Systems and methods for secure transaction management and electronic rights protection

US 20070250937A1
Filed: 06/25/2007
Published: 10/25/2007
Est. Priority Date: 02/13/1995
Status: Active Grant

First Claim

Patent Images

1-90. -90. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”

118 Citations

View as Search Results

191 Claims

1-90. -90. (canceled)

91. An electronic appliance comprising:
- a secure processing unit;
  
  a central processing unit; and
  
  one or more computer-readable media external to the secure processing unit, the computer-readable media storing at least rights management software comprising programming operable to apply one or more electronic controls to govern usage of an electronic content item comprising audio, visual, and/or textual electronic content, at least part of the programming designed to cause the secure processing unit to decrypt information associated with the electronic content item, wherein the one or more electronic controls specify one or more permitted or prohibited uses of the electronic content item, and wherein the rights management software is designed to be resistant to tampering by users of the electronic appliance.
- View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122)
- - 92. The electronic appliance of claim 91, in which the rights management software further comprises programming operable to receive, separately from the one or more electronic controls, at least one additional electronic control from a remote electronic appliance, and to apply the at least one additional electronic control to govern at least one usage of the electronic content item.
  - 93. The electronic appliance of claim 91, in which the information associated with the electronic content item comprises one or more cryptographic keys.
  - 94. The electronic appliance of claim 91, in which the secure processing unit comprises processing logic, memory, and memory interface logic for impeding unauthorized access to the memory from outside the secure processing unit.
  - 95. The electronic appliance of claim 94, in which the information associated with the electronic content item comprises a first cryptographic key, and in which a second cryptographic key is stored in the memory of the secure processing unit, the second cryptographic key being operable to directly or indirectly enable access to the first cryptographic key.
  - 96. The electronic appliance of claim 95, in which the second cryptographic key comprises a symmetric key.
  - 97. The electronic appliance of claim 95, in which the second cryptographic key comprises a private key of a public/private key pair.
  - 98. The electronic appliance of claim 91, in which the information associated with the electronic content item comprises the one or more electronic controls.
  - 99. The electronic appliance of claim 91, in which the one or more electronic controls comprise one or more permissions records.
  - 100. The electronic appliance of claim 91, in which the programming is further operable to apply the one or more electronic controls to govern usage of a second electronic content item.
  - 101. The electronic appliance of claim 91, in which the programming is further operable to apply the one or more electronic controls to govern usage of a set of electronic content items.
  - 102. The electronic appliance of claim 94, in which the secure processing unit further comprises a random number generator.
  - 103. The electronic appliance of claim 94, in which the secure processing unit further comprises a counter.
  - 104. The electronic appliance of claim 103, in which the counter comprises a clock.
  - 105. The electronic appliance of claim 94, in which the memory comprises non-volatile memory, and in which the secure processing unit further comprises a unique identifier stored within the non-volatile memory, the unique identifier being operable to distinguish the secure processing unit from other secure processing units.
  - 106. The electronic appliance of claim 94, in which the secure processing unit is configured to recognize an attempt to tamper therewith and to initiate a response thereto.
  - 107. The electronic appliance of claim 94, further comprising a power source external to the secure processing unit and configured to supply power to the secure processing unit;
    - wherein the secure processing unit is configured to recognize a disruption in its supply of power from the power source and to initiate a response thereto.
  - 108. The electronic appliance of claim 107, in which the response comprises disabling certain functionality of the secure processing unit.
  - 109. The electronic appliance of claim 107, in which the response comprises erasing data stored in the memory.
  - 110. The electronic appliance of claim 91, further comprising one or more buses, the one or more buses directly or indirectly coupling the secure processing unit and the central processing unit;
    - wherein the secure processing unit comprises an input/output controller for facilitating secure communication with the central processing unit over the one or more buses.
  - 111. The electronic appliance of claim 110, in which the secure processing unit is operable to cryptographically seal information for storage on a computer-readable medium external to the secure processing unit.
  - 112. The electronic appliance of claim 91, in which the secure processing unit is operable to cryptographically seal information for storage on a computer-readable medium external to the secure processing unit.
  - 113. The electronic appliance of claim 94, in which the secure processing unit further comprises a tamper-resistant housing, the tamper-resistant housing being resistant to attempts to analyze and/or reverse engineer the secure processing unit.
  - 114. The electronic appliance of claim 94, in which the secure processing unit is operable to execute at least part of the programming.
  - 115. The electronic appliance of claim 91, in which the one or more permitted or prohibited uses of the electronic content item include at least one of:
    - viewing the electronic content item, distributing the electronic content item, and/or printing the electronic content item.
  - 116. The electronic appliance of claim 91, in which the one or more permitted or prohibited uses of the electronic content item include copying the electronic content item.
  - 117. The electronic appliance of claim 91, in which the one or more permitted or prohibited uses of the electronic content item include at least one of:
    - editing the electronic content item, embedding additional content into the electronic content item, and/or extracting content from the electronic content item.
  - 118. The electronic appliance of claim 91, in which at least one of the one or more electronic controls specifies at least one condition associated with a permitted use of the electronic content item.
  - 119. The electronic appliance of claim 118, in which the at least one condition comprises an indication that the permitted use may be made only for a certain time period.
  - 120. The electronic appliance of claim 118, in which the at least one condition comprises an indication that the permitted use may be exercised only by a certain user or class of users.
  - 121. The electronic appliance of claim 118, in which the at least one condition comprises a requirement that auditing information be collected regarding the permitted use.
  - 122. The electronic appliance of claim 91, in which the one or more electronic controls are resistant to tampering.

