This is the first application filed for the present invention.
Not Applicable.
The present invention relates to distribution of content through a communications network, and in particular to a method an apparatus for controlling the distribution of the content using a parallel network.
Recent advances in data communications technology have resulted in a dramatic increase in on-line services in which content of various types may be accessed and downloaded by interested parties. A virtually unlimited variety of content may be accessed and distributed through a communications network in this manner. Content distribution may be characterized as either unicast (that is, point-to-point between a content provider and a single party) or multicast (simultaneous distribution of content from a single content provider to multiple parties distributed across the communications network). In either case, access to the content is typically restricted to authorized parties, and/or granted in exchange for payment. In such cases, a convenient and effective means of authenticating a party requesting access to the content is required. Additionally, a simple and effective payment mechanism is required.
Modern communications networks such as the Internet are proving increasingly effective for both unicast and multicast distribution of content. However, experience has shown that it is a relatively easy matter for unauthorized persons to fraudulently gain access to content through such networks. This is due, at least in part, to the fact that addresses on the communications network are not uniquely associated with any particular location or individual. Thus it is very difficult, based on the content of messages received through the communications network, to positively verify the identity of the individual party who originated the message. Various schemes have been proposed for addressing the problem of verifying the identity of a party requesting access to content. Typically, these schemes involve the use of predetermined user IDs and passwords, and rely on the secrecy of the passwords to authenticate the identity of a party. However, the use of passwords has inherent limitations, because relatively simple passwords may be guessed or otherwise discovered, while more complicated passwords are also vulnerable to discovery and are likely to be forgotten by the user.
The difficulties associated with authenticating the identity of a party is compounded in cases where access to the content is permitted in exchange for payment. In these cases, it is necessary to verify not only the identity of the party, but also ensure authorized transfer of funds. The difficulties associated with ensuring that both of these functions are successfully completed, while at the same time preserving ease of use, have been identified as one of the impediments to the widespread deployment of services based on payment for content.
Another difficulty with the distribution of content through a communications network lies in the fact that a content provider may be required (e.g., by the laws and/or regulations of various jurisdictions) to restrict the distribution of content to certain predetermined domains. For example, a content provider may be required to prevent the distribution of content to parties located in a certain geographical region. In other instances, a content provider may be required to limit the distribution of content to within a specific network domain. In either case, such control over the distribution of content requires that the content provider have knowledge of a location of the party requesting access to the content. However, in the modern data communications space, address and identity information of users of the communications network are typically unrelated to geographical location, and thus there is no mechanism by which the content provider can independently verify a geographical location of a party requesting access to the content.
Accordingly, a method and system for controlling distribution of content through a communications network, with simple and efficient verification of party identity and location, remains highly desirable.
An object of the present invention is to provide a method and system of controlling distribution of content through a communications network, that overcomes the above-noted limitations of the prior art.
Accordingly, an aspect of the present invention provides a method of controlling distribution of content through a communications network. A request message is received from a party through the communications network. The request message includes information identifying the party. A transaction indicia uniquely associated with the request message is formulated, and conveyed to the party through either one of the communications network and a parallel network that is substantially independent of the communications network. A validation message containing the transaction indicia is subsequently returned by the party through the other of the communications network and the parallel network.
The information identifying the party may include any one or more of: an address of the party on the parallel network; a User ID; and a user password.
In some embodiments, formulation of the transaction indicia includes authenticating a right of the party to receive the content. This may include determining whether the party is located within a predetermined domain. The predetermined domain may include any one or more of: a predetermined geographical region; a service area of a network service provider; an Internet domain; a customer; and, a company employee. The information identifying the party contained in the request message may be used to query a database including respective domain information of the party.
The transaction indicia may be conveyed to the party by establishing a connection to the party through the parallel network, using the information identifying the party. The transaction indicia can then be conveyed to the party through the connection. Establishment of the connection may include determining an address of the party on the parallel network. This may be accomplished by using information identifying the party to query a database including respective address information of the party.
In some embodiments, the parallel network is the Public Switched Telephone Network (PSTN). In such cases, the link to the party is a call connection set up between an Interactive Voice Response (IVR) server and a telephone handset of the party.
In some embodiments, information uniquely identifying a data communications device associated with the party is also received. An encryption key may be generated using the information uniquely identifying the data communications device, and the content encrypted using the encryption key. The encrypted content can then be forwarded to the data communications device associated with the party through the communications network. The information uniquely identifying the data communications device associated with the party may be a Media Access Control (MAC) address of the data communications device.
