[go: up one dir, main page]

WO2015094217A1 - Methods, apparatus and system for enabling remote access to subscription services - Google Patents

Methods, apparatus and system for enabling remote access to subscription services Download PDF

Info

Publication number
WO2015094217A1
WO2015094217A1 PCT/US2013/076045 US2013076045W WO2015094217A1 WO 2015094217 A1 WO2015094217 A1 WO 2015094217A1 US 2013076045 W US2013076045 W US 2013076045W WO 2015094217 A1 WO2015094217 A1 WO 2015094217A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
information
user
services
data
Prior art date
Application number
PCT/US2013/076045
Other languages
French (fr)
Inventor
Ronald Roy OGLE
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Priority to PCT/US2013/076045 priority Critical patent/WO2015094217A1/en
Publication of WO2015094217A1 publication Critical patent/WO2015094217A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present principles generally relates to subscription services, and more particularly, to methods, an apparatus and a system for enabling a user to access subscription services remotely.
  • a user can lose access to a paid subscription when attempting to seek access through a media content delivery service (e.g., a broadcast satellite or cable) because providers of broadcast media have traditionally relied on a hardware-centric rights management structure often incompatible with many paid subscription services. It would be desirable for a user to have access to a subscription service even when using a proprietary device not typically designed or designated for receiving that paid subscription service.
  • a media content delivery service e.g., a broadcast satellite or cable
  • Embodiments of the present principles address these and other deficiencies of the prior art by providing methods, an apparatus and a system by which a user can access subscription services remotely.
  • a method includes receiving a requesting user's authentication information from an access device, comparing the received user authentication information to stored authentication information to determine if a match exists, and if a match exists, communicating, to the access device, information regarding at least to what, at least one of, data, content, applications and/or services to which the requesting user has access.
  • an identification device includes a memory for storing at least one of program routines, identification information, content and data, and a processor for executing the program routines.
  • the apparatus is configured to receive a requesting user's authentication information from an access device, compare the received user authentication information to stored authentication information to determine if a match exists, and if a match exists, communicate, to the access device, information regarding at least to what, at least one of, data, content, applications and/or services the requesting user has access.
  • a system in communication with an authentication device via a network, the network providing at least communication between the access device and an authentication device and the authentication device including a memory for storing at least one of program routines, identification information, content and data and a processor for executing the program routines.
  • the authentication device is configured to receive a requesting user's authentication information from the access device over the network, compare the received user authentication information to authentication information stored in the memory of the authentication device to determine if a match exists and if a match exists,
  • a method in an access device for enabling remote access to subscription services includes receiving a requesting user's authentication information, communicating the received user authentication to an identification device at which the user authentication information is compared to stored authentication information to determine if a match exists, if a match exists, receiving from the access device, information regarding at least to what, at least one of, data, content, applications and/or services the requesting user has access, and enabling the requesting user access to the at least one of data, content, applications and/or services to which the user has access and for which the user has requested access.
  • FIG. 1 depicts a high level block diagram of a system for enabling a user to access subscription services remotely in accordance with an embodiment of the present principles
  • FIG. 2 depicts a high level block diagram of an identification device suitable for implementation in the system of FIG. 1 in accordance with an embodiment of the present principles
  • FIG. 3 depicts a flow diagram of a method in an identification device for enabling remote access to subscription services in accordance with an embodiment of the present principles
  • FIG. 4 depicts a flow diagram of a method in an access device for enabling remote access to subscription services in accordance with an embodiment of the present principles. It should be understood that the drawing(s) are for purposes of illustrating the concepts of the various described principles and are not necessarily the only possible configuration for illustrating the principles.
  • Embodiments of the present principles advantageously provide methods, an apparatus and a system for enabling a user to access subscription services remotely.
  • the present principles will be described primarily within the context of set-top boxes, the specific embodiments of the present principles should not be treated as limiting the scope of the invention. It will be appreciated by those skilled in the art and informed by the teachings of the present principles that the concepts of the present principles can be advantageously applied to any access devices.
  • processor or “controller” should not be construed to refer exclusively to hardware capable of executing software, and can implicitly include, without limitation, digital signal processor (“DSP”) hardware, read-only memory (“ROM”) for storing software, random access memory (“RAM”), and non-volatile storage.
