Transcript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Complaint
1
801 2
nd
Ave., Ste. 800, PMB 8009
Seattle, WA 98104
John Mansfield (WSB #27779)
[email protected]
MansfieldLaw
PMB 8009
801 2nd Ave., Suite 800
Seattle, WA 98104
Matthew M. Wawrzyn (pro hac vice pending)
[email protected]
Wawrzyn LLC
233 S. Wacker Dr., 84th Floor
Chicago, IL 60606
312.283.8330
Attorneys for Plaintiff William Grecia
UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
William Grecia,
Plaintiff,
v.
Amazon.com, Inc.,
Defendant.
CASE NO
Complaint
JURY DEMAND
PARTIES
1. Plaintiff William Grecia lives in Downingtown, Pennsylvania.
2. Amazon is a corporation organized under the laws of Delaware. Amazon’s
headquarters are located in Seattle, Washington.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Complaint
2
801 2
nd
Ave., Ste. 800, PMB 8009
Seattle, WA 98104
Jurisdiction and Venue
3. This action arises under the patent laws of the United States, 35 U.S.C. §§ 101
et seq.
4. This Court has subject matter jurisdiction over this action under 28 U.S.C. §§
1331 and 1338(a).
5. This Court may exercise personal jurisdiction over Amazon, which conducts
continuous and systematic business in Washington and this District. These patent-
infringement claims arise directly from Amazon’s continuous and systematic activity in this
District. In short, this Court’s exercise of jurisdiction over Amazon would be consistent with
the Washington long-arm statute and traditional notions of fair play and substantial justice.
6. Venue is proper in this District pursuant to 28 U.S.C. §§ 1391(b)(1) and
1400(b).
Background
7. William Grecia owns United States Patent 8,533,860 (the “‘860 patent”) and
at least one continuing application claiming back to the original priority date of March 21,
2010. William Grecia invented the methods and products claimed in the ‘860 patent.
8. The field of the invention of the ‘860 patent is digital rights management,
commonly referred to as “DRM.” The movement of books, movies, and music to digital
form has presented a challenge to the copyright owners of the content. The owners wish to
sell the content in a digital form and transfer all attributes of ownership to the buyer, and yet
the owners of the content must protect value by preventing “pirating” of the content through
illicit copying.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Complaint
3
801 2
nd
Ave., Ste. 800, PMB 8009
Seattle, WA 98104
9. DRM schemes to date had locked the purchased content, a movie for
example, to specific devices and in some cases limited playback rights to a single device.
These prior art DRM methods required the content providers (a movie studio in the
example) to maintain computer servers to receive and send session authorization keys to
clients, and the prior DRM methods required that the client reconnect with the servers to
obtain reauthorization. These DRM schemes may be characterized by limiting acquired
content to a specific device that the client continually had to reauthorize to enjoy the
acquired content.
10. The ‘860 invention provides a solution. With this invention, a consumer of
digital content may enjoy the content on a multiple number of the consumer’s devices and
share the content with the consumer’s friends and family, all while protecting against
unlicensed use of the digital content.
Claim of Patent Infringement Against Amazon
11. William Grecia is the exclusive owner of the ‘860 patent, which is attached as
Exhibit 1.
12. The ‘860 patent is valid and enforceable.
13. Amazon has and is directly infringing claims of the ‘860 patent. Amazon
makes, uses, sells, and offers for sale products, methods, equipment, and services that
practice and embody claims of the ‘860 patent—including but not limited to Prime Video
and Fire TV.
14. Amazon knows of the ‘860 patent and nonetheless willfully infringes its
claims. On November 11, 2013, Mr. Grecia notified Amazon of the ‘860 patent.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Complaint
4
801 2
nd
Ave., Ste. 800, PMB 8009
Seattle, WA 98104
Prayer for Relief
WHEREFORE, William Grecia prays for the following relief against Amazon:
(a) Judgment that Amazon has directly infringed claims of the ‘860 patent claims;
(b) For a fair and reasonable royalty;
(c) For treble damages based on a finding that the infringement of the ‘860 patent
claims was willful;
(d) For pre-judgment interest and post-judgment interest at the maximum rate
allowed by law;
(e) For such other and further relief as the Court may deem just and proper.
Demand for Jury Trial
William Grecia demands a trial by jury on all matters and issues triable by jury.
Date: April 9, 2014 /s/ John Mansfield
John Mansfield
[email protected]
MansfieldLaw
PMB 8009
801 2nd Ave., Suite 800
Seattle, WA 98104
--- and --
Matthew M. Wawrzyn
1
WAWRZYN LLC
233 S. Wacker Dr., 84th Floor
Chicago, IL 60606
(312) 283-8330
[email protected]
Counsel for William Grecia
1
Pro hac vice pending.
Exhibit 1
c12) United States Patent
Grecia
(54) PERSONALIZED DIGITAL MEDIA ACCESS
SYSTEM-PDMAS PART II
(71) Applicant: William Grecia, Brooklyn, NY (US)
(72) Inventor: William Grecia, Brooklyn, NY (US)
( *) Notice: Subject to any disclaimer, the term of this
patent is extended or adjusted under 35
U.S.C. 154(b) by 0 days.
This patent is subject to a terminal dis-
claimer.
(21) Appl. No.: 13/740,086
(22) Filed: Jan. 11, 2013
(51) Int. Cl.
H04L29/06 (2006.01)
(52) U.S. Cl.
USPC .................. 726/29; 725/28; 713/185; 705/51
(58) Field of Classification Search
None
See application file for complete search history.
(56) References Cited
U.S. PATENT DOCUMENTS
7,254,235 B2
7,343,014 B2
7,526,650 B1 *
8,250,145 B2
8,280,959 B1
2005/0065891 A1
2008/0010685 A1
2009/0083541 A1
2010/0100899 A1
201110208695 A1
201110265157 A1
201110288946 A1 *
201110313898 A1
201110320345 A1
8/2007 Boudreault et al.
3/2008 Sovio et a!.
4/2009 Wimmer ....................... 713/176
8/2012 Zuckerberg
10/2012 Zuckerberg
3/2005 Lee et al.
112008 Holtzman et a!.
3/2009 Levine
4/2010 Bradbury et al.
8/2011 Anand
10/2011 Ryder
1112011 Baiyaetal. .................. 705/26.1
12/2011 Singhal
12/2011 Taveau
111111 1111111111111111111111111111111111111111111111111111111111111
US008533860Bl
(10) Patent No.: US 8,533,860 Bl
*Sep.10,2013 (45) Date of Patent:
2012/0041829 A1 2/2012 Rothschild
2012/0079095 A1 3/2012 Evans
2012/0079126 A1 3/2012 Evans
2012/0079276 A1 3/2012 Evans
2012/0079606 A1 3/2012 Evans
2012/0095871 A1 4/2012 Dorsey
2012/0095906 A1 4/2012 Dorsey
2012/0095916 A1 4/2012 Dorsey
2012/0130903 A1 5/2012 Dorsey
2012/0150727 A1 6/2012 Nuzzi
2012/0166333 A1 6/2012 VonBehren
2012/0173333 A1 7/2012 Berger
2012/0173431 A1 7/2012 Ritchie
2012/0173625 A1 7/2012 Berger
2012/0191553 A1 7/2012 Sathe
2012/0254340 A1 10/2012 Velummylum
2012/0255033 A1 10/2012 Dwivedi
2012/0290376 A1 1112012 Dryer
2012/0296741 A1 1112012 Dykes
2012/0310828 A1 12/2012 Hu
2013/0007892 A1 112013 Inooka
OTHER PUBLICATIONS
Co-pending U.S. Appl. No. 13/397,517 document reference: Jan. 7,
2013 Examiner initiated interview summary (PTOL-413B).
Co-pending U.S.Appl. No. 13/397,517 document reference: Dec. 26,
2012 Advisory Action (PTOL-303).
Co-pending U.S. Appl. 13/397,517 document reference: Nov. 26,
2012 Final Rejection.
(Continued)
Primary Examiner- Jung Kim
Assistant Examiner- Tri Tran
(57) ABSTRACT
The invention is an apparatus that facilitates access to a data
source to accept verification and authentication from an
enabler using at least one token and at least one reference. The
at least one reference could be a device serial number, a
networking MAC address, or a membership ID reference
from a web service. Access to the data source is also managed
with a plurality of secondary enablers.