123. An electronic appliance comprising:
- a secure processing unit;
  
  a central processing unit; and
  
  one or more computer-readable media external to the secure processing unit, the computer-readable media storing rights management software comprising programming operable to apply one or more electronic controls to govern usage of an electronic content item comprising audio, visual, and/or textual electronic content, at least part of the programming designed to cause the secure processing unit to access information required for usage of the electronic content item, wherein the one or more electronic controls specify one or more permitted or prohibited uses of the electronic content item, and wherein the rights management software is designed to be resistant to tampering by users of the electronic appliance.
- View Dependent Claims (124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142)
- - 124. The electronic appliance of claim 123, in which the rights management software further comprises programming operable to receive, separately from the one or more electronic controls, at least one additional electronic control from a remote electronic appliance, and to apply the at least one additional electronic control to govern at least one usage of the electronic content item.
  - 125. The electronic appliance of claim 123, in which the information required for usage of the electronic content item comprises one or more cryptographic keys.
  - 126. The electronic appliance of claim 123, in which the secure processing unit comprises processing logic, memory, and memory interface logic for impeding unauthorized access to the memory from outside the secure processing unit.
  - 127. The electronic appliance of claim 126, in which the information required for usage of the electronic content item comprises a first cryptographic key, and in which a second cryptographic key is stored in the memory of the secure processing unit, the second cryptographic key being operable to directly or indirectly enable access to the first cryptographic key.
  - 128. The electronic appliance of claim 123, in which the programming is further operable to apply one or more electronic controls to govern usage of a plurality of electronic content items.
  - 129. The electronic appliance of claim 126, in which the secure processing unit further comprises a counter.
  - 130. The electronic appliance of claim 126, in which the memory comprises non-volatile memory, and in which the secure processing unit further comprises a-unique identifier stored within the non-volatile memory, the unique identifier being operable to distinguish the secure processing unit from other secure processing units.
  - 131. The electronic appliance of claim 126, further comprising a power source external to the secure processing unit and configured to supply power to the secure processing unit;
    - wherein the secure processing unit is configured to recognize a disruption in its supply of power from the power source and to initiate a response thereto.
  - 132. The electronic appliance of claim 123, further comprising one or more buses, the one or more buses directly or indirectly coupling the secure processing unit and the central processing unit;
    - wherein the secure processing unit comprises an input/output controller for facilitating secure communication with the central processing unit over the one or more buses.
  - 133. The electronic appliance of claim 123, in which the secure processing unit is operable to cryptographically seal information for storage on a computer-readable medium external to the secure processing unit.
  - 134. The electronic appliance of claim 123, in which the one or more permitted or prohibited uses of the electronic content item include viewing the electronic content item.
  - 135. The electronic appliance of claim 123, in which the one or more permitted or prohibited uses of the electronic content item include distributing the electronic content item.
  - 136. The electronic appliance of claim 123, in which the one or more permitted or prohibited uses of the electronic content item include printing the electronic content item.
  - 137. The electronic appliance of claim 123, in which the one or more permitted or prohibited uses of the electronic content item include copying the electronic content item.
  - 138. The electronic appliance of claim 123, in which the one or more permitted or prohibited uses of the electronic content item include at least one of:
    - editing the electronic content item, embedding additional content into the electronic content item, and/or extracting content from the electronic content item.
  - 139. The electronic appliance of claim 123, in which at least one of the one or more electronic controls specifies at least one condition associated with a permitted use of the electronic content item.
  - 140. The electronic appliance of claim 139, in which the at least one condition comprises an indication that the permitted use may be made only for a certain time period.
  - 141. The electronic appliance of claim 139, in which the at least one condition comprises an indication that the permitted use may be exercised only by a certain user or class of users.
  - 142. The electronic appliance of claim 139, in which the at least one condition comprises a requirement that auditing information be collected regarding the permitted use.