Using this arrangement, an encryption applet or script can be downloaded to the party's data communications device, in order to enable decryption of the encrypted content. In order to perform this function, the encryption applet or script probes the party's data communications device for the information (e.g. a MAC address) uniquely identifying the data communications device. This information is then used to decrypt the encrypted content. Since every data communications device has a unique MAC address that is not easily hidden (or spoofed), the encrypted content can only be decrypted by that data communications device.
Thus the present invention provides a method and system for controlling distribution of content through a communications network using a second, parallel network. The use of the parallel network enables a transaction indicia to be forwarded to the party through one of the networks and returned through the other, thereby reducing the probability of a party fraudulently obtaining access to the content. The probability of fraudulent use is further reduced by using the transaction indicia only once and for only one transaction. The probability of fraudulent use can be even further reduced by assigning the transaction indicia a limited time to live, and canceling the transaction if validation is not completed within the limited time to live. Additionally, information accessible through the parallel network can be used to restrict distribution of the content to parties within a predetermined domain, such as, for example, a geographical region. As well, the content may be distributed to the party in an encrypted form, preferably using an encryption algorithm and key designed to enable decryption of the content on only the data communications device from which the request for the content was originated.
Further features and advantages of the present invention will become apparent from the following detailed description, taken in combination with the appended drawings, in which:
a and 2b are message flow diagrams schematically illustrating principle steps in a method of controlling distribution of content in accordance with a first embodiment of the present invention;
a and 4b show a message flow diagram schematically illustrating principle steps in a process of controlling distribution of content in accordance with a second embodiment of the present invention.
It will be noted that throughout the appended drawings, like features are identified by like reference numerals.
The present invention provides a method and system for controlling distribution of content through a communications network, in which a second, parallel network is used for verification and authorization of a party requesting delivery of the content.
In accordance with the illustrated example, interaction between the requesting party 2 and the content provider 8 for the purposes of requesting access to the content (and subsequent distribution of the content to the requesting party 2) is handled through the communications network 6 using the requesting party's data communications device 4. It should be understood, however, that the content may be delivered through the PSTN 12 to the requesting party's voice terminal 10, which may be an Analogue Display Service Interface (ADSI) device, for example. In order to verify the identity and location of the requesting party 2, authentication and authorization functions are performed using a voice communications link through a parallel network, which in the present embodiment is the PSTN 12, or the data network 6. In general, content distribution and requesting party authentication functions may be performed within a single content provider server, or in separate servers, as desired. In the illustrated implementation, a content provider server 8 is used for request processing and content distribution, while a separate authentication server 14 provides requesting party authentication and authorization functions. The distribution of functionality is, however, a matter of design choice and any one or more of the functions may be performed by separate servers, or by separate entities.
As described above and shown in
In general, when a request for content delivery is received by the content provider 8, the authentication server 14 operates to verify the identity of the requesting party 2, as well as the right of the requesting party 2 to receive the requested content. This may involve determining a location of the requesting party 2. Upon successful authentication of the requesting party 2, a transaction indicia is generated and conveyed to the requesting party 2 via the call connection to the requesting party's telephone 10. The requesting party 2 then forwards the transaction indicia to the content provider 8 using their data communications device 4, in order to obtain delivery of the requested content. It is readily appreciated that this provides enhanced control over distribution of the content by enabling reliable verification of the requesting party's identity, and by providing a means of determining a physical location of the requesting party 2. In particular, while a requesting party 2 may conceal their identity in messages sent through the communications network 6, successful access to the content requires that they receive the transaction indicia through their telephone 10. Since the call connection used to forward the transaction indicia to the requesting party 2 is initiated within the network (that is, the requesting party 2 receives a telephone call via which the transaction indicia is provided to them) the requesting party 2 must provide a valid telephone number at which they can be reached. The telephone number can be used as an index for searching one or more databases 30 to identify the requesting party 2 (or at least the subscriber to whom the telephone number has been assigned), as well as a geographical location of the telephone 10.
It should be understood that the method in accordance with the present invention may be implemented in various ways to exploit the functional capabilities of legacy or emerging network systems. Thus, for example, authentication of the requesting party 2 may be performed by the content provider 8, or by a separate authentication server 14, or in fact by both the content provider 8 and authentication server 14 operating in concert. Any one or more of a variety of known authentication procedures may be used to verify the identity of the requesting party 2, and these known procedures may be used alone or in combination with determination of the requesting party's location in accordance with the present invention.
Upon successful completion of requesting party authentication, a transaction indicia is generated and communicated to the requesting party via a call connection to the requesting party's telephone 10. Various methods known in the art can be used to set up the call, and communicate the transaction indicia to the requesting party 2.
