S. Pat. No. 8,520,850 on Aug. 27, 2013 and which has been previously incorporated herein by reference in its entirety, may be used consistent with the invention. As discussed therein, a network architecture that provides for enhanced conditional access (CA), trusted domain (TD), and digital rights management (DRM) capabilities is given. This network architecture comprises apparatus useful at, inter alia, the headend or distribution hub of a cable network, for implementing a download paradigm for legacy or newly developed CA, TD, and DRM software and cryptographic protection schemes. This allows the network operator, and even the third party content provider by proxy, to exert additional control on viewing, reproduction, and migration of content distributed over the network, including to the media player of the present invention. In one embodiment, these enhanced capabilities comprise downloadable software modules (images), and an associated decryption key that facilitates decryption of the downloaded software images. In contrast to prior art approaches of merely encrypting the content itself (such as via a DES or AES algorithm via a symmetric or asymmetric key approach), the exemplary embodiments of the present invention allow for the download of secure software images, which may be used to, inter alia, ensure security of the downloaded images and also migrate protected content to other platforms (e.g., other media player's such as media player 331 or devices) in the user or client domain so as to extend the “trusted domain”.
Similarly, such restrictions can be imposed relative to an authorized service domain (ASD) of the type described in co-owned U.S. patent application Ser. No. 11/592,054 filed Nov. 1, 2006, issued as U.S. Pat. No. 8,732,854 on May 20, 2014, entitled “Methods and Apparatus for Premises Content Distribution”, and incorporated herein by reference in its entirety, may be used consistent with the invention. As discussed therein, a mechanism for devices connected to a home network to exchange information, and ultimately share or transfer protected content (including for example audiovisual or multimedia content, applications or data) in a substantially “peer-to-peer” fashion and without resort to a central security server or other such entity is provided. Authorized “browsing” of the content present on one device by another device is also provided. In one exemplary embodiment, an application-level message exchange functionality is described; using this message exchange, the premises devices can advertise their security capabilities relating to, e.g., protected content, and query other devices for their security capabilities (e.g., may transfer rights profile as will be discussed below).
Accordingly, in one aspect, a security architecture and associated logic residing on two or more different client devices or domains, wherein security information (and ultimately protected content) can be exchanged without resort to a centralized facility such as a cable headend process or entity is utilized. For example, in one embodiment, a “server” CPE and a “renderer” CPE are disposed within a premises network. Message exchanges (including rights profile) between the sever and renderer identify and validate each entity and its security package or framework capabilities, as well as other capabilities that may be necessary to effect the exchange and use of the protected content, data or application (e.g., the presence of an appropriate codec, algorithm, network interface, etc. as set forth in the rights profile). These exchanges are all effectively automatic and transparent to the user, thereby making device location and identification, content/data/application exchange, and browsing seamless. Advantageously, the present invention can be seamlessly implemented using existing security frameworks and constructs, such as the Authorized Service Domain (ASD) framework, thereby extending these frameworks with additional capabilities and services including local (e.g., premises network discovery, browsing, and content streaming or transfer).
The two above-provided embodiments may be distinguished from one another (e.g., peer-to-peer approaches establishing a trusted domain distinguished from an embodiment utilizing ASD) in that, inter alia, the ASD approach is conducted entirely between two or more entities that have been authenticated and are part of an authorized service domain, thereby assuring that the participants to any transaction (e.g., content browsing, streaming, or download) are authenticated and authorized to browse or receive the content. Moreover, exemplary ASD embodiments are implemented according to an entirely dynamic (e.g., “plug and play”) component interface paradigm, thereby obviating many networking protocols and related compatibility issues associated with peer-to-peer communication over the Internet or other such WANs.
It will also be recognized that the media player may incorporate and be compatible with one or more digital rights management (DRM) schemes such as Windows Media Player DRM version 10, 11, and 12 (and subsequent versions), Adobe/McAfee DRM, and/or Sony Ericsson DRM, etc. Such schemes may be used, inter alia, to enforce digital rights and copying/use limitations of the type well known in the art. The use of DRM may also provide access control functions of the type described herein.
For example, key exchange and rights may be defined by the selected DRM. In one advantageous aspect of the present invention and as discussed elsewhere herein, the MSO associates these rights (e.g., user rights/content rights) to a user. For instance in order to create a personalized content package (e.g., a sports package), the package is mapped to so-called “domains” in DRM.
The media player application may be downloadable (e.g., over an IP transport such as the Internet), via wireless transport (e.g., WiMAX or WLAN), or via in-band or OOB channels of the content distribution network of
In yet another embodiment of the invention, the CPS communicates with an application or other server (see e.g., the application server 104 of
The media player application of the invention may also be used in conjunction with a personalization or recommendation engine which can utilize information about the subscriber (e.g., demographics, historical use patterns, etc.) to make recommendations or personalize the content for that user. For example, the methods and apparatus described in co-owned U.S. patent application Ser. No. 12/414,576 filed Mar. 30, 2009, issued as U.S. Pat. No. 9,215,423 on Dec. 15, 2015, and entitled “Recommendation Engine Apparatus and Methods”, and co-owned and co-pending U.S. patent application Ser. No. 12/414,554 filed Mar. 30, 2009 and entitled “Personal Media Channel Apparatus and Methods”, each of the foregoing incorporated herein by reference in its entirety, can be used with the media player of the present invention. In one such embodiment, the user login via the media player/RMA is communicated to the CPS, which contacts the recommendation engine with the user identity. The recommendation engine uses the user identity to access a database of user-specific preference/historical data, which is used by the engine to generate recommendations which can be used to populate a recommendation list sent to the requesting CPE (e.g., as part of the aforementioned EPG or directory function). The recommendations are advantageously tailored to the particular user. Moreover, it will be appreciated that in cases where user-based authentication is used, the aforementioned recommendations advantageously remain user-specific, even on a non-user platform (e.g., their friend's CPE), since the recommendations are accessed based on a particular subscriber or account basis rather than on a device basis. However, if the device information is known and it correlates to the same subscriber/account (e.g., as reflected in the MSO's billing system or other subscriber database), then the device can be used as a basis of input to the recommendation engine as well.
Moreover, in another variant, the user(s) of the exemplary embodiment of the media player application are given the option to “switch” or “merge” user and device bases for input to the engine. Specifically, in the “switch” function, the user can switch between a user-based input and a device-based input, such as in the case where the user logs into the network using the media player disposed on a friend's CPE (device). It may be that the two friends want to access the recommendations that would be generated for the owner of the host CPE, rather than the user (non-owner) who has logged in. Similarly, under the “merge” function, the device-based and user-based inputs are both selected and input to the recommendation engine (or otherwise used for content personalization). These functions can be invoked for example using an icon on the media player display, a pull down menu option, FFK or SFK, etc.
It will also be recognized that the term “user-based” as used herein may refer to an aggregation of users (e.g., a subscriber account associated with a household having multiple members), or a single user (e.g., one specific person within the aforementioned household). Hence, “user-based” authentication and content provision (including generation of recommendations) can be based on a subscriber account, or on one individual. Advantageously, the present invention contemplates that the user login will determine which of the foregoing options will be employed during servicing of content requests as part of that login session. For example, an individual associated with a household might use the “household” or family login, whereby their content requests, etc. are serviced based on the household's profile, demographics, and subscriber account. Alternatively, if that same user logs in as an individual, the portions of the MSO subscriber database specific to that user will be applied (in conjunction with any data that is identical to that for the household account, or not specified for the individual). For instance, the individual might have very different demographics, preferences, and their own set of devices, as compared to the household. In this fashion, the user can by way of user-based login (or even device based login in the case where the user's device is uniquely associated to them alone) personalize their media player experience.
Moreover, configuration data can be passed to the RMA/media player with the rights profile which can be used by the media player for personalization; e.g., “skins”, look and feel for the UI of the media player, etc. Recent selections by that user can also be populated based on data received from the rights profile (or otherwise maintained on the host platform).
Exemplary CPE—
The illustrated CPE 106 can assume literally any discrete form factor, including those adapted for desktop, floor-standing, or wall-mounted use, or alternatively may be integrated in whole or part (e.g., on a common functional basis) with other devices if desired.
It will also be recognized that the CPE configuration shown is essentially for illustrative purposes, and various other configurations of the CPE 106 are consistent with other embodiments of the invention. For example, the CPE 106 in
The RF front end 302 of the illustrated CPE 106 receives content and/or data from the HFC network 101. In one embodiment, the RF front end 302 of the CPE 106 may comprise a traditional video RF front end 301 (e.g., tuner) adapted to receive video signals over, e.g., a QAM. For example, the RF front end 301 may comprise one or more tuners, a demodulator, decryption module, and demultiplexer of the type well known in the art, although other configurations may be used. A wideband tuner arrangement such as that described in co-owned U.S. patent application Ser. No. 11/013,671 entitled “Method and Apparatus for Wideband Distribution of Content” filed Dec. 15, 2004 issued as U.S. Pat. No. 9,723,267 on Aug. 1, 2017, and incorporated herein by reference in its entirety, may also be utilized, such as where the content associated with one or more program streams is distributed across two or more QAMs. Additionally, the RF front end 301 modulates, encrypts/multiplexes as required, and transmits digital information for receipt by upstream entities such as the CMTS. Digital data received via the RF front end 302 may include for example MPEG-2 encoded programming data that is forwarded to a television monitor via a video interface. Programming data may also be stored on the CPE storage unit 306 for later distribution by way of the video interface, or using a Wi-Fi interface, Ethernet interface, Firewire (IEEE Std 1394), USB/USB2, or any number of other such options.
The RF front end 302 may further comprise a cable modem (CM) of the type known in the art. In this fashion, and content or data normally streamed over the CM can be received and distributed by the CPE 106, such as for example packetized video (e.g., IPTV). In accordance with the exemplary embodiment of the invention, the DOCSIS cable modem may also be utilized for delivery of traditional broadband Internet services. As discussed below, content and/or data sent to the CPE 106 will only be presented to those subscribers having appropriate rights to receive the data/content.
