50 results about "Authorized domain" patented technology

Domain membership vouchers are transmitted to devices in response to domain membership requests and domain joining requests. These vouchers include domain identifiers and domain keys encrypted with the public keys of the requesting devices. Once received, the domain membership vouchers establish the devices as members of authorized domains. Such authorized domains allow the sharing of protected content among devices within a particular authorized domain.

A copyright protection method (150) and apparatus (190) employs (151) a first protection scheme (160) within a single authorized domain (195), in which all interfaces (194a-c) are protected with digital rights management system and employs (152) a second protection scheme (170) for use in inter-domain file transfers. The method (150) and apparatus (190) may employ (153) a third protection scheme (180) for external outputs (197a-c) not protected by a digital rights management system. The first protection scheme (160) includes specifying (161) whether a copy of files is allowed to be stored anywhere within the single authorized domain; specifying (162) whether files may be stored only on specific devices within the single authorized domain; or specifying (163) how many simultaneous rendering devices are permitted when rendering files. The second protection scheme (170) may include: specifying (171) if the files may be copied to other domains; and explicitly identifying (172) domains to which copies are allowed; specifying (173) if files may be moved to other domains, and optionally allowing movement of files to any other domain; specifying (174) a list of specific domains to which content may be copied, and preserving content rights during content transfer to another domain; or specifying (175) specific domains to which content may be moved, and preserving content rights during content transfer. The third protection scheme (180) may include: specifying (181) copy protection information separately for analog, digital uncompressed and digital compressed outputs; specifying (182) a CGMS Copy protection state; specifying (183) MACROVISION parameters for analog outputs; specifying (184) if a particular type of output is allowed at all; or disabling (185) the particular type of output if the particular output type is not allowed.

The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

In a domain comprising a plurality of devices, the devices in the domain sharing a common domain key, a method of enabling a entity that is not a member of the domain to create an object that can be authenticated and/or decrypted using the common domain key, the method comprising providing to the entity that is not a member of the domain a diversified key that is derived using a one-way function from at least the common domain key for creating authentication data related to said object and/or for encrypting said object, the devices in the domain being configured to authenticate and/or decrypt said object using the diversified key.

A message manager monitors incoming e-mail messages. The message manager determines whether the from field of each incoming e-mail message indicates that the e-mail message originates from a recognized domain. Responsive to determining that the from field indicates that the e-mail originates from a recognized domain, the message manager compares at least one domain associated with at least one link found embedded in the text of the e-mail message to a list of authorized domains. Based on the results of the comparison, the message manager determines whether the e-mail message originates from a recognized domain.

A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.

A server and a client hold common secret information in respective secret information holding units. A server Cyclic Redundancy Check (CRC) unit in the server generates a CRC code after adding the secret information to communication data, and transmits the communication data with the CRC code attached. A client CRC unit of the client generates a CRC code after adding the secret information to communication data, and checks whether or not an error has occurred in the communication data on the communication path. Since the client holds the secret information, the client determines that an error has not occurred, and obtains the communication data. On the other hand, a router, which does not hold the secret information, is unable to obtain the communication data. This prevents the communication data from being transferred to devices outside an authorized domain.

The invention relates to a data carrier (DC) for carrying a data content (CONT) belonging to an authorized domain (AD). Said data carrier (DC) comprises a data carrier data right management system (M-DRM) ruled by first rights (R1) of exporting said data content (CONT) to a reading apparatus (RA). Said authorized domain comprises a domain data right management system (AD-DRM) ruled by second rights (R2) of exporting said data content (CONT) to a reading apparatus (RA), said second rights depending on whether the reading apparatus belongs to the authorized domain. The data carrier (DC) comprises said data content (CONT) stored within a data carrier data content file (CCF) having a data carrier format specified by said data carrier data right management system (M-DRM), a data carrier license (ML) comprising said first rights (R1) and a domain license (DL) comprising said second rights (R2), said domain license (DL) being stored as a data carrier domain license file (CDLF) having said data carrier format.

A system for authenticating electronic correspondence includes a sender, a recipient, and a central authorization service. The sender includes a correspondence client at which electronic correspondence is composed, a correspondence server for routing proposed correspondence, and a sender client. The recipient includes a correspondence client at which electronic correspondence is viewed, a correspondence server that delivers the correspondence to the correspondence client, and a recipient client. The central authorization service has a two-way communication link to each of the sender client and the recipient client. The sender client is configured to determine whether composed correspondence to be sent originates from at least one of an authorized server and an authorized domain before sending the correspondence and informs the central authorization service if a determination is made if the correspondence does not originate from an authorized server or an authorized domain. The recipient client determines the authenticity of received correspondence and only upon a determination of authenticity forwards the message to the correspondence server for routing to the recipient client.

The present invention relates to a method and a device for determining access to multimedia content from an entry identifier, in a domain which comprises a number of entry identifiers, and where the multimedia content is assigned an access number n indicating the number of entry identifiers which may access the multimedia content. This is obtained by accessing a domain list indicating at least some of said entry identifiers in said network domain and by further determining that the entry identifier may access said multimedia content if said entry identifier is between the n entries in said domain list determined by an evaluation rule.

The number of devices installed in an Authorized Domain is controlled by a master device functionality. This master devices stores ceiling values for the total number Totaljimit of devices to be installed in the AD; the total number Localjimit of devices to be installed in a local proximity with the master device and the total number Remotejimit of devices to be installed remotely from said master device. The master device also stores current values of the number Local_count of devices installed in the AD in local proximity with the master device; and the number Remote_count of devices installed in the AD remotely from said master device. When a new device is to be installed in the AD, the ceiling values are checked with respect to the current values and it is checked whether the device is in local proximity with the master device to authorize or not its installation in the AD, either locally or remotely.

