The present invention relates in general to information networks, and in particular, to transmission of data over the Internet.
With the rapid growth of the Internet and improvements in computer technology, the demand for transfers of audio and video data over the Internet will increase dramatically. Within the Internet, navigation and selection from video/audio sources are accomplished using web browser technology within an HTTP (HyperText Transfer Protocol) server. Video/audio selection can be accomplished in many application scenarios, from selection from a simple list to multimedia objects being integrated in the documents implementing an application.
Transfer of audio/video data over the Internet is typically enabled in response to a client computer web browser. As a result of such a web browsing process, metadata is returned from an application server, which is coupled to an HTTP (or other) server, to the client computer via the HTTP server. This metadata causes a helper application, or video/audio viewer, to be started in the client computer. The metadata is passed to this helper application, or viewer, and is used to initialize the client subsystem for the playback, to get connected to the application server for control functions, and to obtain loading and starting of the requested video/audio title(s). Information in the metadata includes an address of the application server, the identifier (unique title) for the file to be played, the type of encoding of the video/audio data, the bit rate of the encoded video/audio data, etc.
Using the received metadata, all interaction to request and control the play of video/audio data is accomplished between the client computer and the application server over an established link. Opening the session will result in a separate logical connection, which carries the digitized video between the video server, coupled to the application server, and the client computer. VCR-like control of the video is then supported over the client-to-application server link.
Access control, billing initiation, rights management functions, etc. will be part of the video/audio navigation and selection functions provided by the CGI (common gateway interface) programs in the HTTP server (or by programs in other types of servers: e.g., digital library search server). Having provided these functions at this level, a mechanism is required between the client computers and application server to provide security for the actual request and play of the video/audio data.
The present invention addresses the foregoing need by providing a security mechanism for implementation where a client computer has requested video/audio data from an application server coupled to an HTTP server. The security mechanism limits access to the application server by only those client computers with approved video requests (as determined by the application in the HTTP server application). Once a client computer is connected to the application server, the client computer is limited to playing only those titles originally selected during the navigation and selection process with the HTTP server. The security mechanism inhibits a client computer""s capability to intercept other client-approved requests, connect to the application server as a xe2x80x9cvalidxe2x80x9d approved client, and then have the ability to play the video intended for the originally approved requester.
More specifically, upon the receipt of a request from a client computer, the application server produces a random passticket (e.g., an N-digit code) to be used by a client computer to make a valid connection to the application server. The application server-generated passticket is then included as an element in the metadata sent to the client computer. The application server maintains a copy of this passticket for client connection validation.
The application server may include a time-out period between sending a passticket in the metadata and a client computer""s use of the passticket. With expiration of the timer without a use of the passticket by the client computer, the passticket is invalidated.
The application server maintains and associates with the passticket the requested title information, which is also returned as part of the metadata. When a client connects to the application server, the passticket is checked. The connection is rejected if the passticket is not currently valid in the application server. Once the passticket is validated with a user connect, it is then invalidated. When a client makes the play requests to the application server for a title, the title is validated against the titles associated with the passticket. Invalid title requests are rejected.
As the metadata is sent to the client computer over an open network, there is an exposure for another client computer to intercept and use the passticket (prior to the original requester""s connection to the application server). This can be defended by scrambling (e.g., encryption) the application server-generated passticket using a key which is known by the client computer. This scrambling could be accomplished by the HTTP server application. Use of a secure sockets layer in a secure web server would provide this level of security. Key management between the client computer and the server would also be done at this level. In addition to the scrambling of the passticket, the title information may also be scrambled. This could make metadata interception and break-in even more difficult as the application server also validates the title against a valid connect (valid passticket).
The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention.