Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
5949876
Ginter , ; et al.
September 7, 1999
Title
Systems and methods for secure transaction management and electronic rights protection
Abstract
The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the "electronic highway."
Inventors:
Ginter; Karl L.
(Beltsville,
MD
)
, Shear; Victor H.
(Bethesda,
MD
)
, Spahn; Francis J.
(El Cerrito,
CA
)
, Van Wie; David M.
(Sunnyvale,
CA
)
Assignee:
InterTrust Technologies Corporation
(Sunnyvale,
CA
)
Appl. No.:
778256
Filed:
January 8, 1997
Current U.S. Class:
705/80
705/1
705/39
705/54
Field of Search:
395/237,241 380/4,16,49,24 705/39
U.S. Patent Documents
4309569
January 1982
Merkle
4337483
June 1982
Guillou
4465901
August 1984
Best
4558176
December 1985
Arnold et al.
4672572
June 1987
Alsberg
4713753
December 1987
Boebert et al.
4757534
July 1988
Matyas et al.
4796181
January 1989
Wiedemer
4799156
January 1989
Shavit et al.
4807288
February 1989
Ugon et al.
4817140
March 1989
Chandra et al.
4823264
April 1989
Deming
4858121
August 1989
Barber et al.
4864494
September 1989
Kobus
4868877
September 1989
Fischer
4903296
February 1990
Chandra et al.
4930073
May 1990
Cina, Jr.
4999806
March 1991
Chernow et al.
5005200
April 1991
Fischer
5047928
September 1991
Wiedemer
5091966
February 1992
Bloomberg et al.
5103476
April 1992
Waite et al.
5111390
May 1992
Ketcham
5128525
July 1992
Stearns et al.
5136643
August 1992
Fischer
5136646
August 1992
Haber et al.
5136647
August 1992
Haber et al.
5146575
September 1992
Nolan, Jr.
5155680
October 1992
Wiedemer
5168147
December 1992
Bloomberg
5185717
February 1993
Mori
5201046
April 1993
Goldberg et al.
5201047
April 1993
Maki et al.
5208748
May 1993
Flores et al.
5214702
May 1993
Fischer
5216603
June 1993
Flores et al.
5221833
June 1993
Hecht
5222134
June 1993
Waite et al.
5224160
June 1993
Paulini et al.
5224163
June 1993
Gasser et al.
5235642
August 1993
Wobber et al.
5245165
September 1993
Zhang
5247575
September 1993
Sprague et al.
5260999
November 1993
Wyman
5265164
November 1993
Matyas et al.
5276735
January 1994
Boebert et al.
5280479
January 1994
Mary
5285494
February 1994
Sprecher et al.
5301231
April 1994
Abraham et al.
5319705
June 1994
Halter et al.
5337360
August 1994
Fischer
5341429
August 1994
Stringer et al.
5343527
August 1994
Moore
5347579
September 1994
Blandford
5351293
September 1994
Michener et al.
5355474
October 1994
Thuraisngham et al.
5365587
November 1994
Campbell et al.
5373561
December 1994
Haber et al.
5390247
February 1995
Fischer
5390330
February 1995
Talati
5392220
February 1995
van den Hamer et al.
5392390
February 1995
Crozier
5394469
February 1995
Nagel et al.
5412717
May 1995
Fischer
5421006
May 1995
Jablon
5422953
June 1995
Fischer
5428606
June 1995
Moskowitz
5442645
August 1995
Ugon
5444779
August 1995
Daniele
5449895
September 1995
Hecht et al.
5449896
September 1995
Hecht et al.
5450493
September 1995
Maher
5453605
September 1995
Hecht et al.
5455861
October 1995
Faucher et al.
5455953
October 1995
Russell
5457746
October 1995
Dolphin
5463565
October 1995
Cookson et al.
5473687
December 1995
Lipscomb et al.
5473692
December 1995
Davis
5479509
December 1995
Ugon
5485622
January 1996
Yamaki
5491800
February 1996
Goldsmith et al.
5497479
March 1996
Hornbuckle
5497491
March 1996
Mitchell et al.
5499298
March 1996
Narasimhalu et al.
5504757
April 1996
Cook et al.
5504818
April 1996
Okano
5504837
April 1996
Griffeth et al.
5508913
April 1996
Yamamoto et al.
5509070
April 1996
Schull
5513261
April 1996
Maher
5530235
June 1996
Stefik et al.
5530752
June 1996
Rubin
5533123
July 1996
Force et al.
5534975
July 1996
Stefik et al.
5537526
July 1996
Anderson et al.
5539735
July 1996
Moskowitz
5539828
July 1996
Davis
5550971
August 1996
Brunner et al.
5553282
September 1996
Parrish et al.
5563946
October 1996
Cooper et al.
5568552
October 1996
Davis
5572673
November 1996
Shurts
5592549
January 1997
Nagel et al.
5606609
February 1997
Houser et al.
5613004
March 1997
Cooperman et al.
5621797
April 1997
Rosen
5629980
May 1997
Stefik et al.
5633932
May 1997
Davis et al.
5634012
May 1997
Stefik et al.
5636292
June 1997
Rhoads
5638443
June 1997
Stefik et al.
5638504
June 1997
Scott et al.
5640546
June 1997
Gopinath et al.
5655077
August 1997
Jones et al.
5687236
November 1997
Moskowitz et al.
5689587
November 1997
Bender et al.
5692180
November 1997
Lee
5710834
January 1998
Rhoads
5740549
April 1998
Reilly et al.
5745604
April 1998
Rhoads
5748763
May 1998
Rhoads
5748783
May 1998
Rhoads
5748960
May 1998
Fischer
5754849
May 1998
Dyer et al.
5757914
May 1998
McManis
5758152
May 1998
LeTourneau
5765152
January 1998
Erickson
5768426
June 1998
Rhoads
Foreign Patent Documents
0 370 146
Nov., 1988
EP
0 456 386 A2
Nov., 1991
EP
0 469 864 A2
Feb., 1992
EP
0 469 864 A3
Feb., 1992
EP
0 565 314 A2
Oct., 1993
EP
0 593 305 A2
Apr., 1994
EP
0 651 554 A1
May., 1995
EP
0 668 695 A2
Aug., 1995
EP
0 695 985 A1
Feb., 1996
EP
0 696 798 A1
Feb., 1996
EP
0 725 376
Aug., 1996
EP
0 778 513 A2
Jun., 1997
EP
0 795 873 A2
Sep., 1997
EP
0128672
Dec., 1984
EP
0180460
May., 1986
EP
0399822A2
Nov., 1990
EP
0421409A2
Apr., 1991
EP
0749081A1
Dec., 1996
EP
1-068835
Mar., 1989
JP
2-242352
Sep., 1990
JP
2-247763
Oct., 1990
JP
2-294855
Dec., 1990
JP
2264796
Sep., 1993
GB
2294348
Apr., 1996
GB
2295947
Jun., 1996
GB
3803982A1
Jan., 1990
DE
4-369068
Dec., 1992
JP
5-181734
Jul., 1993
JP
5-257783
Oct., 1993
JP
5-268415
Oct., 1993
JP
6-175794
Jun., 1994
JP
6-215010
Aug., 1994
JP
62-241061
Oct., 1987
JP
6225059
Aug., 1994
JP
64-68835
Mar., 1989
JP
7-056794
Mar., 1995
JP
7-084852
Mar., 1995
JP
7-141138
Jun., 1995
JP
7-200317
Aug., 1995
JP
7-200492
Aug., 1995
JP
7-244639
Sep., 1995
JP
8-137795
May., 1996
JP
8-152990
Jun., 1996
JP
8-185298
Jul., 1996
JP
WO 90/02382
Mar., 1990
WO
WO 92/06438
Apr., 1992
WO
WO 94/01821
Jan., 1994
WO
WO 94/16395
Jul., 1994
WO
WO 94/18620
Aug., 1994
WO
WO 94/22266
Sep., 1994
WO
WO 94/27406
Nov., 1994
WO
WO 96/00963
Jan., 1996
WO
WO 96/03835
Feb., 1996
WO
WO 96/05698
Feb., 1996
WO
WO 96/06503
Feb., 1996
WO
WO 96/13013
May., 1996
WO
WO 96/21192
Jul., 1996
WO
WO 97/03423
Jan., 1997
WO
WO 97/48203
Dec., 1997
WO
WO92/22870
Dec., 1992
WO
WO93/01550
Jan., 1993
WO
WO94/03859
Feb., 1994
WO
WO9406103
Mar., 1994
WO
WO95/14289
Jun., 1995
WO
WO97/07656
Mar., 1997
WO
WO97/32251
Sep., 1997
WO
Other References
IBM Technical Disclosure Bulletin, "Multimedia Mixed Object Envelopes Supporting a Graduated Fee Scheme via Encryption," vol. 37, No. 03, Mar. 1994, Armonk, NY. .
