US20120233008A1 - Switching network supporting media rights management - Google Patents

Abstract

A communication infrastructure containing a plurality of templates stored in an intermediate routing node and data rights management service function that determines an incoming packet contains media content by comparing the packet contents with the plurality of predefined templates and verifies whether associated license in the packet is valid. The intermediate routing node triggers the data rights management service function, if the associated license is not valid. The data rights management service function verifies rights of the user of the destination device to use the media content and interacts with the destination device to verify the validity of the license. In addition, the intermediate routing node interacts with a media manufacturer's server to verify the validity of the license. An external data rights management server may in part or full carry out the DRM functionality, to assist the intermediate routing node.

Description

CROSS REFERENCE TO RELATED APPLICATIONS
• The present U.S. Utility Patent Application claims priority pursuant to 35 U.S.C. §120, as a divisional, to the following U.S. Utility Patent Application which is hereby incorporated herein by reference in its entirety and made part of the present U.S. Utility Patent Application for all purposes:
• U.S. Utility application Ser. No. 11/527,140 filed on Sep. 26, 2006, and entitled “SWITCHING NETWORK SUPPORTING MEDIA RIGHTS MANAGEMENT” (BP5696), pending, which is a Continuation-In-Part of the following U.S. Utility Patent Applications which are hereby incorporated herein by reference in its entirety and made part of the present U.S. Utility Patent Application for all purposes:
• Utility application Ser. No. 11/429,477, filed on May 5, 2006, issued May 24, 2011 as U.S. Pat. No. 7,948,977 and entitled “PACKET ROUTING WITH PAYLOAD ANALYSIS, ENCAPSULATION AND SERVICE MODULE VECTORING” (BP5390);
• Utility application Ser. No. 11/429,478, filed on May 5, 2006, issued Sep. 29, 2009 as U.S. Pat. No. 7,596,137 and entitled “PACKET ROUTING AND VECTORING BASED ON PAYLOAD COMPARISON WITH SPATIALLY RELATED TEMPLATES” (BP5391);
• Utility application Ser. No. 11/491,052, filed on Jul. 20, 2006, issued Feb. 22, 2011 as U.S. Pat. No. 7,895,657 and entitled “SWITCHING NETWORK EMPLOYING VIRUS DETECTION” (BP5457);
• Utility application Ser. No. 11/474,033, filed on Jun. 23, 2006, and entitled “INTERMEDIATE NETWORK NODE SUPPORTING PACKET ANALYSIS OF ENCRYPTED PAYLOAD” (BP5458), now abandoned;
• Utility application Ser. No. 11/527,137 filed on Sep. 26, 2006, issued Jul. 6, 2010 as U.S. Pat. No. 7,751,397, and entitled “SWITCHING NETWORK EMPLOYING A USER CHALLENGE MECHANISM TO COUNTER DENIAL OF SERVICE ATTACKS” (BP5523);
• Utility application Ser. No. 11/506,729 filed on Aug. 18, 2006, and entitled “SWITCHING NETWORK EMPLOYING ADWARE QUARANTINE TECHNIQUES” (BP5524), pending; and
• Utility application Ser. No. 11/506,661 filed on Aug. 18, 2006, and entitled “SWITCHING NETWORK EMPLOYING SERVER QUARANTINE FUNCTIONALITY” (BP5525), pending.
FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
• [Not Applicable]
MICROFICHE/COPYRIGHT REFERENCE
• [Not Applicable]
BACKGROUND OF THE INVENTION
• 1. Field of the Invention
• This invention generally relates to communication infrastructures, and, more particularly, to switching node operations in a packet switched communication network.
• 2. Related Art
• Today's communication networks extensively communicate media contents containing audio files, video images and moving video files. Communication networks include both packet switched and circuit switched networks, often interconnected via network bridges. An Internet network typically includes switching devices such as routers, switches, packet switched exchanges, access points, Internet service provider's networks (ISPN) and Internet communication pathways, and route packets between the end point devices. Destination end point devices include personal or laptop computers, servers, set top boxes and handheld data/communication devices, for example. Servers often act as source end point devices, sourcing media content to the destination devices to be presented to the users of the destination devices.
• Audio files, video image files, and moving video files are usually copyright protected and contain digital signatures. These digital signatures include licenses given to a user that may include unlimited licensing, limited licensing, number of delivery limitations, number of replay limitations, user license limitations, and/or time frame limitations. Trafficking of these audio files, video images and moving video files via communication networks may violate these licenses causing enormous losses to the owners/licensees of the copyrighted media. In order to prevent illegal copying of transmitted media, some media is communicated in encrypted, encoded, or transcoded format to conceal the nature of the media. However, in many cases, transfer of media in this/these format(s) constitutes illegal sharing of media. For example, a source end point device may be a server that illegally distributes music or video content via communication networks to recipients across the globe. Traditional techniques to prevent illegal copying/use have been typically unsuccessful in preventing or monitoring such illegal copying/use.
• Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention.
BRIEF SUMMARY OF THE INVENTION
• The present invention is directed to apparatus and methods of operation that are further described in the following Brief Description of the Drawings, the Detailed Description of the Invention, and the Claims.
• In accordance with the present invention, a communication infrastructure containing a communication pathway, that communicates a packet with media content from a source device to a destination device. The communication pathway contains an intermediate routing node. In addition, the communication infrastructure contains a plurality of templates stored in the intermediate routing node and data rights management service function. The intermediate routing node receives the packet with media content, determines that the packet contains media content by comparing the packet contents with the plurality of predefined templates and identifies that license in the packet with media content is not valid. Then, the intermediate routing node responds to the identification of invalid license by triggering the data rights management service function.