30 Claims, 7 Drawing Sheets
US 8,533,860 Bl
Page 2
(56) References Cited
OTHER PUBLICATIONS
Co-pendingU.S.Appl. No. 13/397,517 document reference: Nov. 26,
2012.
Co-pending U.S. Appl. No. 13/397,517, document reference: Nov.
26, 2012.
Liu et al. 2004 NPL-A License-sharing scheme in Digital Rights
Management.
Co-pendingU.S.Appl. No. 13/397,517 document reference: Nov. 26,
2012 Index of Claims.
Co-pendingU.S.Appl. No. 13/397,517 document reference: Nov. 26,
2012 Examiner's search strategy and results.
Co-pendingU.S.Appl. No. 13/397,517 document reference: Nov. 26,
2012 Non PatentLiterature-Baiyaetal. U.S. Appl. No. 61/307,196.
Co-pendingU.S.Appl. No. 13/397,517 document reference: Nov. 26,
2012 Search information including classification, databases and
other search related notes.
Co-pendingU.S.Appl. No. 13/397,517 document reference: May31,
2012 Non-Final Rejection.
Co-pendingU.S.Appl. No. 13/397,517 document reference: May31,
2012.
Co-pendingU.S.Appl. No. 13/397,517 document reference: May31,
2012 Index of Claims.
Co-pendingU.S.Appl. No. 13/397,517 document reference: May31,
2012 Examiner's search strategy and results.
Co-pending U.S.Appl. No.13/397,517 document reference: May31,
2012 Bibliographic Data Sheet.
Co-pending U.S. Appl. No. 13/397,517 document reference May31,
2012 Search information including classification, databases and
other search related notes.
Co-pending U.S. Appl. No. 13/397,517 document reference Feb. 4,
2013 Notice of Allowanc and Fees Due (PTOL-85).
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Examiner initiated interview summary (PTOL-413B).
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Examiner's Amendment and Detailed Action.
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Issue Information including classification, examiner, name,
claim, renumbering, etc.
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013.
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Index of Claims.
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Search information including classification, databases and
other search related notes.
Co-pending U.S. Appl. No. 13/397,517 document reference: Feb. 4,
2013 Examiner's search strategy and results.
* cited by examiner
U.S. Patent
<.0
0
-
.....-
C'J
0
-
.....-
Sep.10,2013
c
.Q (])
...... -
(.)
:::J
CJ>-o
c 0
§ E
0
c
0
(])
u-
·- :::J
...... "'0
c 0
......
:::J
<(
......
(])
a.-
u; ·- :::J
,_(])"'0
·-
(.)
0
LL
(])
E
,_
Sheet 1 of7
(])
:::J
"'0
0
E
......
CJ)
(])
:::J
0'"
(])
0:::
......
a.
"(j)
(.) (])
(])-
,_ :::J
-o"'O
c 0
o E
(.)
(])
C/)
(])
:::J
"'0
0
0)
c
"'0
c
co
,_
co
co
f-
0
.....-
0
r--- .....-
.....-
C'J
r---
.....-
.....-
US 8,533,860 Bl
U.S. Patent
00
0
C'\J
<.0
0
C'\J
C'\J
0
C'\J
Sep.10,2013 Sheet 2 of7 US 8,533,860 Bl
c
.Q Q)
1 5 : : : : : ~
-
>."'0
..... 0
g E
UJ
r
Q)
C/) Q)
ro-
-
..0 :::::l
ro-o
...... 0
ro E
0
r
c
0
~ Q)
N-
·- :::::l
-
E-o
0 0
...... E
C/)
:::::l
0
i
"'0
..... Q)
0-
-
5 :::::l
C/)"'0
C/) 0
ro E
a_
r
c Q)
0-
:;:::; :::::l
-
(.)"'0
Q) 0
a> E
C/)
U.S. Patent Sep.10,2013 Sheet 3 of7 US 8,533,860 Bl
301 307
r _______ [ ______ l r _______ [ ______ l
: KODEKEY GUI : :
I PLEASE ENTER YOUR CODE :
I AND PRESS THE REDEEM I I LOGIN !D:
BUTTON. : : !.,..,us=E=R=EM=A.,.,..!l@=M,...,.,E=M=BE=R,...,.C=oM,..,.,I
I I I' I PASSWORD '
: PWERJ
2
SRJTK2S : :
: ( REDEEM ) ( SIGN IN )
L ______ 1_______ _ __________ J
.303 308
I I
I I
J
L ___
309--i DATABASE
DATABASE 305 PRODUCT METADATA
1--
302
FIG. 3
U.S. Patent Sep.10,2013
401
ACTION:
ENABLER ACCESS REQUEST
-404
Sheet 4 of7 US 8,533,860 Bl
407
r _______ [ ______ l
1 APIWEBSITE .COM GUI
I LOG IN TO CONTINUE.
I
I lOGIN ID:
I
[email protected] I
1
PASSWORD:
I IXYZ987654321 I
I ( SIGNIN )
L-------·------- J
408
409 DATABASE
DATABASE 405 PRODUCT METADATA 402
FIG. 4
U.S. Patent Sep.10,2013 Sheet 5 of7 US 8,533,860 Bl
501 509
r _______ [ ______ l r-------L------1
I STR3EM MACHINE I I APIWEBSITE .COM GUI
: GUI : : LOG IN TO CONTINUE.
!PLEASE CONNECT OR LOAD A !k>-508 1
I KEY FILE TO AUTHORIZE THIS I I LOGIN ID:
: DEVICE. : · : r:-:lu=sE=R=EM=-=-A=!l-::@=M=EM=a=E=R.-=co=M:-:'11
I I PASSWORD·
: : '
502
: IXYZ987654321 I
: : (AUTHORIZE)
L ___ r _________ J L ______________ J
510
505
511_, DATABASE
DATABASE 506 MACHINE MEMORY r-507
FIG. 5
U.S. Patent Sep.10,2013 Sheet 6 of7 US 8,533,860 Bl
c
Start )
r
Receive a branding request from at least
one communications console of the
02
plurality of data processing devices
/I
Authenticate the membership verification
604
token
/I
Establish connection with the at least
606
one communications console
/I Request at least one electronic
identification reference from the at least
608
one communications console
/I
Receive the at least one electronic
identification reference from the at least
610
one communications console
'
f
Brand metadata of the encrypted digital
612
media
' c
End )
FIG.6
U.S. Patent Sep.10,2013 Sheet 7 of7
Select one or media items to form the
encrypted digital media
Enter a master password which provides
access to the encrypted digital media for
editing
Customize user access panel of the
encrypted digital media
Connect the encrypted digital media to a
database of membership verification
tokens
Encrypt the one or more media items to
create the encrypted digital media
FIG.?
US 8,533,860 Bl
US 8,533,860 Bl
1
PERSONALIZED DIGITAL MEDIA ACCESS
SYSTEM-PDMAS PART II
CROSS-REFERENCE TO RELATED
APPLICATIONS
This application is a continuation of and claims the priority
benefit of U.S. patent application Ser. No. 13/397,517 filed
Feb. 15, 2012, now pending, which is a continuation of Ser.
No. 12/985,351 filed Jan. 6, 2011, now abandoned, which is a
continuation ofSer. No. 12/728,218 filed Mar. 21,2010, now
abandoned. Each patent application identified above is incor-
porated here by reference in its entirety to provide continuity
of disclosure.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of digital rights
management schemes used by creators of electronic products
to protect commercial intellectual property copyrights privy
to illegal copying using computerized devices. More specifi-
cally, the present invention teaches a more personal system of
digital rights management which employs electronic ID, as
part of a web service membership, to manage access rights
across a plurality of devices.
2. Description of the Prior Art
Digital rights management (DRM) is a generic term for
access control technologies used by hardware manufacturers,
publishers, copyright holders and individuals to impose limi-
tations on the usage of digital content across devices. DRM
refers to any technology that inhibits undesirable or illegal
uses of the digital content. The term generally doesn't refer to
forms of copy protection that can be circumvented without
modifYing the file or device, such as serial numbers or key
files. It can also refer to restrictions associated with specific
instances of digital works or devices.