IBM Technical Disclosure Bulletin, "Transformer Rules for Software Distribution Mechanism-Support Products," vol. 37, No. 04B, Apr. 1994, Armonk, NY. .
Suida, Karl, Mapping New Applications onto New Technologies, "Security Services in Telecommunications Networks," Mar. 8-10, 1988, Zurich. .
Applications Requirements for Innovative Video Programming; How to Foster (or Cripple) Program Development Opportunities for Interactive Video Programs Delivered on Optical Media; A Challenge for the Introduction of DVD (Digital Video Disc) (Oct. 19-20, 1995, Sheraton Universal Hotel, Universal City CA). .
Argent Information Q&A Sheet, http://www.digital-watermark.com/, Copyright 1995, The Dice Company, 7 pages. .
Arneke, David, et al., News Release, AT&T, Jan. 9, 1995, AT&T encryption system protects information services, 1 page. .
AT&T Technology, vol. 9, No. 4, New Products, Systems and Services, pp. 16-19. .
Barassi, Theodore Sedgwick, Esq., The Cybernotary: Public Key Registration and Certificaiton and Authentication of International Legal Transactions, 4 pages. .
Bruner, Rick E., PowerAgent, NetBot help advertisers reach Internet shoppers, Aug. 1997 (Document from Internet). .
CD ROM, Introducing . . . The Workflow CD-ROM Sampler, Creative Networks, MCIMail: Creative Networks, Inc., Palo Alto, California. .
Clark, Tim, Ad service gives cash back, www.news.com, Aug. 4, 1997, 2 pages (Document from Internet). .
Communications of the ACM, Jun. 1996, vol. 39, No. 6. .
Cunningham, Donna, et al., News Release, AT&T, Jan. 31, 1995, AT&T, VLSI Technology join to improve info highway security, 3 pages. .
Data Sheet, About the Digital Notary Service, Surety Technologies, Inc., 1994-95, 6 pages. .
Dempsey, et al., D-Lib Magazine, Jul./Aug. 1996 The Warwick Metadata Workshop: A Framework for the Deployent of Resource Description, Jul. 15, 1966. .
DiscStore (Electronic Publishing Resources 1991). .
Document from Internet, cgi@ncsa.uiuc.edu, CGI Common Gateway Interface, 1 page, 1996. .
DSP56000/DSP56001 Digital Signal Processor User's Manual, Motorola, 1990, p. 2-2. .
Dusse, Stephen R. and Burton S. Kaliski A Cryptographic Library for the Motorola 56000 in Damgard, I. M., Advances in Cryptology--Proceedings Eurocrypt 90, Springer-Verlag, 1991, pp. 230-244. .
Dyson, Esther, Intellectual Value, Wired Magazine, Jul. 1995, pp. 136-141 and 182-184. .
Electronic Publishing Resources Inc. Protecting Electronically Published Properties Increasing Publishing Profits (Electronic Publishing Resources 1991). .
Firefly Network, Inc., www.ffly.com, What is Firefly? Firefly revision: 41.4 Copyright 1995, 1996. .
Gleick, James, "Dead as a Dollar" The New York Times Magazine, Jun. 16, 1996, Section 6, pp. 26-30, 35, 42, 50, 54. .
Greguras, Fred, Softic Symposium '95, Copyright Clearances and Moral Rights, Nov. 30, 1995 (as updated Dec. 11, 1995), 3 pages. .
Guillou, L.: Smart Cards and Conditional Access, pp. 480-490 Advances in Cryptography, Proceedings of EuroCrypt 84 (Beth et al, Ed., Springer-Verlag 1985). .
Harman, Harry H., Modern Factor Analysis, Third Edition Revised, University of Chicago Press Chicago and London, Third revision published 1976. .
Herzberg, Amir et al., Public Protection of Software, ACM Transactions on Computer Systems, vol. 5, No. 4, Nov. 1987, pp. 371-393. .
Holt, Stannie, Start-up promises user confidentiality in Web marketing service, Info World Electric, Aug. 13, 1997 (Document from Internet). .
Hotjava.TM.: The Security Story, 4 pages. .
Invoice? What is an Invoice? Business Week, Jun. 10, 1996. .
Javasoft, Frequently Asked Questions--Applet Security, What's Java.TM.? Products and Services, Java/Soft News, Developer's Cornier,Jun. 7, 1996, 8 pages. .
Jiang, et al, A concept-Based Approach to Retrieval from an Electronic Industrialn Directory, International Journal of Electronic Commerce, vol. 1, No. 1, Fall 1996, pp. 51-72. .
Jones, Debra, Top Tech Stories, PowerAgent Introducts First Internet `Infomediary` to Empower and Protect Consumers, Aug. 13, 1997 3 pages (Document from Internet). .
Kohntopp, M., Sag's durch bie Blume, Apr. 1996, marit@schulung.netuse.de. .
Lagoze, Carl, D-Lib Magazine, Jul./Aug. 1996, The Warwick Framework, A Container Architecture for Diverse Sets of Metadata. .
Maclachlan, Malcolm, PowerAgent Debuts Spam-Free Marketing, TechWire, Aug. 13, 1997, 3 pages (Document from Internet). .
Milbrandt, E., Stenanography Info and Archive, 1996. .
Mori, Ryoichi and Masaji Kawahara, The Transactions of the EIEICE, V, Superdistribution: The Concept and the Architecture, E73 (Jul. 1990), No. 7, Tokyo, Japan. .
Mossberg, Walter S., Personal Technology, Threats to Privacy On-Line Become More Worrisome, Wall Street Journal, Oct. 24, 1996. .
Negroponte, Electronic Word of Mouth, Wired Oct. 1996, p. 218. .
News Release, Premenos Announces Templar 2.0--Next Generation Software for Secure Internet EDI, webmaster@templar.net, 1 page, Jan. 17, 1996. .
News Release, The Document Company Xerox, Xerox Announces Software Kit for Creating Working Documents with Dataglyphs, Nov. 6, 1995, Minneapolis, MN, 13 pages. .
PowerAgent Inc., Proper Use of Consumer Information of the Internet White Paper, Jun. 1997, Document from Internet, 9 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 13, 1997, 6 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 4, 1997, 5 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 13, 1997, 3 pages (Document from Internet). .
Premenos Corp. White Paper: The Future of Electronic Commerce, A Supplement to Midrange Systems, Internet webmaster@premenos.com, 4 pages. .
Press Release, National Semiconductor and EPR Partner For Information Metering/Data Security Cards (Mar. 4, 1994). .
Rankine G., Thomas--A Complete Single-Chip RSA Device, Advances in Cryptography, Proceedings of Crypto 86, pp. 480-487 (A.M. Odlyzko Ed., Springer-Verlag 1987). .
Resnick, et al., Recommender Systems, Communications of the ACM, vol. 40, No. 3, Mar. 1997, pp. 56-89. .
ROI (Personal Library Software, 1987 or 1988). .
ROI-Solving Critical Electronic Publishing Problems (Personal Library Software, 1987 or 1988). .
Rothstein, Edward, The New York Times, Technology, Connections, Making th eInternet come to you, through `push` technology . . . p. D5, Jan. 20, 1997. .
Rutkowski, Ken, PowerAgent Introduces First Internet `Infomediary` to Empower and Protect Consumers, Tech Talk News Story, Aug. 4, 1997 (Document from Internet). .
Sager, Ira (Edited by), Bits & Bytes, Business Week, Sep. 23, 1996, p. 142E. .
Schurmann, Jurgen, Pattern Classification, A Unified View of Statistical and Neural Approaches, John Wiley & Sons, Inc., 1996. .
Shear, Solutions for CD-ROM Pricing and Data Security Problems, pp. 530-533, CD ROM Yearbook 1988-1989 (Microsoft Press 1988 or 1989). .
Special Report, The Internet:Fulfilling the Promise The Internet: Bring Order From Chaos; Lynch, Clifford, Search the Internet; Resnick, Paul, Filtering Information on the Internet; Hearst, Marti A., Interfaces for Searching the Web; Stefik, Mark, Trusted Systems; Scientific American, Mar. 1997, pp. 49-56, 62-64, 68-72, 78-81. .
Stefik, Internet Dreams: Archetypes, Myths, and Metaphors, Letting Loose the Light: Igniting Commerce in Electronic Publication, pp. 219-253, (1996) Massachusetts Institute of Technology. .
Stefik, Mark, Introduction to Knowledge Systems, Chapter 7, Classification, pp. 543-607, 1995 by Morgan Kaufmann Publishers, Inc. .
Stefik, Mark, Letting Loose the Light, Igniting Commerce in Electronic Publication, (1994, 1995) Palo Alto, California. .