• The intermediate routing node verifies rights of the user of the destination device to use the media content and interacts with the destination device to verify the validity of the license. In addition, the intermediate routing node interacts with a media manufacturer's server to verify the validity of the license. An external data rights management server may in part or full carry out the DRM functionality, to assist the intermediate routing node.
• In accordance with the present invention, an intermediate routing node in a communication infrastructure that routes a packet containing media content from a source device, containing a network interface, storage containing a plurality of templates and a plurality of internal data rights management service functions and processing circuitry. The processing circuitry receives the packet containing media content, compares the contents of the packet with at least one of the plurality of templates, identifies that the packet with media content does not have valid license and responds by triggering at least one of the plurality of internal data rights management service functions.
• Features and advantages of the present invention will become apparent from the following detailed description of the invention made with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
• FIG. 1 is a schematic block diagram illustrating an embodiment of a communication infrastructure built in accordance with the present invention, wherein an intermediate routing node provide data right protection to the packets containing media content;
• FIG. 2 is a schematic block diagram illustrating another embodiment of a communication infrastructure built in accordance with the present invention, wherein a media manufacturer's server generates and distributes necessary templates and associated logic to an intermediate routing node and external DRM server, aiding the data rights protection for their media content;
• FIG. 3 is a schematic block diagram illustrating an embodiment of a communication infrastructure built in accordance with the present invention, wherein an intermediate routing node provides data right protection to the packets containing transcoded media;
• FIG. 4 is a schematic block diagram illustrating interactions between intermediate routing node, destination device, source device, media manufacturer's server and external DRM server in the communication infrastructure ofFIG. 1, in accordance with the present invention;
• FIG. 5 is a schematic block diagram illustrating a network node (switch/router/ISPN/AP) constructed in accordance with the embodiment ofFIG. 1 of the present invention;
• FIG. 6 is a schematic block diagram illustrating an external DRM server constructed in accordance with the embodiment ofFIG. 1 of the present invention;
• FIG. 7 is a schematic block diagram illustrating a router constructed in accordance with the embodiment ofFIG. 1 of the present invention;
• FIG. 8 is a schematic block diagram illustrating end point devices (source and/or destination devices) constructed in accordance with the embodiments ofFIG. 1 of the present invention;
• FIG. 9 is a flowchart illustrating general flow of functionality of intermediate routing node ofFIG. 1; and
• FIG. 10 is a flowchart illustrating functionality of intermediate routing node ofFIG. 1, in detail.
DETAILED DESCRIPTION OF THE INVENTION
• FIG. 1 is a schematic block diagram illustrating an embodiment of acommunication infrastructure105 built in accordance with the present invention, wherein an intermediate routing node109 provide data right protection to the packets containing media content. More particularly, media content originating from asource device135, destined toward adestination device155, communicated via a communication pathway in acommunication routing infrastructure107, is verified for license by intermediate routing nodes such as109 to111. In addition, measures are taken by intermediate routing nodes109 to111 to prevent theft of media content usingcommunication routing infrastructure107. To this end, the intermediate routing nodes109 to111 utilize primary DRM templates and associated logic, secondary DRM templates and associated logic and internal data rights management service functions (DRM SF) built into each of the intermediate routing nodes109 go111. Alternatively, verification and subsequent measures against media theft may, in part or in entirety, take place at anexternal DRM server181, with assistance of media manufacturer'sserver175. For this, theexternal DRM server181 contains primary and secondary templates and associated logic andexternal DRM SF185. Both the internal DRM SF andexternal DRM SF185 contain elements of the present invention such asverification function119,187 andlicensing function121,189.
• The intermediate routing node109 contains the primary DRM templates and associated logic113, secondary DRM templates and associated logic115 and internal DRM service functions117 that assist in determining whether a packet contains media and if the media contained is licensed (that is, contains a digital signature). Once an invalidity of license of the media content is successfully determined, any more packets arriving from thesource device135 are interrupted by the intermediate node109. This is done by the logic associated with the primary or secondary DRM templates113,115, by invoking one or more DRM service functions117. The DRM service functions117 may includeverification function119 that verifies the validity of a license andlicensing function121.
• The DRM process begins when a packet containing media content comes along. The intermediate routing node109 compares the packet content with primary templates and then if indicated in the associated logic, compares with secondary templates until a conclusion is arrived. Then, the logic associated with the primary or secondary templates determine that the media content is protected and that the user may have to pay for the protected media content. The templates may contain bit sequences of the media file name, media content etc. and plurality of templates may contain bit sequences slightly overlapping on each other to prevent repetition of identifying the media in subsequent packets. Then, the packet is forwarded to theinternal DRM SF117 for verification of terms of the license. Once the terms of the license are determined, the internal DRM service functions117 may interact with either or both ofsource device135 anddestination device155 to verify if the terms of the license are followed, as described with reference to theFIG. 4. If such a determination of terms of the license could not be made at the internal DRM service functions117, the intermediate routing node109 may interact with media manufacturer'sserver175 to do the same. Theexternal DRM server181 may in part or full perform the entire above-mentioned functionality. This situation may occur when the internal routing node109 is unable to perform DRM process on the media content. In addition, the media manufacturer'sserver175 may generate and distribute new templates, associated logic and service functions to the intermediate routing node109 or theexternal DRM server181 periodically, as described with reference to theFIG. 2.
