Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
5982891
Ginter , ; et al.
November 9, 1999
Title
Systems and methods for secure transaction management and electronic rights protection
Abstract
The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the "electronic highway."
Inventors:
Ginter; Karl L.
(Beltsville,
MD
)
, Shear; Victor H.
(Bethesda,
MD
)
, Spahn; Francis J.
(El Cerrito,
CA
)
, Van Wie; David M.
(Sunnyvale,
CA
)
Assignee:
InterTrust Technologies Corp.
(Sunnyvale,
CA
)
Appl. No.:
964333
Filed:
November 4, 1997
Current U.S. Class:
705/54
713/167
705/26
Field of Search:
380/4,25 396/683 705/26 300/24
U.S. Patent Documents
3573747
April 1971
Adams et al.
3609697
September 1971
Blevins
3796830
March 1974
Smith
3798359
March 1974
Feistel
3798360
March 1974
Feistel
3798605
March 1974
Feistel
3806882
April 1974
Clarke
3829833
August 1974
Freeny, Jr.
3906448
September 1975
Henriques
3911397
October 1975
Freeny, Jr.
3924065
December 1975
Freeny, Jr.
3931504
January 1976
Jacoby
3946220
March 1976
Brobeck et al.
3956615
May 1976
Anderson et al.
3958081
May 1976
Ehrsam et al.
3970992
July 1976
Boothroyd et al.
4048619
September 1977
Forman, Jr. et al.
4071911
January 1978
Mazur
4112421
September 1978
Freeny, Jr.
4120030
October 1978
Johnstone
4163280
July 1979
Mori et al.
4168396
September 1979
Best
4196310
April 1980
Forman et al.
4200913
April 1980
Kuhar et al.
4209787
June 1980
Freeny, Jr.
4217588
August 1980
Freeny, Jr.
4220991
September 1980
Hamano et al.
4232193
November 1980
Gerard
4232317
November 1980
Freeny, Jr.
4236217
November 1980
Kennedy
4253157
February 1981
Kirschner et al.
4262329
April 1981
Bright et al.
4265371
May 1981
Desai et al.
4270182
May 1981
Asija
4278837
July 1981
Best
4305131
December 1981
Best
4306289
December 1981
Lumley
4309569
January 1982
Merkle
4319079
March 1982
Best
4323921
April 1982
Guillou
4328544
May 1982
Baldwin et al.
4337483
June 1982
Guillou
4361877
November 1982
Dyer et al.
4375579
March 1983
Davida et al.
4433207
February 1984
Best
4434464
February 1984
Suzuki et al.
4442486
April 1984
Mayer
4446519
May 1984
Thomas
4454594
June 1984
Heffron et al.
4458315
July 1984
Uchenick
4462076
July 1984
Smith, III
4462078
July 1984
Ross
4465901
August 1984
Best
4471163
September 1984
Donald et al.
4484217
November 1984
Block et al.
4494156
January 1985
Kadison et al.
4513174
April 1985
Herman
4528588
July 1985
Lofberg
4528643
July 1985
Freeny, Jr.
4553252
November 1985
Egendorf
4558176
December 1985
Arnold et al.
4558413
December 1985
Schmidt et al.
4562306
December 1985
Chou et al.
4562495
December 1985
Bond et al.
4577289
March 1986
Comerford et al.
4584641
April 1986
Guglielmino
4588991
May 1986
Atalla
4589064
May 1986
Chiba et al.
4593353
June 1986
Pickholtz
4593376
June 1986
Volk
4595950
June 1986
Lofberg
4597058
June 1986
Izumi et al.
4634807
January 1987
Chorley et al.
4644493
February 1987
Chandra et al.
4646234
February 1987
Tolman et al.
4652990
March 1987
Pailen et al.
4658093
April 1987
Hellman
4670857
June 1987
Rackman
4672572
June 1987
Alsberg
4677434
June 1987
Fascenda
4680731
July 1987
Izumi et al.
4683553
July 1987
Mollier
4685056
August 1987
Barnsdale et al.
4688169
August 1987
Joshi
4691350
September 1987
Kleijne et al.
4696034
September 1987
Wiedemer
4701846
October 1987
Ikeda et al.
4712238
December 1987
Gilhousen et al.
4713753
December 1987
Boebert et al.
4740890
April 1988
William
4747139
May 1988
Taaffe
4757533
July 1988
Allen et al.
4757534
July 1988
Matyas et al.
4768087
August 1988
Taub et al.
4791565
December 1988
Dunham et al.
4796181
January 1989
Wiedemer
4799156
January 1989
Shavit et al.
4807288
February 1989
Ugon et al.
4817140
March 1989
Chandra et al.
4823264
April 1989
Deming
4827508
May 1989
Shear
4864494
September 1989
Kobus, Jr.
4868877
September 1989
Fischer
4903296
February 1990
Chandra et al.
4924378
May 1990
Hersey et al.
4930073
May 1990
Cina, Jr.
4949187
August 1990
Cohen
4977594
December 1990
Shear
4999806
March 1991
Chernow et al.
5001752
March 1991
Fischer
5005122
April 1991
Griffin et al.
5005200
April 1991
Fischer
5010571
April 1991
Katznelson
5023907
June 1991
Johnson et al.
5047928
September 1991
Wiedemer
5048085
September 1991
Abraham et al.
5050213
September 1991
Shear
5091966
February 1992
Bloomberg et al.
5103392
April 1992
Mori
5103476
April 1992
Waite et al.
5111390
May 1992
Ketcham
5119493
June 1992
Janis et al.
5128525
July 1992
Stearns et al.
5136643
August 1992
Fischer
5136646
August 1992
Haber et al.
5136647
August 1992
Haber et al.
5136716
August 1992
Harvey et al.
5146575
September 1992
Nolan, Jr.
5148481
September 1992
Abraham et al.
5155680
October 1992
Wiedemer
5168147
December 1992
Bloomberg
5185717
February 1993
Mori
5201046
April 1993
Goldberg et al.
5201047
April 1993
Maki et al.
5208748
May 1993
Flores et al.
5214702
May 1993
Fischer
5216603
June 1993
Flores et al.
5221833
June 1993
Hecht
5222134
June 1993
Waite et al.
5224160
June 1993
Paulini et al.
5224163
June 1993
Gasser et al.
5235642
August 1993
Wobber et al.
5245165
September 1993
Zhang
5247575
September 1993
Sprague et al.
5260999
November 1993
Wyman
5263158
November 1993
Janis
5265164
November 1993
Matyas et al.
5276735
January 1994
Boebert et al.
5280479
January 1994
Mary
5285494
February 1994
Sprecher et al.
5301231
April 1994
Abraham et al.
5311591
May 1994
Fischer
5319705
June 1994
Halter et al.
5337360
August 1994
Fischer
5341429
August 1994
Stringer et al.
5343527
August 1994
Moore
5347579
September 1994
Blandford
5351293
September 1994
Michener et al.
5355474
November 1994
Thuraisngham et al.
5373561
December 1994
Haber et al.
5390247
February 1995
Fischer
5390330
February 1995
Talati
5392220
February 1995
van den Hamer et al.
5392390
February 1995
Crozier
5394469
February 1995
Nagel et al.
5410598
April 1995
Shear
5412717
May 1995
Fischer
5421006
May 1995
Jablon
5422953
June 1995
Fischer
5428606
June 1995
Moskowitz
5438508
August 1995
Wyman
5442645
August 1995
Ugon
5444779
August 1995
Daniele
5449895
September 1995
Hecht et al.
5449896
September 1995
Hecht et al.
5450493
September 1995
Maher
5453601
September 1995
Rosen
5453605
September 1995
Hecht et al.
5455407
October 1995
Rosen
5455861
October 1995
Faucher et al.
5455953
November 1993
Russell
5457746
October 1995
Dolphin
5463565
October 1993
Cookson et al.
5473687
December 1995
Lipscomb et al.
5473692
December 1995
Davis
5479509
December 1995
Ugon
5485622
January 1996
Yamaki
5491800
February 1996
Goldsmith et al.
5497479
March 1996
Hornbuckle
5497491
March 1996
Mitchell et al.
5499298
March 1996
Narasimhalu et al.
5504757
September 1994
Cook et al.
5504837
April 1996
Griffeth et al.
5508913
April 1996
Yamamoto et al.
5509070
April 1996
Schull
5513261
April 1996
Maher
5530235
June 1996
Stefik et al.
