Method and system for conducting transactions between repositories

US 20040073513A1
Filed: 04/15/2003
Published: 04/15/2004
Est. Priority Date: 11/23/1994
Status: Active Grant

First Claim

Patent Images

1. In a system for controlling the use of digital works in accordance with usage rights associated with the digital work, a method for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol, said method comprising:

generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;

receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;

validating the authenticity of the first repository;

exchanging messages containing at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and

conducting a usage transaction related to a digital work between the first repository and the second repository using the session keys.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol. A registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate are generated by the first repository. The registration identifier and message are sent to the second repository and the identity of the first repository by is verified by verifying the identification certificate. Messages containing at least one session key are exchanged between the first and second repositories and a usage transactions related to a digital work are conducted between the first repository and the second repository using the session keys.

Citations

64 Claims

1. In a system for controlling the use of digital works in accordance with usage rights associated with the digital work, a method for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol, said method comprising:
- generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;
  
  receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;
  
  validating the authenticity of the first repository;
  
  exchanging messages containing at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and
  
  conducting a usage transaction related to a digital work between the first repository and the second repository using the session keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method as recited in claim 1, wherein said step of validating comprises generating an encrypted performance message at the second repository based on the registration identifier and comparing a decrypted performance message returned by the first repository.
  - 3. The method as recited in claim 2, wherein the performance message is encrypted using a public key specified in the registration message.
  - 4. The method as recited in claim 1, wherein said step of verifying comprises decrypting the identification certificate with a key of the master repository.
  - 5. The method as recited in claim 1, further comprising conducting a login transaction for checking the authenticity of a user requesting a transaction.
  - 6. The method as recited in claim 5, wherein said step of conducting a login transaction comprises accepting user identification information through a user interface of the first repository and identifying the user at the second repository based on the identification information.
  - 7. The method as recited in claim 1, further comprising conducting a billing transaction related to the usage transaction between the first repository or the second repository and a credit server.
  - 8. The method as recited in claim 7, wherein said step of conducting a billing transaction comprises assigning a fee to digital content.
  - 9. The method as recited in claim 8, wherein the fee is a time based fee and wherein said step of conducting a billing transaction comprises metering time usage of the digital content.
  - 10. The method as recited in claim 9, wherein said step of conducting a billing transaction comprises ending charges for metered time usage of the digital work.
  - 11. The method as recited in claim 8, wherein said step of conducting a billing transaction comprises reporting charges for use of the digital work.
  - 12. The method as recited in claim 1, wherein said step of conducting usage transactions comprise generating a request for a digital work specifying usage rights information and determining if the specified usage rights correspond to usage rights associated with the digital work.
  - 13. The method as recited in claim 12, wherein said step of conducting usage transactions further comprises determining if conditions in the usage rights associated with the digital work are satisfied.
  - 14. The method as recited in claim 12, wherein said step of conducting usage rights transactions further comprises granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights corresponds to usage rights associated with the digital work.
  - 15. The method as recited in claim 13 wherein said step of conducting usage transactions comprises granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights correspond to usage rights associated with the digital work and if conditions in the usage rights associated with the digital work are satisfied.
  - 16. The method as recited in claim 12, wherein said step of requesting comprises requesting to make a copy of the digital work.
  - 17. The method as recited in claim 12, wherein said step of requesting comprises requesting to transfer the digital work from one repository to another repository.
  - 18. The method as recited in claim 12, wherein said step of requesting comprises requesting a loan of a copy of the digital work.
  - 19. The method as recited in claim 12, wherein said step of requesting comprises requesting to play the digital work.
  - 20. The method as recited in claim 19, said step of requesting to play comprises requesting to render the digital work.
  - 21. The method as recited in claim 19, wherein the digital work comprises a computer program and said step of requesting to play the content comprises requesting to execute the computer program.
  - 22. The method as recited in claim 12, wherein said step of requesting comprises requesting to print the digital work.
  - 23. The method as recited in claim 12, wherein said step of requesting comprises requesting to make a backup copy of the digital work.
  - 24. The method as recited in claim 12, wherein said step of requesting comprises requesting to restore a backup copy of the digital work.
  - 25. The method as recited in claim 12, wherein said step of requesting comprises requesting to delete the digital work.
  - 26. The method as recited in claim 12, wherein said step of requesting comprises requesting information about the digital work.
  - 27. The method as recited in claim 26, wherein said step of requesting information comprises requesting a filename associated with the digital work.
  - 28. The method as recited in claim 26, wherein said step of requesting information comprises requesting descriptive information related to the usage rights associated with the digital work.
  - 29. The method as recited in claim 12, wherein said step of requesting comprises requesting to extract a portion of the digital work and make a new digital work with the extracted portion.
  - 30. The method as recited in claim 12, wherein said step of requesting comprises requesting to edit the digital work.
  - 31. The method as recited in claim 12, wherein the digital work includes a computer program and said step of requesting comprises requesting to install the computer program.
  - 32. The method as recited in claim 12, wherein the digital work includes a computer program and said step of requesting comprises requesting to uninstall the computer program.