• Thesource device135 may be originator of media content, or may simply be a manager for a plurality of media sources. Amedia content137, that is illustrated as being contained in thesource device135, may reside in the storage of thesource device135 or may be distributed among a plurality of the sources thatmedia source135 manages. Themedia137 may contain media contents such as movie, music with or without license. The licensed media that is stored in themedia137 may be of type no-limit license media139, limited licensedmedia141, number ofdelivery limitation media143, number ofreplay limitation media145, userlicense limitation media147, orperiod limitation media149. If packets containing media contains no-limit license, the packet may be allowed to flow through freely any number of times and may be used any number of times. A number ofdelivery limitation media143 may be allowed to flow through a certain number of times, the counting occurs when the associated logic invoke thelicensing function121. Timeframe limitation media149 is verified to confirm if the time during which the media is expected to be presented is expired. In addition, the source device may includelicense data151 andDRM manager153. Thedestination device155 contains abrowser157 andpresentation application161 such as a media player that enable user to use a licensed media. Both thebrowser157 andpresentation application161 contain DRM Client Module (DRM CM)159,163 that assist in communicating with the intermediate node109 or theexternal DRM server181, for verification of license.
• The intermediate routing node109 may be an Internet node such as a router or packet switching exchange, or GPRS (General Packet Radio Service) or any other PSTN (Public Switched Telephone Network) data networks which are typically bridged between each of the types. GPRS or PSTN data networks may allow downloading of media content such as ring tones, in which case themedia source155 may be the telephone operator's media download. The media manufacturer'sserver175 may not source any media, but may attempt to withhold any such media content flow through thecommunication routing infrastructure107, that is, prevent downloading media content that belongs to a particular media manufacturer, from thesource device135, to thedestination device155. This may be the case, for example, when a media manufacturer sells media content via storage devices such as a DVD (Digital Video Disk) alone and would like to prevent any such media content flow through thecommunication routing infrastructure107 to prevent thefts.
• The intermediate routing nodes109 to111 accomplish the media content protection functionality in such a manner as to not unnecessarily repeat any of the functionality along the communication pathway. This non-repetitive processing is accomplished by including a comparison table version code in the packets, after each of the media content protection processing is done. The comparison table version code incorporates information about primary and secondary DRM templates that are compared on the packet, and the DRM service functionality used on the packet by a previous node. Information contained in the comparison table version code may include the DRM template version, associated logic version, internal DRM service function versions and the DRM service functions applied locally or remotely. If any of the nodes in the communication path contains an enhanced or a recent version of DRM templates, for example, the node may determine the need of comparison with only those enhanced DRM templates. Similar considerations apply to associated logic and DRM service functions. If the comparison table version code does not exist in the packet, then the processing intermediate node determines that packet analysis has not taken place by any of the previous nodes. On the contrary, if the comparison table version code does exist, then the processing intermediate node decodes the code to determine the media content protection processes that have occurred before. Then, if any further media content protection processing is necessary only such processing are done.
• To perform DRM processing mentioned above, the intermediate routing node109 might decrypt packets if they are encrypted, and may invoke a local or remote service for such a decryption process. If the packets that arrive at a processing intermediate node are encrypted and if further analysis is indicated, then, network node proceeds with decryption of the packet. In addition, if the media content is transcoded, such a packet may be verified using video transcoding operations, as described with reference to theFIG. 3.
• FIG. 2 is a schematic block diagram illustrating another embodiment of acommunication infrastructure205 built in accordance with the present invention, wherein a media manufacturer'sserver235 generates and distributes necessary templates and associated logic to an intermediate routing node209 andexternal DRM server281, aiding the data rights protection for their media content. In specific, the media manufacturer'sserver235 containssource media manager243 that manages DRM template and logic generation anddistribution239, thus supplying the essential primary DRM templates, secondary DRM templates, associated logic and some DRM service functions to the intermediate routing node209 andexternal DRM server281. The DRM template and logic generation anddistribution239 may be automatic, semi-automatic or manual. The media manufacturer'sserver235 may be any authorized support server that supports DRM (Data Rights Management) process in the intermediate routing node209, by generating and distributing primary DRM templates, secondary DRM templates, associated logic and some DRM service functions that relates to media manufacturer'sserver235. In addition, the media manufacturer'sserver235 containscommunication application245 that assists in communicating with the intermediate routing node209 orexternal DRM server281, during distribution of templates and associated logic or during the DRM process described with reference to theFIG. 1.
