System for controlling access and distribution of digital property

US 20030163428A1
Filed: 08/16/2002
Published: 08/28/2003
Est. Priority Date: 01/11/1996
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to data comprising the steps of:

protecting portions of the data;

determining rules concerning access rights to the data;

preventing unauthorized access to the protected portions of the data other than in a non-useable form; and

limiting each and every access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and device are provided for controlling access to data. Portions of the data are protected and rules concerning access rights to the data are determined. Access to the protected portions of the data is prevented, other than in a non-useable form; and users are provided access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection. A method is also provided for distributing data for subsequent controlled use of those data. The method includes protecting portions of the data; preventing access to the protected portions of the data other than in a non-useable form; determining rules concerning access rights to the data; protecting the rules; and providing a package including: the protected portions of the data and the protected rules. A user is provided controlled access to the distributed data only in accordance with the rules as enforced by a mechanism protected by tamper protection. A device is provided for controlling access to data having protected data portions and rules concerning access rights to the data. The device includes means for storing the rules; and means for accessing the protected data portions only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data.

137 Citations

View as Search Results

80 Claims

1. A method of controlling access to data comprising the steps of:
- protecting portions of the data;
  
  determining rules concerning access rights to the data;
  
  preventing unauthorized access to the protected portions of the data other than in a non-useable form; and
  
  limiting each and every access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection.
- View Dependent Claims (7, 8, 9, 14, 15, 16, 17, 18, 19, 21, 22, 28)
- - 7. A method as in any one of claims 1, 3, 4 and 5 wherein the step of protecting portions of the data comprises the step of encrypting the portions of the data, and wherein the step of preventing access prevents access to the encrypted portions of the data other than in encrypted form.
  - 8. A method as in claim 7, wherein said step of encrypting encrypts the portions of the data with a data encrypting key, said data encrypting key having a corresponding data decrypting key, said method further comprising the step of:
    - encrypting the data encrypting key.
  - 9. A method as in claim 8, further comprising the step of:
    - providing a decrypting key corresponding to said key encrypting key.
  - 14. A method as in any one of claims 1, 2, 3, 4, 5 and 6, wherein the data represent at least one of software, text, numbers, graphics, audio, and video.
  - 15. A in any one of claims 1, 2, 3, 4, 5 and 6, wherein which users are allowed to access the of the data, the method further comprising the step of allowing the user access to a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data.
  - 16. A method as in any one of claims 1, 2, 3, 4, 5 and 6 wherein the rules indicate distribution rights of the data, the method further comprising the step of:
    - allowing distribution of the data only in accordance with the distribution rights indicated in the rules.
  - 17. A method as in any one of claims 1, 2, 3, 4, 5 and 6, wherein the rules indicate access control rights of the user, the method further comprising the step of:
    - allowing the user to access the data only in accordance with the access control rights indicated in the rules.
  - 18. A method as in claim 17, wherein the access control rights include at least one of:
    - local display rights, printing rights, copying rights, execution rights, transmission rights, and modification rights.
  - 19. A method as in any one of claims 1, 2, 3, 4, 5 and 6, wherein the rules indicate access control quantities, the method further comprising the step of:
    - allowing access to the data only in accordance with the access control quantities indicated in the .
  - 21. A method as in any one of claims 1, 2, 3, 4, 5 and 6, wherein the rules indicate payment requirements, the method further comprising the step of:
    - allowing access to the data only if the payment requirements indicated in the rules are satisfied.
  - 22. A method as in any one of claims 1, 2, 3, 4 and 6, further comprising the step of destroying data stored in the mechanism when tampering is detected.
  - 28. A method as in any one of claims 1, 2, 3, 4, 5 and 6, wherein said rules relate to at least one of:
    - characteristics of users;
      
      characteristics of protected data; and
      
      environmental characteristics.

2. A method of distributing data for subsequent controlled use of the data by a user, the method comprising the steps of:
- protecting portions of the data;
  
  preventing access to the protected portions of the data other than in a non-useable form;
  
  determining rules concerning access rights to the data;
  
  protecting the rules; and
  
  providing the protected portions of the data and the protected rules;
  
  whereby the user is provided controlled access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection.
- View Dependent Claims (10, 11, 12, 13, 24, 25, 26, 27)
- - 10. A method as in any one of claims 2 and 3, wherein the step of protecting the rules comprises the step of encrypting the rules.
  - 11. A method as in claim 10, wherein the step of protecting portions of the data comprises the step of encrypting the portions of the data, and wherein the step of preventing access prevents access to the encrypted portions of the data other than in encrypted form.
  - 12. A method as in claim 11, wherein the rules are protected such that they can be viewed and they cannot be changed.
  - 13. A method as in claim 11, wherein the step of encrypting the rules comprises encrypting the rules with a rule encrypting key, the step of encrypting the portions of the data comprises encrypting the portions of the data with a data encrypting key, the method further comprising the step of encrypting the data encrypting key.
  - 24. A method as in any one of claims 2, 3 and 4, wherein the step of providing provides the protected portions and the protected rules together as a package.
  - 25. A method as in any one of claims 2, 3 and 4, wherein the step of providing provides the protected portions and the protected rules separately.
  - 26. A method as in any one of claims 2, 3 and 4, further comprising the step of:
    - providing unprotected portions of the data.
  - 27. A method as in claim 24, further comprising the step of:
    - providing unprotected portions of the data in the package.