Struif, Bruno The Use of Chipcards for Electronic Signatures and Encryption in: Proceedings for the 1989 Conference on VSLI and Computer Peripherals, IEEE Computer Society Press, 1989, pp. 4/155-4/158. .
Templar Overview,: Premenos, Internet info@templar.net, 4 pages. .
Templar Software and Services: Secure, Reliable, Standards-Based EDI Over the Internet, Prementos, Internet info@templar.net, 1page. .
The Benefits of ROI For Database Protection and Usage Based Billing (Personal Library Software, 1987 or 1988). .
Voight, Joan, Beyond the Banner, Wired, Dec. 1996, pp. 196, 200, 204. .
Vonder Haar, Steven, PowerAgent Launches Commercial Service, Inter@ctive Week, Aug. 4, 1997 (Document from Internet). .
Weber, Dr. Robert, Digital Rights Management Technologies, A Report to the International Federation of Reproduction Rights Organisations, Oct. 1995,pp. 1-49. .
Weber, Dr. Robert, Digital Rights Management Technologies, Oct. 1995, 21 pages. .
Weber, Metering Technologies for Digital Intellectual Property, A Report to the International Federation of Reproduction Rights Organisations, pp. 1-29; Oct. 1994, Boston, MA, USA. .
Wepin Store, Stenography (Hidden Writing) (Common Law 1995). .
World Wide Web FAQ, How can I put an access counter on my home page?, 1 page, 1996. .
Yellin, F. Low Level Security in Java, 8 pages..~
Primary Examiner:
Barron, Jr.; Gilberto
Attorney, Agent or Firm:
Nixon & Vanderhye P.C.
Parent Case Text
This is a divisional of application Ser. No. 08/388,107, filed Feb. 13, 1995, abandoned.
Claims
We claim:
1. A method for negotiating electronic contracts, comprising:
receiving a first control set from a remote site;
providing a second control set;
performing, within a protected processing environment, an electronic negotiation between said first control set and said second control set, including providing interaction between said first and second control sets; and
producing a negotiated control set resulting from said interaction between said first and second control sets.
2. A system for supporting electronic commerce including:
means for creating a first secure control set at a first location;
means for creating a second secure control set at a second location;
means for securely communicating said first secure control set from said first location to said second location; and
means at said second location for securely integrating said first and second control sets to produce at least a third control set comprising plural elements together comprising an electronic value chain extended agreement.
3. A system for supporting electronic commerce including:
means for creating a first secure control set at a first location;
means for creating a second secure control set at a second location;
means for securely communicating said first secure control set from said first location to said second location; and
negotiation means at said second location for negotiating an electronic contract through secure execution of at least a portion of said first and second secure control sets.
4. A system as in claim 3 further including means for controlling use by a user of protected information content based on at least a portion of said first and/or second control sets.
5. A system as in claim 3 further including means for charging for at least a part of said content use.
6. A system for negotiating electronic contracts, comprising:
a storage arrangement that stores a first control set received from a remote site, and stores a second control set;
a protected processing environment, coupled to said storage arrangement, that:
(a) performs an electronic negotiation between said first control set and said second control set,
(b) provides interaction between said first and second control sets, and
(c) produces a negotiated control set resulting from said interaction between said first and second control sets.
7. A system as in claim 6 further including means for electronically enforcing said negotiated control set.
8. A system as in claim 6 further including means for generating an electronic contract based on said negotiated control set.
9. A method for supporting electronic commerce including:
creating a first secure control set at a first location;
creating a second secure control set at a second location;
securely communicating said first secure control set from said first location to said second location; and
electronically negotiating, at said second location, an electronic contract, including the step of securely executing at least a portion of said first and second secure control sets.
10. A method as in claim 1 in which said steps of receiving, providing, performing and producing occur within a Virtual Distribution Environment.
11. A system as in claim 2 in which said first location and said second location are contained within a Virtual Distribution Environment.
12. A system as in claim 3 in which said first location and said second location are contained within a Virtual Distribution Environment.
13. A system as in claim 6 in which said protected processing environment is contained within a Virtual Distribution Environment.
14. A method as in claim 9 in which said first location and said second location are contained within a Virtual Distribution Environment.
15. A method as in claim 1 in which said first control set is received from a first remote site;
said second control set is received from a second remote site; and
said performing step is produced at a third site which is different from the first remote site and the second remote site.
16. A system as in claim 6 in which said second control set is received from a second remote site; and
said protected processing environment is located at a third site which is different from said remote site and said second remote site.
17. A method as in claim 1 in which:
said first control set is generated by or for a first party distributor of protected information content;
said second control set is generated by or for a second party which desires to use said protected information content;
said electronic negotiation concerns the terms under which said second party will obtain the right to use said protected information content; and
said negotiated control set includes terms under which said second party receives the right to use said protected information content.
18. A system as in claim 2 in which:
said first secure control set includes controls generated at least in part by or for a first party distributor of protected information content;
said second secure control set includes controls generated at least in part by or for a second party which desires to use said protected information content; and
said third control set includes controls which govern terms under which said second party receives the right to use said protected information content.
19. A system as in claim 3 in which:
said first secure control set includes controls generated at least in part by or for a first party distributor of protected information content;
said second secure control set includes controls generated at least in part by or for a second party which desires to use said protected information content; and
said electronic contract includes controls which govern terms under which said second party receives the right to use said protected information content.
20. A system as in claim 6 in which:
said first control set includes controls generated at least in part by or for a first party distributor of protected information content;
said second control set includes controls generated at least in part by or for a second party which desires to use said protected information content; and
said negotiated control set includes controls which govern terms under which said second party receives the right to use said protected information content.
21. A method as in claim 9 in which
said first secure control set includes controls generated at least in part by or for a first party distributor of protected information content;
said second secure control set includes controls generated at least in part by or for a second party which desires to use said protected information content; and
said electronic contract includes controls which govern terms under which said second party receives the right to use said protected information content.
22. A method as in claim 1 in which said first control set includes terms which are desired but not required.
23. A method as in claim 1 in which said first control set includes required terms.
24. A method as in claim 2 in which said first control set includes required terms.
25. A method as in claim 1 in which said second control set includes required terms.
26. A method as in claim 1 in which said second control set includes terms which are desired but not required.
27. A method as in claim 26 in which said second control set includes required terms.
28. A system as in claim 2 in which said first secure control set includes terms which are desired but not required.
29. A system as in claim 2 in which said first secure control set includes required terms.
30. A system as in claim 28 in which said first secure control set includes required terms.
31. A system as in claim 2 in which said second secure control set includes terms which are desired but not required.
32. A system as in claim 2 in which said second secure control set includes required terms.
33. A system as in claim 31 in which said second secure control set includes required terms.
34. A system as in claim 3 in which said first secure control set includes terms which are desired but not required.
35. A system as in claim 3 in which said first secure control set includes required terms.
36. A system as in claim 34 in which said first secure control set includes required terms.
37. A system as in claim 3 in which said second secure control set includes terms which are desired but not required.
38. A system as in claim 3 in which said second secure control set includes required terms.
39. A system as in claim 38 in which said second secure control set includes required terms.
40. A system as in claim 6 in which said first control set includes terms which are desired but not required.
41. A system as in claim 6 in which said first control set includes required terms.
42. A system as in claim 40 in which said first control set includes required terms.
43. A system as in claim 6 in which said second control set includes terms which are desired but not required.
44. A system as in claim 6 in which said second control set includes required terms.
45. A system as in claim 43 in which said second control set includes required terms.
46. A method as in claim 9 in which said first secure control set includes terms which are desired but not required.
47. A method as in claim 9 in which said first secure control set includes required terms.
48. A method as in 46 in which said first secure control set includes required terms.
49. A method as in 9 in which said second secure control set includes terms which are desired but not required.
50. A method as in claim 9 in which said second secure control set includes required terms.
51. A method as in claim 49 in which said second secure control set includes required terms.
52. A method as in claim 1 in which said first control set is contained in a first PERC.
53. A method as in claim 52 in which said second control set is contained in a second PERC.
54. A method as in claim 1 in which said negotiated control set is contained in a PERC.
55. A method as in claim 1 in which said electronic negotiation is undertaken pursuant to rules contained in a third control set.
56. A method as in claim 2 in which said third control set is contained in a PERC.
57. A system as in claim 2 in which said first secure control set is contained in a first PERC.
58. A system as in claim 57 in which said second secure control set is contained in a second PERC.
59. A system as in claim 58 in which said third control set is contained in a third PERC.
60. A system as in claim 2 in which said means for securely integrating said first and second control sets includes a fourth control set.
61. A system as in claim 60 in which said fourth control set includes controls which govern said secure integration.
62. A system as in claim 60 in which said fourth control set is contained in a PERC.
63. A system as in claim 3 in which said first secure control set is contained in a PERC.
64. A system as in claim 3 in which said second secure control set is contained in a PERC.
65. A system as in claim 64 in which said negotiation means includes a third secure control set.
66. A system as in claim 65 in which said third secure control set is contained in a PERC.
67. A system as in claim 66 in which said third secure control set includes controls which govern said negotiating of said electronic contract.