5530752
June 1996
Rubin
5533123
July 1996
Force et al.
5534975
July 1996
Stefik et al.
5537526
July 1996
Anderson et al.
5539735
July 1996
Moskowitz
5539828
July 1996
Davis
5550971
August 1996
Brunner et al.
5553282
September 1996
Parrish et al.
5557518
September 1996
Rosen
5568552
October 1996
Davis
5572673
November 1996
Shurts
5592549
January 1997
Nagel et al.
5613004
March 1997
Cooperman et al.
5621797
April 1997
Rosen
5629980
May 1997
Stefik et al.
5633932
May 1997
Davis et al.
5634012
May 1997
Stefik et al.
5636292
June 1997
Rhoads
5638443
June 1997
Stefik
5638504
June 1997
Scott et al.
5640546
June 1997
Gopinath et al.
5655077
August 1997
Jones et al.
5687236
November 1997
Moskowitz et al.
5689587
November 1997
Bender et al.
5692180
November 1997
Lee
5710834
January 1998
Rhoads
5740549
April 1998
Reilly et al.
5745604
April 1998
Rhoads
5748763
May 1998
Rhoads
5748783
May 1998
Rhoads
5748960
May 1998
Fischer
5754849
May 1998
Dyer et al.
5757914
May 1998
McManis
5758152
May 1998
LeTourneau
5765152
January 1998
Erickson
5768426
June 1998
Rhoads
Foreign Patent Documents
0 456 386 A2
Nov., 1991
EP
0 469 864 A2
Feb., 1992
EP
0 469 864 A3
Feb., 1992
EP
0 565 314 A2
Oct., 1993
EP
0 84 441
Jul., 1983
EP
0128672
Dec., 1984
EP
0399822A2
Nov., 1990
EP
0421409A2
Apr., 1991
EP
0715243A1
Jun., 1996
EP
0715244A1
Jun., 1996
EP
0715245A1
Jun., 1996
EP
0715246A1
Jun., 1996
EP
0715247A1
Jun., 1996
EP
0749081A1
Dec., 1996
EP
1-068835
Mar., 1989
JP
2-242352
Sep., 1990
JP
2-247763
Oct., 1990
JP
2-294855
Dec., 1990
JP
2264796
Sep., 1993
GB
3803982A1
Jan., 1990
DE
4-369068
Dec., 1992
JP
5-181734
Jul., 1993
JP
5-257783
Oct., 1993
JP
5-268415
Oct., 1993
JP
57-726
May., 1982
JP
593 305 A2
Apr., 1994
EP
6-175794
Jun., 1994
JP
6-215010
Aug., 1994
JP
62-241061
Oct., 1987
JP
6225059
Aug., 1994
JP
64-68835
Mar., 1989
JP
651 554 A1
May., 1995
EP
668 695 A2
Aug., 1995
EP
695 985 A1
Feb., 1996
EP
696 798 A1
Feb., 1996
EP
7-056794
Mar., 1995
JP
7-084852
Mar., 1995
JP
7-141138
Jun., 1995
JP
7-200317
Aug., 1995
JP
7-244639
Sep., 1995
JP
7200492
Aug., 1995
JP
778 513 A2
Jun., 1997
EP
795 873 A2
Sep., 1997
EP
8-137795
May., 1996
JP
8-152990
Jun., 1996
JP
8-185298
Jul., 1996
JP
9 004 79
Dec., 1984
BE
A0135422
Mar., 1985
EP
A2136175
Sep., 1984
GB
WO 85/03584
Aug., 1985
WO
WO 90/02382
Mar., 1990
WO
WO 94/16395
Jul., 1994
WO
WO 94/18620
Aug., 1994
WO
WO92/22870
Dec., 1992
WO
WO93/01550
Jan., 1993
WO
WO94/01821
Jan., 1994
WO
WO94/03859
Feb., 1994
WO
WO94/22266
Sep., 1994
WO
WO94/27406
Nov., 1994
WO
WO9406103
Mar., 1994
WO
WO95/14289
., 0000
WO
WO96/00963
Jan., 1996
WO
WO96/03835
Feb., 1996
WO
WO96/05698
Feb., 1996
WO
WO96/06503
Feb., 1996
WO
WO97/03423
Jan., 1997
WO
WO97/07656
Mar., 1997
WO
WO97/32251
Sep., 1997
WO
WO97/48203
Dec., 1997
WO
WOA8502310
May., 1985
WO
Other References
IBM Technical Disclosure Bulletin, "Multimedia Mixed Object Envelopes Supporting a Graduated Fee Scheme via Encryption," vol. 37, No. 03, Mar. 1994, Armonk, NY. .
IBM Technical Disclosure Bulletin, "Transformer Rules for Software Distribution Mechanism-Support Products," vol. 37, No. 04B, Apr. 1994, Armonk, NY. .
Suida, Karl, Mapping New Applications Onto New Technologies, "Security Services in Telecommunications Networks," Mar. 8-10, 1988, Zurich. .
Portland Software's ZipLock, Internet information, Copyright Portland Software 1996-1997, 12 pages. .
Stefik, "Internet Dreams: Archetypes, Myths, and Metaphors, Letting Loose the Light: Igniting Commerce in Electronic Publication," pp. 219-253, (1996) Massachusetts Institute of Technology. .
Stefik, Mark, "Letting Loose the Light, Igniting Commerce in Electronic Publication". .
Argent Information Q&A Sheet, http://www.digital-watermark.com/, Copyright 1995, The DICE Company, 7 pages. .
Guillou, L.: "Smart Cards and Conditional Access", pp. 480-490 Advances in Cryptography, Proceedings of EuroCrypt 84 (Beth et al, Ed., Springer-Verlag 1985). .
Struif, Bruno "The Use of Chipcards for Electronic Signatures and Encryption" in: Proceedings for the 1989 Conference on VSLI and Computer Peripherals, IEEE Computer Society Press, 1989, pp. 4/55-4/158. .
Dusse, Stephen R. and Burton S. Kaliski "A Cryptographic Library for the Motorola 56000" in Damgard, I. M., Advances in Cryptology-Proceedings Eurocrypt 90, Springer-Verlag, 1991, pp. 230-244. .
DSP56000/DSP56001 Digital Signal Processor User's Manual, Motorola, 1990, p. 2-2. .
Rankine, G., "Thomas--A Complete Single-Chip RSA Device," Advances in Cryptography, Proceedings of Crypto 86, pp. 480-487 (A.M. Odlyzko Ed., Springer-Verlag 1987). .
Dyson, Esther, "In tellectual Value," Wired Magazine, Jul. 1995, pp. 136-141 and 182-183 (This article is not prior art.). .
Ryoichi Mori and Masaji Kawahara, The Transactions of the EIEICE, V, "Superdistribution: The Concept and the Architecture," E73 (Jul. 1990), No. 7, Tokyo, Japan. .
"Information Infrastructure Standards Panel: NII `The Information Superhighway`," NationsBank--HGDeal--ASC X9, 15 pages, Date needed. .
Jud Hofmann, "Interfacing the NII to User Homes," Electronic Industries Association, Consumer Electronic Bus Committee, 14 slides, no date, Date needed. .
"Framework for National Information Infrastructure Services," NIST, Jul. 1994, 12 slides. .
Claude Baggett, "Cabel's Emerging Role in the Information Superhighway," Cable Labs, 13 slides, Date needed. .
"IISP Break Out Session Report for Group Number 3, Standards Development and Tracking System," no date, Date needed. .
"XIWT Cross Industry Working Team," 5 pages, Jul. 1994. .
"Computer Systems Policy Project (CSSP), Perspectives on the National Information Infrastructure: Ensuring Interoperability (Feb. 1994)," Feb. 1994. .
"Framework for National Information Infrastructure Services," Draft, U.S. Department of Commerce, Jul. 1994. .
"EIA and TIA White Paper on National Information Infrastructure,"published by the Electronic Industries Association and the Telecommunications Industry Association, Washington, D.C., no date, Date needed. .
Michael Baum, "Worldwide Electronic Commerce: Law, Policy and Controls Conference," program details, Nov. 11, 1993. .
Bruce Sterling, "Literary freeware: Not for Commercial Use," remarks at Computers, Freedom and Privace Conference IV, Chicago, Mar. 26, 1994. .
"The 1:1 Future of the Electronic Marketplace: Return to a Hunting and Gathering Society," 2 pages, no date, Date needed. .