3. A method of distributing data for subsequent controlled use of the data by a user, some of said data having access rules already associated therewith, the method comprising the steps of:
- protecting portions of the data;
  
  preventing access to the protected portions of the data other than in a non-useable form;
  
  determining rules concerning access rights to the data;
  
  combining determined rules any rules previously associated ;
  
  protecting the combined rules; and
  
  providing the protected portions of the data and the protected combined rules;
  
  whereby the user is provided controlled access to the data only in accordance with the combined rules as enforced by an access mechanism protected by tamper detection.

4. A method of controlling secondary distribution of data, the method comprising the steps of:
- protecting portions of the data;
  
  preventing access to the protected portions of the data other than in a non-useable form;
  
  determining rules concerning access rights to the data;
  
  protecting the rules;
  
  providing the protected portions of the data and the protected rules to a device having an access mechanism protected by tamper detection; and
  
  limiting transmission of the protected portions of the data from the device only as protected data or in accordance with the rules as enforced by the access mechanism.

5. A method of controlling access to data with a computer system having an input/output (i/o) system for transferring data to and from all i/o devices, said i/o system being specific to said computer system, the method comprising the steps of:
- protecting portions of the data;
  
  determining rules concerning access rights to the data;
  
  preventing access to the protected portions of the data other than in a non-useable form; and
  
  limiting each and every access to the data only in accordance with the rules as enforced by said i/o system.
- View Dependent Claims (23)
- - 23. A method as in claim 5, further comprising the step of destroying data stored in the i/o system when tampering is detected.

6. A method of accessing data having protected data portions and rules concerning access rights to the protected portions, the method comprising the steps of:
- preventing access to the protected portions other than in a non-useable form; and
  
  limiting each and every access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection.
- View Dependent Claims (29)
- - 29. A method as in claim 6, wherein the protected data portions are encrypted and wherein the step of preventing access prevents access to the encrypted portions of the data other than in encrypted form.

20. 19, wherein the access control quantities include at least one of:
- a number of allowed read-accesses to the data;
  
  an allowable size of a read-access to the data;
  
  an expiration date of the data;
  
  an intensity of accesses to the data;
  
  an allowed level of accuracy and fidelity; and
  
  an allowed resolution of access to the data.

30. A storage device, readable by a machine, tangibly embodying a package of data comprising:
- protected portions of data; and
  
  rules concerning access rights to the data, whereby a user is provided controlled access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection.
- View Dependent Claims (57, 58, 59, 60, 61, 62)
- - 57. A device as in any one of claims 30, 31, 33-37, 45 and 46, wherein said rules relate to at least one of:
    - characteristics of users;
      
      characteristics of protected data; and
      
      environmental characteristics.
  - 58. A device as in any one of claims 30, 31, 33-37, 45 and 46, wherein the data represent at least one of software, text, numbers, graphics, audio, and video.
  - 59. A device as in any one of claims 30, 31, 33-37, 45 and 46, wherein the rules indicate access control rights of the user, the device further comprising:
    - means for allowing the user to access the data only in accordance with the access control rights indicated in the rules.
  - 60. A device as in claim 59, wherein the access control rights include at least one of:
    - local display rights, printing rights, copying rights, execution rights, transmission rights, and modification rights.
  - 61. A device as in any one of claims 30, 31, 33-37, 45 and 46, wherein the rules indicate access control quantities, the device further comprising:
    - means allowing the user to access the data only in accordance with the access control quantities indicated in the rules.
  - 62. A device as in claim 61, wherein the access control quantities include at least one of:
    - a number of allowed read-accesses to the data;
      
      an allowable size of a read-access to the data;
      
      an expiration date of the data;
      
      an intensity of accesses to the data;
      
      an allowed level of accuracy and fidelity; and
      
      a an allowed resolution of access to the data.