Traditional DRM schemes are defined as authentication
components added to digital files that have been encrypted
from public access. Encryption schemes are not DRM meth-
ods but DRM systems are implemented to use an additional
layer of authentication in which permission is granted for
access to the cipher key required to decrypt files for access. A
computer server is established to host decryption keys and to
accept authentication keys from Internet connected client
computers running client software in which handles the
encrypted files. The server can administer different authori-
zation keys back to the client computer that can grant different
sets of rules and a time frame granted before the client is
required to connect with the server to reauthorize access
permissions. In some cases content can terminate access after
a set amount of time, or the process can break if the provider
of the DRM server ever ceases to offer services.
In the present scenario, consumer entertainment industries
are in the transition of delivering products on physical media
such as CD and DVD to Internet delivered systems. The
Compact Disc, introduced to the public in 1982, was initially
designed as a proprietary system offering strict media to
player compatibility. As the popularity of home computers
and CD-ROM drives rose, so did the availability of CD rip-
ping applications to make local copies of music to be enjoyed
without the use of the disc.After a while, users found ways to
share digital versions of music in the form of MP3 files that
could be easily shared with family and friends over the Inter-
net. The DVD format introduced in 1997 included a new
apparatus for optical discs technology with embedded copy
protection schemes also recognized as an early form ofDRM.
2
With internet delivered music and video files, DRM schemes
has been developed to lock acquired media to specific
machines and most times limiting playback rights to a single
machine or among a limited number of multiple machines
regardless of the model number. This was achieved by writing
the machine device ID to the meta data of the media file, then
cross referencing with a trusted clearinghouse according to
pre-set rules. DRM systems employed by DVD and CD tech-
nologies consisted of scrambling (also known as encryption)
10 disc sectors in a pattern to which hardware developed to
unscramble (also known as decryption) the disc sectors are
required for playback. DRM systems built into operating
systems such as Microsoft Windows Vista block viewing of
media when an unsigned software application is running to
15 prevent unauthorized copying of a media asset during play-
back. DRM used in computer games such as SecuROM and
Steam are used to limit the amount of times a user can install
a game on a machine. DRM schemes fore-books include
embedding credit card information and other personal infor-
20 mation inside the metadata area of a delivered file format and
restricting the compatibility of the file with a limited number
of reader devices and computer applications.
In a typical DRM system, a product is encrypted using
Symmetric block ciphers such as DES and AES to provide
25 high levels of security. Ciphers known as asymmetric or pub-
lic key/private key systems are used to manage access to
encrypted products. In asymmetric systems the key used to
encrypt a product is not the same as that used to decrypt it. If
a product has been encrypted using one key of a pair it cannot
30 be decrypted even by someone else who has that key. Only the
matching key of the pair can be used for decryption. After
receiving an authorization token from a first-use action are
usually triggers to decrypt block ciphers in most DRM sys-
tems. User rights and restrictions are established during this
35 first-use action with the corresponding hosting device of a
DRM protected product.
Examples of such prior DRM art include Hurtado (U.S.
Pat. No. 6,611,812) who described a digital rights manage-
ment system, where upon request to access digital content,
40 encryption and decryption keys are exchanged and managed
via an authenticity clearing house. Other examples include
Alve (U.S. Pat. No. 7,568,111) who teaches a DRM and
Tuoriniemi (U.S. Pat. No. 20090164776) who described a
management scheme to control access to electronic content
45 by recording use across a plurality of trustworthy devices that
has been granted permission to work within the scheme.
Recently, DRM schemes have proven unpopular with con-
sumers and rights organizations that oppose the complica-
tions with compatibility across machines manufactured by
50 different companies. Reasons given to DRM opposition
range from limited device playback restrictions to the loss of
fair-use which defines the freedom to share media products
will family members.
Prior art DRM methods rely on content providers to main-
55 tain computer servers to receive and send session authoriza-
tion keys to client computers with an Internet connection.
Usually rights are given from the server for an amount of time
or amount of access actions before a requirement to reconnect
with the server is required for reauthorization. At times, con-
60 tent providers will discontinue servers or even go out of
business some years after DRM encrypted content was sold to
consumers causing the ability to access files to terminate.
In the light of the foregoing discussion, the current states of
DRM measures are not satisfactory because unavoidable
65 issues can arise such as hardware failure or property theft that
could lead to a paying customer loosing the right to recover
purchased products. The current metadata writable DRM
US 8,533,860 Bl
3
measures do not offer a way to provide unlimited interoper-
ability between different machines. Therefore, a solution is
needed to give consumers the unlimited interoperability
between devices and "fair use" sharing partners for an infinite
time frame while protecting commercial digital media from
unlicensed distribution to sustain long-term return of invest-
ments.
SUMMARY OF THE INVENTION
An object of the present invention is to provide unlimited
interoperability of digital media between unlimited machines
with management of end-user access to the digital media.
10
In accordance with an embodiment of the present inven-
tion, the invention is a process of an apparatus which in 15
accordance with an embodiment, another apparatus, tangible
computer medium, or associated methods (herein referred to
as The App) is used to: handle at least one branding action
which could include post read and write requests of at least
one writable metadata as part of at least one digital media 20
asset to identifY and manage requests from at least one excel-
sior enabler, and can further identify and manage requests
from a plurality of connected second enablers; with at least
one token and at least one electronic identification reference
received from the at least one excelsior enabler utilizing at 25
least one membership. Here, controlled by the at least one
excelsior enabler, The App will proceed to receive the at least
one token to verify the authenticity of the branding action and
further requests; then establish at least one connection with at
least one programmable communications console of the at 30
least one membership to request and receive the at least one
electronic identification reference; and could request and
receive other data information from the at least one member-
ship. The method then involves sending and receiving vari-
able data information from The App to the at least one mem- 35
bership to verifY a preexisting the at least one branding action
of the at least one writable metadata as part of the at least one
digital media asset; or to establish permission or denial to
execute the at least one branding action or the post read and
write requests of the at least one writable metadata. To do this, 40
controlled by the at least one excelsior enabler. The App may
establish at least one connection, which is usually through the
Internet, with a programmable communications console,
which is usually a combination of an API protocol and
graphic user interface (GUI) as part of a web service. In 45
addition, the at least one excelsior enabler provides reestab-
lished credentials to the programmable communications con-
sole as part of the at least one membership, in which The App
is facilitating and monitoring, to authenticate the data com-
munications session used to send and receive data requests 50
between the at least one membership and TheApp.
In accordance with another embodiment of the present
invention, the present invention teaches a method for moni-
taring access to an encrypted digital media and facilitating
unlimited interoperability between a plurality of data pro- 55
cessing devices. The method comprises receiving a branding
request from at least one communications console of the
plurality of data processing devices, the branding request
being a read and write request of metadata of the encrypted
digital media, the request comprising a membership verifica- 60
tion token corresponding to the encrypted digital media. Sub-
sequently, the membership verification token is authenti-
cated, the authentication being performed in connection with
a token database. Thereafter, connection with the at least one
communications console is established. Afterwards, at least 65
one electronic identification reference is requested from the at
least one communications console. Further, the at least one
4
electronic identification reference is received from the at least
one communications console. Finally, branding metadata of
the encrypted digital media is performed by writing the mem-
bership verification token and the electronic identification
reference into the metadata.
The present invention is particularly useful for giving users
the freedom to use products outside of the device in which the
product was acquired and extend unlimited interoperability
with other compatible devices.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present inven-
tion, the needs satisfied thereby, and the objects, features, and
advantages thereof, reference now is made to the following
description taken in connection with the accompanying draw-
ings.
FIG. 1 shows a system for monitoring access to an
encrypted digital media according to an embodiment of the
present invention.
FIG. 2 shows a system for authoring an encrypted digital
media according to an embodiment of the present invention.
FIG. 3 shows a flow chart giving an overview of the process
of digital media personalization according to an embodiment
of the present invention.
FIG. 4 shows a flow chart giving an overview of the process
of an access request made by an enabler according to an
embodiment of the present invention.
FIG. 5 shows personalized digital rights management com-
ponent as part of a compatible machine with writable static
memory.
FIG. 6 shows a flowchart for monitoring access to an
encrypted digital media according to an embodiment of the
present invention
FIG. 7 shows a flowchart showing authoring an encrypted
digital media according to an embodiment of the present
invention.