68. A system as in claim 66 in which said electronic contract consists of a fourth secure control set.
69. A system as in claim 68 in which said fourth secure control set is contained in a PERC.
70. A system as in claim 6 in which said first control set is contained in a PERC.
71. A system as in claim 70 in which said second control set is contained in a PERC.
72. A system as in claim 71 in which said protected processing environment contains a third control set.
73. A system as in claim 72 in which said third control set is contained in a PERC.
74. A system as in claim 72 in which said third control set includes controls which govern said electronic negotiation.
75. A system as in claim 70 in which said negotiated control set is contained in a PERC.
76. A method as in claim 9 in which said first secure control set is contained in a PERC.
77. A method as in claim 9 in which said second secure control set is contained in a PERC.
78. A method as in claim 9 in which said second location contains a third secure control set.
79. A method as in claim 78 in which said third secure control set is contained in a PERC.
80. A method as in claim 78 in which said third secure control set contains controls which govern, at least in part, said step of electronically negotiating an electronic contract.
81. A method as in claim 78 in which said electronic contract consists of a fourth secure control set.
82. A method as in claim 81 in which said fourth secure control set is contained in a PERC.
83. A method as in claim 1 in which said first control set is made up of controls from at least a first and a second alternate groups of controls.
84. A method as in claim 83 in which said first alternate group of controls includes controls which are shared with said second alternate group of controls and controls which are not shared with said second alternate group of controls.
85. A method as in claim 84 in which said second control set is made up of controls from at least a third and a fourth alternate group of controls.
86. A method as in claim 85 in which said third alternate group of controls includes controls which are shared with said fourth alternate group of controls and controls which are not shared with said fourth alternate group of controls.
87. A method as in claim 83 in which said interaction between said first and second control sets includes a step wherein at least one of the alternate groups of controls from said first control set is selected.
88. A method as in claim 85 in which said interaction between said first and second control sets includes a step wherein at least one of the alternate groups of controls from said second control set is selected.
89. A system as in claim 2 in which said first secure control set is made up of controls from at least two alternate groups of controls.
90. A system as in claim 89 in which said at least two alternate groups of controls include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
91. A system as in claim 2 in which said second secure control set is made up of controls from at least two alternate groups of controls.
92. A system as in claim 91 in which said at least two alternate groups of controls making up said second control set include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
93. A system as in claim 89 in which said means at said second location for securely integrating said first and second control sets includes means for selecting at least one of the alternate groups of controls from said first secure control set.
94. A system as in claim 91 in which said means at said second location for securely integrating said first and second control sets includes means for selecting at least one of the alternate groups of controls from said second secure control set.
95. A system as in claim 3 in which said first secure control set is made up of controls from at least two alternate groups of controls.
96. A system as in claim 95 in which said at least two alternate groups of controls include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
97. A system as in claim 3 in which said second secure control set is made up of controls from at least two alternate groups of controls.
98. A system as in claim 97 in which said at least two alternate groups of controls making up said second secure control set include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
99. A system as in claim 95 in which said negotiation means includes means for selecting at least one of the alternate groups of controls from said first secure control set.
100. A system as in claim 97 in which said negotiation means includes means for selecting at least one of the alternate groups of controls from said second secure control set.
101. A system as in claim 6 in which said first control set is made up of controls from at least two alternate groups of controls.
102. A system as in claim 101 in which said at least two alternate groups of controls include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
103. A system as in claim 6 in which said second control set is made up of controls from at least two alternate groups of controls.
104. A system as in claim 103 in which said at least two alternate groups of controls making up said second control set include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
105. A system as in claim 6 in which said protected processing environment selects at least one of the alternate groups of controls from said first control set.
106. A system as in claim 8 in which said protected processing environment selects at least one of the alternate groups of controls from said second control set.
107. A method as in claim 9 in which said first secure control set is made up of controls from at least two alternate groups of controls.
108. A method as in claim 107 in which said at least two alternate groups of controls include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
109. A method as in claim 9 in which said second secure control set is made up of controls from at least two alternate groups of controls.
110. A method as in claim 109 in which said at least two alternate groups of controls making up said second secure control set include controls which are uniquely in one of said groups, and shared controls which are present in more than one of said groups.
111. A method as in claim 107 in which said step of electronically negotiating includes a step of selecting at least one of the alternate groups of controls from said first secure control set.
112. A method as in claim 109 in which said step of electronically negotiating includes a step of selecting at least one of the alternate groups of controls from said second secure control set.
113. A method as in claim 1 in which said first control set, said second control set or said negotiated control set includes a REGISTER control.
114. A method as in claim 1 in which said first control set, said second control set or said negotiated control set includes a WANT control.
115. A method as in claim 1 in which said first control set, said second control set or said negotiated control set includes a REQUIRE control.
116. A system as in claim 2 in which said first secure control set, said second secure control set or said third control set includes an ACCEPT control.
117. A system as in claim 2 in which said first secure control set, said second secure control set or said third control set includes a REJECT control.
118. A system as in claim 2 in which said first secure control set, said second secure control set or said third control set includes an OFFER control.
119. A system as in claim 3 in which said first secure control set, said second secure control set, or said electronic contract includes a HAVE control.
120. A system as in claim 3 in which said first secure control set, said second secure control set, or said electronic contract includes a QUIT control.
121. A system as in claim 1 in which said first secure control set, said second secure control set or said electronic contract includes an AGREEMENT control.
122. A system as in claim 6 in which said first control set or said second set includes a WANT control and a REQUIRE control.
123. A system as in claim 6 in which said first control set or said second set includes a REGISTER control and a WANT control.
124. A system as in claim 6 in which said negotiated control set includes an AGREEMENT control.
125. A method as in claim 9 in which said first secure control set includes a REGISTER control and an OFFER control.
126. A method as in claim 9 in which said second secure control set includes an OFFER control and a HAVE control.
127. A method as in claim 9 in which said electronic contract includes a REGISTER control and an AGREEMENT control.
128. A method as in claim 1 further including the step of executing said negotiated control set within said protected processing environment.
129. A method as in claim 128 further including the step of executing said negotiated control set within a second protected processing environment which is different from the protected processing environment within which said performing step occurs.
130. A system as in claim 2 further including means for executing said third control set within a protected processing environment.
131. A system as in claim 130 in which said protected processing environment is located at said second location.
132. A system as in claim 130 in which said protected processing environment is located at a location other than said second location.
133. A system as in claim 3 further including means for executing said electronic contract within a protected processing environment.
134. A system as in claim 133 in which said protected processing environment is located at said second location.
135. A system as in claim 133 in which said protected processing environment is located at a location other than said second location.
136. A system as in claim 6 in which said negotiated control set is executed in said protected processing environment.
137. A system as in claim 6 in which said negotiated control set is executed in a second protected processing environment.
138. A method as in claim 9 further including the step of executing said electronic contract.
139. A method as in claim 138 in which said step of executing said electronic contract occurs in a protected processing environment.
140. A method as in claim 139 in which said protected processing environment is located at said second location.
141. A method as in claim 138 in which said protected processing environment is located at a location other than said second location.
142. A method as in claim 1 in which said negotiated control set is digitally signed.
143. A method as in claim 1 in which said negotiated control set is digitally signed by said first control set.
144. A method as in claim 143 in which said negotiated control set is digitally signed by said second control set.
145. A method as in claim 1 in which said negotiated control set is digitally signed by a control set which carries out said electronic negotiation.
146. A method as in claim 142 in which said digital signing is done through public key encryption.
147. A system as in claim 142 further including means for digitally signing said third control set.
148. A system as in claim 147 in which said means for digitally signing said third control set includes means for allowing said first secure control set to carry out said digital signing.
149. A system as in claim 147 in which said means for digitally signing said third control set includes means for allowing said second secure control set to carry out said digital signing.
150. A system as in claim 3 further including means for digitally signing said electronic contract.
151. A system as in claim 150 in which said means for digitally signing said electronic contract includes means for allowing said first secure control set to carry out said digitally signing.
152. A system as in claim 150 in which said means for digitally signing said electronic contract includes means for allowing said second secure control set to carry out said digitally signing.
153. A system as in claim 6 in which said protected processing environment digitally signs said negotiated control set.
154. A system as in claim 153 in which said protected processing environment digitally signs said negotiated control set using a digital signature created or supplied by said first control set.
155. A system as in claim 153 in which said protected processing environment digitally signs said negotiated control set using a digital signature created or supplied by said second control set.
156. A method as in claim 9 further including digitally signing said electronic contract.
157. A method as in claim 156 in which said step of digitally signing said electronic contract is carried out using a digital signature created or supplied at least in part by said first secure control set.