31. A device for controlling access to data, the data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- storage means for storing the rules; and
  
  means for accessing the protected data portions only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data.
- View Dependent Claims (32, 38, 40, 41, 42)
- - 32. A device as in claim 31, further comprising:
    - means for storing data accessed by said means for accessing.
  - 38. A device as in claim 31, wherein the protected data portions are encrypted using a data encrypting key and wherein the data encrypting key is encrypted with a key encrypting key, the device further comprising:
    - means for obtaining a data decrypting key corresponding to the data encrypting key using a key decrypting key corresponding to the key encrypting key;
      
      means for storing the data decrypting key; and
      
      wherein said means for accessing comprises;
      
      means for decrypting the protected data portions using the data decrypting key.
  - 40. A device as in claim 31, further comprising:
    - tamper detecting mechanism for detecting tampering with said device.
  - 41. A device as in claim 38, further comprising:
    - tamper detecting mechanism for detecting tampering with said device.
  - 42. A device as in claim 41, wherein said tamper detection means comprises:
    - means for destroying data including keys and other cryptographic variables stored in the device when tampering is detected.

33. A device for displaying images represented by data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules;
  
  means for accessing the data only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism; and
  
  means for displaying the images represented by the accessed data.
- View Dependent Claims (39, 43)
- - 39. A device as in any one of claims 33 and 34, wherein said images comprise at least one of text data, numbers, graphics data, and video data.
  - 43. A device as in any one of claims 33, 34, 35, 36, 37, 39 and 40, wherein said tamper detecting mechanism comprises:
    - means for destroying data stored in the device when tampering is detected.

34. A device for outputting images represented by data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules;
  
  means for accessing the data only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism; and
  
  means for outputting the images represented by the accessed data.

35. A device for outputting an audio signal represented by data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules;
  
  means for accessing the data only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism; and
  
  means for outputting the audio signal represented by the accessed data.

36. A device for outputting an output signal based on data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules;
  
  means for accessing the data only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism; and
  
  means for outputting the output signal represented by the accessed data.
- View Dependent Claims (44)
- - 44. A device as in any one of claims 36 and 37, wherein the output signal comprises at least one of text, numbers, graphics, audio and video.

37. A device for generating an output signal corresponding to data comprising protected data portions and rules concerning access rights to the digital data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules;
  
  means for accessing the digital data only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism; and
  
  means for generating the output signal from the accessed data.

45. A device for distributing data for subsequent controlled use of the data by a user, the device comprising:
- means for protecting portions of the data;
  
  means for preventing access to the protected portions of the data other than in a non-useable form;
  
  means for determining rules concerning access rights to the data;
  
  means for protecting the rules; and
  
  means providing the protected portions of the data and the protected rules;
  
  whereby a user is provided controlled access to the data only in accordance with the rules as enforced by an access mechanism protected by tamper protection.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 47. A device as in any one of claims 45 and 46, wherein the means for providing provides the protected portions and the protected rules together as a package.
  - 48. A device as in any one of claims 45 and 46, wherein the means for providing provides the protected portions and the protected rules separately.
  - 49. A device as in any one of claims 45 and 46, wherein the means for protecting portions of the data comprises means for encrypting the portions of the data, and wherein the means for preventing access prevents access to the encrypted portions of the data other than in encrypted form.
  - 50. A device as in any one of claims 45 and 46, wherein the means for protecting the rules comprises means for encrypting the rules.
  - 51. A device as in claim 50, wherein the means for protecting portions of the data comprises means for encrypting the portions of the data, and wherein the means for preventing access prevents access to the encrypted portions of the data other than in encrypted form.
  - 52. A device as in any one of claims 45 and 46, wherein the rules are protected such that they can be viewed and they cannot be changed.
  - 53. A device as in claim 51, wherein the means for encrypting the rules comprises means for encrypting the rules with a rule encrypting key, the means for encrypting the portions of the data comprises means for encrypting the portions of the data with a data encrypting key, the device further comprising means for encrypting the data encrypting key.
  - 54. A device as in any one of claims 45 and 46, further comprising means for providing unprotected portions of the data.
  - 55. A device as in claim 47, further comprising:
    - means for providing unprotected portions of the data in the package.
  - 56. A device as in any one of claims 45 and 46, further comprising:
    - means for detecting tampering with the access mechanism; and
      
      means for destroying data stored in the access mechanism when tampering is detected by the tamper detecting means.

46. A device for distributing data for subsequent controlled use of the data by a user, some of said data having access rules already associated therewith, the device comprising:
- means for protecting portions of the data;
  
  means for preventing access to the protected portions of the data other than in a non-useable form;
  
  means for determining rules concerning access rights to the data;
  
  means for combining with said determined rules any rules previously associated with the data;
  
  means for protecting the combined rules; and
  
  means for providing the protected portions of the data and the protected combined rules;
  
  whereby the user is provided controlled access to the data only in accordance with the combined rules as enforced by an access mechanism protected by tamper detection.