Programming and other types of data including pictures, video, music or MP3 files, software applications, metadata files, etc. may also be received by way of the various digital interfaces in the CPE 106. These data may be stored locally (e.g., in the CPE storage unit 306) or even on a device or network agent in communication with the CPE 106, for later use by a user as is discussed in co-owned U.S. patent application Ser. No. 11/378,129 filed Mar. 16, 2006, issued as U.S. Pat. No. 8,347,341 on Jan. 1, 2013, and entitled “METHODS AND APPARATUS FOR CENTRALIZED CONTENT AND DATA DELIVERY”, previously incorporated herein by reference in its entirety. As discussed therein, a user may receive a JPEG or other image from a friend's cellular phone camera, which can then be “pushed” (e.g., via WAP push, IMS, Bluetooth™ OBEX K-11 exchange, etc.) to a corresponding interface on the CPE 106, wherein the image is stored on the mass storage device 306. Similarly, video data from a connected DVD player/burner might be streamed from the player to the CPE 106 for storage thereon (or distribution via yet another interface, such as via the Ethernet interface to the user's connected PC or via Wi-Fi interface to their laptop).
The CPE 106 mass storage device 306 of the illustrated embodiment comprises a Serial-ATA (SATA) or Ultra-ATA (also known as Ultra-DMA, or ATA-4/5/6/7) hard disk drive for the operating system and content storage of at least 500 GB, although higher capacities and even RAID arrays may be used for this purpose. The CPE 106 hard disk is preferably removable without the need for tools, and the CPE 106 is also configured allow for an external USB (e.g., USB 2.0) drive or other easily removable storage device to be attached and automatically added to the existing storage. It will also be appreciated that USB keys of the type well known in the art can be used consistent with the USB port(s) of the CPE 106, so as to make the data storage device highly mobile and of very small size.
During operation of the CPE 106, a rights management application 310 (located in the storage unit 306) is run on the microprocessor 304. The rights management application 310 controls communication with the authorization server 202 and content server 206, controls content playback according to a rights profile, and provides various other functions within the CPE 106. In one embodiment, the rights management application 310 is required to obtain a rights profile in order for content to be requested from a content source (which may be remote or local) and displayed to a user.
In one aspect, the rights management application (RMA) 310 comprises a computer program which when executed, facilitates communication between the CPE 106 and the authorization server 202. The RMA may be combined with the functionality of the media player application (described in greater detail subsequently herein) so as to form a single application, or may alternatively be separate from the media player. For example, the CPE 106 may, via the aforementioned software 310, transmit a request for a rights profile to the authorization server 202 upon request of content (or a content directory) from the media player application. It is appreciated that a rights management application 310 running on a first CPE 106 may also be used to request a rights profile on behalf of another CPE 106 connected to or associated with the first CPE 106, as discussed in greater detail elsewhere herein.
In response to the request, the authorization server 202 sends the CPE 106 a rights profile (described in greater detail below). The rights management application 310 is configured to determine whether the received rights profile should be stored (such as at the storage device 306) or whether it should be transmitted to a second entity (such as a content provider or another CPE 106). The rights management application 310 may further be configured to determine, where necessary, whether the rights profile relates to the CPE 106 which received it, to another CPE 106, or both (e.g., via MAC address or other device-specific information).
In another aspect, the rights management application 310 is adapted to facilitate content requests to the content server 206. In response to the content requests initiated by the user and sent by the CPE 106, the content server 206 provides the content. The rights management application 310 uses rules set forth in the rights profile to determine if the user is entitled to receive the content. If the user is entitled per the rights profile, the content is decoded and provided to a display device associated with the CPE 106. If the user is not entitled to view the content, the rights management application 310 directs a notification be displayed on the display device associated with the CPE 106 thereby, informing the user that he/she does not have rights to view the content. These notifications may also be context-specific; i.e., include reasons for why that particular request was denied (e.g., not a valid MSO subscriber, too many plays, time limit for viewing expired, etc.), or what the available rights are (i.e., cannot move or copy content, but can watch five (5) more times on present device, etc.).
As noted previously, the rights management application 310 may act on behalf of another CPE 106 or client device. Thus, a first CPE 106 may request content on behalf of a second CPE 106. Then, using the rights profile of the second CPE 106 (which is either sent in the content request or stored at the first CPE 106) the rights management application 310 (running on the first CPE 106) determines whether the second CPE 106 may receive the content and, as above, either decodes the content and streams it to a display device associated with the second CPE 106, sends the content to the second CPE in encoded form along with the necessary information to decode, or provides a notification to the user. For instance, in another embodiment, the CPE 106 includes DLNA (Digital Living Network Alliance) functionality via one or more interfaces. DNLA is a standard used by manufacturers of consumer electronics to allow entertainment devices within a premises to share their content with each other across an interface or premises network. The DLNA specification (“DNLA Networked Device Interoperability Guidelines” dated March, 2006 and updated October, 2006, incorporated herein by reference in its entirety) classifies devices into four categories: (i) digital media servers (DMS); (ii) digital media players (DMP); (iii) digital media controllers (DMC); and (iv) digital media renderers (DMR). The standard also includes support for DRM. DLNA is primarily intended simplify use of digital media between different consumer electronic (CE) devices. For example a DLNA compliant monitor may readily interoperate with a DLNA compliant PC to play music, video, or share photos.
The DNLA-enabled CPE of this embodiment therefore has the capability to share media/content with other DNLA-enabled devices within the user's premises; e.g., over the premises network. Hence, the media player application described above may be disposed on any such device within the premises, and content received by the CPE (e.g., from in-band, WiMAX, IP, or other transport) can be moved to another device, and the media player thereon used to access the content. The CPE can also act as a proxy or gateway for connected device requests, content receipt, and other messaging to the headend, as previously described herein. The CPE and connected media device may also assume various of the foregoing roles (i)-(iv) in terms of DNLA; e.g., the CPE may act as a media server (DMS), and the client or media device as a DMP and/or DMR. Other combinations will be recognized by those of ordinary skill given the present disclosure.
The aforementioned DLNA guidelines set forth how content may be represented. In one embodiment, rights to that content are stored along with the in-band protected DRM content.
In one variant of the invention, if the rights profile indicates that a user is not entitled to access content, the notification may further include instructions to the user regarding the purchase of the rights to the content. For example, the notification may list a telephone number or web address where the user may change his/her subscription level so as to include access to the content. Additionally, the notification may include an interactive “button” or “link” which the user may select in order to, from his/her display device, increase his/her subscription level or pay a predetermined premium for receiving access to the content (such as is used in pay-per-view models).
In accordance with yet another embodiment of the invention, the CPE 106 advantageously provides the ability to ingest content from other devices connected thereto or associated therewith (such as via a Multimedia over Coaxial (MoCA) network); e.g., from a DVR at the premises. The ingested content may then be streamed to other devices associated with or connected to the CPE 106 based on the rights profiles of these receiving devices, whether in decoded or encoded format.
In one embodiment, the CPE 106 may be further adapted to perform de-encapsulation/re-encapsulation of content where necessary as is disclosed in U.S. patent application Ser. No. 12/582,619 filed on Oct. 20, 2009, issued as U.S. Pat. No. 9,027,062 on May 5, 2015, and entitled “GATEWAY APPARATUS AND METHODS FOR DIGITAL CONTENT DELIVERY IN A NETWORK”, previously incorporated herein. In this embodiment, the CPE 106 is adapted to processes content from a first media file container format to one or more second media file container formats which are compatible with the CPE 106 capabilities or with the capabilities of other CPE 106 in communication therewith. For example, content which is delivered from a host server may be encapsulated in e.g., MP4, if the receiving client device(s) are not capable of reading the MP4 files, the gateway device may re-encapsulate to e.g., MPEG-2 or other format that the receiving device is capable of reading. The CPE 106 may be further configured to de-encode the content and re-encode to one or more different codecs (i.e., transcode), as well as or alternatively trans-rating the bitrate of the content.
Exemplary Authorization Server—
Referring now to
The processor 404 is configured to run an authorization application 410 thereon. In one aspect, the authorization application 410 comprises a computer program which, when executed, receives a request for a rights profile from a CPE 106 (or proxy device), and in response to receiving the request, gathers information and access or generate a rights profile for the CPE 106. In one embodiment, the request may include information identifying the device 106 (such as MAC address, IP address, etc.), as well as information identifying the subscriber (such as a subscriber account number, password, login, challenge answer, etc.). In another embodiment, a general purpose ID derived from the digital rights management (DRM) certificate of the device may be transmitted to the authorization application 410 from the CPE 106. Different and/or additional information may be utilized as needed by the authorization application 410.
The authorization application 410 uses the information obtained from the request to query the billing system 208 for the subscription level (and optionally other rights data) of the CPE 106. Once the authorization application (AA) 410 receives the subscription information from the billing system 208, the authorization application 410 configures the information into a rights profile. This configuration may include taking the subscription level information, and determining associated specific rights therewith. For instance, if the billing system returns that that the subscriber initiating the request has a “premium, unlimited” account status, then the AA 410 may return a “clean” rights profile; e.g., no restrictions on any content use or movement (other than those which may be imposed by the content provider, such as “copy once” or DRM).
In one embodiment, the rights profile comprises an XML or HTML file which is specific to the chosen DRM.
The authorization application 410 transmits the rights profile to the requesting CPE 106 (i.e., the rights management application 310). In one embodiment, the rights profile represents the rights of a subscriber with respect to a specific CPE 106 (whether the requesting CPE 106, or another CPE 106 in communication therewith). In other words, the rights profile may be specific to a device, and may comprise rights information which may only be used by the receiving CPE 106, as previously described herein. If the receiving CPE 106 is not the CPE 106 to which the rights profile relates, the receiving CPE 106 may store the profile, and/or transmit the profile to the appropriate CPE 106 for decoding and playback there. This may be accomplished for example by having the RMA 310 be enabled to read the rights profile for the device-specific data (e.g., MAC address), and query other devices on its network via extant protocols for its MAC address. When the matching MAC address is found, the receiving CPE transmits the profile to that device via its network interface.
Alternatively, a rights profile may represent the rights of a particular user or subscriber. According to this embodiment, the rights profile (once delivered to a first CPE 106 associated with a subscriber) may be propagated to other CPE 106 associated with that subscriber without requiring generation of a new profile. In other words, a rights profile for a particular subscriber, once generated by the authorization application 410, is stored at either the authorization server 202, the requesting CPE 106, or a storage entity associated with the authorization server 202 or the CPE 106. When a second CPE 106 requests a rights profile, information in the request indicates that the subscriber associated with the second CPE 106 is the same as the subscriber associated with the first CPE 106, and the same rights profile is provided thereto. The determination that the first and the second CPE 106 are associated with the same subscriber account may be made at either the first CPE 106 or at the authorization application 410 of the authorization server 202.