Skilled artisans will appreciate that elements in the figures
are illustrated for simplicity and clarity and have not neces-
sarily been drawn to scale. For example, the dimensions of
some of the elements in the figures may be exaggerated rela-
tive to other elements to help to improve understanding of
embodiments of the present invention
DETAILED DESCRIPTION OF THE DRAWINGS
Before describing in detail the particular system and
method for personalised digital media access system in accor-
dance with an embodiment of the present invention, it should
be observed that the present invention resides primarily in
combinations of system components related to the device of
the present invention.
Accordingly, the system components have been repre-
sented where appropriate by conventional symbols in the
drawings, showing only those specific details that are perti-
nent to understanding the present invention so as not to
obscure the disclosure with details that will be readily appar-
ent to those of ordinary skill in the art having the benefit of the
description herein.
In this document, relational terms such as 'first' and 'sec-
ond', and the like may be used solely to distinguish one entity
or action from another entity or action without necessarily
requiring or implying any actual such relationship or order
between such entities or actions. The terms 'comprises',
'comprising', or any other variation thereof, are intended to
cover a non-exclusive inclusion, such that a process, method,
article, or apparatus that comprises a list of elements does not
US 8,533,860 Bl
5
include only those elements but may include other elements
not expressly listed or inherent to such process,
method, article, or apparatus. An element proceeded by 'com-
prises ... a' does not, without more constraints, preclude the
existence of additional identical elements in the process,
method, article, or apparatus that comprises the element.
6
routines, data structures, object classes, and/or protocols pro-
vided by libraries and/or operating system services. The API
is either one oflanguage dependent or language independent.
The request module 108 requests at least one electronic
identification reference from the at least one communication
console. The second receipt module 110 receives the at least
one electronic identification reference from the least one
communication console. The branding module 112 brands
metadata of the encrypted digital media by writing the mem-
10 bership verification token and the electronic identification
into the metadata.
The present invention is directed at providing infinite
access rights oflegally acquired at least one encrypted digital
media asset to the content acquirer, explained in this docu-
ment as the excelsior enabler, and optionally to their recog-
nized friends and family, explained in this document as a
plurality of secondary enablers. To explain further, the excel-
sior enabler and secondary enablers defined comprises
human beings or computerized mechanisms programmed to
process steps of the invention as would normally be done
manually by a human being. Additionally, an apparatus used
alone or in accordance with an embodiment, another appara-
tus, tangible computer medium, or associated methods with a
connection are needed (herein referred to as The App). To
deliver the requirements of the invention, communicative and
connected elements comprise: verification, authentication,
electronic ID metadata branding, additional technical brand-
ing, and cross-referencing. The connection handling the com-
municative actions of the invention will usually be the Inter-
net and can also be an internal apparatus cooperative. The 25
App can further be defined as a Windows OS, Apple OS,
Linux OS, and other operating systems hosting software run-
ning on a machine or device with a capable CPU, memory,
and data storage. The App can be even further defined as a
system on a chip (SOC), embedded silicon, flash memory, 30
programmable circuits, cloud computing and runtimes, and
other systems of automated processes.
FIG. 2 shows a system 200 for authoring an encrypted
digital media according to an embodiment of the present
invention. The figure includes a selection module 202, a pass-
15 word module 204, a customization module 206, a database
module 208 and an encryption module 210. The selection
module 202 facilitates selection of one or more media items to
form the encrypted digital media. Examples of the one or
media items include, and are not limited to, one or more of a
20 video, an audio and a game.
The digital media assets used in this system are encrypted
usually with an AES cipher and decryption keys are usually
stored encoded, no encoded, encrypted, or no encrypted as 35
part of the apparatus or as part of a connection usually an
Internet server. As explained earlier, the system we will dis-
cuss will work as a front-end to encrypted files as an autho-
rization agent for decrypted access.
According to an embodiment of the present invention, the
one or more media items are one or more of remote URL links
and local media files.
The password module 204 prompts the user to enter a
master password which provides access to the encrypted digi-
tal media. Subsequently, the customization module 206
allows the user to customize the user access panel of the
encrypted digital media.
According to an embodiment of the present invention, the
customization module 206 facilitates adding one or more of a
barmer, a logo, an image, an advertisement, a tag line, a header
message and textual information to the user access panel of
the encrypted digital media.
Further, the database module 208 connects the encrypted
digital media to a database of membership verification token
required for decrypting the encrypted digital media.
According to an embodiment of the present invention, the
membership verification token is a kodekey. The kodekey is a
unique serial number assigned to the encrypted digital media.
The encryption module 210 encrypts the one or more
media items to create the encrypted digital media.
According to an embodiment of the present invention, the
system 200 further includes a watermark module. The water-
mark module watermarks information on the encrypted digi-
tal media, wherein the watermark is displayed during play-
back of the encrypted digital media.
According to another embodiment of the present invention,
the system 200 further includes an access module. The access
module allows the user to define access rights. Examples of
the access rights include, but are not limited to, purchasing
rights, rental rights and membership access rights.
FIG. 1 shows a system 100 for monitoring access to an 40
encrypted digital media according to an embodiment of the
present invention. The system 100 includes a first recipient
module 102, an authentication module 104, a connection
module 106, a request module 108, a second receipt module
110 and a branding module 112. The first receipt module 102 45
receives a branding request from at least one communications
console of the plurality of data processing devices. The brand-
ing request is a read and write request of metadata of the
encrypted digital media and includes a membership verifica-
tion token corresponding to the encrypted digital media. 50
Examples of the encrypted digital media includes, and are not
limited to, one or more of a video file, audio file, container
format, document, metadata as part of video game software
and other computer based apparatus in which processed data
According to yet another embodiment of the present inven-
tion, the system 200 further includes a name module. The
name module allows the user to name the encrypted digital
55 media. is facilitated.
Subsequently, the authentication module 104 authenticates
the membership verification token. The authentication is per-
formed in connection with a token database. Further, the
connection module 106 establishes communication with the
at least one communication console.
According to an embodiment of the present invention, the
connection is established through one of internet, intranet,
Bluetooth, VPN, Infrared and LAN.
According to another embodiment of the present invention,
the communication console is a combination of an Applica-
tion Programmable interface (API) protocol and graphic user
interface (GUI) as a part of web service. The API is a set of
FIG. 3 shows a flow chart giving an overview of the process
of digital media personalization according to an embodiment
of the present invention. The process is achieved by way of an
enabler using an apparatus or otherwise known as an appli-
60 cation in which facilitates digital media files. The apparatus
interacts with all communicative parts required to fulfill the
actions of the invention. The figure shows a Kodekey Graphi-
cal User Interface (GUI) 301, a product metadata 302, a
networking card 303, internet 304, 306 and 308, database 305
65 and 309 and an APiwebsite.com GUI 307. A user posts a
branding request via the Kodekey GUI interface 301. The
Kodekey GUI interface 301 is the GUI for entering token. The
US 8,533,860 Bl
7
Kodekey GUI interface 301 prompts the user to enter the
token and press the redeem button present on the Kodekey
GUI interface 301. The product metadata 302 is read/writable
metadata associated with the digital media to be acquired.
The networking card 303 facilitates querying of optional
metadata branding process and referenced. The Kodekey GUI
interface is connected to the database 305 via the internet 304
through the networking card 303. The database 305 is the
database used to read/write and store the tokens, also referred
8
website. com GUI 509 is connected to the STR3EM machine
GUI through the internet 508. Further, APiwebsite.com GUI
509 is connected to the database 511 through the internet 510.
The APiwebsite.com GUI 509 prompts the user to enter the
login id and a password to authorize the access to digital
media. The database 511 is the database connected to the web
service membership in which the user's electronic ID is que-
ried from.
to as token database. The user is redirected to the APiweb- 10
site.com GUI 307 through the internet 306. The APiwebsite-
.com is the GUI to the membership API in which the elec-
tronic ID is collected and sent back to the Kodekey GUI
interface 301. TheAPiwebsite.com GUI 307 prompts the user
FIG. 6 shows a flowchart for monitoring access to an
encrypted digital media according to an embodiment of the
present invention. At step 602, a branding request is made by
a user from at least at least one communications console of the
plurality of data processing devices. The branding request is
a read and write request ofmetadata of the encrypted digital
to enter a login id and a password to access the digital media 15
which is acquired from the database 309 through the internet
308. The database 309 is the database connected to the web
service membership in which the user's electronic ID is que-
ried from.
media.