• Acommunication routing infrastructure207 illustrated contains intermediate routing nodes209 to211, that may be an Internet node such as a router or packet switching exchange, GPRS (General Packet Radio Service) or any other PSTN (Public Switched Telephone Network) data networks. These different data networks are typically bridged between each of the types. These intermediate routing nodes such as the node209 consists of primary DRM templates and associated logic223, secondary DRM templates and associated logic225 and internal DRM service functions227, that assist in the DRM process. Similarly, theexternal DRM server281 contains templates and associatedlogic283 and external DRM service functions285. These templates and associatedlogic223,225 and283 and DRM service functions227 and285 are supplied, at least in part, by the media manufacturers via the media manufacturer'sserver235. Both the internal DRM SF227 andexternal DRM SF285 contain elements of the present invention such asverification function229,287 andlicensing function231,289.
• In addition,source device275 that originates or manages media content, anddestination device255 may interact with the media manufacturer'sserver235 if necessary, during a DRM process. Thedestination device255 containsbrowser257 andpresentation application261 that allow the user to use the media content. Thebrowser257 andpresentation application261 may containDRM client module259,263 that assist in DRM process at the intermediate routing node209.
• FIG. 3 is a schematic block diagram illustrating an embodiment of acommunication infrastructure305 built in accordance with the present invention, wherein an intermediate routing node309 provides data right protection to the packets containing transcoded media. Thesource device335 originates or manages transcodedmedia349, illustrated as a part ofmedia content337, destined towarddestination device355, via acommunication routing infrastructure307 containing intermediate routing nodes309 to311. By comparing with primary DRM templates and/or secondary DRM templates, the intermediate node309 determines that an arriving packet contains transcoded or encoded media. Thevideo transcoder operations325 transcodes or decodes the media content to extract original media content that is encoded or not, with original digital signature. Then,verification function319 verifies if the digital signature associated with the media is valid and responds appropriately. If such transcoding is not possible, then the intermediate routing node309 may verify the digital signature associated with audio portion of the media content.
• Alternatively, anexternal DRM server381 may contain capabilities of video transcoding operations (not shown), along with templates and associatedlogic383 and external DRM service functions385. Both the internal DRM SF227 andexternal DRM SF285 contain elements of the present invention such asverification function319,387 andlicensing function389. Media manufacturer'sserver375 provides necessary transcoder operation functions to the intermediate routing nodes309 to311. Thedestination device355 containsbrowser357 andpresentation application361 that allow thedestination device355 to present media content. Thebrowser357 andpresentation application361 may containDRM client module359,363 that assist in DRM process at the intermediate routing node309.
• FIG. 4 is a schematic blockdiagram illustrating interactions405 betweenintermediate routing node441,destination device407,source device475, media manufacturer'sserver481, andexternal DRM server483 in the communication infrastructure ofFIG. 1, in accordance with the present invention. Theinteractions405 begins with theintermediate routing node441 receiving a request for amedia download413 from the destination device's407browser407 orpresentation application411. This request is sent415 to thesource device475. Then, theintermediate routing node441 receives415media479 from thesource device475.
• When a first packet containing media content arrives at theintermediate routing node441, the DRM process begins. If necessary, at anext block445, the packet is decoded, decrypted and/or transcoded to obtain original digital signature of the media content. If such a process is not possible at the intermediate routing node, the assistance of media manufacturer'sserver481 orexternal DRM server483 is requested. Then, at anext block447, the packet is compared with the primary DRM templates (PDRMT) and/or secondary DRM templates (SDRMT) and the associated logic are applied. If indicated, such a comparison process or the process thereafter may be transferred to theexternal DRM server483, by vectoring the packet to theexternal DRM server483. Then, at anext block449, DRM service functions are applied, as indicated in the associated logic. In other words, the terms of the digital signature or the license are determined, and if valid, the packet containing media content is allowed to pass through417 to thedestination device407. If the digital signature is not satisfactorily determined or not valid, media manufacturer'sserver481 may be consulted. In this case, abilling session417 is initiated with thedestination device407 with the assistance of the media manufacturer'sserver481, and payment for the media content is sought from the user of thedestination device407. Once payment to the media manufacturer is done, the packet (entire media content download including subsequent packets) is communicated to thedestination device407.
• FIG. 5 is a schematic block diagram illustrating a network node (switch/router/ISPN/AP)507 constructed in accordance with the embodiment ofFIG. 1 of the present invention. Thenetwork node circuitry507 may represent any of the Internet nodes that route data packets and the circuitry may in part or full be incorporated in any of the network devices such as a switch, router, and ISPN or access point. In addition, thenetwork node circuitry507 may in part or full be incorporated in any of the PSTN or GPRS network devices. Thenetwork node circuitry507 generally includesprocessing circuitry509,local storage517, manager interfaces549, and network interfaces541. These components communicatively coupled to one another via one or more of a system bus, dedicated communication pathways, or other direct or indirect communication pathways. Theprocessing circuitry509 may be, in various embodiments, a microprocessor, a digital signal processor, a state machine, an application specific integrated circuit, a field programming gate array, or other processing circuitry. Theprocessing circuitry509 is communicatively coupled to an encoding/encryption pipe511 and decoding/decryption pipe513. Thesehardware components511 and513 may be hardwired to increase the speed DRM processing and routing. The illustration also shows acommunication pathway555 that communicatively couples thenetwork node507 to a neighboringnode557, which has similar quarantine processing capabilities.
