Systems and methods for secure transaction management and electronic rights protection
First Claim
1. A rights management appliance including:
- a user input device, a user display device, at least one processor, and at least one element defining a protected processing environment, characterized in that the protected processing environment stores and uses permissions, methods, keys, programs and/or other information to electronically manage rights.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.”
-
Citations
18 Claims
-
1. A rights management appliance including:
-
a user input device, a user display device, at least one processor, and at least one element defining a protected processing environment, characterized in that the protected processing environment stores and uses permissions, methods, keys, programs and/or other information to electronically manage rights.
-
-
2. In a rights management appliance including:
-
a user input device, a user display device, at least one processor, and at least one element defining a protected processing environment, a method of operating the appliance characterized by the step of storing and using permissions, methods, keys, programs and/or other information to electronically manage rights.
-
-
3. A rights management appliance including at least one processor element at least in part defining a protected processing environment, characterized in that the protected processing environment stores and uses permissions, methods, keys, programs and/or other information to electronically manage rights.
-
4. In a rights management appliance including at least one processor element at least in part defining a protected processing environment, a method comprising storing and using permissions, methods, keys, programs and/or other information to electronically manage rights.
-
5. An electronic appliance arrangement containing at least one secure processing unit and at least one secure database operatively connected to at least one of said secure processing unit(s), said arrangement including means to monitor usage of at least one aspect of appliance usage and control said usage based at least in part upon protected appliance usage control information.
-
6. In an electronic appliance arrangement containing at least one secure processing unit and at least one secure database operatively connected to at least one of said secure processing unit(s), a method characterized by the steps of monitoring usage of at least one aspect of appliance usage and controlling said usage based at least in part upon protected appliance usage control information.
-
7. An electronic appliance arrangement containing a protected processing environment and at least one secure database operatively connected to said protected processing environment, said arrangement including means to monitor usage of at least one aspect of an amount of appliance usage and control said usage based at least in part upon protected appliance usage control information processed at least in part through use of said protected processing environment.
-
8. In an electronic appliance arrangement containing a protected processing environment and at least one secure database operatively connected to said protected processing environment, a method characterized by the steps of monitoring usage of at least one aspect of appliance usage and controlling said usage based at least in part upon protected appliance usage control information processed at least in part through use of said protected processing environment.
-
9. An electronic appliance arrangement containing one or more CPUs wherein at least one of the CPUs incorporates an integrated secure processing unit, said arrangement storing protected appliance usage control information designed to be securely processed by said integrated secure processing unit.
-
10. In an electronic appliance arrangement containing one or more CPUs wherein at least one of the CPUs incorporates an integrated secure processing unit, a method including the step of storing and securely processing protected modular component appliance usage control information with said integrated secure processing unit.
-
11. A method of compromising a distributed electronic rights management system comprising plural nodes having protected processing environments, characterized by the following steps:
-
(a) exposing a certification private key, (b) passing at least one challenge/response protocol and/or exposing at least one external communication key based at least in part on the key exposed by the exposing step, (c) creating a processing environment based at least in Part on steps (a) and (b), and participating in distributed rights management using the processing environment created by step (c).
-
-
12. A processing environment for compromising a distributed electronic rights management system comprising plural nodes having protected processing environments, characterized by the following:
protocol passing means including an exposed certification private key for passing at least one challenge/response protocol, means coupled to the protocol passing means for at least one of (a) defeating an initialization challenge/response security, and/or (b) exposing external communication keys, and means coupled to the security detecting means for participating in distributed rights management.
-
13. A method of compromising a distributed electronic rights management system comprising plural nodes having associated protected processing environments, characterized by the steps of:
-
compromising the permissions record of an electronic container, and using the compromised permissions record to access and/or use electronic information.
-
-
14. A system for compromising a distributed electronic rights management system comprising plural nodes having associated protected processing environments, characterized by means for using a compromised permissions record of an electronic container for accessing and/or using electronic information.
-
15. A method of tampering with a protected processing environment characterized by the steps of:
-
discovering at least one system-wide key, and using the key to obtain access to content and/or administrative information without authorization.
-
-
16. An arrangement including means for using at least one compromised system-wide key to decrypt and compromise content and/or administrative information of a protected processing environment without authorization.
-
17. A combination general and secure processing computation element comprising:
-
a central processing unit;
at least one secure resource; and
a secure mode interface switch coupled between a centrla processing unit and the secure resource, the switch operable alternately in a secure mode and in a non secure mode, the switch blocking access by a central processing unit to the secure resource except when the switch is operating in the secure mode.
-
-
18. A secure printing method comprising:
-
downloading a decryption program to an intelligent printer;
sending an encrypted print stream to the printer;
decrypting the encrypted print stream within the printer using the decryption program; and
destroying the downloaded decryption program.
-
Specification