According to an embodiment of the present invention, the
request includes a membership verification token corre-
sponding to the encrypted digital media.
Subsequently, the membership verification token is
Examples of the encrypted digital files include, and are not
limited to, a video file, an audio file, container formats, docu-
ments, metadata as part of video game software and other
computer based apparatus in which processed data is facili-
tated.
FIG. 4 shows a flow chart giving an overview of the process
of an access request made by an enabler according to an
embodiment of the present invention. Subsequently, the com-
municative parts to cross-reference information stored in the
metadata of the digital media asset are checked which has
been previously handled by the process of FIG. 1. The figure
shows an enabler access request 401, a product metadata 402,
a networking card 403, an internet 404, 406 and 408, a data-
base 405 and 409 and an APiwebsite.com GUI 407, The
enabler access request 401 facilitates the user to make a
request for the digital media. The product metadata 402 is
read/writable metadata associated with the digital media to be
acquired. The networking card 403 facilitates querying of
optional metadata branding process and referenced. The data-
base 405 is the database used to read/write and store the
tokens. TheAPiwebsite.com GUI 407 is the GUI in which the
electronic ID is collected and sent back to the Kodekey GUI
interface 301. TheAPiwebsite.com GUI 407 prompts the user
to enter a login id and a password to access the digital media
from the database 409 through the internet 408. The database
409 is the database connected to the web service membership
in which the user's electronic ID is queried from.
20 authenticated at step 604. The authentication is performed in
connection with a token database. Further, connection with
the at least commnnication console is established at step 606.
Afterwards, at least one electronic identification reference is
requested from the at least one communications console at the
25 step 608. At step 610, at least one electronic identification
reference in received from the at least one communication
console. Finally, metadata of the encrypted digital media is
branded by writing the membership verification token and the
electronic identification reference into the metadata at the
30 step 612.
FIG. 7 shows a flowchart showing authoring an encrypted
digital media according to an embodiment of the present
invention. At step 702, one or more media items are selected
by the user to form the encrypted digital media. Subsequently,
35 a master password is entered for providing access to the
encrypted digital media for editing at step 704. Afterwards,
the user customizes the user panel of the encrypted digital
media at step 706. Further, the encrypted digital media is
connected to a database of membership verification tokens
40 required for decrypting the encrypted digital media at the step
708. Finally, the one or more media items are encrypted to
create the encrypted digital media at the step 710.
According to various embodiments of the present inven-
tion, the verification is facilitated by at least one token
45 handled by at least one excelsior enabler. Examples of the
token include, and are not limited to, a structured or random
password, e-mail address associated with an e-commerce
payment system used to make an authorization payment, or
other redeemable instruments of trade for access rights of
FIG. 5 shows personalized digital rights management com-
ponent as part of a compatible machine with writable static
memory. The figure represents an authorization sequence
action in which a machine is authorized to accept a person-
alized digital media file. The figure includes STR3EM
Machine GUI 501 including the connect icon 502, a load key
file icon 503, a networking card 504, an internet 505, 508 and
510, a database 506 and 511, a machine memory 507 and a
APiwebsite.com GUI 509. The STR3EM Machine GUI 501 55
50 digital media. Examples of e-commerce systems are Pay Pal,
Amazon Payments, and other credit card services.
According to an embodiment of the present invention, an
identifier for the digital media is stored in a database with
another database of a list of associated tokens for cross-
reference identification for verification.
prompts the user to connect or load a key file to authorize the
device through the connect icon 502 and the load key file icon
503. The STR3EM Machine GUI 501 is connected to the
networking card 504. The networking card 504 facilitates
querying of optional metadata branding process and refer- 60
enced. Further, the STR3EM machine GUI 501 is connected
According to an embodiment of the present invention, the
database of a list of associated tokens includes Instant Pay-
ment Notification (IPN) received from successful financial
e-commerce transactions that includes the identifier for the
digital media; import of CSV password lists, and manually
created reference phrases.
to the database 506 via the internet 505. The database 506 is
the database used to read/write and store the tokens. More-
over, STR3EM Machine GUI 501 is connected to the
machine memory 507. The machine memory 507 represents
the internal memory of the machine or device so authoriza-
tions can be saved for access of the digital media. The API-
For this discussion, the structured or random password
example will be used as reference. The structured or random
passwords can be devised in encoded schemes to flag the
65 apparatus of permission type such as: 1) Purchases can start a
password sequence with "P" following a random number, so
further example would be "PSJD42349MFJDF". 2) Rentals
US 8,533,860 Bl
9
can start or end a password sequence with "R" plus ( +) the
number of days a rental is allowed, for example "R7"
included in "R7SJDHFG58473" flagging a seven day rental.
3) Memberships can start or end a password sequence with
"M" plus ( +) optionally the length of months valid for
example "M11DFJGH34KF" would flag an eleven-month
membership period.
10
related media products in distribution and restore this verifi-
cation element when royalties are paid in full.
The authentication element of this invention is at least
handled first by the at least one excelsior enabler with a
connection to a membership. In the present discussion, the
connection is equal to the Internet and the membership is
equal to a web service. Further, the web service must be
available for two way data exchange to complete the authen-
tication process of this invention. Data exchange with a web
According to an embodiment of the present invention, the
tokens are stored in a relational database such as MySQL or
Oracle. Cloud storage systems such as Amazon's Web Ser-
vices Simple Storage Solution, or also known as S3, provides
a highly available worldwide replicated infrastructure. In
addition to S3, monetization offerings such as DevPay offer
developers the opportunity to make money from applications
developed to use the services.
10 service is usually facilitated with a programmable communi-
cations console, at most times, will be an Applications Pro-
grammable Interface (API). An API is a set of routines, data
structures, object classes, and/or protocols provided by librar-
ies and/or operating system services in order to support the
The verification will reference to the S3 and DevPay ser-
vices for example purposes only as many options such as FTP,
SimpleDB, solid state storage and others can be used to host
the token hosting needed for the verification element of this
invention. The token represents permission from the content
provider to grant access rights to the excelsior enabler and
thereafter the plurality of secondary enablers. To set up the
verification the content provider can manually or automati-
cally generate a single or a plurality of structured or random
password in which will represent the token. By using public
15 building of applications. An API may be language-dependent:
that is, available only in a particular programming language,
using the particular syntax and elements of the progrming
language to make the API convenient to use in this particular
context. Alternatively an API may be language-independent:
20 that is, written in a way that means it can be called from
several programming languages (typically an assembly/C-
level interface). This is a desired feature for a service-style
API that is not bound to a particular process or system and is
available as a remote procedure call. A more detailed descrip-
25 tion of API that can be used for an apparatus can be found in
the book, "Professional Web APis with PHP: eBay, Google,
Paypal, Amazon, FedEx plus Web Feeds", by Paul Reinhe-
imer, Wrox publishers (2006). A program apparatus, scripts,
often calls these APis or sections of code residing on user
or private access of S3 as part of an apparatus, the content
provider can create empty text files giving each the name of
the passwords generated. Because S3 is associated with a
highly available worldwide infrastructure, to check this pass-
word token can be done my simply constructing a HTTP
request from the apparatus and triggering follow up actions
based on either a 200 HTTP response, which means OK at
which point the next action can happen, or a 400 HTTP
response which means ERROR at which point the verification 35
process is voided. An additional token can be used to provide
30 computerized devices. For example, a web browser running
on a user computer, cell phone, or other device can download
a section of JavaScript or other code from a web server, and
then use this code to in turn interact with the API of a remote
a flag to the apparatus that the verification element has been
fulfilled for an initial verification token. Creating an alternate
version of the first token by appending a reference to the end,
for example, does this: 40
"M11DFJGH34KF
[email protected]_01_01_11". In
this example, it is defined that the eleven month authorized
membership token was verified by a
[email protected] on
Jan. 1, 2011. By providing a second token, the first token
becomes locked to ownership by the excelsior enabler pre- 45
venting unauthorized users from reusing the first token with-
out providing the authentication associated with the alterna-
tive referenced second token. In the interest of providers of
the apparatus delivering this invention, this document will
teach a method of a HTTP PUT calculation scheme for auto- 50
Internet server system as desired. A Graphic User Interface
(GUI) can be installed for human interaction or processes can
be preprogrammed in a progrmable script such as PHP,
ASP. Net, Java, Ruby on Rails and others. The authentication
element of the invention is usually embedded as a process of
the apparatus but could be linked dynamically. In this docu-
ment, the embedded version using a GUI will be used as
reference. The web service equipped with the API is usually
a well-known membership themed application in which the
users must use an authentic identification. Some example
includes Facebook in which as a rule, members are required to
use their legal name identities. A reference number or name
with the Facebook Platform API represents this information.