  • DSP digital signal processor
  • ROM read-only memory
  • RAM random access memory
  • FIG. 1 depicts a high level block diagram of a system 100 for enabling a user to access subscription services remotely in accordance with an embodiment of the present principles.
  • the system 100 of FIG. 1 includes an access device 105, illustratively a set-top box (STB), a communications network 1 10 (illustratively the Internet) and an identification device 1 15 (illustratively an ePersona identification device).
  • STB set-top box
  • an identification device 1 15 illustrated as an ePersona identification device.
  • an access device for providing content to the user 1 02 can include a gateway, a television set, a mobile communication device such as a mobile phone or tablet, an automobile, a satellite receiver and other content consumption devices.
  • the network 1 10 comprises the Internet
  • the network can comprise a local area network, a wide area network, an in-home/in-store network or any other network for distributing data and/or content.
  • content can include data, audio, video and any combination thereof.
  • a user communicates authentication information to the STB 105. That is, in one embodiment of the present principles, the user enters authentication information such as a password or code using a keyboard or other input device or user interface device. In alternate embodiments of the present principles, the user can waive or present an authentication key or card to the STB 105.
  • the STB 105 Upon receiving authentication information from the user, the STB 105 communicates, through the network 1 1 0, with the ePersona identification device 1 15. At the ePersona identification device 1 1 5, the authentication information
  • a user's ePersona represents at least one of data, content, applications and/or services that a user has authority to access, for example, by having a subscription, paid or otherwise.
  • the identification device 1 1 5 communicates information such as to what data, content, applications and/or services a user has the authority to access and such information can include subscription service information needed to access the data, content, applications and/or services accessible to the user.
  • the STB 105 contacts one or more of the providers of the data, content, applications and/or services for which the system can provide access, with the user's credentials, to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user.
  • the ePersona identification device 1 1 5 is depicted as comprising a separate device, in alternate embodiments of the present principles, the functionality of an ePersona identification device of the present principles can be incorporated into the STB 105 or other network/access device.
  • FIG. 2 depicts a high level block diagram of an ePersona identification device 1 15 suitable for implementation in the system of FIG. 1 in accordance with an embodiment of the present principles.
  • the ePersona identification device 1 1 5 of FIG. 2 illustratively comprises a processor 210 in communication with various internal components such as a memory 220, a wireless interface/station 230 and other internal support circuits 240.
  • the memory 220 can include any suitable memory, such as, for example, RAM, DRAM, a hard disk drive storage device, a solid state storage device, etc.
  • the wireless interface 230 can include any suitable interface capable of operating with one or more wireless communication protocols.
  • an identification device of the present invention can further optionally include an encryption means 275 for encrypting at least the information communicated to the access device, which is described in further detail below.
  • encryption means can include encryption software and or circuit, an encoding circuit or any other means known by those skilled in the art for accomplishing encryption as described herein.
  • the ePersona identification device 1 15 of FIG. 2 is depicted as a general purpose computer that is programmed to perform various control functions in accordance with the present principles, the invention can be implemented in hardware, for example, as an application specified integrated circuit (ASIC). As such, the process steps described herein are intended to be broadly interpreted as being equivalently performed by software, hardware, or a combination thereof.
  • ASIC application specified integrated circuit
  • FIG. 3 depicts a flow diagram of a method 300 in an identification device for enabling remote access to subscription services in accordance with an embodiment of the present principles.
  • the method 300 begins at step 302 during which user authentication information is received from an access device such as the STB 105 of FIG. 1 .
  • the method 400 then proceeds to step 304.
  • the received user authentication information is compared to stored authentication information to determine if a match exists.
  • the authentication is compared to stored authentication information to determine if a match exists. For example, in the embodiment of the present principles depicted in FIG. 1 , the authentication
  • step 308 If a match exists then the user's ePersona is identified and the method 300 proceeds to step 308.
  • a message is communicated that no match of the authentication information exists. For example, in an embodiment of the present principles such as the embodiment of the present principles depicted in FIG. 1 , a message is communicated to the STB 105 that no match of the requesting users authentication information was found and that access to subscription services will not be granted. The method 300 can then be exited.
  • step 308 information regarding to what data, content, applications and/or services a user has access is communicated to the access device.
  • information can further include subscription information required to access subscription services.