158. A method as in claim 156 in which said step of digitally signing said electronic contract is carried out using a digital signature created or supplied at least in part by said second secure control set.
159. A method as in claim 1 in which said negotiated control set includes controls containing human-language terms corresponding to at least certain of the machine-executable controls contained in said negotiated control set.
160. A method as in claim 159 in which said human-language terms are contained in one or more data descriptor data structures.
161. A system as in claim 2 in which said third control set includes controls containing human-language terms corresponding to at least certain of the machine-executable controls contained in said third control set.
162. A method as in claim 161 in which said human-language terms are contained in one or more data descriptor data structures.
163. A system as in claim 3 in which said electronic contract includes controls containing human-language terms corresponding to at least certain of the machine-executable controls contained in said electronic contract.
164. A method as in claim 163 in which said human-language terms are contained in one or more data descriptor data structures.
165. A system as in claim 6 in which said negotiated control set includes controls containing human-language terms corresponding to at least certain of the machine-executable controls contained in said negotiated control set.
166. A method as in claim 165 in which said human-language terms are contained in one or more data descriptor data structures.
167. A method as in claim 9 in which said electronic contract includes controls containing human-language terms corresponding to at least certain of the machine-executable controls contained in said electronic contract.
168. A method as in claim 167 in which said human-language terms are contained in one or more data descriptor data structures.
169. A method as in claim 1 in which said remote site contains a second protected processing environment.
170. A system as in claim 2 in which said means for creating a first secure control set includes a protected processing environment.
171. A system as in claim 2 in which said means for creating a second secure control set includes a protected processing environment.
172. A system as in claim 2 in which said means at said second location for securely integrating includes a protected processing environment.
173. A system as in claim 3 in which said means for creating a first secure control set includes a protected processing environment.
174. A system as in claim 3 in which said means for creating a second secure control set includes a protected processing environment.
175. A system as in claim 3 in which said negotiation means includes a protected processing environment.
176. A method as in claim 9 in which said first location includes a protected processing environment.
177. A method as in claim 9 in which said second location includes a protected processing environment.
178. A method as in claim 1 in which said first protected processing environment contains a first secure processing unit.
179. A method as in claim 178 in which said steps of performing and producing are carried out, at least in part, by said first secure processing unit.
180. A method as in claim 178 in which said second protected processing environment contains a second secure processing unit.
181. A system as in claim 2 in which said means for creating a first secure control set includes a first secure processing unit.
182. A system as in claim 181 in which said means for creating a second secure control set includes a second secure processing unit.
183. A system as in claim 182 in which said means at said second location for securely integrating includes said second secure processing unit.
184. A system as in claim 3 in which said means for creating a first secure control set includes a secure processing unit.
185. A system as in claim 3 in which said means for creating a second secure control set includes a secure processing unit.
186. A system as in claim 3 in which said negotiating means includes a secure processing unit.
187. A system as in claim 6 in which said protected processing environment includes a secure processing unit.
188. A method as in claim 9 in which said first location contains a secure processing unit.
189. A method as in claim 188 in which said second location contains a second secure processing unit.
190. A method as in claim 189 in which said step of securely executing at least a portion of said first and second secure control sets is performed at least in part using said second secure processing unit.
191. A method as in claim 1 in which said protected processing environment contains a software based tamper resistant barrier.
192. A method as in claim 191 in which said steps of performing and producing are carried out, at least in part, within said software based tamper resistant barrier.
193. A method as in claim 169 in which said first protected processing environment contains a first software based tamper resistant barrier.
194. A method as in claim 193 in which said second protected processing environment contains a second software based tamper resistant barrier.
195. A system as in claim 2 in which said first location contains a first software based tamper resistant barrier.
196. A system as in claim 195 in which said second location contains a second software based tamper resistant barrier.
197. A system as in claim 3 in which said first location contains a first software based tamper resistant barrier.
198. A system as in claim 3 in which said second location contains a second software based tamper resistant barrier.
199. A system as in claim 6 in which said protected processing environment includes a software based tamper resistant barrier.
200. A method as in claim 9 in which said first location contains a first software based tamper resistant barrier.
201. A method as in claim 200 in which said second location contains a second software based tamper resistant barrier.
202. A method as in claim 1 in which said first control set represents a negotiating position of a first party.
203. A method as in claim 202 in which said first party is a clearinghouse.
204. A method as in claim 202 in which said first party is a content provider.
205. A method as in claim 202 in which said first party is a content distributor.
206. A method as in claim 202 in which said first party is a content user.
207. A method as in claim 202 in which said second control set represents a negotiating position of a second party.
208. A method as in claim 207 in which said second party is a clearinghouse.
209. A method as in claim 207 in which said second party is a content provider.
210. A method as in claim 207 in which said second party is a content distributor.
211. A method as in claim 207 in which said second party is a content user.
212. A system as in claim 2 in which said first secure control set represents a negotiating position of a first party.
213. A system as in claim 212 in which said first party is a clearinghouse.
214. A system as in claim 212 in which said first party is a content provider.
215. A system as in claim 212 in which said first party is a content distributor.
216. A system as in claim 212 in which said first party is a content user.
217. A system as in claim 212 in which said second control set represents a negotiating position of a second party.
218. A method as in claim 217 in which said second party is a clearinghouse.
219. A method as in claim 217 in which said second party is a content provider.
220. A method as in claim 217 in which said second party is a content distributor.
221. A method as in claim 217 in which said second party is a content user.
222. A system as in claim 3 in which said first secure control set represents a negotiating position of a first party.
223. A system as in claim 222 in which said first party is a clearinghouse.
224. A system as in claim 222 in which said first party is a content provider.
225. A system as in claim 222 in which said first party is a content distributor.
226. A system as in claim 222 in which said first party is a content user.
227. A system as in claim 222 in which said second control set represents a negotiating position of a second party.
228. A method as in claim 227 in which said second party is a clearinghouse.
229. A method as in claim 227 in which said second party is a content provider.
230. A method as in claim 227 in which said second party is a content distributor.
231. A method as in claim 227 in which said second party is a content user.
232. A system as in claim 6 in which said first control set represents a negotiating position of a first party.
233. A system as in claim 232 in which said first party is a clearinghouse.
234. A system as in claim 232 in which said first party is a content provider.
235. A system as in claim 232 in which said first party is a content distributor.
236. A system as in claim 232 in which said first party is a content user.
237. A system as in claim 232 in which said second control set represents a negotiating position of a second party.
238. A method as in claim 237 in which said second party is a clearinghouse.
239. A method as in claim 237 in which said second party is a content provider.
240. A method as in claim 237 in which said second party is a content distributor.
241. A method as in claim 237 in which said second party is a content user.
242. A method as in claim 9 in which said first secure control set represents a negotiating position of a first party.
243. A method as in claim 242 in which said first party is a clearinghouse.
244. A method as in claim 242 in which said first party is a content provider.
245. A method as in claim 242 in which said first party is a content distributor.
246. A method as in claim 242 in which said first party is a content user.
247. A method as in claim 242 in which said second control set represents a negotiating position of a second party.
248. A method as in claim 247 in which said second party is a clearinghouse.
249. A method as in claim 247 in which said second party is a content provider.
250. A method as in claim 247 in which said second party is a content distributor.
251. A method as in claim 247 in which said second party is a content user.
252. A method as in claim 1 in which said first control set contains controls governing the type of payment mechanism to be used for a transaction.
253. A method as in claim 1 in which said first control set contains controls governing the price to be used for a transaction.
254. A method as in claim 1 in which said first control set contains controls governing the auditing method to be used for a transaction.
255. A method as in claim 1 in which said first control set contains controls governing the identity of the clearinghouse to be used for a transaction.
256. A method as in claim 1 in which said first control set contains controls governing the information to be disclosed in a transaction.
257. A method as in claim 1 in which said second control set contains controls governing the type of payment mechanism to be used for a transaction.
258. A method as in claim 1 in which said second control set contains controls governing the price to be used for a transaction.
259. A method as in claim 1 in which said second control set contains controls governing the auditing method to be used for a transaction.
260. A method as in claim 1 in which said second control set contains controls governing the identity of the clearinghouse to be used for a transaction.
261. A method as in claim 1 in which said second control set contains controls governing the information to be disclosed in a transaction.
262. A method as in claim 1 in which said negotiated control set contains controls governing the type of payment mechanism to be used for a transaction.
263. A method as in claim 1 in which said negotiated control set contains controls governing the price to be used for a transaction.
264. A method as in claim 1 in which said negotiated control set contains controls governing the auditing method to be used for a transaction.
265. A method as in claim 1 in which said negotiated control set contains controls governing the identity of the clearinghouse to be used for a transaction.