D. Linda Garcia, testimony before a hearing on science, space and technology, May 26, 1994. .
Wired 1.02, "Is Advertising Really dead?, Part 2," 1994. .
Hugh Barnes, memo to Henry LaMuth, subject: George Gilder articles, May 31, 1994. .
Daniel J. Weitzner, A Statement on EFF's Open Platform Campaign as of Nov., 1993, 3 pages. .
"Serving the Community: A Public-Interest Vision of the National Information Infrastructure," Computer Professionals for Social Responsibility, Executive Summary, no date, Date needed. .
Steven Schlossstein, International Economy, "America: The G7's Comeback Kid," Jun./Jul. 1993. .
Lance Rose, "Cyberspace and the Legal Matrix: Laws or Confusion?," 1991. .
Yee, "Using Secure Copressors," CMU-CS-94-149, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA15212, Date needed. .
Tyger et al., "Dyad: A System for Using Physically Secure Coprocessors," School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213 (undated), Date needed. .
Tygar et al., "Dyad: A System for Using Physically Secure Coprocessors," School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213 (May 1991). .
Maxemchuk, "Electronic Document Distribution," AT&T Bell Laboratories, Murry Hill, New Jersey 07974, Date needed. .
Choudhury, et al., "Copyright Protection for Electronic Publishing over Computer Networks," AT&T Bell Laboratories, Murray Hill, New Jersey 07974 (Jun. 1994). .
Weingart, "Physical Security for the .mu.ABYSS System," IBM Thomas J. Watson Research Center, Yorktown Heights, New York 10598 (1987). .
White, "ABYSS: A Trusted Architecture for Software Protection," IBM Thomas J. Watson Research Center, Yorktown Heights, New York 10598 (1987). .
Neumann, et al., "A Provably Secure Operating System: The System, Its Applications, and Proofs," Computer Science Laboratory Report CSL-116, Second Edition, SRI International (May 1980). .
Caruso, "Technology, Digital Commerce 2 plans for watermakrs, which can bind proof of authorship to electronic works," New York Times (Aug. 1995). .
"Electronic Currency Requirements, XIWT (Cross Industry Working Group)," no date, Date needed. .
"NII, Architecture Requirements, XIWT," no date, Date needed. .
Arthur K. Reilly, Standards committee T1-Telecommunications, Input to the `International Telecommunications Hearings,` Panel 1: Component Technologies of the NII/GII, no date, Date needed. .
Dan Bart, Comments in the Matter of Public Hearing and Request for Comments on the International Aspects of the National Information Infrastructure, Aug. 12, 1994. .
"Open System Environment Architectural Framework for National Information Infrastructure Services and Standards, in Support of National Class Distributed Systems," Distributed System Engineering Program Sponsor Group, Draft 1.0, Aug. 5, 1994. .
"Cable Television and America's Telecommunications Infrastructure," National Cable Television Association, Apr. 1993. .
Adele Weder, "Life on the Infohighway," 4 pages, no date, Date needed. .
T. Valovic, Telecommunications, "The Role of Computer Networking in the Emerging Virtual Marketplace," pp. 40-44, Date needed. .
Dr. Joseph N. Pelton, Telecommunications, "Why Nicholas Negroponte is Wrong About the Future of Telecommunication," pp. 35-40, Jan. 1993. .
Nicholas Negroponte, Telecommunications, "Some Thoughts on Likely and expected Communications scenarios: A Rebuttal," pp. 41-42, Jan. 1993. .
Tom Stephenson, Advanced Imaging, "The Info Infrastructure Initiative: Data SuperHighways and You," pp. 73-74, May 1993. .
Steve Rosenthal, New Media, "Mega Channels," pp. 36-46, Sep. 1993. .
News Release, The White House, Office of the President, "Background on the Administration's Telecommunications Policy Reform Initiative," Jan. 11, 1994. .
Steve Rosenthal, New Media, "Interactive Network: Viewers Get Involved," pp. 30-31, Dec. 1992. .
Steve Rosenthal, New Media, "Interactive TV: The Gold Rush Is On," pp. 27-29, Dec. 1992. .
EFFector Online vol. 6 No. 6, "A Publication of the Electronic Frontier Foundation," 8 pages, Dec. 6, 1993. .
Mike Lanza, electronic mail, "George Gilder's Fifth Article--Digital Darkhorse--Newspapers," Feb. 21, 1994. .
Steven Levy, Wired, "E-Money, That's What I Want," 10 pages, Dec. 1994. .
Kevin Kelly, Whole Earth Review, "E-Money,"pp. 40-59, Summer 1993. .
Green paper, "Intellectual Property and the National Information Infrastructure, a Preliminary Draft of the Report of the Working Group on Intellectual Property Rights," Jul. 1994. .
Communications of the ACM, "Intelligent Agents," Jul. 1994, vol. 37, No. 7. .
"Encapsulation: An Approach to Operating System Security," Bisbey, II et al., Oct. 1973, pp. 666-675. .
"Encryption Methods in Data Networks," Blom et al., Ericsson Technics, No. 2, 1978, Stockholm, Sweden. .
First CII Honeywell Bull International Symposium on Computer Security and Confidentiality, Jan. 26-28, 1981, Conference Text, pp. 1-21. .
Codercard, Spec Sheet--Basic Coder Subsystem, No date given, Date needed. .
"Micro Card"--Micro Card Technologies, Inc., Dallas, Texas, No date given, Date needed. .
"A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques," Schaumueller-Bichl et al., No date given, Date needed. .
I "The New Alexandria" No. 1, Alexandria Institute, pp. 1-12, Jul.-Aug. 1986. .
Denning et al., "Data Security," 11 Computing Surveys No. 3, Sep. 1979. .
Kent, "Protecting Externally Supplied Software In Small Computers" (MIT/LCS/TR-255 Sep. 1980). .
Proceedings of the IEEE, vol. 67, No. 3, Mar. 1979, "Privacy and Authentication: An Introduction to Cryptography," Whitfield Diffie and Martin E. Hellman, pp. 397-427. .
Digest of Papers, VLSI: New Architectural Horizons, Feb. 1980, "Preventing Software Piracy With Crypto-Microprocessors," Robert M. Best, pp. 466-469. .
IEEE Transactions on Information Theory, vol. 22, No. 6, Nov. 1976, "New Directions in Cryptography," Whitfield Diffie and Martin E. Hellman, pp. 644-651. .
Low, et al., "Anonymous Credit Cards," AT&T Bell Laboratories, Proceedings of the 2nd ACM Conference on Computer and Communication Security, Fairfax, Virgina, Nov. 2-4, 1994. .
Tygar et al., "Cryptography: It's Not Just For Electronic Mail Anymore," CMU-CS-93-107, School of Computer Science Carnegie Mellon University, Pittsburgh, Pennsylvania, Mar. 1, 1993. .
Smith, et al., "Signed Vector Timestamps: A Secure Protocol for Partial Order Time," CMU-93-116, School of Computer Science Carnegie Mellon University, Pittsburgh, Pennsylvania, Oct. 1991; version of Feb. 1993. .
Kristol et al., "Anonymous Internet Mercantile Protocol," AT&T Bell Laboratories, Murray Hill, New Jersey, Draft: Mar. 17, 1994. .
Low et al., "Document Marking and Identification using both Line and Word Shifting," AT&T Bell Laboratories, Murray Hill, New Jersey, Jul. 29, 1994. .
Low et al., "Anonymous Credit Cards and its Collusion Analysis," AT&T Bell Laboratories, Murray Hill, New Jersey, Oct. 10, 1994. .
"Applications Requirements for Innovative Video Programming; How to Foster (or Cripple) Program Development Opportunities for Interactive Video Programs Delivered on Optical Media; A Challenge for the Introduction of DVD (Digital Video Disc)" (Oct. 19-20, 1995, Sheraton Universal Hotel, Universal City CA). .
Bruner, Rick E., "PowerAgent, NetBot help advertisers reach Internet shoppers," Aug. 1997 (Document from Internet). .
CD ROM, "Introducing . . . The Workflow CD-ROM Sampler," Creative Networks, MCIMail: Creative Networks, Inc., Palo Alto, California. .
Clark, Tim, "Ad service gives cash back," www.news.com, Aug. 4, 1997, 2 pages (Document from Internet). .
