Systems and methods for secure transaction management and electronic rights protection

US 20090132805A1
Filed: 10/29/2007
Published: 05/21/2009
Est. Priority Date: 02/13/1995
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to, or other use of, electronic content, the method comprising:

associating first control information with electronic content; and

transferring the first control information to a first electronic appliance, wherein the first control information is configured to enable the first electronic appliance to transmit second control information to at least a second electronic appliance, the second control information configured to enable the second electronic appliance to access or otherwise use the electronic content but not to enable the second electronic appliance to transmit control information to enable another electronic appliance to access or otherwise use the electronic content.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”

Citations

25 Claims

1. A method of controlling access to, or other use of, electronic content, the method comprising:
- associating first control information with electronic content; and
  
  transferring the first control information to a first electronic appliance, wherein the first control information is configured to enable the first electronic appliance to transmit second control information to at least a second electronic appliance, the second control information configured to enable the second electronic appliance to access or otherwise use the electronic content but not to enable the second electronic appliance to transmit control information to enable another electronic appliance to access or otherwise use the electronic content.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, in which the first control information is further configured to enable the first electronic appliance to access or otherwise use the electronic content.
  - 3. The method of claim 2, further comprising:
    - transferring the electronic content to the first electronic appliance separately from the first control information.
  - 4. The method of claim 1, in which the first control information comprises an electronic object including permission information and an encrypted first key, the first key being configured to decrypt the electronic content.
  - 5. The method of claim 4, in which a second key associated with the first electronic appliance is configured for use in decrypting the first key.

6. A method of controlling access to, or other use, of electronic content, the method comprising:
- receiving a piece of electronic content at a first electronic appliance;
  
  receiving, separately from the piece of electronic content, first control information at the first electronic appliance, the first control information permitting creation of second control information for transmission to a second electronic appliance;
  
  transmitting the second control information to the second electronic appliance, the second control information enabling the piece of electronic content to be accessed or otherwise used on the second electronic appliance, the second control information not enabling control information to be sent from the second electronic appliance to a third electronic appliance to enable the piece of electronic content to be accessed or otherwise used on the third electronic appliance;
  
  wherein the first electronic appliance comprises hardware and/or software for resisting attempts by users of the first electronic appliance to tamper with the creation of the second control information.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, in which the first control information is further configured to enable the first electronic appliance to access or otherwise use the piece of electronic content.
  - 8. The method of claim 6, in which the first control information comprises an electronic object including permission information and an encrypted first key, the first key being configured to decrypt the electronic content.
  - 9. The method of claim 8, in which a second key associated with the first electronic appliance is configured for use in decrypting the first key.

10. A method of securely packaging electronic content using a secure application program running on an electronic appliance, the secure application program being resistant to tampering by users of the electronic appliance, the method comprising:
- enabling a user to select a first piece of electronic content; and
  
  transferring the first piece of electronic content into a secure electronic container, the secure electronic container comprising control information for governing contents of the secure electronic container, wherein the control information comprises one or more permissions specifying one or more permitted and/or prohibited uses of contents of the secure electronic container, and wherein subsequent use of the first piece of electronic content is governed by said one or more permissions.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, in which the secure application program comprises a word processing program.
  - 12. The method of claim 10, in which the secure application program is configured to enable a user to specify additional control information for governing use of the first piece of electronic content.
  - 13. The method of claim 10, in which the control information includes a specification of a time period before which the contents of the secure electronic container may not be used.
  - 14. The method of claim 10, in which the contents of the secure electronic container comprise a second piece of electronic content.