• Local storage517 may be random access memory, read-only memory, flash memory, a disk drive, an optical drive, or another type of memory that is operable to store computer instructions and data. Thelocal storage517 contains Service Module Manager (SMM)519 that manages the DRM processing functionality of thenetwork nodes507 such as analyzing incoming packets by comparing the header contents and payload contents with appropriate DRM templates. These DRM templates and associated logic include primary DRM templates and associatedlogic521, secondary DRM templates and associated logic523. If any match is found during the primary DRM template comparison, the associated logic may direct an incoming packet containing media content to selected groups of secondary DRM templates for further analysis and after secondary DRM template comparison, the logic associated with secondary templates is applied. This process is repeated until a conclusion is reached. The conclusion reached determines that the incoming packet contains media content and the license is not valid. Then, appropriate internal DRM service functions525 or external DRM service functions (not shown, may be available in external DRM server ofFIG. 1 or other intermediate nodes) are applied. Theverification function533 andlicensing function535 verify the terms of the license or the digital signature either internally or by seeking assistance from media manufacturer's server or external DRM server (not shown). Any interaction that is necessary with destination device or source device is performed by theverification function533 andlicensing function535. In addition, if the packets are encrypted, encoded or transcoded, the original digital signature containing in such packets are extracted by performing necessary operations by the encoding/decoding/encryption/decryption manager529 or the DRM service functions525 by utilizingvideo transcoder operations531 orhardware units511 and513.
• The network interfaces541 contain wired and wireless packet switched interfaces545, wired and wireless circuit switched interfaces547. In addition, the network interfaces541 may also contain built-in or an independentinterface processing circuitry543. The network interfaces541 allow network devices to communicate with other network devices and allowprocessing circuitry509 to receive and send packets, which may contain request for a webpage. The network interfaces541 allow utilization of external DRM service functions for analysis and processing, when such functions are not available in thelocal storage517. The manager interfaces549 may include a display and keypad interfaces. These manager interfaces549 allow the user at the network exchanges to control aspects of the present invention.
• In other embodiments, thenetwork node507 of the present invention may include fewer or more components than are illustrated as well as lesser or further functionality. In other words, the illustrated network device is meant merely to offer one example of possible functionality and construction in accordance with the present invention. Other possible embodiment of network nodes is described with reference to theFIG. 7.
• Thenetwork node507 is communicatively coupled to external network devices, such as neighboringnode557 or external DRM servers (not shown), viacommunication pathway555. The neighboringnode557 may also consist of elements of present invention such as encoding/decoding/encryption/decryption pipe575,local storage577, SMM (Service Module Manager)579, PDRMT, SDRMT & AL (Primary DRM Templates, Secondary DRM Templates, and Associated Logic)581 and DRM SF (DRM Service Functions)583.
• FIG. 6 is a schematic block diagram illustrating anexternal DRM server665 constructed in accordance with the embodiment ofFIG. 1 of the present invention. The externalDRM server circuitry665 performs, in part or full, the DRM processing such as identifying media content in packets, determining terms of the license, performing interaction with the destination and/or source devices. The externalDRM server circuitry665 generally includesprocessing circuitry667,local storage671, user interfaces649, and network interfaces641. These components communicatively coupled to one another via one or more of a system bus, dedicated communication pathways, or other direct or indirect communication pathways. Theprocessing circuitry667 may be, in various embodiments, a microprocessor, a digital signal processor, a state machine, an application specific integrated circuit, a field programming gate array, or other processing circuitry. Theprocessing circuitry667 is communicatively coupled to an encoding/encryption/decoding/decryption pipe669.
• Local storage671 may be random access memory, read-only memory, flash memory, a disk drive, an optical drive, or another type of memory that is operable to store computer instructions and data. Thelocal storage671 contains elements of the present invention such as aservice module manager673, primary, secondary DRM templates and associatedlogic675, DRM service functions677, encoding/decoding/encryption/decryption manager679, andcontent protection module681. In some embodiments, functionality ofcontent protection module681 may be performed by the DRM service functions677. The DRM processes performed by the external DRM server are similar to that of DRM process described with reference to theFIG. 5.
• The network interfaces641 contain wired and wireless packet switchedinterfaces645, wired and wireless circuit switched interfaces647. In addition, the network interfaces641 may also contain built-in or an independentinterface processing circuitry643. The network interfaces641 allow network devices to communicate with other network devices, source, and destination devices. The user interfaces649 may include a display and keypad interfaces. These user interfaces649 allow the user to control aspects of the present invention at theexternal DRM server665.