Dempsey, et al., D-Lib Magazine, Jul./Aug. 1996 "The Warwick Metadata Workshop: A Framework for the Deployent of Resource Description," Jul. 15, 1966. .
Firefly Network, Inc., www.ffly.com, "What is Firefly?" Firefly revision: 41.4 Copyright 1995, 1996. .
Harman, Harry H., Modern Factor Analysis, Third Edition Revised, University of Chicago Press Chicago and London, Third revision published 1976. .
Herzbert, Amir et al., "Public Protection of Software," ACM Transactions on Computer Systems, vol. 5, No. 4, Nov. 1987, pp. 371-393. .
Holt, Stannie, "Start-up promises user confidentiality in Web marketing service," Info World Electric, Aug. 13, 1997 (Document from Internet). .
Jiang, et al., "A concept-Based Approach to Retrieval from an Electronic Industrialn Directory," International Journal of Electronic Commerce, vol. 1, No. 1, Fall 1996, pp. 51-72. .
Jones, Debra, "Top Tech Stories, PowerAgent Introducts First Internet `Infomediary` to Empower and Protect Consumers," Aug. 13, 1997 3 pages (Document from Internet). .
Lagoze, Carl, D-Lib Magazine, Jul./Aug. 1996, "The Warwick Framework, A Container Architecture for Diverse Sets of Metadata,". .
Maclachlan, Malcolm, "PowerAgent Debuts Spam-Free Marketing," TechWire, Aug. 13, 1997, 3 pages (Document from Internet). .
Mossberg, Walter S., "Personal Technology, Threats to Privacy On-Line Become More Worrisome," Wall Street Journal, Oct. 24, 1996. .
Negroponte, "Electronic Word of Mouth," Wired Oct. 1996, p. 218. .
PowerAgent Inc., "Power Use of Consumer Information on the Internet White Paper," Jun. 1997, Document from Internet, 9 pages (Document from Internet). .
PowerAgent Press Releases, "What the Experts are Reporting on PowerAgent," Aug. 13, 1997, 6 pages (Document from Internet). .
PowerAgent Press Releases, "What the Experts are Reporting on PowerAgent," Aug. 4, 1997, 5 pages (Document from Internet). .
PowerAgent Press Releases, "What the Experts are Reporting on PowerAgent," Aug. 13, 1997, 3 pages (Document from Internet). .
Resnick, et al., "Recommender Systems," Communications of the ACM, vol. 40, No. 3, Mar. 1997,pp. 54-89. .
Rothstein, Edward, The New York Times, "Technology, Connections, Making th eInternet come to you, through `push` technology.". pp D5, Jan. 20, 1997. .
Rutkowski, Ken, PowerAgent Introduces First Internet `Infomediary` to Empower and Protect Consumers, Tech Talk News Story, Aug. 4, 1997 (Document from Internet). .
Sager, Ira (Edited by), "Bits & Bytes", Business Week, Sep. 23, 1996, p. 142E. .
Schurmann, Jurgen, Pattern Classification, A Unified View of Statistical and Neural Approaches, John Wiley & Sons, Inc., 1996. .
Special Report, "The Internet:Fulfilling the Promise" "The Internet: Bring Order From Chaos"; Lynch, Clifford, "Search the Internet"; Resnick, Paul, "Filtering Information on the Internet"; Hearst, Marti A., "Interfaces for Searching the Web"; Stefik, Mark, "Trusted Systems"; Scientific American, Mar. 1997, pp. 49-56, 62-64, 68-72, 78-81. .
Stefik, Mark, Introduction to Knowledge Systems, Chapter 7, "Classification," pp. 543-607, 1995 by Morgan Kaufmann Publishers, Inc. .
Voight, Joan, "Beyond the Banner," Wired, Dec. 1996, pp. 196, 200, 204. .
Vonder Haar, Steven, "PowerAgent Launches Commercial Service," Inter@ctive Week, Aug. 4, 1997 (Document from Internet). .
Shear, "Solutions for CD-ROM Pricing and Data Security Problems", pp. 530-533, CD ROM Yearbook 1988-1989 (Microsoft Press 1988 or 1989). .
Press Release, "National Semiconductor and EPR Partner For Information Metering/Data Security Cards" (Mar. 4, 1994). .
"Electronic Publishing Resources Inc. Protecting Electronically Published Properties Increasing Publishing Profits" (Electronic Publishing Resources 1991). .
"The Benefits of ROI For Database Protection and Usage Based Billing" (Personal Library Software, 1987 or 1988). .
DiscStore (Electronic Publishing Resources 1991). .
ROI (Personal Library Software, 1987 or 1988). .
ROI-Solving Critical Electronic Publishing Problems (Personal Library Software, 1987 or 1988). .
Collection of documents including "Protecting Electronically Published Properties, Increasing Publishing Profits," (25 pages), Electronic Publishing Resources Inc., Jan. 1993. .
Weber, "Metering Technologies for Digital Intellectual Property, A Report to the International Federation of Reproduction Rights Organisations," pp. 1-29; Oct. 1994 Boston, MA, USA. .
World Wide Web FAO, "How can I put an access counter on my home page?," 1 page (1996). .
Document from Internet, cgi@ncsa.uiuc.edu, "CGI Common Gateway Interface," 1 page (1996). .
Document from Internet, java@java.sun.com, "JAVA Soft, Frequently Asked Questions--Applet Security," 8 pages (Jun. 7, 1996). .
Document from Internet, "HotJava(tm): The Security Story," 4 pages (undated). .
Document from Internet, "Low Level Security in Java," Frank Yellin, 8 pages (Sun Microsystems 1996). .
Document from Internet, "Digital Rights Management Technologies," Robert Weber, 21 pages (Oct. 1995). .
Weber, Robert, "Digital Rights Management Technologies, A Report to the International Federation of Reproduction Rights Organisations," Northeast Consulting Resources, Inc., 49 pages (Oct. 1995). .
Document from Internet, "Softic Symposium '95, Copyright Clearances and Moral Rights," Fred Greguras, 3 pages (Dec. 11, 1995). .
"Invoice? What's an Invoice?"; Business Week (Jun. 10, 1996). .
Communications of the ACM, vol. 39, No. 6 (Jun. 1996). .
Templar Overview, 4 pages (undated, Premenos). .
Document from Internet, "A Supplement to Midrange Systems, Premenos Corp. What Papter: The Future of Electronic Commerce," 4 pages (Premenos, after Aug. 1995). .
Document from Internet, info@templar.net, "Templar Software and Services, Secure, Reliable, Standards-Based EDI Over the Internet," 1 page (Premenos, undated). .
Document from Internet, "Premenos Announces Templar 2.0--Next Generation Software for Secure Internet EDI," 1 page (Feb. 17, 1996). .
Document from Internet, "News from The Document Company Xerox, Xerox Announces Software Kit For Creating `Working Documents` with Dataglyphs" 13 pages (Nov. 6, 1995). .
Document from Internet, info@surety.com, "About the Digital Notary Service," 1994-5, 6 pages (Surety Technologies 1995). .
Document from Internet, Barassi, Theodore Sedgwick, "The Cybernotary: Public Key Registration and Certification and Authentication of International Legal Transactions," 4 pages (undated). .
AT&T Technology, vol. 9, No. 4, "New Products, Systems and Services," pp. 16-19 (undated). .
Document from Internet, News Release, "AT&T encryption system protects information services," 1 page (Jan. 9, 1995). .
Document from Internet, News Release, "AT&T, VLSI Technology join to improve info highway security," 3 pages (Jan. 31, 1995). .
Document form Internet, "Steganography Info and Archive," 2 pages (Eric Milbrandt 1996). .
Document from Internet, "WEPIN Store, Steganography (Hidden Writing)," 1 page (Commun Law 1995). .
Document from Internet, marit@schulung.netuse.de, "Sag's durch die Blume," 5 pages (German, undated)..~
Primary Examiner:
Barron, Jr.; Gilberto
Attorney, Agent or Firm:
Nixon & Vanderhye P.C.
Parent Case Text
This is a continuation of application Ser. No. 08/388,107, filed Feb. 13, 1995, now abandoned.
Claims
We claim:
1. A method for using at least one resource processed in a secure operating environment at a first appliance, said method comprising:
securely receiving a first entity's control at said first appliance, said first entity being located remotely from said operating environment and said first appliance;
securely receiving a second entity's control at said first appliance, said second entity being located remotely from said operating environment and said first appliance, said second entity being different from said first entity; and
securely processing a data item at said first appliance, using at least one resource, including securely applying, at said first appliance through use of said at least one resource said first entity's control and said second entity's control to govern use of said data item.