The present invention relates to an authorized domain including a plurality of Authorized Domain Managers (ADMs). The plurality of ADMs contrary to a single ADM solution enables portable ADMs, that do not have to be continuously connected to the AD. The invention provides a solution for keeping the ADMs synchronized. For this purpose, inter alia, each ADM is provided with a map, which comprises an identifier area for containing identifiers corresponding to other devices, and at least one property area for containing properties of the identifiers. The property area is mapped on the identifier area. The properties are arranged to provide information about updates thereof. By obtaining map contents of another ADM, and comparing the contents of the own map with the map contents of the other ADM, it is possible for an ADM to determine whether to perform any updates of the own map.

The invention relates to a CDN optimal scheduling method based on local DNS, comprising: an ICP content user experience optimization system and an Internet content user experience optimization system.IN the ICP Content User Experience Optimization System, fora domain name often visited by users, ICP's Authorized Domain Name Server is deployed next to the ICP User Experience Optimization system,aforwarding server is configured as the address of ICP authorized domain name server on ICP user experience optimization system, and the resource is obtained directly through domain name forwarding, and the local dialing test result is obtained through Tesse global resource library, and the optimal resource list is returned according to the user's strategy. The user experience is enhanced; local DNS service capabilities are enhanced; fault content source second-level switching is performed; the backbone network bandwidth of operators is saved. On the one hand, the access experience of users isenhanced, and the competitiveness of operators is enhanced; on the other hand, the backbone network bandwidth of the operators is greatly saved and the cost of the operators is reduced.

The invention relates to a cache optimization method and system for resisting continuous variable-domain name prefix attack. The method includes that regularly counting domain name absence records according to a set time period through a domain name cache server, when the domain name absence records surpass a set threshold, beginning to automatically gather the domain names; dividing the domain names into a plurality of aggregate classes according to the complete matching between second-level domain names and third-level domain names, if the element number of the aggregate class surpasses a set threshold, aggregating all the domain names in the aggregate class into an aggregate domain name with prefix *; for a new domain name query request, if there is no corresponding concrete record in the domain name cache server, matching with the aggregate domain name, if the matching is successful, returning a domain name absence response, otherwise, performing domain name query in an authorization domain name server. The cache optimization method for resisting the continuous variable-domain name prefix attack has advantages of strong cache stability, high timeliness, cache space saving and the like.

The invention discloses a method and a system for storing and managing data of an authoritative domain name system server. The method comprises the following step of dividing domain name system data of different views in an authorized domain to obtain domain name system data storage information, and then sending the domain name system data storage information to a distribution server and the authoritative domain name system server respectively; distributing the well-divided domain name system data to corresponding storage servers for storage based on the domain name system data storage information by the distribution server; and after the authoritative domain name system server receives a query request, querying at the storage servers according to the domain name system data storage information and returning the query result to a requesting terminal. The problems of storage bottleneck and query efficiency reduction of the authoritative domain name system server caused by sharp increase of domain names and views and the problem of resource waste in data distribution and storage of a domain name system are solved; and the correctness of the query result of the domain name system is ensured while the reasonable optimization.

The exemplary embodiments include a method that involves determining a logical device count for individual ones of a plurality of devices in an authorized domain; calculating a sum of the logical device counts; and comparing the sum with a maximum allowable number of devices for the authorized domain, where the logical device count for a device may be equal to one, less than one, or greater than one. The logical device count is a value greater than one when a particular device is includes multiple consumption points, where a value of the logical device count equals a number of consumption points for the particular device, and the logical device count is a value less than one when a particular consumption point includes multiple devices, such as when a plurality of speakers are used to express content.

This invention relates to a system and a method of generating an Authorized Domain (AI)), the method comprising the steps of selecting a domain identifier (Domain ID) uniquely identifying the Authorized Domain, binding at least one user (P1, P2, . . . , PN1) to the domain identifier (Domain ID), and binding at least one device (D1, D2, . . . , DM) to at least one user (P1, P2, . . . , PN1), thereby obtaining a number of devices (D1, D2, . . . , DM) and a number of users (P1, P2, . . . , PN1) that is authorized to access a content item (C1, C2, CN2) of said Authorized Domain (100). Hereby, a number of verified devices (D1, D2, . . . , DM) and a number of verified persons (P1, P2, . . . , PN1) that is authorized to access a content item of said Authorized Domain (100) is obtained. Additionally, it is possible to enable automatic assignment of imported content being imported on a device belonging to the Authorized Domain (AD) since it now is given to which person a given authorized device belongs to. Further, a simple and efficient way of implementing domain boundaries is enabled.

The embodiment of the invention discloses an edge application addressing method and related equipment. The method comprises the following steps: a domain name system (DNS) server receives a first edge application access request from terminal equipment, and analyzes the first edge application access request to obtain a first domain name in the first edge application access request; the DNS server determines whether the first domain name is in a pre-obtained authorized domain name set or not; under the condition that the first domain name is in the pre-obtained authorized domain name set, the DNS server resolves the domain name resolution result of the first domain name into a specific destination address, wherein the specific destination address is the address of a pre-configured edge application addressing device; and the DNS server sends a domain name resolution result containing the specific destination address to the terminal equipment.