A copy of the rights profile may also be stored at the authorization server 202 or a database associated therewith (not shown) in order to provide authorization information to requesting entities. For example, a content source (e.g., web server) may receive a request for content from a CPE 106 and in response thereto, may query the authorization server 202 for the rights profile associated with the CPE 106. A determination is then made (either at the server 202 or at an entity associated with the content source) as to whether the content should be delivered to the requesting CPE 106. In one such variant, the content source is operated by a third party provider which has a relationship with the MSO to service the latter's subscribers.
It is appreciated that the authorization server 202 may comprise additional components (not shown) and functionality well known to those of ordinary skill in the cable and embedded system fields, and accordingly not described further herein. For instance, AS 202 may include a management application or interface (for control by the MSO), interfaces to other headend or network entities, RAID or failover functionality, and so forth. Moreover, the functionality of the AS 202 may be implemented entirely in software on another extant platform (e.g., an application or other server within the content delivery network).
Methodology—
As illustrated, per step 502, a new CPE 106 is connected. When the device is connected, the device is informed that it must request a rights profile from the authorization server 202. In one embodiment, the CPE 106 is purchased or leased directly from the MSO. In this instance, at the time of purchase or lease, the billing system 208 is updated, and the CPE 106 is added to the subscriber's account. When this occurs, a message is triggered to the CPE 106 that it must request a rights profile from the authorization server 204 at set-up or start-up. Alternatively, the CPE may be programmed or caused to seek its original rights profile upon installation/startup. In yet another embodiment, the device is added to a subscriber account (as discussed above) and, in response, the license server of the DRM adds it to the domain of the content that is assigned to the customer. Rights or usage information is obtained when the device accesses the content as the rights are embedded in the DRM security for each content or asset.
In another embodiment, the newly connected CPE 106 comprises a retail device not provided by the network MSO. After configuration, the newly connected CPE 106 requests content from the network (e.g., from the CPS 204 or another entity known to the CPE). In response to the request, the CPS 204 informs the CPE 106 that a rights profile is required to receive content (thereby causing it to initiate a request for the rights profile according to the previously described approach).
At step 504, the CPE 106 requests a rights profile by providing identification information to the authorization server 202 of the CPS. In one embodiment, the identification information may comprise information which uniquely identifies the device (such as MAC address, IP address, etc.), and/or which identifies a user of the device (such a subscriber account number, password, login, challenge response, etc.). For example, the user of the CPE 106 may be provided a user interface (e.g., generated by the RMA 310) enabling the user to enter log-in information (MSO user information); this log-in information may then be transmitted to the authorization server 202. Alternatively, this log-in causes a general purpose user ID to be collected from the DRM certificate associated with the CPE 106 and transmitted to the authorization server. Various other approaches useful with the invention will be recognized by those of ordinary skill given the present disclosure.
The authorization server 202 uses the identification information to direct the billing system 208 to search for the CPE 106/user, and associate the CPE 106 to a subscriber account (step 506). If the billing system is unable to locate the CPE 106 as belonging to the subscriber account listed, additional information and verification may be needed to add the device to the given subscriber account (which is entered or provided by the user at a user interface provided on the CPE 106).
Once the CPE 106 is associated with a subscriber account (step 506), at step 508, the billing system accesses information relating to the subscription level and other rights of the CPE 106 and/or subscriber and transmits this information to the authorization server 202.
Next, per step 510, the authorization server 202 uses the subscription and other rights information received from the billing system 208 to generate a rights profile. For example, the rights profile may, as noted above, comprise an XML or HTML file having data contained therein which specifies the rules for content access associated with the user/device. For instance, the rights may impose restrictions on the number of plays of a given content element (or classification of content element), restrictions on time (e.g., cannot be played after XX:YY:ZZ), the ability to copy or reproduce the content (e.g., DRM data), and so forth.
At step 512, the rights profile is then transmitted to the requesting CPE 106. The profile may be encrypted and/or digitally signed, or carry integrity protection data (e.g., a hash or residue) such that the receiving entity can generate its own has (using a common algorithm) and compare the hashes in order to determine if the file has been tampered with. As noted previously, the CPE 106 may store the profile or, if the request was made on behalf of another CPE 106, may transmit the profile to the other CPE 106. The rights profile may also be stored at the authorization server 202 (or a storage entity associated therewith) for subsequent use if desired. See, e.g., the discussion of the rights profile database provided elsewhere herein.
Next, the rights profile database is accessed based on the user/device data presented with the request per step 534. If a matching entry is present (step 536), then the profile is retrieved, processed as necessary (e.g., encrypted, hashed, etc.), and transmitted to the requesting CPE 106 per step 546. If no relevant profile exists (step 536), then the billing system is accessed per step 538, the relevant billing information received (step 540), and the profile generated (step 542). The generated profile is then stored (step 544) and transmitted to the CPE per step 546. It will be appreciated that the foregoing approach may also be used for updates of an existing profile; e.g., the AS logic can be configured to determine the “freshness” of the profile in the database, and request a periodic or event (e.g., request) driven update to make sure that the rights profile is maintained as consistent as possible with the user's account status as reflected by the billing system.
As illustrated, per step 602, the CPE 106 requests content from the CPS 204. In one embodiment, the content is provided to the CPE 106 via the content server. Then, per step 604, the rights profile stored at the CPE 106 (or another device associated therewith) is accessed. From the rights profile it is determined (at step 606) whether the CPE 106 is authorized to display the content. As will be discussed below, in order to determine whether a CPE 106 is authorized, information in the rights profile is compared to metadata regarding the content.
If it is determined that the CPE 106 is authorized to display the content, then the content will be provided to a display device associated with the CPE 106. It will be noted that in certain embodiments, the CPE 106 may comprise a display device; alternatively, these may be separate devices in communication with one another.
If it is determined that the CPE 106 is not authorized to display the content, per step 610, the CPE 106 provides a notification to be displayed on the display device associated with the CPE 106. The notification may simply inform the user that he/she is not authorized to view the requested content. In one embodiment, the notification may also inform the user as to why it was determined that he/she is not authorized to view the requested content. For example, the notification may indicate that the user's subscriber level does not include the requested content, that the user's device does not support the requested content type or format/bitrate, that the user's time for accessing the content has expired, etc. as previously described herein.
Next per step 612, the user may be given options for accessing the content despite that he/she is not currently authorized to view the content. For example, the notification may include options for increasing the user's subscription level to a higher tier (e.g., a subscription level which would include access to the requested content), or for paying to receive the content at a one-time premium (e.g., pay-per-view). Alternatively, the user may be presented with a “trailer” or teaser (e.g., limited play or non full-featured version), for the requested content so as to provide incentive to buy.
Suppose for example, that the rights profile for a CPE 106 requesting access to content indicates that the subscriber is a lower-tier subscriber, and thus not entitled to certain types of content, or content from certain content sources (e.g., HD content, movie content, interactive content, content from HBO™, etc). Furthering this example, suppose that a rights profile does not authorize a user to receive e.g., any movie content from HBO™ and that metadata relating to the requested content (e.g., embedded within the content, or provided as a separate data structure) indicates that the requested content is movie content from HBO. The rights management application 310 compares the content metadata to the rights profile, and determines that the subscriber is not authorized to view the content. Accordingly, the content will not be presented to the subscriber, and instead a notice is presented to the user indicating that he/she is not entitled to the content. The notice may also offer the user an opportunity to purchase the requested movie (as a pay-per-view or on-demand content) and/or to change his/her subscription plan to a channel line-up which includes access to content presented by HBO.
In another example, the rights profile may indicate that a CPE 106 is only granted access to content for a limited amount of time, or may only playback content a certain number of times. The rights profile may specify these restrictions to be content-specific (e.g., certain content may only be accessed for a restricted time period). According to this example, if the subscriber requests access to content which has expired (e.g. after the predetermined time period has expired, or the maximum allowed number of times the content can be played back has been reached), a notice (and not the content) will be presented to the user. As above, the notice may also offer the user an opportunity to purchase the requested content.
In yet another example, the rights profile may specify the device capabilities. A CPE 106 may only be granted access to content which it is capable of playing back. For example, the rights profile may indicate that the CPE 106 is only capable of reading MPEG-2 encoded/container format content. If a user requests access to content which is delivered in MP4 container format, or the content is encoded in H.264, the CPE 106 may deny the user access to the content and present the user with a notification that he/she is not authorized to view the content. The notification may further specify a reason for the refusal (e.g., the device requesting access is not capable of playing the content). In a further embodiment, the user may be provided with options as to: (i) where a required codec can be downloaded; (ii) where a similar device capable of playing the requested content may be purchased (including leased from the MSO), and/or (iii) where a transcoded or suitable format version of the requested content can be obtained. It will be appreciated that with respect to Item (iii), the RMA 310 may also be configured if desired to automatically invoke a request to the content source (e.g., the content server) for the same content in a compatible format.
In another variant, the RMA may invoke a discovery protocol to determine the indigenous decoding/playback capabilities of the CPE on which the RMA 310 is running, such as via a configuration file access or call, if the rights profile does not contain any device configuration information. This variant is particularly useful in user-based authentication only, since the content delivery function may be by design platform-agnostic, and the network or RMA may have no indigenous knowledge of the configuration of the underlying CPE 106. For example, if an MSO subscriber goes to her friend's house and logs into the content delivery network of the MSO and downloads the media player application onto her friend's CPE, the capabilities of that CPE (e.g., DSTB, laptop, personal media device, etc.) will be unknown to the RMA just downloaded, and hence a discovery protocol must be used.
As noted above, in one example, the content server 206 and/or the CPE 106 itself may be configured to process content including de-encapsulating the content from a first media file container format and subsequently re-encapsulating the content to a second media file container format which is known to be compatible with the requesting CPE 106 and/or de-encode the content to one or more different codecs. It is appreciated that, in one embodiment, although the rights profile for a CPE 106 may indicate that the device is not capable of displaying selected content, the CPE 106 or content server may process the content as discussed so that it may be displayed.