2. A method for securely managing at least one operation on a data item performed at least in part by an electronic arrangement disposed at a first site, said method comprising:
(a) securely delivering a first procedure to said electronic arrangement at said first site from a second site different from said first site;
(b) securely delivering, to said electronic arrangement at said first site from a third site different from said first and second sites, a second procedure separable or separate from said first procedure; and
(c) performing, at least in part with said electronic arrangement at said first site, at least one operation on said data item, including using said first and second procedures in combination to at least in part securely manage said operation.
3. A method as in claim 2 including performing said delivering step (b) at a time different from the time said delivering step (a) is performed.
4. A method as in claim 2 wherein said step (a) includes delivering said first procedure from a first source, and said step (b) includes delivering said second procedure from a second source different from said first source.
5. A method as in claim 2 further including ensuring the integrity of said first and second procedures.
6. A method as in claim 2 further including validating each of said first and second procedures.
7. A method as in claim 2 further including authenticating each of said first and second procedures.
8. A method as in claim 2 wherein said using step (c) includes executing at least one of said first and second procedures within a tamper-resistant environment.
9. A method as in claim 2 wherein said step (c) includes the step of controlling said data item with at least one of said first and second procedures.
10. A method as in claim 2 further including establishing a relationship between at least one of said first and second procedures and said data item.
11. A method as in claim 2 further including establishing correspondence between said data item and at least one of said first and second procedures.
12. A method as in claim 2 wherein said delivering step (b) comprises delivering at least one load module encrypted at least in part.
13. A method as in claim 12 wherein said delivering step (a) comprises delivering at least one further load module encrypted at least in part.
14. A method as in claim 2 wherein said delivering step (b) comprises delivering at least one content container carrying at least in part encrypted control information.
15. A method as in claim 2 wherein said delivering step (b) comprises delivering a control method and at least one further method.
16. A method as in claim 2 wherein said delivering step (a) includes:
encrypting at least a portion of said first procedure,
communicating said at least in part encrypted first procedure to said electronic arrangement,
decrypting at least a portion of said first procedure at least in part using said electronic arrangement, and
validating said first procedure with said electronic arrangement.
17. A method as in claim 2 wherein said delivering step (b) includes delivering at least one of said first and second procedures within an administrative object.
18. A method as in claim 2 wherein said delivering step (b) includes codelivering said second procedure in at least in part encrypted form with said data item.
19. A method as in claim 2 wherein said performing step includes metering usage.
20. A method as in claim 2 wherein said performing step includes auditing usage.
21. A method as in claim 2 wherein said performing step includes budgeting usage.
22. A method of securely controlling use by a third party of at least one protected operation with respect to a data item comprising:
(a) supplying at least a first control from a first party to said third party;
(b) supplying, to said third party, at least a second control from a second party different from said first party;
(c) securely combining. at said third party's location, said first and second controls to form a control arrangement;
(d) securely requiring use of said control arrangement in order to perform at least one protected operation using said data item; and
(e) securely performing said at least one protected operation on behalf of said third party with respect to said data item by at least in part employing said control arrangement.
23. A method as in claim 22 wherein said data item is protected.
24. A method as in claim 22 wherein at least one of said plural controls includes a control relating to metering at least one aspect of use of said protected data item.
25. A method as in claim 22 wherein at least one of said plural controls include a control relating to budgeting at least one aspect of use of said protected data item.
26. A secure method for combining data items into a composite data item comprising:
(a) securely providing, from a first location to a second location, a first data item having at least a first control associated therewith;
(b) securely providing, from a third location to said second location, a second data item having at least a second control associated therewith;
(c) forming, at said second location, a composite of said first and second data items;
(d) securely combining. at said second location, said first and second controls to form a control arrangement; and
(e) performing at least one operation on said composite of said first and second data items based at least in part on said control arrangement.
27. A method as in claim 26 wherein said combining step includes preserving each of said first and second controls in said composite set.
28. A method as in claim 26 wherein said performing step comprises governing the operation on said composite of said first and second data items in accordance with said first control and said second control.
29. A method as in claim 26 wherein said providing step includes ensuring the integrity of said association between said first controls and said first data item is maintained during at least one of transmission, storage and processing of said first data item.
30. A method as in claim 26 wherein said providing step comprises delivering said first data item separately from said first control.
31. A method as in claim 26 wherein said providing step comprises codelivering said first data item and said first control.
32. A secure method for controlling a protected operation comprising:
(a) securely delivering at least a first control and a second control representing rights of first and second entities, respectively, to an electronic appliance used by a third entity; and
(b) controlling at least one protected operation at least in part in response to a request by said third entity based at least in part on a combination of said first and second controls, including at least one of the following steps:
resolving at least one conflict between said first and second controls based on a predefined order;
providing an interaction with said third entity to form said combination; and
dynamically negotiating between said first and second controls.
33. A method as in claim 32 wherein said controlling step (b) includes controlling decryption of electronic content.
34. A method as in claim 32 further including:
receiving protected electronic content from a party; and
authenticating the identity of said party prior to using said received protected electronic content.
35. A method for using at least one resource processed by a secure operating environment, said method comprising:
securely receiving a first load module provided by a first entity external to said operating environment;
securely receiving a second load module provided by a second entity external to said operating environment, said second entity being different from said first entity; and
securely processing, using at least one resource, a data item associated with said first and second load modules, including securely applying said first and second load modules to manage use of said data item.
36. A secure operating environment system for managing at least one resource comprising:
a communications arrangement that securely receives a first control of a first entity external to said operating environment, and securely receives a second control of a second entity external to said operating environment, said second entity being different from said first entity; and
a protected processing environment, operatively connected to said communications arrangement, that:
(a) securely processes, using at least one resource, a data item logically associated with said first and second controls, and
(b) securely applies said first and second controls to manage said resource for controlling use of said data item.
37. A method as in claim 1 further including securely and persistently associating at least one of said first entity's control and said second entity's control with said data item.
38. A method as in claim 2 further including securely and persistently associating at least one of said first and second procedures with said data item.
39. A method as in claim 22 further including securely and persistently associating at least one of: (a) said first control, (b) said second control, and (c) said control arrangement, with said data item.
40. A method as in claim 26 further including the step of securely ensuring that at least one of (a) said first control, (b) said second control, and (c) said control arrangement, is persistently associated with at least one of said first and second data items.
41. A method as in claim 32 further including the step of persistently and securely associating at least one of said first and second controls with said protected operation.
42. A method as in claim 35 further including the step of persistently and securely associating at least one of said first and second load modules with said data item.
43. A system as in claim 36 wherein said protected processing environment securely and persistently associates at least one of said first and second controls with said data item.
44. A method as in claim 1 further including the step of allowing a user to select between said first entity's control and said second entity's control.
45. A method as in claim 22 further including the step of allowing a user to select between said first procedure and said second procedure.
46. A method as in claim 22 further including the step of allowing a user to select between said first control and said second control.
47. A method as in claim 26 further including the step of allowing a user to select between said first control and said second control.
48. A method as in claim 32 further including the step of allowing a user to select between said first control and said second control.
49. A method as in claim 35 further including the step of allowing a user to select between said first load module and said second load module.
50. A system as in claim 36 wherein said protected processing environment allows said user to select between said first control and said second control.
51. A method as in claim 1 wherein at least said secure processing step is performed at an end user electronic appliance.
52. A method as in claim 2 wherein at least said performing step is performed at an end user electronic appliance.
53. A method as in claim 22 wherein at least two of the recited steps are performed at an end user electronic appliance.
54. A method as in claim 26 wherein at least one of steps (c), (d) and (e) is performed at an end user electronic appliance.
55. A method as in claim 32 wherein step (b) is performed at an end user electronic appliance.
56. A method as in claim 35 wherein at least two of the recited steps are performed at an end user electronic appliance.
57. A system as in claim 36 wherein said protected processing environment is part of an end user electronic appliance.
58. A method as in claim 1 wherein the step of securely receiving a first entity's control comprises securely receiving said first entity's control from a remote location over a telecommunications link, and the step of securely receiving said second entity's control comprises securely receiving said second entity's control from the same or different remote location over the same or different telecommunications link.