  • a requesting user's ePersona is identified and information regarding data, content, applications and/or services to which the requesting user has access is
  • Such information can further include subscription information required by the STB 1 05 to access subscription services for the requesting user.
  • the STB 1 05 can then use such information to contact providers of the data, content, applications and/or services, for which the system 1 00 can provide access, with the user's credentials to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user.
  • the method 300 can then be exited.
  • FIG. 4 depicts a flow diagram of a method 400 in an access device for enabling remote access to subscription services in accordance with an embodiment of the present principles.
  • the method 400 begins at step 402 during which a user authentication information is received.
  • the method 400 then proceeds to step 404.
  • the received user authentication information is communicated over a network to an identification device.
  • an identification device For example, in the embodiment of the present principles depicted in FIG. 1 , the received user authentication information is communicated by the STB 105 over the Internet 1 10 to the ePersona identification device 1 15. The method 400 then proceeds to step 406.
  • step 406 if a match of the user authentication information is found, information regarding to what data, content, applications and/or services a user has access is received.
  • the authentication information communicated by the user to the STB 105 and communicated by the STB 105 to the ePersona identification device 1 1 5 is compared to information stored in the ePersona identification device 1 1 5 to attempt to find a match. If a match exists, then the user's ePersona is identified. Such information is communicated by the ePersona identification device 1 15, for example, over the Internet and received by the STB 1 05.
  • the method 400 then proceeds to step 408.
  • step 408 access to data, content, applications and/or services which a user is authorized to receive is granted to the user.
  • the STB 105 contacts providers of the data, content, applications and/or services, for which the system 100 can provide access, with the user's credentials to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user.
  • the method 400 can then be exited.
  • the present principles as described herein further includes a verification process. More specifically, in an alternate embodiment of the present principles but with reference to FIG.
  • the ePersona identification device 1 15 communicates a request for verification information to the STB 105 in an attempt to validate a user requesting information.
  • the STB 105 requests verification data from the requesting user.
  • the requesting user can then enter verification data such as a password or keyword or the like.
  • the STB 105 can then validate the user or in alternate
  • the STB 105 can communicate the verification data to the ePersona identification device 1 15 for validation of the user. After verification of the user, such embodiments of the present principles can then proceed by communicating information regarding to what data, content, applications and/or services a user has access (i.e., a user's ePersona) to the STB 1 05.
  • a user's ePersona Such embodiments of the present principles
  • the present principles as described herein can further include encrypted ePersona data. More specifically, in an alternate embodiment of the present principles but with reference to FIG. 1 , once a match is found in the ePersona identification device 1 15 and a user's ePersona is identified, the ePersona identification device 1 15, in one embodiment, communicates an encrypted version of the requesting user's ePersona to the STB 1 05 or
  • the STB 1 05 alternatively instructs the STB 1 05 to request a PIN or password from the requesting user.
  • the STB 105 requests a PIN or password from the requesting user.
  • the PIN or password is communicated by the STB 105 to the ePersona identification device 1 15 and if the PIN or password is valid for the encrypted ePersona, then the ePersona identification device 1 1 5 either communicates data to the STB 105 to unlock/decrypt the ePersona or alternatively unlocks/decrypts the ePersona and communicates information regarding to what data, content, applications and/or services a user has access (i.e., a user's ePersona) to the STB 1 05.
  • Such embodiments of the present principles can then continue as described above with reference to FIG. 1 .
  • the STB 105 when a user is finished interacting with the STB 105, the user requests to end the session and to remove his/her credentials. In response the STB 105 securely deletes data, content, applications and/or services along with user's ePersona. More specifically, in response to a user request to end a content consumption session, the STB 105 securely deletes data, content and ePersona information associated with the user's content consumption session and denies access to applications and/or services associated with the user's content consumption session.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Methods, apparatus and system for enabling a user to access subscription services remotely are provided. Authentication information from a user requesting access to subscription services is received and compared with stored authentication information to attempt to find a match. If a match is found, the requesting user's ePersona is identified, which identifies at least to what, at least one of, data, content, applications and/or services the requesting user has access. Such information is communicated to an access device, optionally, along with subscription service information. Using the user's credentials, the access device then contacts providers of the at least one of data, content, applications and/or services, for which a system in which the access device is included can provide access, to attempt to access and deliver to the user the at least one of data, content, applications and/or services from the respective providers.