266. A method as in claim 1 in which said negotiated control set contains controls governing the information to be disclosed in a transaction.
267. A system as in claim 2 in which said first secure control set contains controls governing the type of payment mechanism to be used for a transaction.
268. A system as in claim 2 in which said first secure control set contains controls governing the price to be used for a transaction.
269. A system as in claim 2 in which said first secure control set contains controls governing the auditing method to be used for a transaction.
270. A system as in claim 2 in which said first secure control set contains controls governing the identity of the clearinghouse to be used for a transaction.
271. A system as in claim 2 in which said first secure control set contains controls governing the information to be disclosed in a transaction.
272. A system as in claim 2 in which said second secure control set contains controls governing the type of payment mechanism to be used for a transaction.
273. A system as in claim 2 in which said second secure control set contains controls governing the price to be used for a transaction.
274. A system as in claim 2 in which said second secure control set contains controls governing the auditing method to be used for a transaction.
275. A system as in claim 2 in which said second secure control set contains controls governing the identity of the clearinghouse to be used for a transaction.
276. A system as in claim 2 in which said second secure control set contains controls governing the information to be disclosed in a transaction.
277. A system as in claim 2 in which said third control set contains controls governing the type of payment mechanism to be used for a transaction.
278. A system as in claim 2 in which said third control set contains controls governing the price to be used for a transaction.
279. A system as in claim 2 in which said third control set contains controls governing the auditing method to be used for a transaction.
280. A system as in claim 2 in which said third control set contains governing the identity of the clearinghouse to be used for a transaction.
281. A system as in claim 2 in which said third control set contains controls governing the information to be disclosed in a transaction.
282. A system as in claim 3 in which said first secure control set contains controls governing the type of payment mechanism to be used for a transaction.
283. A system as in claim 3 in which said first secure control set contains controls governing the price to be used for a transaction.
284. A system as in claim 3 in which said first secure control set contains controls governing the auditing method to be used for a transaction.
285. A system as in claim 3 in which said first secure control set contains controls governing the identity of the clearinghouse to be used for a transaction.
286. A system as in claim 3 in which said first secure control set contains controls governing the information to be disclosed in a transaction.
287. A system as in claim 3 in which said second secure control set contains controls the type of payment mechanism to be used for a transaction.
288. A system as in claim 2 in which said second secure control set contains controls governing the price to be used for a transaction.
289. A system as in claim 2 in which said second secure control set contains controls governing the auditing method to be used for a transaction.
290. A system as in claim 2 in which said second secure control set contains controls governing the identity of the clearinghouse to be used for a transaction.
291. A system as in claim 2 in which said second secure control set contains controls governing the information to be disclosed in a transaction.
292. A system as in claim 2 in which said electronic contract contains controls governing the type of payment mechanism to be used for a transaction.
293. A system as in claim 2 in which said electronic contract contains controls governing the price to be used for a transaction.
294. A system as in claim 2 in which said electronic contract contains controls governing the auditing method to be used for a transaction.
295. A system as in claim 3 in which said electronic contract contains controls governing the identity of the clearinghouse to be used for a transaction.
296. A system as in claim 3 in which said electronic contract contains controls governing the information to be disclosed in a transaction.
297. A system as in claim 6 in which said first control set contains controls the type of payment mechanism to be used for a transaction.
298. A system as in claim 6 in which said first control set contains controls governing the price to be used for a transaction.
299. A system as in claim 6 in which said first control set contains controls governing the auditing method to be used for a transaction.
300. A system as in claim 6 in which said first control set contains controls governing the identity of the clearinghouse to be used for a transaction.
301. A system as in claim 6 in which said first control set contains controls governing the information to be disclosed in a transaction.
302. A system as in claim 6 in which said second control set contains controls governing the type of payment mechanism to be used for a transaction.
303. A system as in claim 6 in which said second control set contains controls governing the price to be used for a transaction.
304. A system as in claim 6 in which said second control set contains controls governing the auditing method to be used for a transaction.
305. A system as in claim 6 in which said second control set contains controls governing the identity of the clearinghouse to be used for a transaction.
306. A system as in claim 6 in which said second control set contains controls governing the information to be disclosed in a transaction.
307. A system as in claim 6 in which said negotiated control set contains controls governing the type of payment mechanism to be used for a transaction.
308. A system as in claim 6 in which said negotiated control set contains controls governing the price to be used for a transaction.
309. A system as in claim 6 in which said negotiated control set contains controls governing the auditing method to be used for a transaction.
310. A system as in claim 6 in which said negotiated control set contains controls governing the identity of the clearinghouse to be used for a transaction.
311. A system as in claim 6 in which said negotiated control set contains controls governing the information to be disclosed in a transaction.
312. A method as in claim 9 in which said first secure control set contains controls governing the type of payment mechanism to be used for a transaction.
313. A method as in claim 9 in which said first secure control set contains controls governing the price to be used for a transaction.
314. A method as in claim 9 in which said first secure control set contains controls governing the auditing method to be used for a transaction.
315. A method as in claim 9 in which said first secure control set governing the identity of the clearinghouse to be used for a transaction.
316. A method as in claim 9 in which said first secure control set contains controls governing the information to be disclosed in a transaction.
317. A method as in claim 9 in which said second secure control set contains controls governing the type of payment mechanism to be used for a transaction.
318. A method as in claim 9 in which said second secure control set contains controls governing the price to be used for a transaction.
319. A method as in claim 9 in which said second secure control set contains controls governing the auditing method to be used for a transaction.
320. A method as in claim 9 in which said second secure control set governing the identity of the clearinghouse to be used for a transaction.
321. A method as in claim 9 in which said second secure control set contains controls governing the information to be disclosed in a transaction.
322. A method as in claim 9 in which said negotiated control set contains controls governing the type of payment mechanism to be used for a transaction.
323. A method as in claim 9 in which said negotiated control set contains controls governing the price to be used for a transaction.
324. A method as in claim 9 in which said negotiated control set contains controls governing the auditing method to be used for a transaction.
325. A method as in claim 9 in which said negotiated control set governing the identity of the clearinghouse to be used for a transaction.
326. A method as in claim 9 in which said negotiated control set contains controls governing the information to be disclosed in a transaction.
327. A method as in claim 1 in which said protected processing environment is located at a first site, and said first site includes an operating system based on or compatible with Microsoft Windows.
328. A method as in claim 327 in which said step of performing and producing are carried out, at least in part, by software contained within said operating system.
329. A system as in claim 2 in which said means for creating a first secure control set includes an operating system based on or compatible with Microsoft Windows.
330. A system as in claim 2 in which said means for creating a second secure control set includes an operating system based on or compatible with Microsoft Windows.
331. A system as in claim 2 in which said means at said second location for securely integrating said first and second control sets includes an operating system based on or compatible with Microsoft Windows.
332. A system as in claim 3 in which said means for creating a first secure control set includes an operating system based on or compatible with Microsoft Windows.
333. A system as in claim 3 in which said means for creating a second secure control set includes an operating system based on or compatible with Microsoft Windows.
334. A system as in claim 3 in which said negotiation means includes an operating system based on or compatible with Microsoft Windows.
335. A system as in claim 6 in which said protected processing environment includes an operating system based on or compatible with Microsoft Windows.
336. A method as in claim 9 in which said first location includes a first operating system based on or compatible with Microsoft Windows.
337. A method as in claim 336 in which said second location includes a second operating system based on or compatible with Microsoft Windows.
338. A method as in claim 336 in which said step of creating a first secure control is carried out at least in part by software incorporated in said first operating system.
339. A method as in claim 337 in which said step of creating a second secure control is carried out at least in part by software incorporated in said second operating system.
340. A method as in claim 337 in which said step of electronically negotiating is carried out at least in part by software incorporated in said second operating system.
341. A method as in claim 1 further comprising said negotiated control set governing the use of digital information.
342. A method as in claim 1 further comprising said negotiated control set governing the execution of at least one load module.
343. A method as in claim 1 further comprising said negotiated control set governing the execution of at least one method.
344. A method as in claim 1 further comprising said negotiated control set governing the execution of at least one other control set different from said first control set, said second control set and said negotiated control set.
345. A system as in claim 2 further comprising means by which said third control set governs the use of digital information.
346. A system as in claim 2 further comprising means by which said third control set governs the execution of at least one load module.
347. A system as in claim 2 farther comprising means by which said third control set governs the execution of at least one method.
348. A system as in claim 2 further comprising means by which said third control set governs the execution of at least one transaction.
349. A system as in claim 2 further comprising means by which said third control set governs the execution of at least one procedure.
350. A system as in claim 2 further comprising means by which said third control set governs the execution of at least one other control set different from said first control set, said second control set and said third control set.
351. A system as in claim 3 further comprising means by which said electronic contract governs the use of digital information.
352. A system as in claim 3 further comprising means by which said electronic contract governs the execution of at least one load module.