After receiving the transaction indicia, the requesting party must communicate the transaction indicia to the content provider 8 using, for example, an input window displayed on the requesting party's PC 4. It should be noted that a transaction indicia is preferably used only once, and is valid only for one transaction. In order to further ensure security, each transaction indicia may be assigned a limited time to live (five minutes, for example). If the time to live for a transaction indicia expires before the transaction indicia is returned to the content provider, the transaction is canceled. Upon receipt of a valid transaction indicia input by the requesting party 2, the content provider 8 delivers the requested content to the requesting party 2. Various mechanisms may be used to deliver the content, including, for example, conveying the content through the communications network 6 to the requesting party's data communications device 4, or alternatively, forwarding a URL or other address through the communications network 6 to the requesting party's data communications device 4 in order to thereby link the data communications device 4 to an address on the communications network 6 from which the content may be retrieved. In either case, the content transferred to the requesting party's data communications device 4 may be conveyed in an encrypted or unencrypted form. If encryption is used, various encryption algorithms may be used without departing from the scope or intent of the present invention. Exemplary uses of the methods and systems in accordance with the invention are described below with reference to
a and 2b are message flow diagrams illustrating principle messages exchanged between components of a system for content delivery in accordance with a first exemplary embodiment of the invention.
As shown in
Upon receipt of the authentication message 64 from the authentication server 14, the content provider 8 generates (at 66) a transaction indicia as a unique identifier associated with the requesting party's request for the identified content. The content provider 8 may also generate (at 68) a serial number in order to coordinate transfer of the transaction indicia to the requesting party 2 through the PSTN 12, as will be explained below.
In order to transfer the transaction indicia to the requesting party 2, a telephone connection is set up through the PSTN 12 to the requesting party's telephone 10. Thus a “call” message 70 containing a Directory Number (DN) of an Interactive Voice Unit (IVR), for example, as well as the serial number, is formulated by the content provider 8 and forwarded through the communications network 6 to the call control node 26. As explained above, the call control node 26 functions as a Virtual Service Switching Point (VSP) within an E-ISUP group 24 of the PSTN 12 and can launch calls from within the PSTN 12. In response to the call message 70, the call control node 26 formulates an Integrated Services Digital Network User Part (ISUP) signaling message to set up a call connection between SSP 20 of the E-ISUP group 24 and the IVR server 28. Thus an ISUP Initial Address Message (ISUP-IAM) 72 is forwarded by the call control node 26 to the SSP 20, which propagates the ISUP-IAM through the PSTN 12 to an SSP 32 that supports an ISDN Primary Rate Interface (PRI) trunk, for example, connected to the IVR 28 (at 74). On receipt of the ISUP-IAM at the SSP 32, the SSP 32 sends an ISDN setup message 75 to the IVR 28, which responds with an ISDN acknowledge message 76. The SSP 32 responds by formulating an ISUP Address Complete Message (ACM) 77 which is propagated back through the PSTN 12 to the SSP 20, and forwarded (at 78) to the call control node 26. Subsequently, the IVR 28 sends an ISDN ANSWER message 79 to the SSP 32, which prompts the SSP 32 to formulate an ISUP Answer Message (ISUP-ANM) 80 that is propagated to the SSP 20, and forwarded (at 82) to the call control node 26. Following receipt of the ISUP-ANM message, the call control node 26 reports (at 83) to the content provider server 8 that the call is complete. The serial number passed to the call control node was, for example, passed to the IVR using the origination number fields of the ISUP-IAM and ISDN setup messages in order to associate the call connection with the current session (that is, the request for content originated by the requesting party 2).
As shown in
Subsequently, a play announcement message 98 (
The requesting party 2 generates and forwards a message 104 containing the transaction indicia to the content provider server 8. This may be facilitated by way of a suitable data input window (not shown) displayed on the data communication device 4 in a manner well known in the art.
Although the example described above shows that the transaction indicia is received by the requesting party through the parallel network, it should be understood that the transaction indicia could be sent through either one of the communications network and the parallel network. If the transaction indicia is sent through the communications network and returned through the parallel network, the transaction indicia is preferably not sent through the communications network until the connection through the parallel network is established. The requesting party may then input the transaction indicia using the dial pad, for example, of a telephone through which a connection through the parallel network is established. If the transaction indicia is returned through the parallel network, a dual-tone multi-frequency (DTMF) receiver can be used at the IVR 28 to collect the transaction indicia, which is then passed to the content provider 8. The content provider 8 does not begin content delivery until the transaction indicia is returned by the requesting party 2.
