System and method for access control for portable data storage media

US 5,457,746 A
Filed: 12/19/1994
Issued: 10/10/1995
Est. Priority Date: 09/14/1993
Status: Expired due to Term

First Claim

Patent Images

1. A system for accessing data by a user, comprising:

processing means for processing said data;

a plurality of portable data storage means each of which includes data stored on certain ones of said plurality of portable data storage means includes portions selected by said user, said portable data storage means for storing said data in a manner requiring different access codes for accessing different data stored on said portable storage means by the user, wherein one of said access codes is a transmitted code, such transmitted to said user to provide access to said selected portions of said data stored on certain ones of said plurality of portable data storage means;

controller means in communication with said processor means for receiving a signal representative of one of said different access codes from a remote location and for sending a signal which enables access by said processor means to a selected portion of said data on said portable storage means using one of said access codes;

remote authorization means located at a location remote from said processor means and said controller means and in communication with the aforesaid means, said remote authorization means for transmitting said one access code signal to said controller means from said remote location in response to an authorization request signal sent by the user to said remote authorization means; and

wherein said plurality of data storage means includes update means cooperative with said transmitted access code for automatically generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means when electronic update counter conditions are met.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method of the present invention provides the support of high density removable media, such as CD-ROM or MO, to be used as a distributed media for storing data where access thereto is securely restricted. Through this system and method, the secure periodic distribution of several different sets of data information to the end user is achieved with access control selectively performed by at the user'"'"'s site through communication with the billing/access center. User billing is based on the purchase of the decryption access codes as indicated by the access code attributes encoded on the media. Access code availability is further controlled by selectively providing for updates of decryption access codes.

Citations

46 Claims

1. A system for accessing data by a user, comprising:
- processing means for processing said data;
  
  a plurality of portable data storage means each of which includes data stored on certain ones of said plurality of portable data storage means includes portions selected by said user, said portable data storage means for storing said data in a manner requiring different access codes for accessing different data stored on said portable storage means by the user, wherein one of said access codes is a transmitted code, such transmitted to said user to provide access to said selected portions of said data stored on certain ones of said plurality of portable data storage means;
  
  controller means in communication with said processor means for receiving a signal representative of one of said different access codes from a remote location and for sending a signal which enables access by said processor means to a selected portion of said data on said portable storage means using one of said access codes;
  
  remote authorization means located at a location remote from said processor means and said controller means and in communication with the aforesaid means, said remote authorization means for transmitting said one access code signal to said controller means from said remote location in response to an authorization request signal sent by the user to said remote authorization means; and
  
  wherein said plurality of data storage means includes update means cooperative with said transmitted access code for automatically generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means when electronic update counter conditions are met.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 46)
- - 2. A system as recited in claim 1 wherein said selected portions of said data stored on certain ones of said plurality of portable data storage means are provided to said user sequentially and said transmitted access code provides said user with access to said data stored on the first portable data storage means of said sequence of portable data storage means.
  - 3. A system as recited in claim 1 wherein each of said access codes is correlated with an identifying code and wherein said authorization request comprises said identifying code.
  - 4. A system as recited in claim 3 wherein said identifying code is representative of an attribute.
  - 5. A system as recited in claim 4 wherein said attribute is representative of a use of said data.
  - 6. A system as recited in claim 1 wherein said controller means is a hardware configuration.
  - 7. A system as recited in claim 1 wherein said controller means is a software configuration.
  - 8. A system as recited in claim 1 wherein said data stored on said portable data storage means includes identifying codes associated with each of said different portions of said data.
  - 9. A system as recited in claim 8 wherein said identifying codes are correlated with attributes.
  - 10. A system as recited in claim 9 wherein said attribute is representative of use of said data.
  - 46. A system as recited in claim 8 wherein said authorization request includes one of said identifying codes.