15. A method comprising:
- distributing a first electronic budget to a user, the first electronic budget being configured for use in governing usage of one or more electronic objects of a first type, the first electronic budget specifying a time-based limitation on usage of electronic objects of the first type; and
  
  distributing a second electronic budget to the user, the second electronic budget being configured for use in governing access to or other usage of one or more electronic objects of a second type.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, further comprising:
    - distributing first permission information to the user, the first permission information being associated with at least a first electronic object of the one or more electronic objects of the first type, the first permission information including an encrypted first key, the first key being configured for use in decrypting at least the first electronic object, the first permission information being configured to be applied by tamper- resistant software executing on an electronic appliance associated with the user to enable the user to make at least one use of at least the first electronic object if allowed by the first electronic budget.
  - 17. The method of claim 15, in which the second electronic budget specifies a monetary limitation on usage of electronic objects of the second type.
  - 18. The method of claim 15, further comprising:
    - modifying first permission information to reference the first electronic budget, the first permission information being associated with at least a first electronic object of the first type;
      
      modifying second permission information to reference the second electronic budget, the second permission information being associated with at least a second electronic object of the second type; and
      
      distributing the modified first permission information and the modified second permission information to the user.
  - 19. The method of claim 16, further comprising:
    - distributing second permission information to the user, the second permission information being associated with at least a second electronic object of the one or more electronic objects of the second type, the second permission information including an encrypted second key, the second key being configured for use in decrypting at least the second electronic object, the second permission information being configured to be applied by the tamper-resistant software executing on the electronic appliance associated with the user to enable the user to make at least one use of at least the second electronic object if allowed by the second electronic budget.

20. An integrated circuit comprising:
- a microprocessor;
  
  a clock;
  
  a random number generator;
  
  an encryption/decryption engine;
  
  non-volatile memory, the non-volatile memory comprising;
  
  one or more load modules;
  
  an operating system comprising a memory management unit and a virtual memory manager;
  
  one or more cryptographic keys;
  
  volatile memory; and
  
  a tamper-resistant barrier enclosing the foregoing.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The integrated circuit of claim 20, further comprising a remote procedure call services table, the remote procedure call services table describing where requests for specific services are to be routed for processing, the remote procedure call services table further including one or more indications of whether certain load modules may be called by an external caller.
  - 22. The integrated circuit of claim 21, in which at least some of the certain load modules are stored in encrypted form in memory external to the integrated circuit.
  - 23. The integrated circuit of claim 20, in which the non-volatile memory comprises a combination of read only memory, non-volatile random access memory, and/or electrically erasable programmable read only memory.
  - 24. The integrated circuit of claim 20, in which the operating system comprises code which, when executed by the microprocessor, is configured to swap blocks of code and data out of the volatile memory, encrypt the blocks of code and data, and write the encrypted blocks of code and data to storage external to the integrated circuit.
  - 25. The integrated circuit of claim 20, in which at least some of the one or more load modules are configured to perform rights management tasks selected from the group consisting of:
    - metering use of protected content;
      
      maintaining a budget related to use of protected content;
      
      opening a secure electronic container comprising protected content; and
      
      auditing use of protected content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Spahn, Francis J., Shear, Victor H., Van Wie, David M.

Application Number

US11/980,245
Publication Number

US 20090132805A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 20/12   specially adapted for elect...

G06Q 20/123 : Shopping for digital content

G06Q 20/1235 : with control of digital rig...

G06Q 20/14 : specially adapted for billi...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/306 : using TV related infrastruc...

G06Q 20/308 : using the Internet of Things

G06Q 2220/16 : Copy protection or prevention

G06Q 30/0273 : Determination of fees for a...

G06Q 30/0283 : Price estimation or determi...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 40/02 : Banking, e.g. interest calc...

G06Q 40/04 : Trading; Exchange, e.g. sto...

G06Q 40/12 : Accounting

G06Q 50/184 : Intellectual property manag...

G06Q 50/188 : Electronic negotiation

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/02 : for separating internal fro...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0442 : wherein the sending and rec...

H04L 63/08 : for authentication of entit...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/10 : for controlling access to d...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/16 : Implementing security featu...

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 9/006 : involving public key infras...

H04L 9/0819 : Key transport or distributi...

H04L 9/0838 : Key agreement, i.e. key est...

H04L 9/0861 : Generation of secret inform...

H04L 9/3218 : using proof of knowledge, e...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04N 2005/91364 : the video signal being scra...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/42646 : for reading from or writing...

H04N 21/4325 : by playing back content fro...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

H04N 7/162 : Authorising the user termin...

H04N 7/163 : by receiver means only

H04N 7/17309 : Transmission or handling of...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links