Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1997-10-09
2002-12-31
Sheikh, Ayaz (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S224000, C713S152000
Reexamination Certificate
active
06502137
ABSTRACT:
TECHNICAL FIELD
The present invention relates in general to information networks, and in particular, to transmission of data over the Internet.
BACKGROUND INFORMATION
With the rapid growth of the Internet and improvements in computer technology, the demand for transfers of audio and video data over the Internet will increase dramatically. Within the Internet, navigation and selection from video/audio sources are accomplished using web browser technology within an HTTP (HyperText Transfer Protocol) server. Video/audio selection can be accomplished in many application scenarios, from selection from a simple list to multimedia objects being integrated in the documents implementing an application.
Transfer of audio/video data over the Internet is typically enabled in response to a client computer web browser. As a result of such a web browsing process, metadata is returned from an application server, which is coupled to an HTTP (or other) server, to the client computer via the HTTP server. This metadata causes a helper application, or video/audio viewer, to be started in the client computer. The metadata is passed to this helper application, or viewer, and is used to initialize the client subsystem for the playback, to get connected to the application server for control functions, and to obtain loading and starting of the requested video/audio title(s). Information in the metadata includes an address of the application server, the identifier (unique title) for the file to be played, the type of encoding of the video/audio data, the bit rate of the encoded video/audio data, etc.
Using the received metadata, all interaction to request and control the play of video/audio data is accomplished between the client computer and the application server over an established link. Opening the session will result in a separate logical connection, which carries the digitized video between the video server, coupled to the application server, and the client computer. VCR-like control of the video is then supported over the client-to-application server link.
Access control, billing initiation, rights management functions, etc. will be part of the video/audio navigation and selection functions provided by the CGI (common gateway interface) programs in the HTTP server (or by programs in other types of servers: e.g., digital library search server). Having provided these functions at this level, a mechanism is required between the client computers and application server to provide security for the actual request and play of the video/audio data.
SUMMARY OF THE INVENTION
The present invention addresses the foregoing need by providing a security mechanism for implementation where a client computer has requested video/audio data from an application server coupled to an HTTP server. The security mechanism limits access to the application server by only those client computers with approved video requests (as determined by the application in the HTTP server application). Once a client computer is connected to the application server, the client computer is limited to playing only those titles originally selected during the navigation and selection process with the HTTP server. The security mechanism inhibits a client computer's capability to intercept other client-approved requests, connect to the application server as a “valid” approved client, and then have the ability to play the video intended for the originally approved requester.
More specifically, upon the receipt of a request from a client computer, the application server produces a random passticket (e.g., an N-digit code) to be used by a client computer to make a valid connection to the application server. The application server-generated passticket is then included as an element in the metadata sent to the client computer. The application server maintains a copy of this passticket for client connection validation.
The application server may include a time-out period between sending a passticket in the metadata and a client computer's use of the passticket. With expiration of the timer without a use of the passticket by the client computer, the passticket is invalidated.
The application server maintains and associates with the passticket the requested title information, which is also returned as part of the metadata. When a client connects to the application server, the passticket is checked. The connection is rejected if the passticket is not currently valid in the application server. Once the passticket is validated with a user connect, it is then invalidated. When a client makes the play requests to the application server for a title, the title is validated against the titles associated with the passticket. Invalid title requests are rejected.
As the metadata is sent to the client computer over an open network, there is an exposure for another client computer to intercept and use the passticket (prior to the original requester's connection to the application server). This can be defended by scrambling (e.g., encryption) the application server-generated passticket using a key which is known by the client computer. This scrambling could be accomplished by the HTTP server application. Use of a secure sockets layer in a secure web server would provide this level of security. Key management between the client computer and the server would also be done at this level. In addition to the scrambling of the passticket, the title information may also be scrambled. This could make metadata interception and break-in even more difficult as the application server also validates the title against a valid connect (valid passticket).
The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention.
REFERENCES:
patent: 4949248 (1990-08-01), Caro
patent: 5550982 (1996-08-01), Long et al.
patent: 5557724 (1996-09-01), Sampat et al.
patent: 5568181 (1996-10-01), Greewood et al.
patent: 5572643 (1996-11-01), Judson
patent: 5572645 (1996-11-01), Dan et al.
patent: 5586264 (1996-12-01), Belknap et al.
patent: 5594491 (1997-01-01), Hodge et al.
patent: 5610653 (1997-03-01), Abecassis
patent: 5678041 (1997-10-01), Baker et al.
patent: 5737619 (1998-04-01), Judson
patent: 5769269 (1998-06-01), Peters
patent: 5784460 (1998-07-01), Blumenthal
patent: 5796952 (1998-08-01), Davis et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5838682 (1998-11-01), Dekelbaum et al.
patent: 5862220 (1999-01-01), Perlman
patent: 5864871 (1999-01-01), Kitain
patent: 5930792 (1999-07-01), Polcyn
patent: 2299424 (1995-10-01), None
patent: 273061 (1995-09-01), None
patent: WO 96/17306 (1996-06-01), None
patent: WO 96/17313 (1996-06-01), None
Kristol & Montulli, “HTTP State Management Mechanism,”Standards Track, Feb. 1997.
Peterson Lynn Erich
Phelps Mack Edward
Shippy Gary Roy
Wright John Douglas
Dinh Khanh Quang
Reid Scott W.
Sheikh Ayaz
Winstead Sechrest & Minick
LandOfFree
System and method for transferring information over a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for transferring information over a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for transferring information over a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2973526