The present invention relates to security for network resources, and more specifically to a system and method for controlling access to contents such as media files, pay-per-view websites, members-only sites, etc, on a network. The present invention allows a content owner (e.g., publisher) to deny access to unauthorized requests for content on a network.
Multimedia content is increasingly being hosted on computer networks. For example, the Internet, which is a network of interconnected computers spread throughout the world, hosts a variety of multimedia content such as audio, video, text, graphics and other types of computer data.
Often, the owner of the content (e.g., publisher) hosts the content on its own computer server. However, in many instances, the publisher may let an independent third party manage or maintain the content in the third party""s computer server. The computer server may be linked to a network, e.g., the Internet.
While users have unrestricted access to some content on the Internet, others however have restricted access. The content owner may need to restrict access to its content to only authorized users for commercial reasons. A publisher of a newsletter on the Internet, for example, may wish to grant access to only subscribing users. A pay-per-view website publisher needs to ensure that only subscribing customers have access to the contents.
A website publisher may wish to prevent piracy on its site. For example, a publisher may wish to ensure that no other website can place links to a client""s content on its pages. A pirate website may try to link directly to a movie clip from its own page and sell its advertising around it.
Thus, a publisher needs to control access to its content on the network by ensuring that only authorized users have access to the content. The publisher needs the ability to deny access to unauthorized requests for content on a network that may be managed by a third party.
The present invention is directed to a system and method for controlling access to content on a network computer. The computer may be a stand-alone single server computer or part of a distributed computer network that is connected to the Internet, intranet, or any other network. The present invention provides a means for a publisher or an owner of content to control access to the content even on a distributed network, i.e., multiple computers storing and providing access to the content.
According to the present invention, a user initially receives a token from the publisher or the owner. A content server then receives the token from the user. The content server is configured to recognize requests for content that requires authentication, process the token, and verify the validity of the token. If the token is valid, the server delivers the content to the user. If the token is invalid, the server denies the user access to the content. The present invention provides secured access to restricted contents, such as, for example, pay-per-view websites and movies, and members-only content in an efficient way.
In one embodiment, the method for providing security for network resources by controlling the delivery of a file from a network computer comprises receiving a token from a publisher, the token included in an authenticated URL, requesting content from the network computer by presenting the token, checking the validity of the token at the network computer, delivering, from the network computer, the file if the token is valid, and denying access to the file if the token is invalid.
The method further comprises the steps of clicking onto an authentication-required web page, entering a username and a password in a dialog box, checking the validity of the username and the password, presenting a web page containing the authenticated URL if the username and the password are valid, and denying access to the file if the username and the password are invalid.
The method further comprises the steps of clicking onto a link for a payment-required web page, providing credit card information into a form, processing a transaction using the credit card information, presenting a web page containing the authenticated URL if the transaction is successful, and denying access to the file if the transaction is unsuccessful.
The method further comprises the steps of extracting the token from the authenticated URL, and extracting component flags and required mask fields from the token. The method further comprises the steps of comparing the components indicated by the component flags with the required mask fields, creating a reference token using same component as in the authenticated URL, comparing the token with the reference token, delivering the file if the tokens match, and denying access to the file if the tokens do not match.