It is also appreciated that the methodology of
Upgrades and Revocation—
In another aspect of the present invention, the rights profile provided to the CPE 106 may have a limited utility; e.g., an expiration date, finite number of accesses, etc. When the expiration criteria are met; e.g., expiration date, the CPE 106 must request a new rights profile according to the methods discussed above. Accordingly, if the user's rights are revoked (such as for failure to pay subscription fees), the updated rights profile will reflect that the user is no longer entitled to access content. Further, if the user upgrades his or her account, these changes will also be reflected in the updated rights profile. This functionality is necessary in cases where the profile is delivered to a client device which may be routinely detached or out of communication with the MSO's content delivery network (and hence the CPS/AS of
In one variant, the rights profile is encoded with data that causes it to simply expire after a prescribed period of time, or number of accesses or executions of the profile file itself. After that, the profile is inoperable/inaccessible, and hence cannot be used to gain access to any encoded content until it is refreshed by the CPS/AS.
In another variant, the profile alerts the user with on-screen messages or audible cues that the profile is reaching expiration, and instigates the user to re-establish connection with the MSO host network to be refreshed. In yet another variant, the functionality of the media player is degraded or reduced by the RMA such that the user's experience with the content is less than optimal, thereby causing them to refresh their profile. This degradation may include for example: (i) reduction of video rendering quality (e.g., no HD, only SD, or pixelation); (ii) loss of features (e.g., no “trick mode” commands such as FF, REW, PAUSE, etc.); (iii) loss of the audio portion; and/or (iv) imposition of a visible watermark or other artifact on the display, thereby substantially interfering with the user's experience.
Unrequested rights profiles may be provided to CPE 106, such as in instances when the MSO would like to implement rights changes immediately. For example, rather than waiting for a current profile to expire, an updated rights profile may be provided as soon as changes to a subscriber's rights are made (e.g., upgrades and/or revocations). The new or updated profile is pushed to the CPE over the available transport, and if no transport is available (e.g., the CPE 106 is not in communication with the network), then the profile is buffered or queued for later transmission when a transport becomes available.
In another embodiment, the present invention may be utilized in conjunction with the methods and apparatus discussed in co-owned U.S. patent application Ser. No. 12/631,713 filed on Dec. 4, 2009, entitled “APPARATUS AND METHODS FOR MONITORING AND OPTIMIZING DELIVERY OF CONTENT IN A NETWORK”, and issued as U.S. Pat. No. 9,519,728 on Dec. 13, 2016, incorporated herein by reference in its entirety. As discussed therein, the system may be configured to recommend an alternative delivery platform available to the user so as to ensure optimized content delivery to multiple user devices. In other words, the user (e.g., a subscriber of an IP, cable or satellite network) is provided with the best possible “user experience” at all times, depending on the various hardware/software environments they have available to them, and their current usage needs and preferences. For example, in one embodiment, an optimization and monitoring entity (OME) is utilized in conjunction with other network and user premises components to provide the aforementioned functionality. The OME comprises one or more software applications which work in conjunction with one another (and with one or more content servers) to determine, evaluate, and provide notification to a user of one or more alternative content delivery platforms, such as for example when a request for content is received. Alternative services, transports, and delivery models, may also be recommended in another variant of the invention.
In one exemplary use case, requests for content are received at a content server (such as from a device which may or may not run the herein described media player application), and forwarded to the OME. The content server may satisfy the request, or may first require selection of a delivery platform. Information identifying the requesting device (such as IP address, MAC address, etc.) and/or the subscriber account or specific user (such as account number, physical address, login/password information, etc.) is derived from or embedded in the content requests (or otherwise retrieved from information contained within the request). The OME uses the collected information to determine whether the requesting device is registered to a known user account by comparing the identification to a database of registered accounts and devices. The OME uses the aforementioned database to compile a list of all of the other known client devices in a specific user's account. Software applications running on the OME further differentiate the various features and capabilities of the different types of client devices registered to a user account and which may be used to receive content. In one variant, the OME comprises a “recommendation engine” that determines whether requested content may be provided to the same user on a different platform; e.g., on a different one of the client devices associated with the user's account (including e.g., a device which may or may not run the herein described media player application). Such an alternative device may be recommended based on e.g., video/audio quality, picture size, bandwidth availability, and/or any other additional capabilities of the recommended client device, or may be recommended based on historical usage or other information about the user (or a specification of user preferences associated with the account and accessed by the OME).
Fraud Prevention—
In another aspect of the invention, the rights profile and decoding algorithm used by the RMA/media player application are cryptographically protected from unauthorized access or modification (confidentiality and integrity protection) using: (i) encryption; and (ii) a cryptographic hash of the type well known in the art, respectively. The encryption may be for example according to an RSA public/private key pair, and the hashing according to a one-way hash (e.g., Merkle-Damgard construction such as SHA-1 and MD-5). The public key of the pair is used to encrypt the profile, and the private key is used by the RMA/media player to decrypt the profile and access it. As noted above, the private encryption key and/or hashing functions can be maintained within a secure microprocessor (SM) of the client device on which the RMA/media player is running, thereby preventing access to this information.
Moreover, the RMA can be configured to store the decrypted profile in secure storage as well, so as to prevent copying or transfer thereof to another device in an unencrypted form. Moreover, the content (e.g., media) can be encrypted using the same or a similar function, so as to provide confidentiality and integrity protection, and prevent surreptitious copying. This encryption may be the “encoding” previously referenced herein, or may be yet an additional layer of protection in addition to the encoding (the latter which may be as simple as requiring a proper input or seed to a known decoding algorithm, or more complex such as through use of a secret decoding algorithm/seed). For instance, in one variant, the encrypted rights profile may carry the seed needed to seed the media player's decoding algorithm to decode the content. This seed may be content-element specific (e.g., each content element may be encoded with a different seed, thereby requiring provision of the same seed to the media player to decode). Alternatively, the seed can be generic; i.e., the same seed is used to encode different content elements. Moreover, the seed can have a finite lifetime, such that content elements that are downloaded from the network are encoded using a different seed for each successive time period, thereby frustrating decoding of newly downloaded content elements using an old seed. For example, in one variant of the invention, all content accessible by the media player/RMA must be downloaded contemporaneously with the content access request, and the content is encoded on a rolling or finite time basis, such that the seed provided with the rights profile (when decrypted) is only good for a given period of time. If the user requests the same content say a day later, the downloaded content would be encoded using a different seed, thereby frustrating decoding unless the user (RMA) also procures a refreshed or updated rights profile.
The use of a dual-layer encoding and encryption scheme in some embodiments of the invention provides benefits from the standpoint of faster/easier decoding; the encoding is more of a user access control mechanism (i.e., is intended to limit access, but not necessarily provide a high level of “hacking” protection). The RSA or similar encryption on the other hand, acts as a protective wrapper for the content while in transit, and is significantly more difficult to penetrate. Hence, in one embodiment, the content is decrypted once upon receipt, and stored in encoded (but decrypted) form, so that the relatively simple decoding can be performed rapidly and without having to decrypt also on each play by the user.
Software Architecture—
A corresponding rights management application 310 is disposed on each CPE 106; this application allows the CPE 106 to receive/send information from/to the authorization application 410, for e.g., requests for rights profile and the rights profile themselves. As previously noted, the CPE also includes a media player application (MPA) 331, which may be a stand-alone application, or integrated with the RMA 310 as desired.
The authorization application 410 is in logical communication with applications (not shown) running at the billing system 208 to receive rights information regarding specific CPE 106 and/or subscribers. Accordingly, the authorization application 410 facilitates sending a request for information from the billing system 208 when a CPE 106 has requested a rights profile. The authorization application 410, as indicated above, accesses or generates a rights profile from information received from one or more applications running at the billing system 208. The rights profile is then communicated (via the authorization application 410) to the CPE 106.
The authorization application 410 is also in logical communication with applications (not shown) running on the content server 206 to pass rights information thereto. In other words, the authorization application 410 may, when a request for content is received at the content server 206, provide that server with information as to whether the requesting CPE 106 should be granted access to the content. In another embodiment, this step is obviated in favor of having the CPE 106 itself determine whether content may be provided to a user, (discussed above with respect to
It is further appreciated that the rights management application 310 running on the CPE 106 may also be in logical communication with other processes within the premises, such as for example user interface processes, display device processes, and processes running on other devices, such as a wireless device coupled to the CPE 106 via the wireless interface, or other CPE 106.
Transferrable Rights Profile—
In another embodiment, the rights profile may be made moveable between several CPE 106. For example, a first CPE 106 may be configured to request a rights profile (as discussed above); the rights profile is then stored on a removable storage device, such as a USB key, a subscriber identity module (SIM) card, smart card, flash memory card, etc. The removable storage device having the rights profile stored thereon may then be removed from the first CPE and inserted into a second CPE 106. The rights profile may contain information which identifies the subscriber thereby allowing the second CPE 106 to request access to content (as discussed above). The second CPE 106 reads the rights profile and provides content to a user based at least in part thereon. In one variant, to prevent fraud, the user may first be required to establish a log-in profile (e.g., login name and password) in order to enable the first or second CPE 106 to access the rights profile stored on the storage device. A separate (or the same) log-in may also be required in order to enable the user to access content from the first or second CPE 106 as well.
CPS On-Premises Proxy—
In another embodiment of the invention (illustrated in
Hence, in one use case, the user starts the media player application (MPA), and enters their login information on the displayed UI on the client device. The MPA generates a request message to the RMA server process and transmits it over an available or designated transport (e.g., MoCA network or WLAN). The RMA server portion receives the request, and accesses the authentication database to determine if that user/device is on a “white list” of authorized users/devices (and if so, whether the login information is valid). If so, the RMA then accesses the user's rights profile to determine if the user/device has access to the partition. If so, the RMA grants access to the DVR directory function for the partition (even the titles of the content may be too explicit for younger viewers), and transmits the directory data to the MPA on the client. The user then views the directory function, selects content from the partition, and transmits this content request to the RAM server. The RMA server then transmits the encoded content to the MPA on the client device, which then decodes the encoded content using security information (e.g., access code, decryption key, etc.) either resident on the client or otherwise provided to the client after successful authentication and rights validation.
The RMA server portion may also be placed in contact with the CPS, the latter which periodically or situationally provisions or updates the RMA server at the premises to reflect current rights profiles for the users/devices of the premises.
The foregoing example architecture represents but one of many such configurations enabled by the present invention. For example, the rights profile may be alternatively transferred to the client device with MPA, and the MPA can determine access rights to content that is freely provided (in encoded form) by the DVR/RMA server after user/device authentication.
Business/Operational Rules Engine—
In another aspect of the invention, the processor 404 entity (e.g., rendered as one or more computer programs disposed on a headend server or entity (e.g., authorization server 202, content server 206, BSA hub entity, CPE 106, or other location) includes a so-called “rules” engine. This engine comprises, in an exemplary embodiment, one or more software routines adapted to control the operation of the CPS and/or CPE 106 in order to achieve one or more goals relating to operations or business (e.g., profit). Included within these areas are network optimization and reliability goals, increased maintenance intervals, increased subscriber or user satisfaction, increased subscription base, higher profit (e.g., from increased advertising revenues, more subscriber “views” of given content, higher data download speed, increased bandwidth and responsiveness to changing demands for bandwidth, reduction of undue QAM replication, and so forth.
These rules may comprise a separate entity or process, and may also be fully integrated within other processing entities (such as the aforementioned authorization application (AA) or the rights management application 310), and controlled via e.g., a GUI displayed on a device connected to the relevant CPE or server. In effect, the rules engine comprises a supervisory entity which monitors and selectively controls the CPS and/or CPE 106 operation processes at a higher level, so as to implement desired operational or business rules. The rules engine can be considered an overlay of sorts to the more fundamental algorithms used to accomplish required network operation, such as IP address assignment, statistical multiplexing, BSA switching, and so forth.
For example, the authorization server 202 or CPE 106 may invoke certain operational protocols or decision processes based on information or requests received from the CPE 106, conditions existing within the network, demographic data, geographic data, etc. However, these processes may not always be compatible with higher level business or operational goals, such as maximizing profit or system reliability. Hence, when imposed, the business/operational rules can be used to dynamically (or manually) control the operation of the client process on the CPS and/or CPE 106. The rules may be, e.g., operational or business-oriented in nature, and may also be applied selectively in terms of time of day, duration, specific local areas, or even at the individual user level (e.g., via specific identification of the CPE or client device via TUNER_ID, MAC address, or the like, or via user-based login as previously described).
For example, one rule implemented by the rules engine may comprise only providing certain types or formats of programming to certain subscribers or classes of subscribers. As noted previously, these rules may be implemented at the device level (e.g., CPE 106) or at the authorization server 202 (such as by placing information regarding these rules into the rights profile). The CPE 106 may possess high definition (HD) decoding capability, for example, but programs rendered in HD would not be made available to such subscribers unless they met certain criteria (e.g., “premium” subscription, etc.). Similarly, if the subscriber did not possess a required codec, CA keys, or network interface, the download of this missing component could be controlled to only subscribers meeting certain criteria. In one embodiment, the rights profile provided to the CPE 106 (and generated at the authorization server 202) may specify these criteria. In another embodiment, the business rules engine running on a processor 304 of the CPE 106 itself implements these criteria.
Another rule might impose a moratorium or restrictions on upstream data or information messages (e.g., SSP) or requests for content or a rights profile from the CPE 106 during conditions of very heavy loading (e.g., until a certain minimum threshold of available bandwidth is present), thereby avoiding contention for bandwidth resources with “premium” services. Similarly, program-related or other processing typically done upstream of the CPE 106 could be dynamically shifted to the CPE 106 under such circumstances so as distribute the processing load (and hence upstream messaging bandwidth consumed) to the CPE 106.
Yet another rule might impose restrictions on establishing or allocating new physical channels/QAMs to download content to the user. For instance, where in in-band or DOCSIS QAM is used as the transport for the requested content, instantiation, tear-down, and management of this process can be governed by the rules engine so as to mitigate resource contention, provide the desired level of user service (i.e., avoid excessive delays), etc.
Business Models—
The present invention also lends itself to various business models in terms of distribution, operation, and service provision. Specifically, by having remote monitoring, configuration and provisioning capability via the RMA 310, the service provider (e.g., MSO) is given greater flexibility in, inter alia, (i) troubleshooting and repairing faults within the CPE 106 or other connected premises devices which may otherwise require a service visit; and (ii) changing or reconfiguring a given subscriber's service package or capabilities remotely, again obviating a service visit or actions by the subscriber. For example, as previously described, a rights profile associated with a CPE 106 may be updated and changed (including providing no rights to content), then provided to the CPE 106, thereby allowing the MSO to rapidly switch service options on a per-subscriber or per-device basis. New versions or upgrades of software/firmware can readily be downloaded and installed as well. UPnP or other server processes on the CPE 106 can be configured using the remote provisioning capability also.
In another business model, the aforementioned media player application 331 is provided free of charge to MSO subscribers (e.g., with leased CPE at time of installation, or via a free website download) so that it can be installed on the various CPE/client devices associated with the subscriber (including their portable personal media devices or PMDs). The PMD may for example contain a WLAN (e.g., Wi-Fi) or 1394/USB interface that permits communication with a CPD at the subscriber's premises, the latter including a DOCSIS cable modem or other transport that enables communication with the content delivery network (and hence CPS 204). The CPS or a designated proxy server can, upon request from the PMD (via the CPD, and its IP or MAC address), determine that the request is coming from a valid subscriber device, and the media player can then be downloaded to the CPD and passed to the requesting PMD via the interface. The media player application download itself may be encrypted or otherwise protected so as to permit only the appropriate PMD (i.e., one having the private portion of the public/private key pair) to decrypt and install the file.
Alternatively, the media player application may be distributed according to an “open” model, wherein it is freely available to MSO subscribers and non-subscribers. For example, the media player might include ancillary functions which are accessible to both subscribers and non-subscribers, with the log-on to the CPS 204 and rights profile/content access functions being only available to subscribers. In one such variant, the media player can operate to decode files of a given format (e.g., H.264 encoded) that are not MSO-originated or “protected” (e.g., a video found on the web) without log-in or device authentication by the MSO network. The MSO may even provide a publicly accessible portal or website for this reason, so as to entice potential subscribers into taking a subscription (or at least “test driving” the fully-functioned media player for a period of time or number of plays).
Many other approaches and combinations of various operational and business paradigms are envisaged consistent with the invention, as will be recognized by those of ordinary skill when provided this disclosure.
It will be recognized that while certain aspects of the invention are described in terms of a specific sequence of steps of a method, these descriptions are only illustrative of the broader methods of the invention, and may be modified as required by the particular application. Certain steps may be rendered unnecessary or optional under certain circumstances. Additionally, certain steps or functionality may be added to the disclosed embodiments, or the order of performance of two or more steps permuted. All such variations are considered to be encompassed within the invention disclosed and claimed herein.
While the above detailed description has shown, described, and pointed out novel features of the invention as applied to various embodiments, it will be understood that various omissions, substitutions, and changes in the form and details of the device or process illustrated may be made by those skilled in the art without departing from the invention. The foregoing description is of the best mode presently contemplated of carrying out the invention. This description is in no way meant to be limiting, but rather should be taken as illustrative of the general principles of the invention. The scope of the invention should be determined with reference to the claims.
This application is a divisional of and claims priority to co-owned U.S. patent application Ser. No. 15/811,216 entitled “APPARATUS AND METHODS FOR RIGHTS-MANAGED CONTENT AND DATA DELIVERY” and filed on Nov. 13, 2017, issuing as U.S. Pat. No. 10,339,281 on Jul. 2, 2019, which is a continuation of and claims priority to co-owned U.S. patent application Ser. No. 15/156,139 of the same title filed on May 16, 2016, and issued as U.S. Pat. No. 9,817,952 on Nov. 14, 2017, which is a continuation of and claims priority to co-owned U.S. patent application Ser. No. 12/716,131 of the same title filed on Mar. 2, 2010, issued as U.S. Pat. No. 9,342,661 on May 17, 2016, each of which are incorporated herein by reference in its entirety. Additionally, this application is generally related to the subject matter of co-owned U.S. patent application Ser. No. 12/536,724 filed on Aug. 6, 2009, entitled “SYSTEM AND METHOD FOR MANAGING ENTITLEMENTS TO DATA OVER A NETWORK”, and issued as U.S. Pat. No. 8,341,242 on Dec. 25, 2012, and to co-owned U.S. Provisional Application Ser. No. 61/256,903 filed on Oct. 30, 2009 and entitled “Methods and Apparatus for Packetized Content Delivery Over a Content Delivery Network”, each of which are incorporated herein by reference in its entirety.