59. A method as in claim 2 wherein step (a) comprises securely delivering said first procedure from a remote location over a telecommunications link, and step (b) comprises securely delivering said second procedure from the same or different remote location over the same or different telecommunications link.
60. A method as in claim 22 wherein step (a) comprises supplying said first control from at least one remote location over a telecommunications link, and step (b) comprises supplying said second control from the same or different remote location over the same or different telecommunications link.
61. A method as in claim 26 wherein step (a) comprises providing said first data item from at least one remote location over a telecommunications link, and step (b) comprises providing said second data item from the same or different remote location over the same or different telecommunications link.
62. A method as in claim 32 wherein step (a) comprises securely delivering said first and second controls from at least one remote location over at least one telecommunications link.
63. A method as in claim 35 wherein said first load module receiving step comprises securely receiving said first load module from at least one remote location over at least one telecommunications link, and said second load module receiving step comprises securely receiving said second load module from the same or different remote location over the same or different telecommunications link.
64. A system as in claim 36 wherein said communications arrangement receives said first and second controls from at least one remote location over at least one telecommunications link.
65. A method as in claim 1 wherein the processing step includes processing said first and second controls within the same secure processing environment.
66. A method as in claim 2 wherein step (c) includes executing said first and second procedures within the same secure processing environment.
67. A method as in claim 22 wherein at least step (c) is performed within the same secure processing environment at said third party's location.
68. A method as in claim 26 wherein step (d) is performed within the same secure processing environment at said second location.
69. A method as in claim 32 wherein step (a) comprises securely delivering said first and second controls into said same secure processing environment used by or on behalf of said third entity.
70. A method as in claim 35 wherein said securely processing step comprises securely executing said first and second load modules within the same secure processing environment.
71. A method as in claim 1 further including the step of securely combining said first entity's control and said second entity's control to provide a combined control arrangement.
72. A method as in claim 2 further including combining said first and second procedures to provide a combined procedure.
73. A method as in claim 32 further including securely combining said first and second controls to provide a combined control arrangement.
74. A method as in claim 35 further including securely combining said first and second load modules to provide a combined executable.
75. A system as in claim 36 wherein said protected processing environment combines said first and second controls to provide a combined control arrangement.
76. A method as in claim 1 wherein said two securely receiving steps are independently performed at different times.
77. A method as in claim 3 wherein steps (a) and (b) are independently performed.
78. A method as in claim 22 wherein steps (a) and (b) are performed at different times.
79. A method as in claim 26 wherein steps (a) and (b) are performed at different times.
80. A method as in claim 32 wherein step (a) includes securely and independently delivering said first and second controls at different times.
81. A method as in claim 35 wherein said securely receiving steps are performed independently at different times.
82. A system as in claim 36 wherein said communications arrangement independently receives said first and second controls at different times.
83. A method as in claim 2 further including the step (d) of securely conditioning at least one aspect of use of said data item based on said delivering steps (a) and (b) having occurred.
84. A method as in claim 1 wherein at least one of the first entity's control and the second entity's control comprises at least one executable component and at least one data component.
85. A method as in claim 22 wherein at least one of the first and second controls comprises at least one executable component and at least one data component.
86. A method as in claim 26 wherein at least one of the first and second controls comprises at least one executable component and at least one data component.
87. A method as in claim 32 wherein at least one of the first and second controls comprises at least one executable component and at least one data component.
88. A system as in claim 36 wherein at least one of the first control and second controls comprises at least one executable component and at least one data component, and the protected processing environment executes the executable component in a manner that is at least in part responsive to the data component.
89. A method as in claim 1 wherein said first appliance includes a protected processing environment, and wherein:
said method further comprises a step of receiving, at said first appliance, said data item separately and at a different time from said receiving said first entity's control; and
said securely processing step is performed at least in part in said protected processing environment.
90. A method as in claim 2 wherein:
said method further comprises a step of delivering said data item to said electronic arrangement separately and at a different time from said delivering said first procedure; and
said performing step is performed at least in part in a protected processing environment.
91. A method as in claim 22 wherein:
said method further comprises supplying said data item to said third party separately and at a different time from supplying of said first control to said third party; and
said securely performing step comprises performing said protected operation at least in part in a protected processing environment.
92. A method as in claim 26 wherein:
said method further includes the steps of:
providing said first data item separately and at a different time from providing of said first control, and
providing said second data item separately and at a different time from providing of said second control; and
step (e) comprises performing said operation at least in part in a protected processing environment.
93. A method as in claim 32 wherein:
said method further comprises delivering a data item to said electronic appliance;
said securely delivering step (a) further comprises delivering at least one of said first control and said second control separately and at a different time from delivering said data item; and
said method further includes performing said protected operation at least in part in a protected processing environment.
94. A method as in claim 35 wherein said secure operating environment includes a protected processing environment, and wherein:
said method further comprises receiving a data item within said secure operating environment;
said first load module receiving step is performed separately and at a time different from receiving said data item; and
said securely processing step is performed at least in part in said protected processing environment.
95. A secure operating environment system as in claim 36 wherein said communications arrangement also receives a data item separately and at a different time from at least one of said first control and said second control.
96. A method as in claim 1 wherein said first appliance is at least a part of an arrangement at a user site providing an input/output bus connecting a first electronic subsystem with at least a second electronic subsystem, said first electronic subsystem including a first electrical connector connected to said input/output bus, said second electronic subsystem including a second electrical connector connected to said input/output bus, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus and transferring at least a portion of said data item over said secure transmission channel from said first electronic to said second electronic subsystem through said first and second connectors and said input/output bus.
97. A method as in claim 2 wherein said electronic arrangement is disposed at a user site and provides an input/output bus connecting a first electronic appliance with at least a second electronic appliance, said first electronic appliance including a first electrical connector connected to said input/output bus, said second electronic appliance including a further electrical connector connected to said input/output bus, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus and transferring at least a portion of said data item over said secure transmission channel from said first electronic appliance to said second electronic appliance through said first and second connectors and said input/output bus.
98. A method as in claim 22 wherein an input/output bus at said third party's location connects a first electronic appliance with at least a second electronic appliance, said first electronic appliance including a first electrical connector connected to said input/output bus, said second electronic appliance including a second electrical connector connected to said input/output bus, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus and transferring at least a portion of said data item over said secure transmission channel from first electronic appliance to said second electronic appliance through said first and second connectors and said input/output bus.
99. A method as in claim 26 wherein an input/output bus at said second location connects a first electronic appliance with at least a second electronic appliance, said first electronic appliance including a first electrical connector connected to said input/output bus, said second electronic appliance including a second electrical connector connected to said input/output bus, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus and transferring at least a portion of at least one of said first data item and said second data item over said secure transmission channel from first electronic appliance to said second electronic appliance through said first and second connectors and said input/output bus.
100. A method as in claim 32 wherein said electronic appliance includes a first electronic subsystem having a first electrical connector, a second electronic subsystem having a second electronic connector, and an input/output bus connecting said first electronic subsystem with said second electronic subsystem, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus and transferring at least a portion of at least one data item over said secure transmission channel from first electronic subsystem to said second electronic subsystem through said first and second connectors and said input/output bus.
101. A method as in claim 35 wherein said secure operating environment is contained within an arrangement at a user site further comprising an input/output bus connecting a first electronic appliance with at least a second electronic appliance, said first electronic appliance including a first electrical connector connected to said input/output bus, said second electronic appliance including a second electrical connector connected to said input/output bus, and wherein:
said method further comprises establishing a secure transmission channel on said input/output bus, and transferring at least a portion of said data item over said secure transmission channel from said first electronic appliance to said second electronic appliance through said first and second connectors and said input/output bus.
102. A secure operating environment system as in claim 36 wherein the secure operating environment is located at a user site and wherein:
said system further comprises:
a first electronic appliance including a first electrical connector,
a second electronic appliance including a second electrical connector, and
an input/output bus connecting said first electrical connector with said second electrical connector; and
wherein said communications arrangement is coupled to said input/output bus, opens a secure transmission channel on said input/output bus, and transfers at least a portion of said data item over said secure transmission channel through said first and second electrical connectors and said input/output bus.
Description
FIELD(S) OF THE INVENTION(S)
This invention generally relates to computer and/or electronic security.
More particularly, this invention relates to systems and techniques for secure transaction management. This invention also relates to computer-based and other electronic appliance-based technologies that help to ensure that information is accessed and/or otherwise used only in authorized ways, and maintains the integrity, availability, and/or confidentiality of such information and processes related to such use.