Other verified web services in which real member names are
required such as the Linkedin API and the Pay Pal API and
even others could be used, but for this discussion, Facebook
will be used only as an example of how the authentication
element of the invention is utilized. The Facebook API sys-
tem, as well as others, operates based on an access authenti-
cation system called from a connected apparatus (which is
usually an Internet powered desktop or browser based appli-
55 cation) with an API Key, an Application Secret Key and could
also include an Application ID. For example, the Facebook
API Application Keys required to establish a data exchange
session with the connected apparatus might look like:
matic royalty billing and administration for the token element
used in the invention. Amazon's DevPay allow developers to
attach monetary charges to data services of S3 offered as an
embedded component of the apparatus. By using the "PUT"
requests parameter, tokens generated by the apparatus are
monitored, calculated, and charged to clients of the apparatus
provider. For example: the default charge measure for Dev-
Pay is $0.05 for every 1000 PUT requests. By changing the
amount to $100 for every 1000 PUT requests, the apparatus
provider is paid a $0.10 royalty for each token created. Con-
tent providers using a connected apparatus like DevPay to
deliver and manage digital media distribution do not need to
have restrictions on the tokens created as with prior art DRM
key providers as DevPay is charged on a pay-as-you-need
model on a monthly basis. As a novelty to the apparatus 65
provider, if a content provider fails to pay royalties due, the
DevPay hosting will automatically deny token access to all
API Key
60 37a925fc5ee9b4752af981b9a30e9a73gh
Application Secret
f2a2d92ef395cce88eb0261d4b4gsa782
Application ID
51920566446
The collective API keys are usually embedded in the source
code of the apparatus, or stored on a remote Internet server,
and could be included in the encrypted digital media meta data
US 8,533,860 Bl
11
and inserted on-the-fly into calls made to the API from the
connected apparatus. This allows dynamic API connection of
the apparatus using keys issued to individual content provid-
ers so in the event of a reprimand of a single the individual
content provider by the API provider, the collective the indi-
vidual content providers and the enablers of the connected
apparatus are not affected.
Upon an access request of the digital media, the excelsior
enabler interacts with the apparatus, usually software or web
application, to enter membership credentials in a GUI front-
end connected to the API. The membership credentials are
usually comprised of a login element comprising a name,
phrase, or e-mail address, and a secret password. The creden-
tials can be generated by the enabler or automatically gener-
ated by the web service. Once the enabler authenticates their
identity with the membership, the apparatus facilitating the
data communication can request relevant information to ful-
12
plurality of electronic identification references, in this discus-
sion is reference as the FBID, to storage or metadata as part of
the compatible device or machine. This step ensures the
cross-referencing element requirement of the invention can
take place in the event the connection for the authentication
element is not present in the compatible device or machine.
Another example is a content provider can allow shared
access to friends of the excelsior enabler after a time period,
like for example, 90 days. After the 90 day period, when
10 media access is requested using the authentication element by
a plurality of secondary enablers, which are usually friends
and family of the excelsior enabler, the FBID of the excelsior
enabler is cross-referenced with the FBID of the requesting
secondary enabler by way of the apparatus ability to execute
15 the Facbeook "Friends.areFriends" API command.
XML return example of the Facebeook "Friends.are-
Friends" API command where FBID 2223322 and 2222333
are friends and FBID 1240077 and 1240079 are not friends:
222332222333
1
fill the process chain of the invention. For example, Facebook
API Platform defines members as ID numbers, so if a mem-
ber's real name is John Doe, then Facebook API ID (also 20
programmatically known as the FBID) would be 39485678.
Once the enabler successfully sign in to the GUI element then
the apparatus will query the API for at least one electronic
identification reference, in this discussion is the FBID. The
FBID is received to the permanent or temporary memory of 25
the apparatus to sustain the branding and cross-referencing
requirements of the invention. Additional information can be
requested according to membership status or connected
"friends" of the enabler. Additional information can be made
required for successful authentication and includes: a mini-
mum amount of total friends, a minimum amount of female
friends, a minimum amount of male friends, a minimum
amount of available pictures, a minimum age limit and other
custom rules can be defined by the apparatus. An example of
how this would work is a content provider can define a mini- 35
mum of 32 Facebook friends are required to access an
encrypted digital media asset offered for sale or promotion.
This is achieved by the apparatus handling a access request in
which the enabler has not yet acquired access rights by
executing and parsing information returned by the Facebook 40
"Friends.get" API command.
30
1240077 124007 9
O
Such usability can be important to sustain "fair use" rights
of consumers of the digital media to emulate usability found
with physical media products such as CD and DVD that can
be loaned to friends and family after an inception grace
period.
Once the information of the verification and authentication
elements is acquired, the apparatus handles the next process
of writing the information to the digital media metadata and
can include additional information gathered from compo-
nents ofTheApp. Components ofTheApp can include MAC
XML return example of the Facebook "Friends.get" API
command where a plurality ofFBID are returned to the appa-
ratus for parsing additional information as may be required to
satisfY successful authentication:
222333
1240079
http://
When authenticating a compatible device or machine
which may not have access to a connection for the authenti-
cation element, a key file or part of the meta data thereof could
be made on another connected compatible device or machine
and allow the enabler to execute Friends.get API command to
collect and store the complete list of a plurality ofFBID to the
key file or the metadata thereof. The compatible device or
machine which may not have access to a connection for the
authentication element with an embedded interaction con-
sole, usually a user GUI, can request and load the key file or
part of the metadata thereof to save the complete list of a
45 address from a networking card, CRC checksum of an
embedded file or circuit, SOC identifier, embedded serial
number, OS version, web browser version, and many other
identifiable components as part of The App. For this discus-
sion, the MAC address from a networking card as part of The
50 App will be used as reference of a secondary electronic iden-
tification reference. In computer networking, a Media Access
Control address (MAC address) is a unique identifier
assigned to most network adapters or network interface cards
(NICs) by the manufacturer for identification, and used in the
55 Media Access Control protocol sub-layer. If assigned by the
manufacturer, a MAC address usually encodes the manufac-
turer's registered identification number. It may also be known
as an Ethernet Hardware Address (EHA), hardware address,
adapter address, or physical address. The novelty of embed-
60 ding the MAC address along with the FBID of the excelsior
enabler is to provide a plurality of electronic identification
references in which cross-referencing actions can allow more
rapid access to be granted with less interaction from an
enabler. For example, to retrieve the FBID from Face book to
65 cross-reference with the FBID stored in the digital media
metadata requires the enabler to possibly physically need to
enter their login and password credentials to the GUI con-
US 8,533,860 Bl
13
nected to the apparatus. It may be possible that web browser
cookies allow automatic Face book login by storing an active
session key, but the session key is not guaranteed to be active
at the time of an access request. While the enabler may not
have an issue executing another authentication command,
several remote operations could exist to control authentica-
tion and access requests separately from each other. The
apparatus can execute a programmable retrieval command,
usually a GET command, to locate and retrieve the MAC
address from an attached or connected networking card. After 1 o
the FBID is acquired, the MAC address is also acquired to
write the plurality of electronic identifications to the meta data
of the at least one encrypted digital media asset by; obtaining
the decryption key to decrypt the encrypted digital media
asset which is usually stored encoded, no encoded, encrypted, 15
or no encrypted as part of the apparatus or as part of a con-
nected source, usually an Internet server with an encrypted
HTTPS protocol. A plurality of MAC addresses can be stored
along with the FBID of the excelsior enabler to manage
access rights across a plurality of devices. To understand 20
metadata and the uses, metadata is defined simply as to
"describe other data". It provides information about certain
item's content. For example, an image may include metadata
that describes how large the picture is, the color depth, the
image resolution, when the image was created, and other data. 25
A text document's metadata may contain information about
how long the document is, who the author is, when the docu-
ment was written, and a short summary of the document. Web
pages often include metadata in the form of Meta tags.