Description

METHODS, APPARATUS AND SYSTEM FOR ENABLING
REMOTE ACCESS TO SUBSCRIPTION SERVICES
FIELD OF THE INVENTION
The present principles generally relates to subscription services, and more particularly, to methods, an apparatus and a system for enabling a user to access subscription services remotely.
BACKGROUND OF THE INVENTION
A user can lose access to a paid subscription when attempting to seek access through a media content delivery service (e.g., a broadcast satellite or cable) because providers of broadcast media have traditionally relied on a hardware-centric rights management structure often incompatible with many paid subscription services. It would be desirable for a user to have access to a subscription service even when using a proprietary device not typically designed or designated for receiving that paid subscription service.
SUMMARY OF THE INVENTION Embodiments of the present principles address these and other deficiencies of the prior art by providing methods, an apparatus and a system by which a user can access subscription services remotely.
In one embodiment of the present principles, a method includes receiving a requesting user's authentication information from an access device, comparing the received user authentication information to stored authentication information to determine if a match exists, and if a match exists, communicating, to the access device, information regarding at least to what, at least one of, data, content, applications and/or services to which the requesting user has access. . In an alternate embodiment of the present principles, an identification device includes a memory for storing at least one of program routines, identification information, content and data, and a processor for executing the program routines. In such embodiments, the apparatus is configured to receive a requesting user's authentication information from an access device, compare the received user authentication information to stored authentication information to determine if a match exists, and if a match exists, communicate, to the access device, information regarding at least to what, at least one of, data, content, applications and/or services the requesting user has access.
In an alternate embodiment of the present invention, a system includes an access device in communication with an authentication device via a network, the network providing at least communication between the access device and an authentication device and the authentication device including a memory for storing at least one of program routines, identification information, content and data and a processor for executing the program routines. In such an embodiment, the authentication device is configured to receive a requesting user's authentication information from the access device over the network, compare the received user authentication information to authentication information stored in the memory of the authentication device to determine if a match exists and if a match exists,
communicate, to the access device over the network, information regarding at least to what, at least one of, data, content, applications and/or services the requesting user has access.
In yet an alternate embodiment of the present principles, a method in an access device for enabling remote access to subscription services includes receiving a requesting user's authentication information, communicating the received user authentication to an identification device at which the user authentication information is compared to stored authentication information to determine if a match exists, if a match exists, receiving from the access device, information regarding at least to what, at least one of, data, content, applications and/or services the requesting user has access, and enabling the requesting user access to the at least one of data, content, applications and/or services to which the user has access and for which the user has requested access.
BRIEF DESCRIPTION OF THE DRAWINGS
The teachings of the present principles can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
FIG. 1 depicts a high level block diagram of a system for enabling a user to access subscription services remotely in accordance with an embodiment of the present principles;
FIG. 2 depicts a high level block diagram of an identification device suitable for implementation in the system of FIG. 1 in accordance with an embodiment of the present principles;
FIG. 3 depicts a flow diagram of a method in an identification device for enabling remote access to subscription services in accordance with an embodiment of the present principles; and
FIG. 4 depicts a flow diagram of a method in an access device for enabling remote access to subscription services in accordance with an embodiment of the present principles. It should be understood that the drawing(s) are for purposes of illustrating the concepts of the various described principles and are not necessarily the only possible configuration for illustrating the principles.
To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
DETAILED DESCRIPTION
Embodiments of the present principles advantageously provide methods, an apparatus and a system for enabling a user to access subscription services remotely. Although the present principles will be described primarily within the context of set-top boxes, the specific embodiments of the present principles should not be treated as limiting the scope of the invention. It will be appreciated by those skilled in the art and informed by the teachings of the present principles that the concepts of the present principles can be advantageously applied to any access devices.
The functions of the various elements shown in the figures can be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions can be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which can be shared. Moreover, explicit use of the term "processor" or "controller" should not be construed to refer exclusively to hardware capable of executing software, and can implicitly include, without limitation, digital signal processor ("DSP") hardware, read-only memory ("ROM") for storing software, random access memory ("RAM"), and non-volatile storage. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure).
Thus, for example, it will be appreciated by those skilled in the art that the block diagrams presented herein represent conceptual views of illustrative system components and/or circuitry embodying the principles of the invention. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudocode, and the like represent various processes which may be substantially represented in computer readable media and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
Furthermore, because some of the constituent system components and methods depicted in the accompanying drawings can be implemented in software, the actual connections between the system components or the process function blocks may differ depending upon the manner in which the present principles are