353. A system as in claim 3 further comprising means by which said electronic contract governs the execution of at least one method.
354. A system as in claim 3 further comprising means by which said electronic contract governs the execution of at least one transaction.
355. A system as in claim 3 further comprising means by which said electronic contract governs the execution of at least one procedure.
356. A system as in claim 3 further comprising means by which said electronic contract governs the execution of a third control set different from said first control set and said second control set.
357. A system as in claim 6 further comprising means by which said negotiated control set governs the use of digital information.
358. A system as in claim 6 further comprising means by which said negotiated control set governs the execution of at least one load module.
359. A system as in claim 6 further comprising means by which said negotiated control set governs the execution of at least one method.
360. A system as in claim 6 further comprising means by which said negotiated control set governs the execution of at least one transaction.
361. A system as in claim 6 further comprising means by which said negotiated control set governs the execution of at least one procedure.
362. A system as in claim 6 further comprising means by which said negotiated control set governs the execution of a third control set different from said first control set and said second control set.
363. A method as in claim 9 further comprising said electronic contract governing the use of digital information.
364. A method as in claim 9 further comprising said electronic contract governing the execution of at least one load module.
365. A method as in claim 9 further comprising said electronic contract governing the execution of at least one method.
366. A method as in claim 9 further comprising said electronic contract governing the execution of at least one transaction.
367. A method as in claim 9 further comprising said electronic contract governing the execution of at least one procedure.
368. A method as in claim 9 further comprising said electronic contract governing the execution of at least one other control set different from said first control set, said second control set and said negotiated control set.
369. A method for securely managing electronic negotiations related to electronic commerce value chain activities including:
employing a first protected processing environment to securely specify rules and/or controls for managing an electronic commerce process;
securely making said specified rules and/or controls available to a second protected processing environment, located remotely from said first protected processing environment;
employing said second protected processing environment to further securely specify rules and/or controls for managing at least one commerce process related to the common commercial interests of at least two parties;
employing said second protected processing environment to securely electronically negotiate at least one aggregate rules and/or controls set representing the electronic interests of said at least two parties; and
employing a protected processing environment to manage said electronic commerce process consistent with at least a portion of said aggregate rules and/or controls set.
370. A system for securely managing electronic negotiations related to electronic commerce value chain activities including:
a first protected processing environment associated with a first party, for securely specifying rules and/or controls for managing an electronic commerce process, and for securely making said specified rules and/or controls available to a second party;
a second protected processing environment associated with a second party different from said first party, for
further securely specifying rules and/or controls, including means for managing at least one commerce process related to the common commercial interests of said first party and said second party;
securely electronically negotiating at least one aggregate rules and/or controls set representing the electronic interests of both said first party and said second party; and
managing said electronic commerce process consistent with said at least a portion of said aggregate rules and/or controls set.
371. A system for negotiating electronic contracts, comprising:
a storage arrangement that stores a first control set received from a remote site, and stores a second control set;
a protected processing environment, coupled to said storage arrangement, that:
performs an electronic negotiation between said first control set and said second control set,
provides interaction between said first and second control sets, and
produces negotiated control information resulting from said interaction between said first and second control sets.
372. A system as in claim 371 further including means for electronically enforcing said negotiated control set.
373. A system as in claim 371 further including means for generating an electronic contract based on said negotiated control set.
374. A system as in claim 3 in which said electronic contract is contained, at least in part, in a User Rights Table.
375. A method as in claim 9 in which said electronic contract is contained, at least in part, in a User Rights Table.
Description
FIELD(S) OF THE INVENTION(S)
This invention generally relates to computer and/or electronic security.
More particularly, this invention relates to systems and techniques for secure transaction management. This invention also relates to computer-based and other electronic appliance-based technologies that help to ensure that information is accessed and/or otherwise used only in authorized ways, and maintains the integrity, availability, and/or confidentiality of such information and processes related to such use.
The invention also relates to systems and methods for protecting rights of various participants in electronic commerce and other electronic or electronically-facilitated transactions.
The invention also relates to secure chains of handling and control for both information content and information employed to regulate the use of such content and consequences of such use. It also relates to systems and techniques that manage, including meter and/or limit and/or otherwise monitor use of electronically stored and/or disseminated information. The invention particularly relates to transactions, conduct and arrangements that make use of, including consequences of use of, such systems and/or techniques.
The invention also relates to distributed and other operating systems, environments and architectures. It also generally relates to secure architectures, including, for example, tamper-resistant hardware-based processors, that can be used to establish security at each node of a distributed system.
BACKGROUND AND SUMMARY OF THE INVENTION(S)
Telecommunications, financial transactions, government processes, business operations, entertainment, and personal business productivity all now depend on electronic appliances. Millions of these electronic appliances have been electronically connected together. These interconnected electronic appliances comprise what is increasingly called the "information highway." Many businesses, academicians, and government leaders are concerned about how to protect the rights of citizens and organizations who use this information (also "electronic" or "digital") highway.
Electronic Content
Today, virtually anything that can be represented by words, numbers, graphics, or system of commands and instructions can be formatted into electronic digital information. Television, cable, satellite transmissions, and on-line services transmitted over telephone lines, compete to distribute digital information and entertainment to homes and businesses. The owners and marketers of this content include software developers, motion picture and recording companies, publishers of books, magazines, and newspapers, and information database providers. The popularization of on-line services has also enabled the individual personal computer user to participate as a content provider. It is estimated that the worldwide market for electronic information in 1992 was approximately $40 billion and is expected to grow to $200 billion by 1997, according to Microsoft Corporation. The present invention can materially enhance the revenue of content providers, lower the distribution costs and the costs for content, better support advertising and usage information gathering, and better satisfy the needs of electronic information users. These improvements can lead to a significant increase in the amount and variety of electronic information and the methods by which such information is distributed.
The inability of conventional products to be shaped to the needs of electronic information providers and users is sharply in contrast to the present invention. Despite the attention devoted by a cross-section of America's largest telecommunications, computer, entertainment and information provider companies to some of the problems addressed by the present invention, only the present invention provides commercially secure, effective solutions for configurable, general purpose electronic commerce transaction/distribution control systems.
Controlling Electronic Content
The present invention provides a new kind of "virtual distribution environment" (called "CVDE" in this document) that secures, administers, and audits electronic information use. VDE also features fundamentally important capabilities for managing content that travels "across" the "information highway." These capabilities comprise a rights protection solution that serves all electronic community members. These members include content creators and distributors, financial service providers, end-users, and others. VDE is the first general purpose, configurable, transaction control/rights protection solution for users of computers, other electronic appliances, networks, and the information highway.
A fundamental problem for electronic content providers is extending their ability to control the use of proprietary information. Content providers often need to limit use to authorized activities and amounts. Participants in a business model involving, for example, provision of movies and advertising on optical discs may include actors, directors, script and other writers, musicians, studios, publishers, distributors, retailers, advertisers, credit card services, and content end-users. These participants need the ability to embody their range of agreements and requirements, including use limitations, into an "extended" agreement comprising an overall electronic business model. This extended agreement is represented by electronic content control information that can automatically enforce agreed upon rights and obligations. Under VDE, such an extended agreement may comprise an electronic contract involving all business model participants. Such an agreement may alternatively, or in addition, be made up of electronic agreements between subsets of the business model participants. Through the use of VDE, electronic commerce can function in the same way as traditional commerce--that is commercial relationships regarding products and services can be shaped through the negotiation of one or more agreements between a variety of parties.
Commercial content providers are concerned with ensuring proper compensation for the use of their electronic information. Electronic digital information, for example a CD recording, can today be copied relatively easily and inexpensively. Similarly, unauthorized copying and use of software programs deprives rightful owners of billions of dollars in annual revenue according to the International Intellectual Property Alliance. Content providers and distributors have devised a number of limited function rights protection mechanisms to protect their rights. Authorization passwords and protocols, license servers, "lock/unlock" distribution methods, and non-electronic contractual limitations imposed on users of shrink-wrapped software are a few of the more prevalent content protection schemes. In a commercial context, these efforts are inefficient and limited solutions.
Providers of "electronic currency" have also created protections for their type of content. These systems are not sufficiently adaptable, efficient, nor flexible enough to support the generalized use of electronic currency. Furthermore, they do not provide sophisticated auditing and control configuration capabilities. This means that current electronic currency tools lack the sophistication needed for many real-world financial business models. VDE provides means for anonymous currency and for "conditionally" anonymous currency, wherein currency related activities remain anonymous except under special circumstances.
VDE Control Capabilities
VDE allows the owners and distributors of electronic digital information to reliably bill for, and securely control, audit, and budget the use of, electronic information. It can reliably detect and monitor the use of commercial information products. VDE uses a wide variety of different electronic information delivery means: including, for example, digital networks, digital broadcast, and physical storage media such as optical and magnetic disks. VDE can be used by major network providers, hardware manufacturers, owners of electronic information, providers of such information, and clearinghouses that gather usage information regarding, and bill for the use of, electronic information.