33. In a system for controlling the use of digital works in accordance with usage rights associated with the digital work, an apparatus for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol, said method comprising:
- means for generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;
  
  means for receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;
  
  means for validating the authenticity of the first repository;
  
  means for exchanging messages containing at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and
  
  means for conducting a usage transaction related to a digital work between the first repository and the second repository using the session keys.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 34. The apparatus as recited in claim 33, wherein said means for validating comprises means for generating an encrypted performance message at the second repository based on the registration identifier and comparing a decrypted performance message returned by the first repository.
  - 35. The apparatus as recited in claim 34, wherein the performance message is encrypted using a public key specified in the registration message.
  - 36. The apparatus as recited in claim 33 wherein said means for verifying comprises means for decrypting the identification certificate with a key of the master repository.
  - 37. The apparatus as recited in claim 33, further comprising means for conducting a login transaction for checking the authenticity of a user requesting a transaction.
  - 38. The apparatus as recited in claim 37, wherein said means for conducting a login transaction comprises means for accepting user identification information through a user interface of the first repository and means for identifying the user at the second repository based on the identification information.
  - 39. The apparatus as recited in claim 33, further comprising means for conducting a billing transaction related to the usage transaction between the first repository or the second repository and a credit server.
  - 40. The apparatus as recited in claim 39, wherein said means for conducting a billing transaction comprises means for assigning a fee to digital content.
  - 41. The apparatus as recited in claim 40, wherein the fee is a time based fee and wherein said means for conducting a billing transaction comprises means for metering time usage of the digital content.
  - 42. The apparatus as recited in claim 41, wherein said means for conducting a billing transaction comprises means for ending charges for metered time usage of the digital work.
  - 43. The apparatus as recited in claim 40, wherein said means for conducting a billing transaction comprises means for reporting charges for use of the digital work.
  - 44. The apparatus as recited in claim 33, wherein said means for conducting usage transactions comprise means for generating a request for a digital work specifying usage rights information and means for determining if the specified usage rights correspond to usage rights associated with the digital work.
  - 45. The apparatus as recited in claim 44, wherein said means for conducting usage transactions further comprises means for determining if conditions in the usage rights associated with the digital work are satisfied.
  - 46. The apparatus as recited in claim 44, wherein said means for conducting usage rights transactions further comprises means for granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights corresponds to usage rights associated with the digital work.
  - 47. The apparatus as recited in claim 45, wherein said means for conducting usage transactions comprises means for granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights correspond to usage rights associated with the digital work and if conditions in the usage rights associated with the digital work are satisfied.
  - 48. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to make a copy of the digital work.
  - 49. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to transfer the digital work from one repository to another repository.
  - 50. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting a loan of a copy of the digital work.
  - 51. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to play the digital work.
  - 52. The apparatus as recited in claim 51, said means for requesting to play comprises means for requesting to render the digital work.
  - 53. The apparatus as recited in claim 51, wherein the digital work comprises a computer program and said means for requesting to play the content comprises means for requesting to execute the computer program.
  - 54. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to print the digital work.
  - 55. The apparatus as recited in claim 44, said means for requesting comprises means for requesting to make a backup copy of the digital work.
  - 56. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to restore a backup copy of the digital work.
  - 57. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to delete the digital work.
  - 58. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting information about the digital work.
  - 59. The apparatus as recited in claim 58, wherein said means for requesting information comprises means for requesting a filename associated with the digital work.
  - 60. The apparatus as recited in claim 58, wherein said means for requesting information means for comprises requesting descriptive information related to the usage rights associated with the digital work.
  - 61. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to extract a portion of the digital work and make a new digital work with the extracted portion.
  - 62. The apparatus as recited in claim 44, wherein said means for requesting comprises means for requesting to edit the digital work.
  - 63. The apparatus as recited in claim 44, wherein the digital work includes a computer program and said means for requesting comprises means for requesting to install the computer program.
  - 64. The apparatus as recited in claim 44, wherein the digital work includes a computer program and means for requesting comprises means for requesting to uninstall the computer program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Original Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Inventors
Stefik, Mark J., Pirolli, Peter L.T.

Granted Patent

US 7,043,453 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/52
CPC Class Codes

A61B 2017/0046   with a releasable handle; w...

A61B 2034/301   for introducing or steering...

A61B 2090/031   torque limiting

A61B 2090/376   using X-rays, e.g. fluoroscopy

A61B 34/30   Surgical robots

A61B 34/37   Master-slave robots A61B34/...

A61M 25/0113   Mechanical advancing means,...

G06F 21/10   Protecting distributed prog...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06Q 10/101   Collaborative creation, e.g...

G06Q 20/12   specially adapted for elect...

G06Q 20/1235   with control of digital rig...

G06Q 20/3674   involving authentication

G06Q 30/00   Commerce

G06Q 30/0185   Product, service or busines...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0283   Price estimation or determi...

G06Q 30/04   Billing or invoicing

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 50/184 : Intellectual property manag...

H04L 12/14 : Charging , metering or bill...

H04L 12/1403 : Architecture for metering, ...

H04L 12/146 : using digital cash

H04L 12/1485 : Tariff-related aspects

H04L 12/1496 : involving discounts

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/603 : Digital right managament [DRM]

H04L 2463/101 : applying security measures ...

H04L 61/00 : Network arrangements, proto...

H04L 61/45 : Network directories; Name-t...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/0464 : using hop-by-hop encryption...

H04L 63/0807 : using tickets, e.g. Kerbero...

H04L 63/0823 : using certificates cryptogr...

H04L 63/10 : for controlling access to d...

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/123 : received data contents, e.g...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3297 : involving time stamps, e.g....

H04L 9/40 : Network security protocols

H04N 21/23412 : for generating or manipulat...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/26613 : for generating or managing ...

H04N 21/4627 : Rights management associate...

H04N 21/6332 : directed to client

H04N 21/6377 : directed to server one-way ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 7/16 : Analogue secrecy systems; A...

Y10S 707/99939 : Privileged access

Y10S 707/99945 : Object-oriented database st...

View All

Method and system for conducting transactions between repositories

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for conducting transactions between repositories

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links