programmed. Given the teachings herein, one of ordinary skill in the pertinent art will be able to contemplate these and similar implementations or configurations of the present principles.
FIG. 1 depicts a high level block diagram of a system 100 for enabling a user to access subscription services remotely in accordance with an embodiment of the present principles. The system 100 of FIG. 1 includes an access device 105, illustratively a set-top box (STB), a communications network 1 10 (illustratively the Internet) and an identification device 1 15 (illustratively an ePersona identification device). Although the embodiment of FIG. 1 includes a set-top box for communicating with the network 1 10 for providing content to a user 1 02, in alternate embodiments of the present principles, an access device for providing content to the user 1 02 can include a gateway, a television set, a mobile communication device such as a mobile phone or tablet, an automobile, a satellite receiver and other content consumption devices. In addition, although in the embodiment of FIG. 1 , the network 1 10 comprises the Internet, in alternate embodiments of the present principles, the network can comprise a local area network, a wide area network, an in-home/in-store network or any other network for distributing data and/or content. For purposes of the description of the various embodiments of the present principles, content can include data, audio, video and any combination thereof.
In the system 100 of FIG. 1 , a user communicates authentication information to the STB 105. That is, in one embodiment of the present principles, the user enters authentication information such as a password or code using a keyboard or other input device or user interface device. In alternate embodiments of the present principles, the user can waive or present an authentication key or card to the STB 105.
Upon receiving authentication information from the user, the STB 105 communicates, through the network 1 1 0, with the ePersona identification device 1 15. At the ePersona identification device 1 1 5, the authentication information
communicated by the user via the STB 105 is compared to information stored in the ePersona identification device 1 1 5 to attempt to find a match. If a match exists, then the user's ePersona is identified. More specifically, in accordance with embodiments of the present principles, a user's ePersona represents at least one of data, content, applications and/or services that a user has authority to access, for example, by having a subscription, paid or otherwise.
Information regarding to what data, content, applications and/or services a user has access (i.e., a user's ePersona) is communicated to the STB 105 which then enables a user to access such data, content, applications and/or services if the STB 105 and network 1 10 are capable of providing such access. That is, in one
embodiment of the present principles, the identification device 1 1 5 communicates information such as to what data, content, applications and/or services a user has the authority to access and such information can include subscription service information needed to access the data, content, applications and/or services accessible to the user.
Having such information available, the STB 105 contacts one or more of the providers of the data, content, applications and/or services for which the system can provide access, with the user's credentials, to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user. It should be noted that although in FIG. 1 the ePersona identification device 1 1 5 is depicted as comprising a separate device, in alternate embodiments of the present principles, the functionality of an ePersona identification device of the present principles can be incorporated into the STB 105 or other network/access device.
FIG. 2 depicts a high level block diagram of an ePersona identification device 1 15 suitable for implementation in the system of FIG. 1 in accordance with an embodiment of the present principles. The ePersona identification device 1 1 5 of FIG. 2 illustratively comprises a processor 210 in communication with various internal components such as a memory 220, a wireless interface/station 230 and other internal support circuits 240. The memory 220 can include any suitable memory, such as, for example, RAM, DRAM, a hard disk drive storage device, a solid state storage device, etc. The wireless interface 230 can include any suitable interface capable of operating with one or more wireless communication protocols. In the ePersona identification device 1 15 of FIG. 2, one or more I/O circuits 240 (e.g., USB, Ethernet, etc.), also connected to the processor 21 0 provide some external communication capability to the ePersona identification device 1 15. In various embodiments of the present principles, an identification device of the present invention, such as the identification device 1 15 of FIG. 1 , can further optionally include an encryption means 275 for encrypting at least the information communicated to the access device, which is described in further detail below. In various embodiments of the present principles, such encryption means can include encryption software and or circuit, an encoding circuit or any other means known by those skilled in the art for accomplishing encryption as described herein.
Although the ePersona identification device 1 15 of FIG. 2 is depicted as a general purpose computer that is programmed to perform various control functions in accordance with the present principles, the invention can be implemented in hardware, for example, as an application specified integrated circuit (ASIC). As such, the process steps described herein are intended to be broadly interpreted as being equivalently performed by software, hardware, or a combination thereof.
FIG. 3 depicts a flow diagram of a method 300 in an identification device for enabling remote access to subscription services in accordance with an embodiment of the present principles. The method 300 begins at step 302 during which user authentication information is received from an access device such as the STB 105 of FIG. 1 . The method 400 then proceeds to step 304.
At step 304, the received user authentication information is compared to stored authentication information to determine if a match exists. For example, in the embodiment of the present principles depicted in FIG. 1 , the authentication
information communicated by the STB 105 to the ePersona identification device 1 15 is compared to information stored in the ePersona identification device 1 15 to attempt to find a match. If no match exists, the method 300 can be exited or alternatively the method can optionally proceed to step 306. If a match exists then the user's ePersona is identified and the method 300 proceeds to step 308.