Number | Name | Date | Kind |
---|---|---|---|
5410344 | Graves et al. | Apr 1995 | A |
5528284 | Iwami et al. | Jun 1996 | A |
5534911 | Levitan | Jul 1996 | A |
5557319 | Gurusami et al. | Sep 1996 | A |
5628284 | Sheen et al. | May 1997 | A |
5708961 | Hylton et al. | Jan 1998 | A |
5745837 | Fuhrmann | Apr 1998 | A |
5758257 | Herz et al. | May 1998 | A |
5818438 | Howe et al. | Oct 1998 | A |
5822530 | Brown | Oct 1998 | A |
5838921 | Speeter | Nov 1998 | A |
5897635 | Torres et al. | Apr 1999 | A |
5940738 | Rao | Aug 1999 | A |
5999535 | Wang et al. | Dec 1999 | A |
6125397 | Yoshimura et al. | Sep 2000 | A |
6167432 | Jiang | Dec 2000 | A |
6181697 | Nurenberg et al. | Jan 2001 | B1 |
6219710 | Gray et al. | Apr 2001 | B1 |
6233389 | Barton et al. | May 2001 | B1 |
6259701 | Shur et al. | Jul 2001 | B1 |
6286049 | Rajakarunanayake et al. | Sep 2001 | B1 |
6317884 | Eames et al. | Nov 2001 | B1 |
6345038 | Selinger | Feb 2002 | B1 |
6389538 | Gruse et al. | May 2002 | B1 |
6396531 | Gerszberg et al. | May 2002 | B1 |
6473793 | Dillon et al. | Oct 2002 | B1 |
6519062 | Yoo | Feb 2003 | B1 |
6523696 | Saito et al. | Feb 2003 | B1 |
6546016 | Gerszberg et al. | Apr 2003 | B1 |
6564381 | Hodge et al. | May 2003 | B1 |
6640145 | Hoffberg et al. | Oct 2003 | B2 |
6642938 | Gilboy | Nov 2003 | B1 |
6642939 | Vallone et al. | Nov 2003 | B1 |
6643262 | Larsson et al. | Nov 2003 | B1 |
6694145 | Riikonen et al. | Feb 2004 | B2 |
6711742 | Kishi et al. | Mar 2004 | B1 |
6718552 | Goode | Apr 2004 | B1 |
6748395 | Picker et al. | Jun 2004 | B1 |
6754904 | Cooper et al. | Jun 2004 | B1 |
6757906 | Look et al. | Jun 2004 | B1 |
6774926 | Ellis et al. | Aug 2004 | B1 |
6788676 | Partanen et al. | Sep 2004 | B2 |
6847778 | Vallone et al. | Jan 2005 | B1 |
6865746 | Herrington et al. | Mar 2005 | B1 |
6909726 | Sheeran | Jun 2005 | B1 |
6918131 | Rautila et al. | Jul 2005 | B1 |
6925257 | Yoo | Aug 2005 | B2 |
6931018 | Fisher | Aug 2005 | B1 |
6934964 | Schaffer et al. | Aug 2005 | B1 |
6944150 | McConnell et al. | Sep 2005 | B1 |
6978474 | Sheppard et al. | Dec 2005 | B1 |
7003670 | Heaven | Feb 2006 | B2 |
7006881 | Hoffberg et al. | Feb 2006 | B1 |
7009972 | Maher et al. | Mar 2006 | B2 |
7013290 | Ananian | Mar 2006 | B2 |
7020652 | Matz et al. | Mar 2006 | B2 |
7027460 | Iyer et al. | Apr 2006 | B2 |
7039048 | Monta et al. | May 2006 | B1 |
7051352 | Schaffer | May 2006 | B1 |
7054902 | Toporek et al. | May 2006 | B2 |
7055031 | Platt | May 2006 | B2 |
7055165 | Connelly | May 2006 | B2 |
7068639 | Varma et al. | Jun 2006 | B1 |
7096483 | Johnson | Aug 2006 | B2 |
7099308 | Merrill et al. | Aug 2006 | B2 |
7100183 | Kunkel et al. | Aug 2006 | B2 |
7103905 | Novak | Sep 2006 | B2 |
7106382 | Shiotsu | Sep 2006 | B2 |
7146627 | Ismail et al. | Dec 2006 | B1 |
7149772 | Kalavade | Dec 2006 | B1 |
7167895 | Connelly | Jan 2007 | B1 |
7174126 | McElhatten | Feb 2007 | B2 |
7174127 | Otten et al. | Feb 2007 | B2 |
7174385 | Li | Feb 2007 | B2 |
7185355 | Ellis et al. | Feb 2007 | B1 |
7206775 | Kaiser et al. | Apr 2007 | B2 |
7207055 | Hendricks et al. | Apr 2007 | B1 |
7209458 | Ahvonen et al. | Apr 2007 | B2 |
7213036 | Apparao et al. | May 2007 | B2 |
7228556 | Beach et al. | Jun 2007 | B2 |
7242960 | Van et al. | Jul 2007 | B2 |
7242988 | Hoffberg et al. | Jul 2007 | B1 |
7254608 | Yeager et al. | Aug 2007 | B2 |
7257106 | Chen et al. | Aug 2007 | B2 |
7260823 | Schlack et al. | Aug 2007 | B2 |
7293276 | Phillips et al. | Nov 2007 | B2 |
7312391 | Kaiser et al. | Dec 2007 | B2 |
7325043 | Rosenberg et al. | Jan 2008 | B1 |
7325073 | Shao et al. | Jan 2008 | B2 |
7330483 | Peters, Jr. et al. | Feb 2008 | B1 |
7330510 | Castillo et al. | Feb 2008 | B2 |
7333483 | Zhao et al. | Feb 2008 | B2 |
7336787 | Unger et al. | Feb 2008 | B2 |
7337458 | Michelitsch et al. | Feb 2008 | B2 |
7340762 | Kim | Mar 2008 | B2 |
7359375 | Lipsanen et al. | Apr 2008 | B2 |
7363643 | Drake et al. | Apr 2008 | B2 |
7376386 | Phillips et al. | May 2008 | B2 |
7382786 | Chen et al. | Jun 2008 | B2 |
7406515 | Joyce et al. | Jul 2008 | B1 |
7444655 | Sardera | Oct 2008 | B2 |
7457520 | Rosetti et al. | Nov 2008 | B2 |
7486869 | Alexander et al. | Feb 2009 | B2 |
7487523 | Hendricks | Feb 2009 | B1 |
7532712 | Gonder et al. | May 2009 | B2 |
7548562 | Ward et al. | Jun 2009 | B2 |
7567983 | Pickelsimer et al. | Jul 2009 | B2 |
7571452 | Gutta | Aug 2009 | B2 |
7592912 | Hasek et al. | Sep 2009 | B2 |
7602820 | Helms et al. | Oct 2009 | B2 |
7609637 | Doshi et al. | Oct 2009 | B2 |
7624337 | Sull et al. | Nov 2009 | B2 |
7650319 | Hoffberg et al. | Jan 2010 | B2 |
7690020 | Lebar | Mar 2010 | B2 |
7693171 | Gould | Apr 2010 | B2 |
7721314 | Sincaglia et al. | May 2010 | B2 |
7725553 | Rang et al. | May 2010 | B2 |
7742074 | Minatogawa | Jun 2010 | B2 |
7770200 | Brooks et al. | Aug 2010 | B2 |
7809942 | Baran et al. | Oct 2010 | B2 |
7870245 | Butler | Jan 2011 | B2 |
7893171 | Le et al. | Feb 2011 | B2 |
7900052 | Jonas et al. | Mar 2011 | B2 |
7908626 | Williamson | Mar 2011 | B2 |
7916755 | Hasek et al. | Mar 2011 | B2 |
7936775 | Iwamura | May 2011 | B2 |
7954131 | Cholas et al. | May 2011 | B2 |
8042054 | White | Oct 2011 | B2 |
8095610 | Gould et al. | Jan 2012 | B2 |
8166126 | Bristow et al. | Apr 2012 | B2 |
8170065 | Hasek et al. | May 2012 | B2 |
8219134 | Maharajh | Jul 2012 | B2 |
8249497 | Ingrassia et al. | Aug 2012 | B2 |
8281352 | Brooks et al. | Oct 2012 | B2 |
8341242 | Dillon et al. | Dec 2012 | B2 |
8347341 | Markley | Jan 2013 | B2 |
8429702 | Yasrebi et al. | Apr 2013 | B2 |
8484511 | Engel et al. | Jul 2013 | B2 |
8516529 | Lajoie | Aug 2013 | B2 |
8520850 | Helms | Aug 2013 | B2 |
8583758 | Casey | Nov 2013 | B2 |
8738607 | Dettinger et al. | May 2014 | B2 |
8750490 | Murtagh et al. | Jun 2014 | B2 |
8750909 | Fan et al. | Jun 2014 | B2 |
8805270 | Maharajh et al. | Aug 2014 | B2 |
8949919 | Cholas et al. | Feb 2015 | B2 |
8995815 | Maharajh et al. | Mar 2015 | B2 |
9106666 | Omar | Aug 2015 | B2 |
9124608 | Jin et al. | Sep 2015 | B2 |
9124650 | Maharajh et al. | Sep 2015 | B2 |
9215423 | Kimble et al. | Dec 2015 | B2 |
9342661 | Cholas et al. | May 2016 | B2 |
9817952 | Cholas et al. | Nov 2017 | B2 |
9854317 | Abboa-Offei | Dec 2017 | B1 |
9906838 | Cronk et al. | Feb 2018 | B2 |
10339281 | Cholas et al. | Jul 2019 | B2 |
20010004768 | Hodge et al. | Jun 2001 | A1 |
20010043613 | Wibowo et al. | Nov 2001 | A1 |
20010050945 | Lindsey | Dec 2001 | A1 |
20020002688 | Gregg et al. | Jan 2002 | A1 |
20020024943 | Karaul et al. | Feb 2002 | A1 |
20020027883 | Belaiche | Mar 2002 | A1 |
20020032754 | Logston et al. | Mar 2002 | A1 |
20020042921 | Ellis | Apr 2002 | A1 |
20020053076 | Landesmann | May 2002 | A1 |
20020056125 | Hodge et al. | May 2002 | A1 |
20020059218 | August et al. | May 2002 | A1 |
20020059619 | Lebar | May 2002 | A1 |
20020066033 | Dobbins et al. | May 2002 | A1 |
20020083451 | Gill et al. | Jun 2002 | A1 |
20020087995 | Pedlow et al. | Jul 2002 | A1 |
20020095689 | Novak | Jul 2002 | A1 |
20020123931 | Splaver et al. | Sep 2002 | A1 |
20020131511 | Zenoni | Sep 2002 | A1 |
20020144267 | Gutta et al. | Oct 2002 | A1 |
20020147771 | Traversat et al. | Oct 2002 | A1 |
20020152091 | Nagaoka et al. | Oct 2002 | A1 |
20020152299 | Traversat et al. | Oct 2002 | A1 |
20020178444 | Trajkovic et al. | Nov 2002 | A1 |
20020188744 | Mani | Dec 2002 | A1 |
20020188869 | Patrick | Dec 2002 | A1 |
20020194595 | Miller et al. | Dec 2002 | A1 |
20030005453 | Rodriguez et al. | Jan 2003 | A1 |