Description and keywords Meta tags are commonly used to 30
describe the Web page's content. Most search engines use this
data when adding pages to their search index. In the invention,
the FBID and MAC addresses are written to the digital media
asset metadata to prepare for the instant or delayed cross-
referencing element of the invention. The same process of 35
writing the information to the digital media metadata is true
with secondary enablers allowing the same benefits of cross-
referencing.
Cross-referencing, the last element of the invention is used
to verifY access rights of an enabler of a pre or post person- 40
alized encrypted digital media asset. Once an enabler
executes an action for access request, the apparatus will
obtain the decryption key to first seek the MAC address
record. If the MAC address is found, then a cross-reference
process is executed by comparing the MAC address retrieved 45
from the metadata of the digital media file with the MAC
address retrieved from the networking card connected to the
apparatus or The App. If the comparison action proves to be
true, then access rights are granted to the enabler. If the
comparison fails, then the apparatus can either ask the enabler 50
to participate in communication with the authentication ele-
ment of the invention, or could deny further interactivity with
the enabler. In this discussion, the apparatus requires the
enabler to participate in communication with the authentica-
tion element to provide credentials to establish a cross-refer- 55
ence comparison with the FBID retrieved from the metadata
and the FBID retrieved from the Face book API. If the com-
parison action proves to be true, then access rights is granted
to the excelsior enabler and the current MAC address of the
networking card as part ofTheApp is appended to the meta- 60
data of the encrypted digital media asset and access rights is
granted to the excelsior enabler. If the FBID cross-reference
fails, then the apparatus can either ask the potential secondary
enabler to participate in communication with the authentica-
tion element of the invention, or could deny further interac- 65
tivity with the potential secondary enabler. In this discussion,
the apparatus requires the potential secondary enabler to par-
14
ticipate in communication with the authentication element to
provide credentials to establish a cross-reference comparison
with the FBID retrieved from the metadata and the FBID
retrieved from the Facebook "Friends.areFriends" API com-
mand to determine if the potential secondary enabler identity
is true or false. The determination is in accordance to any
possible access grace periods set by the content provider of
the encrypted digital media asset. If the comparison action
proves to be true, then access rights is granted to the second-
ary enabler and the current MAC address of the networking
card as part ofTheApp and the FBID retrieved are appended
to the established meta data information of the encrypted digi-
tal media asset and access rights can be granted to a plurality
of secondary enablers; unlimited interoperability between
devices and "fair use" sharing partners for an infinite time
frame while protecting commercial digital media from unli-
censed distribution to sustain long-term return of investments
is achieved.
While the present invention has been described in connec-
tion with preferred embodiments, it will be understood by
those skilled in the art that variations and modifications of the
preferred embodiments described above may be made with-
out departing from the scope of the invention. Other embodi-
ments will be apparent to those skilled in the art from a
consideration of the specification or from a practice of the
invention disclosed herein. It is intended that the specification
and the described examples are considered exemplary only,
with the true scope of the invention indicated by the following
claims.
What is claimed is:
1. A method for authorizing access to digital content using
a cloud system, the cloud system comprising connected mod-
ules in operation as one or more of a cloud computing or a
cloud storage in connection with devices and users, wherein
the digital content is at least one of encrypted or not
encrypted, the method facilitating access rights between a
plurality of data processing devices, the method comprising:
receiving a digital content access request from at least one
communications console of the plurality of data process-
ing devices, the access request being a read or write
request of metadata of the digital content, wherein the
read or write request of metadata is performed in con-
nection with a combination of at least one device and the
cloud system, the request comprising a verification
token provided by a first user corresponding to the digi-
tal content, wherein the verification token is one or more
of a password, e-mail address, payment system, credit
card, authorize ready device, rights token, or one or more
redeemable instruments of trade;
authenticating the verification token;
establishing a connection with the at least one communi-
cations console, wherein the communications console is
a combination of a graphic user interface (GUI) and an
Application Programmable Interface (API) wherein the
API is obtained from a verified web service, the web
service capable of facilitating a two way data exchange
to complete a verification process wherein the data
exchange session comprises at least one identification
reference;
requesting the at least one identification reference from the
at least one communications console, wherein the iden-
tification reference comprises one or more of a verified
web service account identifier, letter, number, rights
token, e-mail, password, access time, serial number,
address, manufacturer identification, checksum, operat-
ing system version, browser version, credential, cookie,
or key;
US 8,533,860 Bl
15
receiving the at least one identification reference from the
at least one communications console; and
writing at least one of the verification token or the reference
into the metadata.
2. The method according to claim 1, wherein the access
request being a request from the first user through a data
processing device of the plurality of data processing devices;
or
wherein the access request being a request from one or
more secondary users in network to the first user;
10
wherein the secondary users are validated by a membership
web service.
3. The method according to claim 2, wherein the metadata
comprises one or more of a software or contents of a web
15
page.
4. The method according to claim 3, wherein the verifica-
tion token represents verification from a provider of the token
to grant access rights to the first user.
5. The method according to claim 3, wherein the digital 20
content is shared among one or more users according to a
membership status.
6. The method according to claim 5, wherein the one or
more users are a network of recognized human beings using
machines or recognized automated computerized mecha- 25
nisms progrmed by human beings, the recognition of the
one or more users being validated by the membership status
of the membership web service.
7. The method according to claim 6, wherein the digital
content access request is from a user using at least one of a
30
computer or a phone hosting an operating system =ing an
application.
8. The method of claim 7, wherein the verification token
comprises at least one token selected from the group consist-
35
ing of a purchase permission, a rental permission, or a mem-
bership permission;
wherein the at least one of purchase permission, rental
permission, or membership permission is represented by
one or more of a letter, number, combination of letters 40
and numbers, rights token, successful payment refer-
ence, phrase, name, membership credentials, image,
logo, tag, service name, authorization, list, interface but-
ton, downloadable program, or an instrument of trade.
9. A system for authorizing access to digital content using 45
a worldwide cloud system infrastructure, the worldwide
cloud system infrastructure comprising connected modules
in operation as computing and storage, the computing and
storage comprising a server, a database, devices and users,
wherein the digital content is at least one of encrypted or not 50
encrypted, the system facilitating access rights between a
plurality of data processing devices, the system working as a
front-end agent for access rights authentication between the
plurality of data processing devices, the system further com-
prising: 55
a first receipt module, the first receipt module receiving a
digital content access request from at least one commu-
nications console of the plurality of data processing
devices, the access request being a read or write request
of metadata of the digital content, wherein the read or 60
write request of metadata is performed in connection
with a combination of a device, the server, the database
and the cloud system, the metadata further comprises
one or more of a software or contents of a web page, the
request comprising a verification token provided by a 65
user corresponding to the digital content, wherein the
verification token is one or more of a password, e-mail
16
address, payment system, credit card, authorize ready
device, rights token, or one or more redeemable instru-
ments of trade;
an authentication module, the authentication module
authenticating the verification token;
a connection module, the connection module establishing a
connection with the at least one communications con-
sole, wherein the commnnications console is a combi-
nation of a graphic user interface (GUI) and an Appli-
cation Progrmable Interface (API) wherein the API is
obtained from a verified web service, the web service
capable offacilitating a two way data exchange to com-
plete a verification process wherein the data exchange
session comprises at least one identification reference;
a request module, the request module requesting the at least
one identification reference from the at least one com-
munications console, wherein the identification refer-
ence comprises one or more of a verified web service
account identifier, letter, number, rights token, e-mail,
password, access time, serial number, address, manufac-
turer identification, checksum, operating system ver-
sion, browser version, credential, cookie, or key;
a secondary receipt module, the secondary receipt module
receiving the at least one identification reference from
the at least one communications console; and
a branding module, the branding module writing at least
one of the verification token or the identification refer-
ence into the metadata.