At optional step 306, a message is communicated that no match of the authentication information exists. For example, in an embodiment of the present principles such as the embodiment of the present principles depicted in FIG. 1 , a message is communicated to the STB 105 that no match of the requesting users authentication information was found and that access to subscription services will not be granted. The method 300 can then be exited.
At step 308, information regarding to what data, content, applications and/or services a user has access is communicated to the access device. Such information can further include subscription information required to access subscription services. For example, in the embodiment of the present principles depicted in FIG. 1 , a requesting user's ePersona is identified and information regarding data, content, applications and/or services to which the requesting user has access is
communicated over the Internet 1 10 to the STB 105. Such information can further include subscription information required by the STB 1 05 to access subscription services for the requesting user. The STB 1 05 can then use such information to contact providers of the data, content, applications and/or services, for which the system 1 00 can provide access, with the user's credentials to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user. The method 300 can then be exited.
FIG. 4 depicts a flow diagram of a method 400 in an access device for enabling remote access to subscription services in accordance with an embodiment of the present principles. The method 400 begins at step 402 during which a user authentication information is received. The method 400 then proceeds to step 404.
At step 404, the received user authentication information is communicated over a network to an identification device. For example, in the embodiment of the present principles depicted in FIG. 1 , the received user authentication information is communicated by the STB 105 over the Internet 1 10 to the ePersona identification device 1 15. The method 400 then proceeds to step 406.
At step 406, if a match of the user authentication information is found, information regarding to what data, content, applications and/or services a user has access is received. For example, in the embodiment of the present principles depicted in FIG. 1 , at the ePersona identification device 1 15, the authentication information communicated by the user to the STB 105 and communicated by the STB 105 to the ePersona identification device 1 1 5 is compared to information stored in the ePersona identification device 1 1 5 to attempt to find a match. If a match exists, then the user's ePersona is identified. Such information is communicated by the ePersona identification device 1 15, for example, over the Internet and received by the STB 1 05. The method 400 then proceeds to step 408.
At step 408, access to data, content, applications and/or services which a user is authorized to receive is granted to the user. For example, in the embodiment of the present principles depicted in FIG. 1 , the STB 105 contacts providers of the data, content, applications and/or services, for which the system 100 can provide access, with the user's credentials to attempt to access and deliver the data, content, applications and/or services from the respective providers to the user. The method 400 can then be exited. In alternate embodiments of the present principles, the present principles as described herein further includes a verification process. More specifically, in an alternate embodiment of the present principles but with reference to FIG. 1 , once a match is found in the ePersona identification device 1 15 and a user's ePersona is identified, the ePersona identification device 1 15 communicates a request for verification information to the STB 105 in an attempt to validate a user requesting information. In such an embodiment of the present principles, the STB 105 requests verification data from the requesting user. The requesting user can then enter verification data such as a password or keyword or the like. In one embodiment of the present principles, the STB 105 can then validate the user or in alternate
embodiments of the present principles, the STB 105 can communicate the verification data to the ePersona identification device 1 15 for validation of the user. After verification of the user, such embodiments of the present principles can then proceed by communicating information regarding to what data, content, applications and/or services a user has access (i.e., a user's ePersona) to the STB 1 05. Such
embodiments of the present principles can then continue as described above with reference to FIG. 1 .
In yet alternate embodiments of the present principles, the present principles as described herein can further include encrypted ePersona data. More specifically, in an alternate embodiment of the present principles but with reference to FIG. 1 , once a match is found in the ePersona identification device 1 15 and a user's ePersona is identified, the ePersona identification device 1 15, in one embodiment, communicates an encrypted version of the requesting user's ePersona to the STB 1 05 or
alternatively instructs the STB 1 05 to request a PIN or password from the requesting user. The STB 105 then requests a PIN or password from the requesting user. The PIN or password is communicated by the STB 105 to the ePersona identification device 1 15 and if the PIN or password is valid for the encrypted ePersona, then the ePersona identification device 1 1 5 either communicates data to the STB 105 to unlock/decrypt the ePersona or alternatively unlocks/decrypts the ePersona and communicates information regarding to what data, content, applications and/or services a user has access (i.e., a user's ePersona) to the STB 1 05. Such embodiments of the present principles can then continue as described above with reference to FIG. 1 .
In various embodiments of the present principles, when a user is finished interacting with the STB 105, the user requests to end the session and to remove his/her credentials. In response the STB 105 securely deletes data, content, applications and/or services along with user's ePersona. More specifically, in response to a user request to end a content consumption session, the STB 105 securely deletes data, content and ePersona information associated with the user's content consumption session and denies access to applications and/or services associated with the user's content consumption session.
Having described various embodiments of methods, an apparatus and a system for enabling remote access to subscription services (which are intended to be illustrative and not limiting), it is noted that modifications and variations can be made by persons skilled in the art in light of the above teachings. It is therefore to be understood that changes may be made in the particular embodiments of the invention disclosed which are within the scope and spirit of the invention. While the forgoing is directed to various embodiments of the present principles, other and further embodiments of the invention may be devised without departing from the basic scope thereof.