The invention also relates to systems and methods for protecting rights of various participants in electronic commerce and other electronic or electronically-facilitated transactions.
The invention also relates to secure chains of handling and control for both information content and information employed to regulate the use of such content and consequences of such use. It also relates to systems and techniques that manage, including meter and/or limit and/or otherwise monitor use of electronically stored and/or disseminated information. The invention particularly relates to transactions, conduct and arrangements that make use of, including consequences of use of, such systems and/or techniques.
The invention also relates to distributed and other operating systems, environments and architectures. It also generally relates to secure architectures, including, for example, tamper-resistant hardware-based processors, that can be used to establish security at each node of a distributed system.
BACKGROUND AND SUMMARY OF THE INVENTION(S)
Telecommunications, financial transactions, government processes, business operations, entertainment, and personal business productivity all now depend on electronic appliances. Millions of these electronic appliances have been electronically connected together. These interconnected electronic appliances comprise what is increasingly called the "information highway." Many businesses, academicians, and government leaders are concerned about how to protect the rights of citizens and organizations who use this information (also "electronic" or "digital") highway.
Electronic Content
Today, virtually anything that can be represented by words, numbers, graphics, or system of commands and instructions can be formatted into electronic digital information. Television, cable, satellite transmissions, and on-line services transmitted over telephone lines, compete to distribute digital information and entertainment to homes and businesses. The owners and marketers of this content include software developers, motion picture and recording companies, publishers of books, magazines, and newspapers, and information database providers. The popularization of on-line services has also enabled the individual personal computer user to participate as a content provider. It is estimated that the worldwide market for electronic information in 1992 was approximately $40 billion and is expected to grow to $200 billion by 1997, according to Microsoft Corporation. The present invention can materially enhance the revenue of content providers, lower the distribution costs and the costs for content, better support advertising and usage information gathering, and better satisfy the needs of electronic information users. These improvements can lead to a significant increase in the amount and variety of electronic information and the methods by which such information is distributed.
The inability of conventional products to be shaped to the needs of electronic information providers and users is sharply in contrast to the present invention. Despite the attention devoted by a cross-section of America's largest telecommunications, computer, entertainment and information provider companies to some of the problems addressed by the present invention, only the present invention provides commercially secure, effective solutions for configurable, general purpose electronic commerce transaction/distribution control systems.
Controlling Electronic Content
The present invention provides a new kind of "virtual distribution environment" (called "VDE" in this document) that secures, administers, and audits electronic information use. VDE also features fundamentally important capabilities for managing content that travels "across" the "information highway." These capabilities comprise a rights protection solution that serves all electronic community members. These members include content creators and distributors, financial service providers, end-users, and others. VDE is the first general purpose, configurable, transaction control/rights protection solution for users of computers, other electronic appliances, networks, and the information highway.
A fundamental problem for electronic content providers is extending their ability to control the use of proprietary information. Content providers often need to limit use to authorized activities and amounts. Participants in a business model involving, for example, provision of movies and advertising on optical discs may include actors, directors, script and other writers, musicians, studios, publishers, distributors, retailers, advertisers, credit card services, and content end-users. These participants need the ability to embody their range of agreements and requirements, including use limitations, into an "extended" agreement comprising an overall electronic business model. This extended agreement is represented by electronic content control information that can automatically enforce agreed upon rights and obligations. Under VDE, such an extended agreement may comprise an electronic contract involving all business model participants. Such an agreement may alternatively, or in addition, be made up of electronic agreements between subsets of the business model participants. Through the use of VDE, electronic commerce can function in the same way as traditional commerce-that is commercial relationships regarding products and services can be shaped through the negotiation of one or more agreements between a variety of parties.
Commercial content providers are concerned with ensuring proper compensation for the use of their electronic information. Electronic digital information, for example a CD recording, can today be copied relatively easily and inexpensively. Similarly, unauthorized copying and use of software programs deprives rightful owners of billions of dollars in annual revenue according to the International Intellectual Property Alliance. Content providers and distributors have devised a number of limited function rights protection mechanisms to protect their rights. Authorization passwords and protocols, license servers, "lock/unlock" distribution methods, and non-electronic contractual limitations imposed on users of shrink-wrapped software are a few of the more prevalent content protection schemes. In a commercial context, these efforts are inefficient and limited solutions.
Providers of "electronic currency" have also created protections for their type of content. These systems are not sufficiently adaptable, efficient, nor flexible enough to support the generalized use of electronic currency. Furthermore, they do not provide sophisticated auditing and control configuration capabilities. This means that current electronic currency tools lack the sophistication needed for many real-world financial business models. VDE provides means for anonymous currency and for "conditionally" anonymous currency, wherein currency related activities remain anonymous except under special circumstances.
VDE Control Capabilities
VDE allows the owners and distributors of electronic digital information to reliably bill for, and securely control, audit, and budget the use of, electronic information. It can reliably detect and monitor the use of commercial information products. VDE uses a wide variety of different electronic information delivery means: including, for example, digital networks, digital broadcast, and physical storage media such as optical and magnetic disks. VDE can be used by major network providers, hardware manufacturers, owners of electronic information, providers of such information, and clearinghouses that gather usage information regarding, and bill for the use of, electronic information.
VDE provides comprehensive and configurable transaction management, metering and monitoring technology. It can change how electronic information products are protected, marketed, packaged, and distributed. When used, VDE should result in higher revenues for information providers and greater user satisfaction and value. Use of VDE will normally result in lower usage costs, decreased transaction costs, more efficient access to electronic information, re-usability of rights protection and other transaction management implementations, greatly improved flexibility in the use of secured information, and greater standardization of tools and processes for electronic transaction management. VDE can be used to create an adaptable environment that fulfills the needs of electronic information owners, distributors, and users; financial clearinghouses; and usage information analyzers and resellers.
Rights and Control Information
In general, the present invention can be used to protect the rights of parties who have:
(a) proprietary or confidentiality interests in electronic information. It can, for example, help ensure that information is used only in authorized ways;
(b) financial interests resulting from the use of electronically distributed information. It can help ensure that content providers will be paid for use of distributed information; and
(c) interests in electronic credit and electronic currency storage, communication, and/or use including electronic cash, banking, and purchasing.
Protecting the rights of electronic community members involves a broad range of technologies. VDE combines these technologies in a way that creates a "distributed" electronic rights protection "environment." This environment secures and protects transactions and other processes important for rights protection. VDE, for example, provides the ability to prevent, or impede, interference with and/or observation of, important rights related transactions and processes. VDE, in its preferred embodiment, uses special purpose tamper resistant Secure Processing Units (SPUs) to help provide a high level of security for VDE processes and information storage and communication.
The rights protection problems solved by the present invention are electronic versions of basic societal issues. These issues include protecting property rights, protecting privacy rights, properly compensating people and organizations for their work and risk, protecting money and credit, and generally protecting the security of information. VDE employs a system that uses a common set of processes to manage rights issues in an efficient, trusted, and cost-effective way.
VDE can be used to protect the rights of parties who create electronic content such as, for example: records, games, movies, newspapers, electronic books and reference materials, personal electronic mail, and confidential records and communications. The invention can also be used to protect the rights of parties who provide electronic products, such as publishers and distributors; the rights of parties who provide electronic credit and currency to pay for use of products, for example, credit clearinghouses and banks; the rights to privacy of parties who use electronic content (such as consumers, business people, governments); and the privacy rights of parties described by electronic information, such as privacy rights related to information contained in a medical record, tax record, or personnel record.
In general, the present invention can protect the rights of parties who have:
(a) commercial interests in electronically distributed information--the present invention can help ensure, for example, that parties, will be paid for use of distributed information in a manner consistent with their agreement;
(b) proprietary and/or confidentiality interests in electronic information--the present invention can, for example, help ensure that data is used only in authorized ways;
(c) interests in electronic credit and electronic currency storage, communication, and/or use--this can include electronic cash, banking, and purchasing; and
(d) interests in electronic information derived, at least in part, from use of other electronic information.
VDE Functional Properties
VDE is a cost-effective and efficient rights protection solution that provides a unified, consistent system for securing and managing transaction processing. VDE can:
(a) audit and analyze the use of content,
(b) ensure that content is used only in authorized ways, and
(c) allow information regarding content usage to be used only in ways approved by content users.