20030012190 | Kaku et al. | Jan 2003 | A1 |
20030028451 | Ananian | Feb 2003 | A1 |
20030028889 | McCoskey | Feb 2003 | A1 |
20030028896 | Swart | Feb 2003 | A1 |
20030048380 | Tamura | Mar 2003 | A1 |
20030056217 | Brooks | Mar 2003 | A1 |
20030066884 | Reddy et al. | Apr 2003 | A1 |
20030093794 | Thomas et al. | May 2003 | A1 |
20030097574 | Upton | May 2003 | A1 |
20030115267 | Hinton et al. | Jun 2003 | A1 |
20030135628 | Fletcher et al. | Jul 2003 | A1 |
20030163443 | Wang | Aug 2003 | A1 |
20030165241 | Fransdonk | Sep 2003 | A1 |
20030166401 | Combes et al. | Sep 2003 | A1 |
20030200548 | Baran et al. | Oct 2003 | A1 |
20030208767 | Williamson et al. | Nov 2003 | A1 |
20030217137 | Roese et al. | Nov 2003 | A1 |
20030217365 | Caputo | Nov 2003 | A1 |
20030220100 | McElhatten et al. | Nov 2003 | A1 |
20040034677 | Davey et al. | Feb 2004 | A1 |
20040034877 | Nogues | Feb 2004 | A1 |
20040045032 | Cummings et al. | Mar 2004 | A1 |
20040045035 | Cummings et al. | Mar 2004 | A1 |
20040045037 | Cummings et al. | Mar 2004 | A1 |
20040117254 | Nemirofsky et al. | Jun 2004 | A1 |
20040133923 | Watson et al. | Jul 2004 | A1 |
20040137918 | Varonen et al. | Jul 2004 | A1 |
20040166832 | Portman et al. | Aug 2004 | A1 |
20040230994 | Urdang et al. | Nov 2004 | A1 |
20040250273 | Swix et al. | Dec 2004 | A1 |
20050034171 | Benya | Feb 2005 | A1 |
20050049886 | Grannan et al. | Mar 2005 | A1 |
20050055220 | Lee et al. | Mar 2005 | A1 |
20050055729 | Atad et al. | Mar 2005 | A1 |
20050083921 | McDermott, III et al. | Apr 2005 | A1 |
20050086334 | Aaltonen et al. | Apr 2005 | A1 |
20050086683 | Meyerson | Apr 2005 | A1 |
20050108763 | Baran et al. | May 2005 | A1 |
20050114701 | Atkins et al. | May 2005 | A1 |
20050114900 | Ladd et al. | May 2005 | A1 |
20050131818 | Desai | Jun 2005 | A1 |
20050157731 | Peters | Jul 2005 | A1 |
20050165899 | Mazzola | Jul 2005 | A1 |
20050177855 | Maynard et al. | Aug 2005 | A1 |
20050188415 | Riley | Aug 2005 | A1 |
20050223097 | Ramsayer et al. | Oct 2005 | A1 |
20050228725 | Rao et al. | Oct 2005 | A1 |
20050289616 | Horiuchi et al. | Dec 2005 | A1 |
20050289618 | Hardin | Dec 2005 | A1 |
20060020786 | Helms | Jan 2006 | A1 |
20060021004 | Moran et al. | Jan 2006 | A1 |
20060021019 | Hinton et al. | Jan 2006 | A1 |
20060041905 | Wasilewski | Feb 2006 | A1 |
20060041915 | Dimitrova et al. | Feb 2006 | A1 |
20060047957 | Helms | Mar 2006 | A1 |
20060053463 | Choi | Mar 2006 | A1 |
20060088030 | Beeson et al. | Apr 2006 | A1 |
20060095940 | Yearwood | May 2006 | A1 |
20060117379 | Bennett et al. | Jun 2006 | A1 |
20060130099 | Rooyen | Jun 2006 | A1 |
20060130101 | Wessel | Jun 2006 | A1 |
20060130107 | Gonder et al. | Jun 2006 | A1 |
20060130113 | Carlucci et al. | Jun 2006 | A1 |
20060136964 | Diez et al. | Jun 2006 | A1 |
20060136968 | Han et al. | Jun 2006 | A1 |
20060149850 | Bowman | Jul 2006 | A1 |
20060156392 | Baugher et al. | Jul 2006 | A1 |
20060161635 | Lamkin et al. | Jul 2006 | A1 |
20060171423 | Helms et al. | Aug 2006 | A1 |
20060187900 | Akbar | Aug 2006 | A1 |
20060206712 | Dillaway et al. | Sep 2006 | A1 |
20060209799 | Gallagher et al. | Sep 2006 | A1 |
20060218604 | Riedl et al. | Sep 2006 | A1 |
20060221246 | Yoo | Oct 2006 | A1 |
20060238656 | Chen et al. | Oct 2006 | A1 |
20060248553 | Mikkelson et al. | Nov 2006 | A1 |
20060259927 | Acharya et al. | Nov 2006 | A1 |
20060291506 | Cain | Dec 2006 | A1 |
20070019645 | Menon | Jan 2007 | A1 |
20070022459 | Gaebel, Jr. et al. | Jan 2007 | A1 |
20070022469 | Cooper et al. | Jan 2007 | A1 |
20070025372 | Brenes et al. | Feb 2007 | A1 |
20070033531 | Marsh | Feb 2007 | A1 |
20070049245 | Lipman | Mar 2007 | A1 |
20070053513 | Hoffberg et al. | Mar 2007 | A1 |
20070057851 | Leizerovich et al. | Mar 2007 | A1 |
20070061023 | Hoffberg et al. | Mar 2007 | A1 |
20070067851 | Fernando et al. | Mar 2007 | A1 |
20070073704 | Bowden et al. | Mar 2007 | A1 |
20070076728 | Rieger et al. | Apr 2007 | A1 |
20070081537 | Wheelock | Apr 2007 | A1 |
20070094691 | Gazdzinski | Apr 2007 | A1 |
20070118848 | Schwesinger et al. | May 2007 | A1 |
20070121578 | Annadata et al. | May 2007 | A1 |
20070121678 | Brooks et al. | May 2007 | A1 |
20070124488 | Baum et al. | May 2007 | A1 |
20070124769 | Casey et al. | May 2007 | A1 |
20070124781 | Casey et al. | May 2007 | A1 |
20070150920 | Lee et al. | Jun 2007 | A1 |
20070153820 | Gould | Jul 2007 | A1 |
20070154041 | Beauchamp | Jul 2007 | A1 |
20070157234 | Walker | Jul 2007 | A1 |
20070157262 | Ramaswamy et al. | Jul 2007 | A1 |
20070168342 | Singerman | Jul 2007 | A1 |
20070180230 | Cortez | Aug 2007 | A1 |
20070204300 | Markley et al. | Aug 2007 | A1 |
20070204314 | Hasek et al. | Aug 2007 | A1 |
20070209054 | Cassanova | Sep 2007 | A1 |
20070209059 | Moore et al. | Sep 2007 | A1 |
20070217436 | Markley | Sep 2007 | A1 |
20070219910 | Martinez | Sep 2007 | A1 |
20070226365 | Hildreth et al. | Sep 2007 | A1 |
20070245376 | Svendsen | Oct 2007 | A1 |
20070250880 | Hainline | Oct 2007 | A1 |
20070261116 | Prafullchandra et al. | Nov 2007 | A1 |
20070276925 | La et al. | Nov 2007 | A1 |
20070276926 | Lajoie et al. | Nov 2007 | A1 |
20070280298 | Hearn et al. | Dec 2007 | A1 |
20070288637 | Layton et al. | Dec 2007 | A1 |
20070288715 | Boswell et al. | Dec 2007 | A1 |
20070294717 | Hill et al. | Dec 2007 | A1 |
20070294738 | Kuo et al. | Dec 2007 | A1 |
20070299728 | Nemirofsky et al. | Dec 2007 | A1 |
20080013533 | Bogineni | Jan 2008 | A1 |
20080021836 | Lao | Jan 2008 | A1 |
20080022012 | Wang | Jan 2008 | A1 |
20080059804 | Shah et al. | Mar 2008 | A1 |
20080066112 | Bailey et al. | Mar 2008 | A1 |
20080068112 | Yu et al. | Mar 2008 | A1 |
20080086750 | Yasrebi et al. | Apr 2008 | A1 |
20080091805 | Malaby et al. | Apr 2008 | A1 |
20080091807 | Strub et al. | Apr 2008 | A1 |
20080092163 | Song et al. | Apr 2008 | A1 |
20080092181 | Britt | Apr 2008 | A1 |
20080098212 | Helms | Apr 2008 | A1 |
20080098450 | Wu et al. | Apr 2008 | A1 |
20080112405 | Cholas et al. | May 2008 | A1 |
20080133551 | Wensley et al. | Jun 2008 | A1 |
20080137541 | Agarwal et al. | Jun 2008 | A1 |
20080148363 | Gilder et al. | Jun 2008 | A1 |
20080155059 | Hardin et al. | Jun 2008 | A1 |
20080162353 | Tom et al. | Jul 2008 | A1 |
20080170530 | Connors et al. | Jul 2008 | A1 |
20080170551 | Zaks | Jul 2008 | A1 |
20080177998 | Apsangi | Jul 2008 | A1 |
20080192820 | Brooks et al. | Aug 2008 | A1 |
20080201386 | Maharajh et al. | Aug 2008 | A1 |
20080201748 | Hasek et al. | Aug 2008 | A1 |
20080222684 | Mukraj et al. | Sep 2008 | A1 |
20080228587 | Slaney | Sep 2008 | A1 |
20080235746 | Peters et al. | Sep 2008 | A1 |
20080256646 | Strom et al. | Oct 2008 | A1 |
20080273591 | Brooks et al. | Nov 2008 | A1 |
20080279534 | Buttars | Nov 2008 | A1 |
20080281971 | Leppanen et al. | Nov 2008 | A1 |
20080282299 | Koat et al. | Nov 2008 | A1 |
20080285487 | Forslow | Nov 2008 | A1 |
20080297669 | Zalewski et al. | Dec 2008 | A1 |
20080306903 | Larson et al. | Dec 2008 | A1 |
20080320523 | Morris et al. | Dec 2008 | A1 |
20080320543 | Wang et al. | Dec 2008 | A1 |
20090006542 | Feldman et al. | Jan 2009 | A1 |
20090013356 | Doerr et al. | Jan 2009 | A1 |
20090030802 | Plotnick et al. | Jan 2009 | A1 |
20090031335 | Hendricks et al. | Jan 2009 | A1 |
20090049049 | Cheah | Feb 2009 | A1 |
20090064221 | Stevens | Mar 2009 | A1 |
20090083279 | Hasek | Mar 2009 | A1 |
20090083811 | Dolce et al. | Mar 2009 | A1 |
20090083813 | Dolce et al. | Mar 2009 | A1 |
20090086643 | Kotrla et al. | Apr 2009 | A1 |
20090086722 | Kaji | Apr 2009 | A1 |