143. An electronic appliance comprising:
- a first processing unit;
  
  a second processing unit, the second processing unit comprising a microprocessor, internal memory, and internal memory interface logic for impeding unauthorized access to the internal memory by the first processing unit; and
  
  computer-readable media external to the second processing unit, the computer-readable media storing at least (a) a piece of electronic content;
  
  (b) one or more electronic objects separate from the piece of electronic content, the one or more electronic objects specifying one or more permitted or prohibited uses of the piece of electronic content; and
  
  (c) software configured for execution by the first processing unit, the software comprising programming for controlling usage of pieces of electronic content such as the first piece of electronic content in accordance with electronic objects such as the one or more electronic objects, the software further comprising programming for causing the second processing unit to access information required for usage of pieces of electronic content.
- View Dependent Claims (144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158)
- - 144. The electronic appliance of claim 143, in which the information comprises a first cryptographic key.
  - 145. The electronic appliance of claim 144, in which the first cryptographic key is configured to decrypt the piece of electronic content.
  - 146. The electronic appliance of claim 144, in which the first cryptographic key is configured to decrypt a second cryptographic key, the second cryptographic key being configured to decrypt the piece of electronic content.
  - 147. The electronic appliance of claim 146, in which the first cryptographic key is stored in the internal memory of the second processing unit.
  - 148. The electronic appliance of claim 147, in which the internal memory of the second processing unit further comprises a unique identifier, the unique identifier being operable to distinguish the second processing unit from other, otherwise similar processing units.
  - 149. The electronic appliance of claim 143, in which the second processing unit is operable to cryptographically seal information for storage on a computer-readable medium external to the second processing unit.
  - 150. The electronic appliance of claim 143, in which the one or more permitted or prohibited uses of the piece of electronic content include viewing the piece of electronic content.
  - 151. The electronic appliance of claim 143, in which the one or more permitted or prohibited uses of the piece of electronic content include distributing the piece of electronic content.
  - 152. The electronic appliance of claim 143, in which the one or more permitted or prohibited uses of the piece of electronic content include printing the piece of electronic content.
  - 153. The electronic appliance of claim 143, in which the one or more permitted or prohibited uses of the piece of electronic content include copying the piece of electronic content.
  - 154. The electronic appliance of claim 143, in which the one or more permitted or prohibited uses of the piece of electronic content include at least one of:
    - editing the piece of electronic content, embedding additional content into the piece of electronic content, and/or extracting content from the piece of electronic content.
  - 155. The electronic appliance of claim 143, in which at least one of the one or more electronic objects specifies at least one condition associated with a permitted use of the piece of electronic content.
  - 156. The electronic appliance of claim 155, in which the at least one condition comprises an indication that the permitted use may be made only for a certain time period.
  - 157. The electronic appliance of claim 155, in which the at least one condition comprises an indication that the permitted use may be exercised only by a certain user or class of users.
  - 158. The electronic appliance of claim 155, in which the at least one condition comprises a requirement that auditing information be collected regarding the permitted use.

159. A method performed by an electronic appliance, the method comprising:
- receiving a first piece of electronic content, the first piece of electronic content being encrypted at least in part;
  
  receiving, separately from the first piece of electronic content, a first key, the first key being associated with the first piece of electronic content, and the first key being encrypted at least in part;
  
  decrypting the first key using (a) a second key and (b) a secure processing unit running on the electronic appliance, the second key being stored in memory of the secure processing unit; and
  
  decrypting the first piece of electronic content using, at least in part, the first key.
- View Dependent Claims (160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176)
- - 160. The method of claim 159, in which the first key is received at a first time and the first piece of electronic content is received at a second time that is different from the first time.
  - 161. The method of claim 159, in which the first key is received over a first path and the first piece of electronic content is received over a second path that is different from the first path.
  - 162. The method of claim 159, in which the first key is received from a first entity and the first piece of electronic content is received from a second entity that is different from the first entity.
  - 163. The method of claim 159, in which the first piece of electronic content consists of non-executable audio, video, and/or textual content.
  - 164. The method of claim 159, further comprising:
    - receiving, separately from the first piece of electronic content, a first electronic object, the first electronic object specifying one or more permitted or prohibited uses of the first piece of electronic content;
      