In addition, VDE:
(a) is very configurable, modifiable, and re-usable;
(b) supports a wide range of useful capabilities that may be combined in different ways to accommodate most potential applications;
(c) operates on a wide variety of electronic appliances ranging from hand-held inexpensive devices to large mainframe computers;
(d) is able to ensure the various rights of a number of different parties, and a number of different rights protection schemes, simultaneously;
(e) is able to preserve the rights of parties through a series of transactions that may occur at different times and different locations;
(f) is able to flexibly accommodate different ways of securely delivering information and reporting usage; and
(g) provides for electronic analogues to "real" money and credit, including anonymous electronic cash, to pay for products and services and to support personal (including home) banking and other financial activities.
VDE economically and efficiently fulfills the rights protection needs of electronic community members. Users of VDE will not require additional rights protection systems for different information highway products and rights problems--nor will they be required to install and learn a new system for each new information highway application.
VDE provides a unified solution that allows all content creators, providers, and users to employ the same electronic rights protection solution. Under authorized circumstances, the participants can freely exchange content and associated content control sets. This means that a user of VDE may, if allowed, use the same electronic system to work with different kinds of content having different sets of content control information. The content and control information supplied by one group can be used by people who normally use content and control information supplied by a different group. VDE can allow content to be exchanged "universally" and users of an implementation of the present invention can interact electronically without fear of incompatibilities in content control, violation of rights, or the need to get, install, or learn a new content control system.
The VDE securely administers transactions that specify protection of rights. It can protect electronic rights including, for example:
(a) the property rights of authors of electronic content,
(b) the commercial rights of distributors of content,
(c) the rights of any parties who facilitated the distribution of content,
(d) the privacy rights of users of content,
(e) the privacy rights of parties portrayed by stored and/or distributed content, and
(f) any other rights regarding enforcement of electronic agreements.
VDE can enable a very broad variety of electronically enforced commercial and societal agreements. These agreements can include electronically implemented contracts, licenses, laws, regulations, and tax collection.
Contrast With Traditional Solutions
Traditional content control mechanisms often require users to purchase more electronic information than the user needs or desires. For example, infrequent users of shrink-wrapped software are required to purchase a program at the same price as frequent users, even though they may receive much less value from their less frequent use. Traditional systems do not scale cost according to the extent or character of usage and traditional systems can not attract potential customers who find that a fixed price is too high. Systems using traditional mechanisms are also not normally particularly secure. For example, shrink-wrapping does not prevent the constant illegal pirating of software once removed from either its physical or electronic package.
Traditional electronic information rights protection systems are often inflexible and inefficient and may cause a content provider to choose costly distribution channels that increase a product's price. In general these mechanisms restrict product pricing, configuration, and marketing flexibility. These compromises are the result of techniques for controlling information which cannot accommodate both different content models and content models which reflect the many, varied requirements, such as content delivery strategies, of the model participants. This can limit a provider's ability to deliver sufficient overall value to justify a given product's cost in the eyes of many potential users. VDE allows content providers and distributors to create applications and distribution networks that reflect content providers' and users' preferred business models. It offers users a uniquely cost effective and feature rich system that supports the ways providers want to distribute information and the ways users want to use such information. VDE supports content control models that ensure rights and allow content delivery strategies to be shaped for maximum commercial results.
Chain of Handling and Control
VDE can protect a collection of rights belonging to various parties having in rights in, or to, electronic information. This information may be at one location or dispersed across (and/or moving between) multiple locations. The information may pass through a "chain" of distributors and a "chain" of users. Usage information may also be reported through one or more "chains" of parties. In general, VDE enables parties that (a) have rights in electronic information, and/or (b) act as direct or indirect agents for parties who have rights in electronic information, to ensure that the moving, accessing, modifying, or otherwise using of information can be securely controlled by rules regarding how, when, where, and by whom such activities can be performed.
VDE Applications and Software
VDE is a secure system for regulating electronic conduct and commerce. Regulation is ensured by control information put in place by one or more parties. These parties may include content providers, electronic hardware manufacturers, financial service providers, or electronic "infrastructure" companies such as cable or telecommunications companies. The control information implements "Rights Applications." Rights applications "run on" the "base software" of the preferred embodiment. This base software serves as a secure, flexible, general purpose foundation that can accommodate many different rights applications, that is, many different business models and their respective participant requirements.
A rights application under VDE is made up of special purpose pieces, each of which can correspond to one or more basic electronic processes needed for a rights protection environment. These processes can be combined together like building blocks to create electronic agreements that can protect the rights, and may enforce fulfillment of the obligations, of electronic information users and providers. One or more providers of electronic information can easily combine selected building blocks to create a rights application that is unique to a specific content distribution model. A group of these pieces can represent the capabilities needed to fulfill the agreement(s) between users and providers. These pieces accommodate many requirements of electronic commerce including:
the distribution of permissions to use electronic information;
the persistence of the control information and sets of control information managing these permissions;
configurable control set information that can be selected by users for use with such information;
data security and usage auditing of electronic information; and
a secure system for currency, compensation and debit management.
For electronic commerce, a rights application, under the preferred embodiment of the present invention, can provide electronic enforcement of the business agreements between all participants. Since different groups of components can be put together for different applications, the present invention can provide electronic control information for a wide variety of different products and markets. This means the present invention can provide a "unified," efficient, secure, and cost-effective system for electronic commerce and data security. This allows VDE to serve as a single standard for electronic rights protection, data security, and electronic currency and banking.
In a VDE, the separation between a rights application and its foundation permits the efficient selection of sets of control information that are appropriate for each of many different types of applications and uses. These control sets can reflect both rights of electronic community members, as well as obligations (such as providing a history of one's use of a product or paying taxes on one's electronic purchases). VDE flexibility allows its users to electronically implement and enforce common social and commercial ethics and practices. By providing a unified control system, the present invention supports a vast range of possible transaction related interests and concerns of individuals, communities, businesses, and governments. Due to its open design, VDE allows (normally under securely controlled circumstances) applications using technology independently created by users to be "added" to the system and used in conjunction with the foundation of the invention. In sum, VDE provides a system that can fairly reflect and enforce agreements among parties. It is a broad ranging and systematic solution that answers the pressing need for a secure, cost-effective, and fair electronic environment.
VDE Implementation
The preferred embodiment of the present invention includes various tools that enable system designers to directly insert VDE capabilities into their products. These tools include an Application Programmer's Interface ("API") and a Rights Permissioning and Management Language ("RPML"). The RPML provides comprehensive and detailed control over the use of the invention's features. VDE also includes certain user interface subsystems for satisfying the needs of content providers, distributors, and users.
Information distributed using VDE may take many forms. It may, for example, be "distributed" for use on an individual's own computer, that is the present invention can be used to provide security for locally stored data. Alternatively, VDE may be used with information that is dispersed by authors and/or publishers to one or more recipients. This information may take many forms including: movies, audio recordings, games, electronic catalog shopping, multimedia, training materials, E-mail and personal documents, object oriented libraries, software programming resources, and reference/record keeping information resources (such as business, medical, legal, scientific, governmental, and consumer databases).
Electronic rights protection provided by the present invention will also provide an important foundation for trusted and efficient home and commercial banking, electronic credit processes, electronic purchasing, true or conditionally anonymous electronic cash, and EDI (Electronic Data Interchange). VDE provides important enhancements for improving data security in organizations by providing "smart" transaction management features that can be far more effective than key and password based "go/no go" technology.
VDE normally employs an integration of cryptographic and other security technologies (e.g. encryption, digital signatures, etc.), with other technologies including: component, distributed, and event driven operating system technology, and related communications, object container, database, smart agent, smart card, and semiconductor design technologies.
I. Overview
A. VDE Solves Important Problems and Fills Critical Needs
The world is moving towards an integration of electronic information appliances. This interconnection of appliances provides a foundation for much greater electronic interaction and the evolution of electronic commerce. A variety of capabilities are required to implement an electronic commerce environment. VDE is the first system that provides many of these capabilities and therefore solves fundamental problems related to electronic dissemination of information.
Electronic Content
VDE allows electronic arrangements to be created involving two or more parties. These agreements can themselves comprise a collection of agreements between participants in a commercial value chain and/or a data security chain model for handling, auditing, reporting, and payment. It can provide efficient, reusable, modifiable, and consistent means for secure electronic content: distribution, usage control, usage payment, usage auditing, and usage reporting. Content may, for example, include:
financial information such as electronic currency and credit;
commercially distributed electronic information such as re