• In other embodiments, the externalDRM server circuitry665 of the present invention may include fewer or more components than are illustrated as well as lesser or further functionality. In other words, the illustrated externalDRM server circuitry665 is meant merely to offer one example of possible functionality and construction in accordance with the present invention.
• The externalDRM server circuitry665 is communicatively coupled to external network devices, such as anintermediate node607 via acommunication pathway635. Theintermediate node607 contains aprocessing circuitry609 andlocal storage617. Thelocal storage617 further contains SMM (Service Module Manager)619, PDRMT, SDRMT & AL (Primary DRM Templates, Secondary DRM Templates and Associated Logic)621 and DRMSF (Service DRM Functions)623. Theintermediate node607 may have other components such as an encryption pipe and decryption pipe (not shown).
• FIG. 7 is a schematic block diagram illustrating arouter775 constructed in accordance with the embodiment ofFIG. 1 of the present invention. Therouter775 may be a packet switching exchange or an access point. Therouter circuitry775 generally includes generalprimary processing card755, switches709, and plurality ofline cards715 and781. Theline cards715 and781 may all be different in certain cases. Thefirst line card715 consists ofnetwork interfaces725 capable of interfacing with wired and wireless networks such as 10 Mbit, 1000 Mbit Ethernet networks, and 3 Gbit DWDM (Dense Wavelength Division Multiplexing) fiber optic networks. Thefirst line card715 also contains switch interfaces745 that allow the card to interface with interconnectingswitches709. In addition, thefirst line card715 consists ofsecondary processing circuitry735, which preprocesses the packets before interconnectingswitches709 route the packets. Thesecondary processing circuitry735 contains forwardingengine737 and route cache. Thesecondary processing circuitry735, in addition to preprocessing the packets, also contains PDRMT & AL (Primary DRM Templates and Associated Logic)741. The incoming packets are initially compared with primary DRM templates and associated logic is applied. If a match occurs for media content, the packet is vectored to generalprimary processing card755 for further processing. Thesecondary processing circuitry735 may also contain verification functions739 and local service functions, for quick DRM processing.
• The generalprimary processing card755 consists of core primary processing circuitry757, which is communicatively coupled to an encoding/encryption/decoding/decryption pipe759. The generalprimary processing card755 also contains service module manager (SMM)783, SDRMP & AL (Supplementary DRM Templates and Associated Logic)785 and DRMSF (DRM Service Functions)787. TheSMM783 in conjunction with SDRMP &AL785 andDRMSF787 perform further DRM processing, if vectored by thefirst line card715.
• FIG. 8 is a schematic block diagram illustrating end point devices (source and/or destination devices)807 constructed in accordance with the embodiments ofFIG. 1 of the present invention. The endpoint device circuitry807 may refer to any of the device circuitry from which packets originate and/or terminate, and the circuitry may in part or full be incorporated in any of the end point devices described with reference to theFIGS. 1,2,3 and4. The endpoint device circuitry807 generally includesprocessing circuitry809,local storage811, user interfaces831, and network interfaces855. These components communicatively coupled to one another via one or more of a system bus, dedicated communication pathways, or other direct or indirect communication pathways. Theprocessing circuitry809 may be, in various embodiments, a microprocessor, a digital signal processor, a state machine, an application specific integrated circuit, a field programming gate array, or other processing circuitry.
• The network interfaces855 may contain wired and wireless packet switched interfaces859, wired and wireless circuit switchedinterfaces861 and the network interfaces855 may also contain built-in or an independentinterface processing circuitry857. The network interfaces855 allow end point devices to communicate with any other end point devices. The user interfaces831 may include a display and keypad interfaces.
• Local storage811 may be random access memory, read-only memory, flash memory, a disk drive, an optical drive, or another type of memory that is operable to store computer instructions and data. Thelocal storage811 includes communication applications813,browser815, andpresentation application819. Thelocal storage811 also contains communication applications813, and anoperating system823. Thebrowser815 andpresentation application819 containDRM client modules817 and821 that assist in verification of the terms and validity of the license, at the intermediate routing node such asdevice881.
• In other embodiments, the endpoint device circuitry807 of the present invention may include fewer or more components than are illustrated as well as lesser or further functionality, and may adapt to the data packets exchange functionality rather than voice packets exchange. In other words, the illustrated end point device is meant to merely offer one example of possible functionality and construction in accordance with the present invention.
• Theend point device807 is communicatively coupled to external network devices, such as theremote device881, vianetworks875. Theexternal network device881 may also consist of elements of present invention such asprocessing circuitry883 andlocal storage895 consisting,SMM885 and PDRMT, SDRMT &AL887 andDRMSF891 among other functional blocks of the present invention. The source or destination devices typically communicate with each other by exchanging packets. These packets may contain media content with or without a digital signature. When a network node, such asremote device881 detects a packet with an invalid digital signature or license, it attempts to interrupt such a media content flow.