VDE provides comprehensive and configurable transaction management, metering and monitoring technology. It can change how electronic information products are protected, marketed, packaged, and distributed. When used, VDE should result in higher revenues for information providers and greater user satisfaction and value. Use of VDE will normally result in lower usage costs, decreased transaction costs, more efficient access to electronic information, re-usability of rights protection and other transaction management implementations, greatly improved flexibility in the use of secured information, and greater standardization of tools and processes for electronic transaction management. VDE can be used to create an adaptable environment that fullfills the needs of electronic information owners, distributors, and users; financial clearinghouses; and usage information analyzers and resellers.
Rights and Control Information
In general, the present invention can be used to protect the rights of parties who have:
(a) proprietary or confidentiality interests in electronic information. It can, for example, help ensure that information is used only in authorized ways;
(b) financial interests resulting from the use of electronically distributed information. It can help ensure that content providers will be paid for use of distributed information; and
(c) interests in electronic credit and electronic currency storage, communication, and/or use including electronic cash, banking, and purchasing.
Protecting the rights of electronic community members involves a broad range of technologies. VDE combines these technologies in a way that creates a "distributed" electronic rights protection "environment." This environment secures and protects transactions and other processes important for rights protection. VDE, for example, provides the ability to prevent, or impede, interference with and/or observation of, important rights related transactions and processes. VDE, in its preferred embodiment, uses special purpose tamper resistant Secure Processing Units (SPUs) to help provide a high level of security for VDE processes and information storage and communication.
The rights protection problems solved by the present invention are electronic versions of basic societal issues. These issues include protecting property rights, protecting privacy rights, properly compensating people and organizations for their work and risk, protecting money and credit, and generally protecting the security of information. VDE employs a system that uses a common set of processes to manage rights issues in an efficient, trusted, and cost-effective way.
VDE can be used to protect the rights of parties who create electronic content such as, for example: records, games, movies, newspapers, electronic books and reference materials, personal electronic mail, and confidential records and communications. The invention can also be used to protect the rights of parties who provide electronic products, such as publishers and distributors; the rights of parties who provide electronic credit and currency to pay for use of products, for example, credit clearinghouses and banks; the rights to privacy of parties who use electronic content (such as consumers, business people, governments); and the privacy rights of parties described by electronic information, such as privacy rights related to information contained in a medical record, tax record, or personnel record.
In general, the present invention can protect the rights of parties who have:
(a) commercial interests in electronically distributed information--the present invention can help ensure, for example, that parties, will be paid for use of distributed information in a manner consistent with their agreement;
(b) proprietary and/or confidentiality interests in electronic information--the present invention can, for example, help ensure that data is used only in authorized ways;
(c) interests in electronic credit and electronic currency storage, communication, and/or use--this can include electronic cash, banking, and purchasing; and
(d) interests in electronic information derived, at least in part, from use of other electronic information.
VDE Functional Properties
VDE is a cost-effective and efficient rights protection solution that provides a unified, consistent system for securing and managing transaction processing. VDE can:
(a) audit and analyze the use of content,
(b) ensure that content is used only in authorized ways, and
(c) allow information regarding content usage to be used only in ways approved by content users.
In addition, VDE:
(a) is very configurable, modifiable, and re-usable;
(b) supports a wide range of useful capabilities that may be combined in different ways to accommodate most potential applications;
(c) operates on a wide variety of electronic appliances ranging from hand-held inexpensive devices to large mainframe computers;
(d) is able to ensure the various rights of a number of different parties, and a number of different rights protection schemes, simultaneously;
(e) is able to preserve the rights of parties through a series of transactions that may occur at different times and different locations;
(f) is able to flexibly accommodate different ways of securely delivering information and reporting usage; and
(g) provides for electronic analogues to "real" money and credit, including anonymous electronic cash, to pay for products and services and to support personal (including home) banking and other financial activities.
VDE economically and efficiently fulfills the rights protection needs of electronic community members. Users of VDE will not require additional rights protection systems for different information highway products and rights problems--nor will they be required to install and learn a new system for each new information highway application.
VDE provides a unified solution that allows all content creators, providers, and users to employ the same electronic rights protection solution. Under authorized circumstances, the participants can freely exchange content and associated content control sets. This means that a user of VDE may, if allowed, use the same electronic system to work with different kinds of content having different sets of content control information. The content and control information supplied by one group can be used by people who normally use content and control information supplied by a different group. VDE can allow content to be exchanged "universally" and users of an implementation of the present invention can interact electronically without fear of incompatibilities in content control, violation of rights, or the need to get, install, or learn a new content control system.
The VDE securely administers transactions that specify protection of rights. It can protect electronic rights including, for example:
(a) the property rights of authors of electronic content,
(b) the commercial rights of distributors of content,
(c) the rights of any parties who facilitated the distribution of content,
(d) the privacy rights of users of content,
(e) the privacy rights of parties portrayed by stored and/or distributed content, and
(f) any other rights regarding enforcement of electronic agreements.
VDE can enable a very broad variety of electronically enforced commercial and societal agreements. These agreements can include electronically implemented contracts, licenses, laws, regulations, and tax collection.
Contrast With Traditional Solutions
Traditional content control mechanisms often require users to purchase more electronic information than the user needs or desires. For example, infrequent users of shrink-wrapped software are required to purchase a program at the same price as frequent users, even though they may receive much less value from their less frequent use. Traditional systems do not scale cost according to the extent or character of usage and traditional systems can not attract potential customers who find that a fixed price is too high. Systems using traditional mechanisms are also not normally particularly secure. For example, shrink-wrapping does not prevent the constant illegal pirating of software once removed from either its physical or electronic package.
Traditional electronic information rights protection systems are often inflexible and inefficient and may cause a content provider to choose costly distribution channels that increase a product's price. In general these mechanisms restrict product pricing, configuration, and marketing flexibility. These compromises are the result of techniques for controlling information which cannot accommodate both different content models and content models which reflect the many, varied requirements, such as content delivery strategies, of the model participants. This can limit a provider's ability to deliver sufficient overall value to justify a given product's cost in the eyes of many potential users. VDE allows content providers and distributors to create applications and distribution networks that reflect content providers' and users' preferred business models. It offers users a uniquely cost effective and feature rich system that supports the ways providers want to distribute information and the ways users want to use such information. VDE supports content control models that ensure rights and allow content delivery strategies to be shaped for maximum commercial results.
Chain of Handling and Control
VDE can protect a collection of rights belonging to various parties having in rights in, or to, electronic information. This information may be at one location or dispersed across (and/or moving between) multiple locations. The information may pass through a "chain" of distributors and a "chain" of users. Usage information may also be reported through one or more "chains" of parties. In general, VDE enables parties that (a) have rights in electronic information, and/or (b) act as direct or indirect agents for parties who have rights in electronic information, to ensure that the moving, accessing, modifying, or otherwise using of information can be securely controlled by rules regarding how, when, where, and by whom such activities can be performed.
VDE Applications and Software
VDE is a secure system for regulating electronic conduct and commerce. Regulation is ensured by control information put in place by one or more parties. These parties may include content providers, electronic hardware manufacturers, financial service providers, or electronic "infrastructure" companies such as cable or telecommunications companies. The control information implements "Rights Applications." Rights applications "run on" the "base software" of the preferred embodiment. This base software serves as a secure, flexible, general purpose foundation that can accommodate many different rights applications, that is, many different business models and their respective participant requirements.
A rights application under VDE is made up of special purpose pieces, each of which can correspond to one or more basic electronic processes needed for a rights protection environment. These processes can be combined together like building blocks to create electronic agreements that can protect the rights, and may enforce fulfillment of the obligations, of electronic information users and providers. One or more providers of electronic information can easily combine selected building blocks to create a rights application that is unique to a specific content distribution model. A group of these pieces can represent the capabilities needed to fulfill the agreement(s) between users and providers. These pieces accommodate many requirements of electronic commerce including:
the distribution of permissions to use electronic information;
the persistence of the control information and sets of control information managing these permissions;
configurable control set information that can be selected by users for use with such information;
data security and usage auditing of electronic information; and
a secure system for currency, compensation and debit management.
For electronic commerce, a rights application, under the preferred embodiment of the present invention, can provide electronic enforcement of the business agreements between all participants. Since different groups of components can be put together for different applications, the present invention can provide electronic control information for a wide variety of different products and markets. This means the present invention can provide a "unified," efficient, secure, and cost-effective system for electronic commerce and data security. This allows VDE to serve as a single standard for electronic rights protection, data security, and electronic currency and banking.
In a VDE, the separation between a rights application and its foundation permits the efficie