      receiving a request to use the first piece of electronic content; and
      
      selectively granting the request in accordance with the first electronic object.
  - 165. The method of claim 164, in which selectively granting the request in accordance with the first electronic object includes decrypting the first piece of electronic content using, at least in part, the first key.
  - 166. The method of claim 164, in which the request comprises a request to view the first piece of electronic content.
  - 167. The method of claim 164, in which the request comprises a request to distribute the first piece of electronic content.
  - 168. The method of claim 164, in which the request comprises a request to print the first piece of electronic content.
  - 169. The method of claim 164, in which the request comprises a request to copy the first piece of electronic content.
  - 170. The method of claim 164, in which the request comprises a request to edit the first piece of electronic content.
  - 171. The method of claim 164, in which the first electronic object specifies at least one condition associated with a permitted use of the first piece of electronic content.
  - 172. The method of claim 171, in which the at least one condition comprises an indication that the permitted use may be made only for a certain time period, and in which selectively granting the request comprises determining that the at least one condition is satisfied.
  - 173. The method of claim 171, in which the at least one condition comprises an indication that the permitted use may be exercised only by a certain class of users, and in which selectively granting the request comprises determining that the request was made by a user belonging to said certain class of users.
  - 174. The method of claim 171, in which the at least one condition comprises a requirement that auditing information be collected regarding the permitted use, the method further comprising collecting auditing information regarding the requested use.
  - 175. The method of claim 164, further comprising:
    - receiving, separately from the first piece of electronic content and the first electronic object, a second piece of electronic content;
      
      receiving a request to use the second piece of electronic content; and
      
      selectively granting the request in accordance with the first electronic object.
  - 176. The method of claim 164, further comprising:
    - receiving, separately from the first piece of electronic content and the first electronic object, a second electronic object, the second electronic object specifying one or more permitted or prohibited uses of the first piece of electronic content;
      
      receiving a request to use the first piece of electronic content; and
      
      selectively granting the request in accordance with the first electronic object and the second electronic object.

177. A method performed by an electronic appliance, the electronic appliance comprising programming operable to govern usage of electronic content, the method comprising:
- receiving a first piece of electronic content, the first piece of electronic content being encrypted at least in part;
  
  receiving, separately from the first piece of electronic content, a first electronic object, the first electronic object specifying one or more permitted or prohibited uses of the first piece of electronic content;
  
  receiving a request from a user of the electronic appliance to use the first piece of electronic content; and
  
  selectively granting the request in accordance with the first electronic object;
  
  wherein the electronic appliance comprises hardware and/or software operable to impede the user from tampering with performance of said selectively granting step.
- View Dependent Claims (178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191)
- - 178. The method of claim 177, further comprising:
    - receiving a first key, the first key being encrypted; and
      
      decrypting the first key using a second key stored in internal memory of a secure processing unit running on the electronic appliance;
      
      wherein selectively granting the request includes decrypting the first piece of electronic content using the first key.
  - 179. The method of claim 178, in which the first piece of electronic content comprises non-executable audio, video, and/or textual content.
  - 180. The method of claim 177, wherein selectively granting the request includes accessing information stored in internal memory of a secure processing unit running on the electronic appliance.
  - 181. The method of claim 177, in which the request comprises a request to view the first piece of electronic content.
  - 182. The method of claim 177, in which the request comprises a request to distribute the first piece of electronic content.
  - 183. The method of claim 177, in which the request comprises a request to print the first piece of electronic content.
  - 184. The method of claim 177, in which the request comprises a request to copy the first piece of electronic content.
  - 185. The method of claim 177, in which the request comprises a request to edit the first piece of electronic content.
  - 186. The method of claim 177, in which the first electronic object specifies at least one condition associated with a permitted use of the first piece of electronic content.
  - 187. The method of claim 186, in which the at least one condition comprises an indication that the permitted use may be made only for a certain time period, and in which selectively granting the request comprises determining that the at least one condition is satisfied.
  - 188. The method of claim 186, in which the at least one condition comprises an indication that the permitted use may be exercised only by a certain class of users, and in which selectively granting the request comprises determining that the user belongs to said certain class of users.
  - 189. The method of claim 186, in which the at least one condition comprises a requirement that auditing information be collected regarding the permitted use, the method further comprising collecting auditing information regarding the requested use.
  - 190. The method of claim 177, further comprising:
    - receiving, separately from the first piece of electronic content and the first electronic object, a second piece of electronic content;
      
      receiving a request to use the second piece of electronic content; and
      
      selectively granting the request in accordance with the first electronic object.
  - 191. The method of claim 177, further comprising:
    - receiving, separately from the first piece of electronic content and the first electronic object, a second electronic object, the second electronic object specifying one or more permitted or prohibited uses of the first piece of electronic content;
      
      receiving a request to use the first piece of electronic content; and
      
      selectively granting the request in accordance with the first electronic object and the second electronic object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Van Wie, David, Ginter, Karl, Spahn, Francis, Shear, Victor

Granted Patent

US 8,191,157 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06F 2221/2151   Time stamp

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/1235   with control of digital rig...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06T 1/0021   Image watermarking

G07F 9/026   for alarm, monitoring and a...

H04L 2463/101   applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/20 : for managing network securi...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 7/162 : Authorising the user termin...

H04N 7/17309 : Transmission or handling of...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

191 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

191 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links