• FIG. 9 is a flowchart illustrating general flow of functionality of intermediate routing node ofFIG. 1. The general flow of functionality begins atblock911, with the intermediate routing node receiving media content in a packet via network interfaces, from source device. Then, at a next block912, the intermediate routing node determines if the media content is encoded, encrypted and/or transcoded and as needed, decodes, decrypts and/or transcodes the media content. At anext block915, the intermediate routing node compares the media content with primary DRM templates to determine if the media content contains digital signature or license and if so, applies associated logic. If the associated logic indicates further analysis, at a next block917, the intermediate routing node compares the media content in the packet with secondary DRM templates and applies associated logic until a conclusion is reached.
• At anext block919, the intermediate routing node applies selected DRM service function processing to verify terms or scope of the license that is available with the media content. At anext block921, the intermediate routing node allows the packet to reach the destination device if the terms of the license are valid. If not valid, then the intermediate routing node interacts with media manufacturer's server, source device, and/or destination device and applies appropriate service functions. The application of service function may determine future course of actions such as billing the user of the destination device or not allowing downloading of the media content.
• FIG. 10 is a flowchart illustrating functionality of intermediate routing node ofFIG. 1, in detail. The detailed functionality of the intermediate routing node begins at astart block1007. At anext block1009, the intermediate routing node receives a packet containing media content via network interfaces. At anext block1011, intermediate routing node determines whether the media content is encoded, encrypted and/or transcoded and decodes, decrypts and/or transcodes the media content appropriately. At anext block1013, the intermediate routing node compares the packet contents with primary DRM templates to identify media content and/or license information. At anext decision block1015, the intermediate routing node verifies if any matches are found. If no matches are found for media content, at ablock1031, the intermediate routing node routes the packet and the detailed functionality ends at anext end block1033.
• If a match is found at thedecision block1015, at anext block1017 the intermediate routing node applies logic associated with the primary DRM templates. The associated logic may indicate further analysis using secondary DRM templates or may indicate application of appropriate service functions, after determining invalidity of license. At anext decision block1019, the intermediate routing node verifies if secondary DRM templates are indicated. If yes, at anext block1021, the intermediate routing node analyzes the packet contents by comparing it with secondary DRM templates to identify media content and/or digital signature (license). If no secondary DRM templates are indicated, the detailed functionality jumps to a next block1027.
• At anext decision block1023, the intermediate routing node verifies if any matches are found. If no matches are found, the detailed functionality jumps to a next block1027. At anext block1025, the intermediate routing node applies logic associated with the secondary templates. At a next block1027, the intermediate routing node applies selected DRM service functions using the license information in the packet. Then, the intermediate routing node interacts with media manufacturer's server, source, and destination devices, as indicated the DRM service functions and applies appropriate service functions. The application of service functions determines future course of actions such as billing the user of the destination device or not allowing downloading of the media content. Once determined that the license is invalid, any such actions may also be applied on other packets of the download that arrive after the first packet of the media download. At thenext block1031, the intermediate node routes the packet if the license is found to be valid or after billing the user of the destination device, and the detailed functionality ends at theend block1033.
• As one of average skill in the art will appreciate, the term “communicatively coupled”, as may be used herein, includes wireless and wired, direct coupling and indirect coupling via another component, element, circuit, or module. As one of average skill in the art will also appreciate, inferred coupling (i.e., where one element is coupled to another element by inference) includes wireless and wired, direct and indirect coupling between two elements in the same manner as “communicatively coupled”.
• The present invention has also been described above with the aid of method steps illustrating the performance of specified functions and relationships thereof. The boundaries and sequence of these functional building blocks and method steps have been arbitrarily defined herein for convenience of description. Alternate boundaries and sequences can be defined so long as the specified functions and relationships are appropriately performed. Any such alternate boundaries or sequences are thus within the scope and spirit of the claimed invention.
• The present invention has been described above with the aid of functional building blocks illustrating the performance of certain significant functions. The boundaries of these functional building blocks have been arbitrarily defined for convenience of description. Alternate boundaries could be defined as long as the certain significant functions are appropriately performed. Similarly, flow diagram blocks may also have been arbitrarily defined herein to illustrate certain significant functionality. To the extent used, the flow diagram block boundaries and sequence could have been defined otherwise and still perform the certain significant functionality. Such alternate definitions of both functional building blocks and flow diagram blocks and sequences are thus within the scope and spirit of the claimed invention.
• One of average skill in the art will also recognize that the functional building blocks, and other illustrative blocks, modules and components herein, can be implemented as illustrated or by discrete components, application specific integrated circuits, processors executing appropriate software and the like or any combination thereof.
• Moreover, although described in detail for purposes of clarity and understanding by way of the aforementioned embodiments, the present invention is not limited to such embodiments. It will be obvious to one of average skill in the art that various changes and modifications may be practiced within the spirit and scope of the invention, as limited only by the scope of the appended claims.