10. The system of claim 9, wherein the verification token
comprises at least one token selected from the group consist-
ing of a purchase permission, a rental permission, or a mem-
bership permission;
wherein the at least one of purchase permission, rental
permission, or membership permission is represented by
one or more of a tag, letter, number, combination of
letters and numbers, rights token, successful payment
reference, phrase, name, membership credentials,
image, logo, service name, authorization, list, interface
button, downloadable program, or an instrument of
trade.
11. A non-transitory computer medium comprising a pro-
gram code, the program code being a part of an operating
system software or downloaded in sections from a web server,
the operating system software program coupled with a user
executing a method for authorizing access to digital content
wherein the program code, when executed in a processor for
facilitating access rights between a plurality of data process-
ing devices, performs the following steps of:
receiving a digital content request from at least one com-
munications console of the plurality of data processing
devices, the access request being a read or write request
of metadata of the digital content, wherein the read or
write request of metadata is performed in connection
with a combination of the operating system software
program and a cloud system, the request comprising a
verification token provided by the user corresponding to
the digital content, wherein the verification token is one
or more of a password, e-mail address, payment system,
credit card, authorize ready device, rights token, key,
file, or one or more redeemable instruments of trade;
authenticating the verification token;
establishing a connection with the at least one communi-
cations console, wherein the communications console is
a combination of a graphic user interface (GUI) and an
Applications Progrmable Interface (API) wherein
the API is obtained from a verified web service, the web
service capable of facilitating a two way data exchange
US 8,533,860 Bl
17
to complete a verification process wherein the data
exchange session comprises at least one identification
reference;
requesting the at least one identification reference from the
at least one communications console, wherein the iden-
tification reference is one or more of a verified web
service account identifier, letter, number, rights token,
e-mail, password, access time, serial number address
manufacturer identification, checksum,
browser version, credential, cookie, or key; 10
rece1vmg the at least one identification reference from the
at least one communications console· and
writing at least one of the verification or the identi-
fication reference into the metadata.
The non-transitory computer medium according to 15
clmm 11, wherein the access request is a request from the user
providing a credential to a membership web service through
a processing of the plurality of data processing
dev1ces, the user bemg a human user establishing a permis-
sion to the digital content.
13. The non-transitory computer medium of claim 12,
wherein the verification token comprises at least one of a
permission, a rental permission, or a membership
perm1sswn;
20
wherein the at least one of purchase permission rental 25
permission, or membership permission is by
one or more of a tag, letter, number, combination of
letters and numbers, successful payment reference,
name, membership credential, image, logo, ser-
VIce name, authorization, list, key, file, interface button, 30
downloadable program, or an instrument of trade.
The non-transitory computer medium according to
clmm 13, wherein the verification token represents verifica-
tion from a provider that a product was acquired.
The non-transitory computer medium according to 35
clmm 13, wherein the digital content is accessed according to
a membership status.
16. The non-transitory computer medium according to
claim 15, wherein the membership status is connected to an
application progrmnmable interface.
The non-.transitory computer medium according to
clmm 15, wherem a remote control operation exist.
40
18
sponding to the digital content, the verification token is
handled by the user as a redeemable instrument, wherein
the verification token comprises at least one of a pur-
chase permission, a rental permission, or a membership
permission, wherein the at least one of purchase permis-
sion, rental permission, or membership permission
being represented by one or more of a tag, a letter, a
number, a combination of letters and numbers a suc-
cessful payment, a rights token, a phrase, a a
membership credential, an image, a logo, a service
name, an authorization, a list, an interface button a
downloadable program, or the redeemable
authenticating the verification token; '
establishing a connection with the communications con-
sole, wherein the communications console is a combi-
nation of a graphic user interface (GUI) and an Appli-
cations Programmable Interface (API) wherein the API
is obtained from a verified web service, the web service
capable offacilitating a two way data exchange to com-
a verification process wherein the data exchange
sesswn comprises at least one identification reference·
requesting the at least one identification reference from the
at least one communications console, wherein the iden-
tification reference comprises one or more of a verified
web service account identifier, letter, number, rights
token, e-mail, password, access time serial number
manufacturer identification, checksum,
mg system version, browser version, credential cookie
or key, or ID; ' '
receiving the at least one identification reference from the
communications console; and
writing at least one of the verification token or the identi-
fication reference into the said metadata.
22. The computer product according to claim 21, wherein
the access request is a request from a first user, the first user is
a human user in operation of the computer product and estab-
lishes first access to the digital content; or
wherein the access request is a request from a secondary
user, the secondary user is a human user in operation of
the computer product and establishes secondary access
to the same digital content as first established for access
by the first user.
The non-transitory computer medium according to
clmm 16, wherein the application programmable interface is
connected to a graphic user interface.
23. The computer product according to claim 21, wherein
45
the customization module customizes the tag.
24. The computer product according to claim 21, wherein
the customization module customizes a user access panel.
The non-transitory computer medium according to
clmm 17, wherein the digital content is shared with one or
more secondary users.
The non-transitory computer medium according to
clmm 19, wherein the digital content is shared with the sec- 50
ondary user according to a period of time.
21. A computer product comprising a memory, a CPU, a
console and a non-transitory computer
us.able medmm, the computer usable medium having an oper-
atmg system stored therein, the computer product further 55
comprising a customization module, the computer product
authorizing access to digital content, wherein the digital con-
tent is at least one of an application, a video, or a video gmne,
wherein the digital content is at least one of encrypted or not
encrypted, the computer product configured to perform the 60
steps of:
receiving the digital content access request from the com-
munications console, the access request being a read or
write request of metadata of the digital content, the
metadata of the digital content being one or more of a 65
database or storage in connection to the computer prod-
uct, the request comprising a verification token corre-
25. The computer product according to claim 22, wherein
the digital content is monitored for access using a worldwide
system infrastructure, the worldwide cloud system
mfrastructure comprising internet connected modules in
operation as computing and storage services in connection to
the computer product.
26. The computer product according to claim 22 wherein
the verification token is connected to a royalty
27. The computer product according to claim 25 wherein
the access is allowed according to a permission facilitated by
a web service working as a front-end agent to the worldwide
cloud system infrastructure.
28. The computer product according to claim 25, wherein
the computer product is a device of a plurality of devices in a
network of the user.
29. The computer product according to claim 28 wherein
the device is a computer or a phone. '
30. The computer product according to claim 29, wherein
a remote control operation exist.
* * * * *
PATENT NO.
APPLICATION NO.
DATED
INVENTOR(S)
UNITED STATES PATENT AND TRADEMARK OFFICE
CERTIFICATE OF CORRECTION
: 8,533,860 B1
: 13/740086
: September 10,2013
: William Grecia
Page 1 of2
It is certified that error appears in the above-identified patent and that said Letters Patent is hereby corrected as shown below:
On Title page, INSERT:
--(63) Continuation of application No. 13/397,517, filed on Feb. 15, 2012, which is a continuation of
application No. 12/985,351, filed on Jan. 6, 2011, which is a continuation of application No.
12/728,218, filed on Mar. 21, 2010, now abandoned.--
In the Claims:
In claim 1, column 15, line 3:
"reference" should be changed to read as --identification reference--
In claim 8, column 15, line 35; and claim 10, column 16, line 31:
"or a membership permission; wherein the at least one of purchase permission, rental permission, or
membership permission",
in each occurrence, should be changed to read as
--and a membership permission; wherein the at least one of purchase permission, rental permission,
and membership permission--
In claim 1, column 14, line 56; claim 9, column 16, line 12; claim 11, column 16, line 67; and
claim 21, column 18, line 19:
"two way data exchange", in each occurrence, should be changed to read as --two way data
exchange session--
Signed and Sealed this
Twelfth Day ofNovember, 2013
Teresa Stanek Rea
Deputy Director of the United States Patent and Trademark Office
CERTIFICATE OF CORRECTION (continued)
U.S. Pat. No. 8,533,860 Bl
In claim 11, column 16, line 65; and claim 21, column 18, line 16 and 17:
"Applications", in each occurrence, should be changed to --Application--
In claim 1, column 14, line 55; claim 9, column 16, line 11; claim 11, column 16, line 66; and
claim 21, column 18, line 18:
"obtained from", in each occurrence, should be changed to --related to--
In claim 21, column 17, line 62:
"receiving the digital content access request" should be changed to --receiving a digital content
access request--
In claim 21, column 18, line 2:
"handled by the user" should be changed to --handled by a user--
Page 2 of2