11. A method for distributing data to a user comprising the steps of:
- on a portable data storage unit, providing encrypted data, such requiring an access code to decrypt said data to provide access thereto wherein at least a portion of said encrypted data is correlated with a corresponding access code identifier for identifying access codes;
  
  delivering said portable data storage unit to said user;
  
  at a remote location, storing a plurality of access codes together with corresponding access code identifiers;
  
  at said remote location generating an authorization signal when particular access conditions are met, wherein said authorization signal causes one of said access codes to be transmitted to said user to enable said user to access a portion of said encrypted data by decrypting a portion of said encrypted data and wherein said access conditions include the receipt of one of said access code identifiers from said user;
  
  applying said access code to said encrypted data to decrypt a portion of said encrypted data; and
  
  processing said decrypted portion of said encrypted data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. A method as recited in claim 11 further comprising a plurality of portable data storage means each of which includes data stored on certain ones of said plurality of portable data storage means including portions selected by said user, said selected portions on said certain portable storage means being accessible by a set of access codes, wherein one of said set of access codes is a transmitted access code, such transmitted to said user to provide access to said selected portions of said data stored on certain ones of said plurality of portable data storage means.
  - 13. A method as recited in claim 12 wherein said plurality of data storage means includes means cooperative with said one transmitted access code for generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means.
  - 14. A method as recited in claim 12 wherein said selected portions of said data stored on certain ones of said plurality of portable data storage means are provided to said user sequentially and said transmitted access code provides said user with access to said data stored on the first portable data storage means of said sequence of portable data storage means.
  - 15. A method as recited in claim 14 wherein said authorization request by said user includes said access code identifier.
  - 16. A method as recited in claim 14 wherein said access code identifier is representative of an attribute.
  - 17. A method as recited in claim 16 wherein said attribute is representative of use of said data.
  - 18. A method as recited in claim 11 wherein said applying step is carried out by hardware configuration.
  - 19. A method as recited in claim 11 wherein said applying step is carried out by software configuration.
  - 20. A method as recited in claim 11 wherein said data stored on said portable data storage unit includes identifying codes associated with different portions of said data.
  - 21. A method as recited in claim 20 wherein said identifying codes are correlated with attributes.
  - 22. A method as recited in claim 21 wherein said attributes are representative of use of said data.

23. A method for distributing information in the form of data sets and providing access thereto, comprising the steps of:
- encrypting said data sets so that different access codes are required to decrypt different portions of said data sets;
  
  correlating said data sets with access codes identifiers which identify particular access codes which will decrypt said data sets;
  
  writing said data sets onto a data storage means;
  
  remotely providing a data access controller with one of said different access codes to decrypt a selected one of said encrypted data sets in response to the receipt of one of said access code identifiers;
  
  transferring said data storage means from a first location to a second location wherein at said second location a data storage controller which is capable of applying said access codes to said data storage means is provided;
  
  said data access controller accessing said data sets written onto said data storage means; and
  
  wherein said access codes are further associated and stored with attributes defined in a manner which corresponds to particular to particular to particular properties of said data sets, both of which are transmitted to said data access controller in response to the receipt of one of said access code identifiers.
- View Dependent Claims (24, 25, 26, 27)
- - 24. A method as recited in claim 23 further comprising a plurality of data storage means each of which includes data stored on certain ones of said plurality of data storage means including portions selected by said user, said selected portions on said certain storage means being accessible by a set of access codes, wherein one of said set of access codes is a transmitted access code, such transmitted to said user to provide access to said selected portions of said data stored on certain ones of said plurality of data storage means.
  - 25. A method as recited in claim 24 wherein said plurality of data storage means includes means cooperative with said one transmitted access code for generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means.
  - 26. A method as recited in claim 24 wherein said selected portions of said data stored on certain ones of said plurality of data storage means are provided to said user sequentially and said transmitted access code provides said user with access to said data stored on the first data storage means of said sequence of data storage means.
  - 27. A method as recited in claim 23 wherein said attributes are representative of use of said data.