63. A process control system comprising a device for controlling access to data, the data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  means for storing the rules; and
  
  means for accessing the protected data portions only in accordance with the rules, whereby output of protected data portions is permitted only in such manner as is permitted by the rules, said accessing being enforced by said tamper detecting mechanism.
- View Dependent Claims (80)
- - 80. A system as in any one of claims 63, 64, 66 and 67, wherein said rules relate to at least one of:
    - characteristics of users;
      
      characteristics of protected data; and
      
      environmental characteristics.

64. A general purpose computer system comprising a device for controlling access to data, the data comprising protected data portions and rules concerning access rights to the data, the device comprising:
- a tamper detecting mechanism;
  
  storage means for storing the rules; and
  
  means for accessing the protected data portions only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data, said access being enforced by said tamper detecting mechanism.
- View Dependent Claims (65, 66, 69)
- - 65. A computer system as in claim 64, wherein said tamper detecting mechanism comprises:
    - means for destroying data, rules and cryptographic variables stored in the device when tampering is detected.
  - 66. A computer system as in claim 64, wherein the protected data portions are encrypted using a data encrypting key and wherein the data encrypting key is encrypted with a key encrypting key, the computer further comprising:
    - means for obtaining a data decrypting key corresponding to the data encrypting key using a key decrypting key corresponding to the key encrypting key;
      
      means for storing the data decrypting key; and
      
      wherein said means for accessing comprises;
      
      means for decrypting the protected data portions using the data decrypting key.
  - 69. A system as in any one of claims 65 and 67, wherein the data represent at least one of software, text, numbers, graphics, audio, and video.

67. A computer system comprising:
- an input/output (i/o) system for transferring data to and from all i/o devices, said i/o system being specific to said computer system;
  
  means for protecting portions of the data;
  
  means for determining rules concerning access rights to the data;
  
  means for preventing access to the protected portions of the data other than in a non-useable form; and
  
  means for limiting each and every access to the data only in accordance with the rules as enforced by said i/o system.
- View Dependent Claims (68, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79)
- - 68. A system as in claim 67, further comprising means for destroying data, including cryptographic variables, stored in the i/o system when tampering is detected.
  - 70. A system as in claim 67, wherein the means for protecting portions of the data comprises means for encrypting the portions of the data, and wherein the means for preventing access prevents access to the encrypted portions of the data other than in encrypted form.
  - 71. A computer system as in claim 67, wherein the rules indicate which users are allowed to access the protected portions of the data, the system further comprising:
    - means for allowing the user access to a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data.
  - 72. A computer system as in claim 67, wherein the rules indicate distribution rights of the data, the system further comprising:
    - means for allowing the user to distribute the data only in accordance with the distribution rights indicated in the rules.
  - 73. A system as in claim 67, wherein the rules indicate access control rights of the user, the system further comprising:
    - means for allowing the user to access the data only in accordance with the access control rights indicated in the rules.
  - 74. A system as in claim 73, wherein the access control rights include at least one of:
    - local display rights, printing rights, copying rights, execution rights, transmission rights, and modification rights.
  - 75. A system as in claim 67, wherein the rules indicate access control quantities, the system further comprising:
    - means allowing the user to access the data only in accordance with the access control quantities indicated in the rules.
  - 76. A system as in claim 75, wherein the access control quantities include at least one of:
    - a number of allowed read-accesses to the data;
      
      an allowable size of a read-access to the data;
      
      an expiration date of the data;
      
      an intensity of accesses to the data;
      
      an allowed level of accuracy and fidelity; and
      
      an allowed resolution of access to the data.
  - 77. A system as in claim 70, wherein said means for encrypting encrypts the portions of the data with a data encrypting key, said data encrypting key having a corresponding data decrypting key, said system further comprising:
    - means for encrypting the data encrypting key with a key encrypting key.
  - 78. A system as in claim 77, further comprising:
    - means for providing a decrypting key corresponding to said key encrypting key.
  - 79. A system as in claim 75, wherein the rules indicate payment requirements, the system further comprising:
    - means for allowing the user to access the data only if the payment requirements indicated in the rules are satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hanger Solutions, LLC (IP Investments Group LLC)
Original Assignee
Veridian Information Solutions, Inc.
Inventors
Abrams, Marshall D., Schneck, Paul B.

Application Number

US10/219,890
Publication Number

US 20030163428A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/1011   to devices

G06F 21/1062   Editing

G06F 21/1063   Personalisation

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/018 : Certifying business or prod...

G11B 20/00673 : wherein the erased or nulli...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2463/101 : applying security measures ...

H04L 63/0428 : wherein the data content is...

H04L 9/08 : Key distribution or managem...

H04L 9/0822 : using key encryption key

View All

System for controlling access and distribution of digital property

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

80 Claims

Specification

Use Cases

Quick Links

Others

System for controlling access and distribution of digital property

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

80 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others