Claims

CLAIMS:
1 . A method for enabling remote access to subscription services comprising the steps of:
receiving a requesting user's authentication information from an access device; comparing the received user authentication information to stored authentication information to determine if a match exists; and
if a match exists, communicating, to the access device, information regarding at least to what, at least one of, data, content, applications and services the requesting user has access.
2. The method of claim 1 , wherein said information communicated to the access device comprises subscription information.
3. The method of claim 1 , comprising:
communicating a request to the access device for verification information from the requesting user.
4. The method of claim 3, comprising:
receiving the verification information;
validating the verification information; and
communicating the information regarding at least to what, at least one of, data, content, applications and services the requesting user has access, to the access device.
5. The method of claim 4, where said validating comprises comparing the received verification information to stored verification information and validating the verification information if a match exists.
6. The method of claim 1 , wherein the information communicated to the access device is encrypted.
7. The method of claim 6, comprising:
communicating, to a user via the access device, a request for at least one of a password and PIN number; and
upon receiving and validating at least one of the password and the PIN number, communicating decryption data to the access device for decrypting the encrypted information communicated to the access device.
8. An apparatus for enabling remote access to subscription services, comprising: a memory for storing at least one of program routines, identification information, content and data; and
a processor for executing said program routines;
said apparatus configured to:
receive a requesting user's authentication information from an access device;
compare the received user authentication information to stored authentication information to determine if a match exists; and
if a match exists, communicate, to the access device, information regarding at least to what, at least one of, data, content, applications and services the requesting user has access.
9. The apparatus of claim 8, wherein said apparatus comprises an authentication device.
10. The apparatus of claim 8, wherein said apparatus comprises an integrated component of said access device.
1 1 . The apparatus of claim 8, wherein said apparatus is further configured to communicate a request to the access device for verification information from the requesting user.
12. The apparatus of claim 1 1 , comprising encryption means for encrypting at least the information communicated to the access device.
13. A system for enabling remote access to subscription services, comprising:
an access device in communication with an authentication device via a network;
the network providing at least communication between the access device and an authentication device;
the authentication device comprising a memory for storing at least one of program routines, identification information, content and data and a processor for executing said program routines;
the authentication device configured to:
receive a requesting user's authentication information from the access device over the network;
compare the received user authentication information to authentication information stored in the memory of the authentication device to determine if a match exists; and
if a match exists, communicate, to the access device over the network, information regarding at least to what, at least one of, data, content, applications and services the requesting user has access.
14. The system of claim 13, wherein said system further comprises an encryption means for encrypting at least the information communicated to the access device.
15. The system of claim 14, wherein said encryption means comprises at least one of a functionality and a component of said authentication device.
16. A method in an access device for enabling remote access to subscription services comprising the steps of:
receiving a requesting user's authentication information;
communicating the received user authentication to an identification device at which the user authentication information is compared to stored authentication information to determine if a match exists;
if a match exists, receiving from the access device, information regarding at least to what, at least one of, data, content, applications and services the requesting user has access; and enabling the requesting user access to the at least one of data, content, applications and services to which the user has access and for which the user has requested access.
17. The method of claim 16, comprising:
receiving a request from the identification device for verification information from the requesting user.
18. The method of claim 17, wherein the request for verification information is received before the information regarding at least to what, at least one of, data, content, applications and services the requesting user has access is received.
19. The method of claim 17, comprising:
receiving the verification information from the user;
communicating the verification information to the identification device;
receiving a validation of the verification information from the identification device; and
enabling the requesting user access to the at least one of data, content, applications and services to which the user has access and for which the user has requested access.
20. The method of claim 16, wherein the information received from the identification device is encrypted.
21 . The method of claim 20, comprising:
communicating, to the user, a request for at least one of a password and PIN number;
communicating the at least one of the password and PIN number received in response to the request to the identification device; and
upon receiving decryption from the identification device, decrypting the encrypted information received from the identification device.
PCT/US2013/076045 2013-12-18 2013-12-18 Methods, apparatus and system for enabling remote access to subscription services WO2015094217A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2013/076045 WO2015094217A1 (en) 2013-12-18 2013-12-18 Methods, apparatus and system for enabling remote access to subscription services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2013/076045 WO2015094217A1 (en) 2013-12-18 2013-12-18 Methods, apparatus and system for enabling remote access to subscription services