20090098861 | Kalliola et al. | Apr 2009 | A1 |
20090100459 | Riedl et al. | Apr 2009 | A1 |
20090100493 | Jones et al. | Apr 2009 | A1 |
20090133048 | Gibbs et al. | May 2009 | A1 |
20090141696 | Chou et al. | Jun 2009 | A1 |
20090150917 | Huffman et al. | Jun 2009 | A1 |
20090151006 | Saeki et al. | Jun 2009 | A1 |
20090158311 | Hon et al. | Jun 2009 | A1 |
20090164329 | Bishop | Jun 2009 | A1 |
20090172776 | Makagon et al. | Jul 2009 | A1 |
20090175218 | Song et al. | Jul 2009 | A1 |
20090185576 | Kisel et al. | Jul 2009 | A1 |
20090187939 | Lajoie | Jul 2009 | A1 |
20090193486 | Patel et al. | Jul 2009 | A1 |
20090201917 | Maes et al. | Aug 2009 | A1 |
20090210899 | Lawrence-Apfelbaum et al. | Aug 2009 | A1 |
20090210912 | Cholas et al. | Aug 2009 | A1 |
20090217036 | Irwin et al. | Aug 2009 | A1 |
20090225760 | Foti | Sep 2009 | A1 |
20090234735 | Maurer | Sep 2009 | A1 |
20090235308 | Ehlers et al. | Sep 2009 | A1 |
20090282241 | Prafullchandra et al. | Nov 2009 | A1 |
20090282449 | Lee | Nov 2009 | A1 |
20090293101 | Carter et al. | Nov 2009 | A1 |
20090296621 | Park et al. | Dec 2009 | A1 |
20090307757 | Groten | Dec 2009 | A1 |
20100012568 | Fujisawa et al. | Jan 2010 | A1 |
20100027560 | Yang et al. | Feb 2010 | A1 |
20100030578 | Siddique et al. | Feb 2010 | A1 |
20100031299 | Harrang et al. | Feb 2010 | A1 |
20100042478 | Reisman | Feb 2010 | A1 |
20100043030 | White | Feb 2010 | A1 |
20100057778 | Fein | Mar 2010 | A1 |
20100070522 | Nazar | Mar 2010 | A1 |
20100083329 | Joyce et al. | Apr 2010 | A1 |
20100083362 | Francisco et al. | Apr 2010 | A1 |
20100106846 | Noldus et al. | Apr 2010 | A1 |
20100115091 | Park et al. | May 2010 | A1 |
20100115113 | Short et al. | May 2010 | A1 |
20100122274 | Gillies et al. | May 2010 | A1 |
20100122276 | Chen | May 2010 | A1 |
20100125658 | Strasters | May 2010 | A1 |
20100131973 | Dillon et al. | May 2010 | A1 |
20100138900 | Peterka et al. | Jun 2010 | A1 |
20100146629 | Rahman et al. | Jun 2010 | A1 |
20100169977 | Dasher et al. | Jul 2010 | A1 |
20100199299 | Chang et al. | Aug 2010 | A1 |
20100199312 | Chang et al. | Aug 2010 | A1 |
20100217613 | Kelly | Aug 2010 | A1 |
20100218231 | Frink et al. | Aug 2010 | A1 |
20100219613 | Zaloom et al. | Sep 2010 | A1 |
20100251304 | Donoghue et al. | Sep 2010 | A1 |
20100251305 | Kimble et al. | Sep 2010 | A1 |
20100269144 | Forsman et al. | Oct 2010 | A1 |
20100280641 | Harkness et al. | Nov 2010 | A1 |
20100287609 | Gonzalez et al. | Nov 2010 | A1 |
20100299264 | Berger et al. | Nov 2010 | A1 |
20100313225 | Cholas et al. | Dec 2010 | A1 |
20100325547 | Keng et al. | Dec 2010 | A1 |
20110015989 | Tidwell et al. | Jan 2011 | A1 |
20110016479 | Tidwell et al. | Jan 2011 | A1 |
20110016482 | Tidwell et al. | Jan 2011 | A1 |
20110055935 | Karaoguz et al. | Mar 2011 | A1 |
20110071841 | Fomenko et al. | Mar 2011 | A1 |
20110090898 | Patel et al. | Apr 2011 | A1 |
20110093900 | Patel et al. | Apr 2011 | A1 |
20110099017 | Ure | Apr 2011 | A1 |
20110102600 | Todd | May 2011 | A1 |
20110103374 | Lajoie et al. | May 2011 | A1 |
20110107379 | Lajoie et al. | May 2011 | A1 |
20110110515 | Tidwell et al. | May 2011 | A1 |
20110119724 | Damola | May 2011 | A1 |
20110126018 | Narsinh et al. | May 2011 | A1 |
20110138064 | Rieger et al. | Jun 2011 | A1 |
20110138486 | White | Jun 2011 | A1 |
20110145049 | Hertel et al. | Jun 2011 | A1 |
20110154399 | Jin et al. | Jun 2011 | A1 |
20110166932 | Smith et al. | Jul 2011 | A1 |
20110173053 | Aaltonen et al. | Jul 2011 | A1 |
20110173095 | Kassaei et al. | Jul 2011 | A1 |
20110178943 | Motahari et al. | Jul 2011 | A1 |
20110191801 | Vytheeswaran | Aug 2011 | A1 |
20110202956 | Connelly | Aug 2011 | A1 |
20110213688 | Santos et al. | Sep 2011 | A1 |
20110219229 | Cholas et al. | Sep 2011 | A1 |
20110219460 | Baird-Smith | Sep 2011 | A1 |
20110264530 | Santangelo et al. | Oct 2011 | A1 |
20110265116 | Stern et al. | Oct 2011 | A1 |
20110276881 | Keng et al. | Nov 2011 | A1 |
20120005527 | Engel et al. | Jan 2012 | A1 |
20120011567 | Cronk et al. | Jan 2012 | A1 |
20120023535 | Brooks | Jan 2012 | A1 |
20120030363 | Conrad | Feb 2012 | A1 |
20120124606 | Tidwell et al. | May 2012 | A1 |
20120131683 | Nassar | May 2012 | A1 |
20120144416 | Wetzer et al. | Jun 2012 | A1 |
20120151602 | Lu | Jun 2012 | A1 |
20120185899 | Riedl et al. | Jul 2012 | A1 |
20130014140 | Ye et al. | Jan 2013 | A1 |
20130014171 | Sansom et al. | Jan 2013 | A1 |
20130024888 | Sivertsen | Jan 2013 | A1 |
20130046849 | Wolf et al. | Feb 2013 | A1 |
20130097647 | Brooks et al. | Apr 2013 | A1 |
20130117692 | Padmanabhan et al. | May 2013 | A1 |
20140074855 | Zhao et al. | Mar 2014 | A1 |
20140282656 | Belyaev | Sep 2014 | A1 |
20150040176 | Hybertson et al. | Feb 2015 | A1 |
20150095932 | Ren | Apr 2015 | A1 |
20170061557 | Cohen | Mar 2017 | A1 |
20170078357 | McCue | Mar 2017 | A1 |
20180191771 | Newman | Jul 2018 | A1 |
20180218160 | Wetherall | Aug 2018 | A1 |
Number | Date | Country |
---|---|---|
1821459 | Aug 2007 | EP |
2081361 | Jul 2009 | EP |
2001275090 | Oct 2001 | JP |
2005519365 | Jun 2005 | JP |
2005519501 | Jun 2005 | JP |
2005339093 | Dec 2005 | JP |
2008015936 | Jan 2008 | JP |
2009211632 | Sep 2009 | JP |
2010502109 | Jan 2010 | JP |
2010079902 | Apr 2010 | JP |
2012505436 | Mar 2012 | JP |
2012523614 | Oct 2012 | JP |
WO-0110125 | Feb 2001 | WO |
WO-2005015422 | Feb 2005 | WO |
WO-2005031524 | Apr 2005 | WO |
WO-2007060451 | May 2007 | WO |
WO-2012021245 | Feb 2012 | WO |
WO-2012114140 | Aug 2012 | WO |
Entry |
---|
Alcatel: “Delivering True Triple Play—Common Capabilities for the Delivery of Composite Services”, Internet Citation, Jun. 2006 (Jun. 2006), XP002418653, Retrieved from the Internet: URL:http://www.alcatel-lucent.com/tripleplay [retrieved on Feb. 6, 2007]. |
Cantor, et al., Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, Mar. 2005, Document ID saml-bindings-2.0-os ,(http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf). |
DLNA (Digital Living Network Alliance) protocols described in DLNA Networked Device Interoperability Guidelines Expanded, Mar. 2006 and subsequent expanded version dated Oct. 2006. |
Florin L., et al., “Content Delivery and Management in Networked MPEG-4 System,” 2000 10th European Signal Processing Conference, IEEE, Sep. 4, 2000 (Sep. 4, 2000), pp. 1-4, XP032755920, ISBN: 978-952-15-0443-3 [retrieved on Mar. 31, 2015]. |
OpenCable, Enhanced TV Binary Interchange, Format 1.0 OC-SP-ETV-BIF1.0-104-070921 Date: Sep. 21, 2007, 420 pages. |
Pantjiaros C.A. P., et al., “Broadband Service Delivery: CY.T.A. ADSL Field Trial Experience”, Electrotechnical Conference, 2000 MELECON, 2000 10th Mediterranean, May 29-31, 2000, Piscataway, NJ, USA,IEEE, vol. 1, May 29, 2000 (May 29, 2000), pp. 221-224, XP010518859, ISBN: 978-0-7803-6290-1. |
Redux screenshot from http://www.redux.com, “Select a channel to start watching” © 2014 Redux, Inc.014 Redux, Inc. All rights reserved; http://www.redux.com/; 2 pages. |
Siebenlist F., et al., “Global Grid Forum Specification Roadmap towards a Secure OGSA,” Jul. 2002, pp. 1-22. |
UTF-32, IBM, retrieved from http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fnls%2Frbagsutf32.htm on Aug. 28, 2013. |
Number | Date | Country | |
---|---|---|---|
20190392114 A1 | Dec 2019 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15811216 | Nov 2017 | US |
Child | 16459384 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15156139 | May 2016 | US |
Child | 15811216 | US | |
Parent | 12716131 | Mar 2010 | US |
Child | 15156139 | US |