Upon receipt of the message 104 containing the transaction indicia, the content provider server 8 delivers (at 106) the requested content to the requesting party 2. As mentioned previously, and illustrated in
If the content is delivered to the requesting party's data communications device 4, it may be desirable to encrypt the content in order to ensure secure transfer and/or exclusive use by the requesting party. In general, any suitable encryption algorithm may be used for this purpose. However, conventional encryption algorithms typically require that the requesting party 2 provide a password or encryption key in advance, so that the security of the encrypted content is dependent upon the secrecy of the key or password. As mentioned previously, this situation is unsatisfactory because such keys can be appropriated by unauthorized persons. Accordingly, the present invention provides a method of securely distributing the content to the requesting party without requiring the requesting party to provide a password or key.
As shown in
Upon activation of the encryption script within the requesting party's data communications device 4, the encryption script probes the data communications device 4 (at 110) for one or more parameters that uniquely identify the data communications device 4. An example of such a parameter is the Media Access Control (MAC) address of the data communications device 4. The encryption script then forwards (at 112) this parameter to the content provider 8, which then uses the parameter to generate an encryption key (at 114) that is unique to the requesting party's data communications device 4. The encryption key is used by the content provider server 8 to encrypt the content (at 116), and the encrypted content is forwarded (at 118) through the communications network 6 to the requesting party's data communications device 4. The encryption script also generates a decryption key (at 120) using the same parameter used by the content provider 8 to generate the encryption key. The decryption key is used by the encryption script to decrypt the content (at 122) for use by the requesting party 2. Since both the encryption and decryption keys are independently generated (by the content provider 8 and the encryption script in the requesting party's data communications device 4, respectively), and since both keys are generated using a parameter unique to the requesting party's data communications device 4, the encrypted content can only be decrypted using the specific data communications device 4 used by the requesting party 2 to request and obtain access to the content. Security can be further enhanced by ensuring that the decryption script will only execute if the parameter used to generate the decryption key matches the corresponding parameter of the data communications device 4 on which the script is run. Thus, unauthorized access and/or duplication of the content is extremely difficult.
a and 4b illustrate principle messages exchanged between system elements used for content delivery in accordance with the invention. In the example shown in
As shown in
Upon successful completion of the authorization step 136 above, the authentication server 14 generates a serial number (at 138) associated with this session, and launches a call message 140 containing the directory number (DN) of the IVR 28 and the serial number to the call control node 26. Upon receipt of the call message 140, the call control node 26 functions (at 142) as described above with reference to
As shown in
Following receipt of the response message 150 from the IVR 28, the authentication server 14 may optionally further authenticate the requesting party 2 (at 152). Further authentication may include verification of the identity of the requesting party 2. If a verbal response was obtained from the requesting party 2, the response message 150 received by the authentication server 14 may include a recording (or a digitally processed version) of the requesting party's verbal input. This may be used by the authentication server 14 to perform a voice-print analysis in a manner known in the art, and thereby validate the identity of the requesting party 2.
Following successful authentication of the requesting party 2, a transaction indicia uniquely associated with the requesting party's request for access to the content is generated (at 154) and forwarded to the content provider server 8 (at 156). Alternatively, an authentication result message may be forwarded by the authentication server 14 to the content provider server 8, which then generates the transaction indicia, as described above in the embodiment of
Following receipt of the transaction indicia, the requesting party 2 places their telephone on-hook (at 162), which causes release of the call connection between the requesting party's telephone 10 and the IVR 28 (at 164). Subsequently, the requesting party 2 formulates and sends a message 166 containing the transaction indicia to the content provider 8 which thereafter provides access (at 168) to the content as described above with reference to
Although the examples described above illustrate use of the PSTN as the parallel network through which the transaction indicia is deliver to an ordinary telephone set, it is contemplated that the transaction indicia my be sent to a facsimile machine, or an Analogue Services Display Interface (ADSI) telephone, as described above. It is also possible to automate the return of the transaction indicia if customer premise equipment such as an ADSI telephone is used to deliver the transaction indicia. It should also be understood that the parallel network need not be a switched telephone network. The parallel network may be any one of: an asynchronous transfer mode (ATM) network, and a Frame Relay network, for just two of many other examples.
The embodiment(s) of the invention described above is(are) intended to be exemplary only. The scope of the invention is therefore intended to be limited solely by the scope of the appended claims.
Number | Date | Country | |
---|---|---|---|
Parent | 09817878 | Mar 2001 | US |
Child | 11150610 | Jun 2005 | US |