Publications (1)

Publication Number Publication Date
WO2015094217A1 true WO2015094217A1 (en) 2015-06-25

Family

ID=49958682

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/076045 WO2015094217A1 (en) 2013-12-18 2013-12-18 Methods, apparatus and system for enabling remote access to subscription services

Country Status (1)

Country Link
WO (1) WO2015094217A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090178113A1 (en) * 2008-01-04 2009-07-09 At&T Delaware Intellectual Property, Inc. Apparatus, methods, and computer program products for providing portable communication identity services
US20120129489A1 (en) * 2010-06-10 2012-05-24 Cricket Communications, Inc. Unlimited media access over wireless infrastructure

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090178113A1 (en) * 2008-01-04 2009-07-09 At&T Delaware Intellectual Property, Inc. Apparatus, methods, and computer program products for providing portable communication identity services
US20120129489A1 (en) * 2010-06-10 2012-05-24 Cricket Communications, Inc. Unlimited media access over wireless infrastructure

Similar Documents

Publication Publication Date Title
US9736140B1 (en) Secure authorization for accessing content on a shareable device
EP2194691B1 (en) Remote access of drm protected internet protocol (ip)-based content over an ip multimedia subsystem (ims)-based network
US9774595B2 (en) Method of authentication by token
KR101419984B1 (en) System and method for sharing content suing nfc in cloud circumstance
EP2605168B1 (en) System and method for preventing the unauthorized playback of content
US20130283033A1 (en) Token-based entitlement verification for streaming media decryption
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
US9330250B2 (en) Authorization of media content transfer between home media server and client device
US20120124613A1 (en) Content entitlement determinations for playback of video streams on portable devices
US20150295935A1 (en) Voucher authorization for cloud server
US7937750B2 (en) DRM system for devices communicating with a portable device
CN109413648B (en) Access control method, terminal, smart card, background server and storage medium
KR20200075099A (en) Apparatus for issuing cryptographic key of internet of things device using 2-step authentication and method thereof
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
US20100161974A1 (en) Master terminal capable of registering and managing terminals of personal use scope, and method and system using the same
US11153628B2 (en) Networked personal video storage and delivery
CN104811303A (en) Two-way authentication method, two-way authentication device and two-way authentication system
CN107040501B (en) Authentication method and device based on platform as a service
US20150096057A1 (en) Device Robustness Framework
KR20080088012A (en) Interworking authentication method of multiple terminals using user identification information
WO2015094217A1 (en) Methods, apparatus and system for enabling remote access to subscription services
Yeh et al. A robust NFC-based personalized IPTV service system
KR20130125055A (en) Network information controller system by using ip address and mac address and method thereof
US20240338426A1 (en) Methods and devices for controlling access to a software asset
CN101873468A (en) A digital television conditional access system, device and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13821562

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13821562

Country of ref document: EP

Kind code of ref document: A1