Claims (20)

1. A communication infrastructure supporting routing of a packet with media content, the communication infrastructure comprising:

a packet switched network;

a destination device communicatively coupled to the packet switched network;

a source device communicatively coupled to the packet switched network, the source device delivering the packet into the packet switched network in an attempt to reach the destination device;

a data rights management service;

the packet switched network comprising an intermediate routing node;

the intermediate routing node receives and compares the packet to a plurality of templates and identifies the media content of the packet; and

the intermediate routing node, upon identifying the media content of the packet triggers the data rights management service prior to delivery of the packet to the destination device.

2. The communication infrastructure ofclaim 1, wherein the data rights management service confirms an existence of licensing.

3. The communication infrastructure ofclaim 1, wherein the intermediate routing node comprising at least a portion of the data rights management service.

4. The communication infrastructure ofclaim 1, further comprising a server that hosts at least a portion of the data rights management service.

5. The communication infrastructure ofclaim 1, wherein the data rights management service identifies a licensing issue.

6. The communication infrastructure ofclaim 5, wherein the data rights management service sends a message identifying the licensing issue.

7. The communication infrastructure ofclaim 6, wherein the message comprising a payment request.

8. The communication infrastructure ofclaim 1, wherein the message comprising a request for information needed to confirm licensing.

9. The communication infrastructure ofclaim 1, wherein the intermediate routing node interrupts delivery of the packet toward the destination device until the data rights management service confirms licensing.

10. A method for use in a packet switched communication network supporting routing of a packet with media content from a source device to a destination device, the method comprising:

receiving, at an intermediate routing node included in the packet switched communication network, a packet sent from the source device to the destination device;

prior to delivery of the packet to the destination device:

identifying, at the intermediate routing node, media content included in the packet by comparing the packet to a plurality of templates;

in response to identifying the media content of the packet, using the intermediate routing node to trigger a data rights management service, the data rights management service verifying that the media content requires a license.

11. The method ofclaim 10, wherein the intermediate routing node comprises a wireless router.

12. The method ofclaim 10, wherein the intermediate routing node comprises a wireless access point.

13. The method ofclaim 10, further comprising:

transcoding the packet at the intermediate routing node.

14. The method ofclaim 10, further comprising:

performing the data rights management function in the intermediate node.

15. The method ofclaim 10, further comprising:

performing the data rights management function, at least in part, using an external server coupled to the packet switched communication network.

16. A method for use in a communication network supporting routing of a packet including media content from a source device towards a destination device, the method comprising:

receiving, at an access point included in the communication network, a packet including media content requiring a license;

prior to routing the packet to the destination device:

comparing the packet with a plurality of templates;

identifying, based on the comparing, the media content requiring a license; and

triggering, in response to the identifying, a data rights management function to determine if the media content requiring a license, is licensed.

17. The method ofclaim 16, wherein triggering the data rights management function comprises triggering a data rights management function internal to the access point.

18. The method ofclaim 16, wherein triggering the data rights management function comprises triggering a data rights management function on an external server, the external server configured to interact with at least one of the destination device and the source device to verify that licensing terms associated with the media content item requiring a license are followed.

19. The method ofclaim 16, further comprising:

using the access point to verify licensing based on interactions with one of the destination device and the source device.

20. The method ofclaim 16, wherein the data rights management function comprises offering to sell a license.

Images