28. A system for encrypting data, comprising:
- receiving means for receiving said data;
  
  segmenting means in communication with said receiving means for segmenting said data into individual data sets;
  
  a memory medium in a first location in communication with said segmenting means, said memory medium including programming means stored thereon for encrypting said individual data sets and for assigning access code identifiers to said individual data sets, each of said access code identifiers associated with and used in identifying a particular access code for decrypting one of said individual data sets, said access code identifier for identifying said particular access code;
  
  processor means in communication with said memory medium for writing said encrypted individual data sets to a portable data storage means so that at least some of said individual data sets are stored in conjunction with access code identifiers on said portable storage means; and
  
  a remote access code distribution controller in communication with said memory medium for transferring a particular one of said access codes for use with a particular one of said portable data storage means upon receipt of one of said access code identifiers sent from a second location.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. A system as recited in claim 32 wherein said plurality of data storage means includes means cooperative with said one transmitted access code for generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means.
  - 30. A system as recited in claim 28 wherein said access code is further associated with an attribute.
  - 31. A system as recited in claim 30 wherein said attribute is representative of use of said data set.
  - 32. A system as recited in claim 28 further comprising:
    - transfer means for transferring said portable data storage means in a remote location;
      
      controller means for receiving a particular access code for decrypting one of said individual data sets and for providing access thereto by a processor; and
      
      authorization means for providing one of said different access codes to said controller means in response to an authorization request.
  - 33. A system as recited in claim 32 wherein said controller means is a hardware configuration.
  - 34. A system as recited in claim 32 wherein said controller means is a software configuration.

35. A method for encrypting data sets to control access thereto, comprising the steps of:
- defining attributes in a manner which corresponds to particular properties of said data sets;
  
  binding said attributes to access codes and storing them in a first location;
  
  encoding said data sets so they may be decrypted by said access codes when said access codes signals are applied to said data sets by a processor;
  
  storing said encoded data sets on portable data storage means;
  
  transferring said portable data storage means to a second location; and
  
  transmitting to said second location from said first location one of said access codes bound to one of said attributes.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43)
- - 36. A method as recited in claim 35 wherein attributes are representative of a use of said data.
  - 37. A method as recited in claim 35 wherein said access codes are correlated with identifying codes.
  - 38. A method as recited in claim 35 wherein access to said encoded data sets on said portable data storage means is provided by a remote authorization center and further comprising a controller in communication with said portable data storage means and wherein, upon transmitting one of said identifying codes to said remote authorization center, one of said access codes is downloaded to said controller in communication with said portable data storage means wherein said controller provides access to said data sets stored on said portable data storage means.
  - 39. A method as recited in claim 38 wherein said controller means is a hardware configuration.
  - 40. A method as recited in claim 38 wherein said controller means is a software configuration.
  - 41. A method as recited in claim 35 further comprising a plurality of potable data storage means each of which includes data stored on certain ones of said plurality of potable data storage means including portions selected by said user, said selected potions on said certain potable storage means being accessible by a set of access codes, wherein one of said set of access codes is a transmitted access code, such transmitted to said user to provide access to said selected potions of said data stored on certain ones of said plurality of potable data storage means.
  - 42. A method as recited in claim 41 wherein said plurality of data storage means includes means cooperative with said one transmitted access code for generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means.
  - 43. A method as recited in claim 41 wherein said selected portions of said data stored on certain ones of said plurality of portable data storage means are provided to said user sequentially and said transmitted access code provides said user with access to said data stored on the first portable data storage means of said sequence of portable data storage means.

44. A data retrieval system for use by a user comprising a plurality of portable data storage means each of which includes data stored on certain ones of said plurality of portable data storage means including portions selected by said user, said selected portions on said certain portable storage means being accessible by a set of access codes, wherein one of said set of access codes is transmitted by a remote central processing unit to a user at a second location, such transmitted to said user to provide access to said selected portions of said data stored on certain ones of said plurality of portable data storage means;
- andwherein said plurality of data storage means includes update means cooperative with said transmitted access code for automatically generating updated access codes for access to previously unaccessible parts of said selected portions of said data on certain ones of said plurality of portable data storage means when electronic update counter conditions are met.
- View Dependent Claims (45)
- - 45. A system as recited in claim 44 wherein said selected portions of said data stored on certain ones of said plurality of portable data storage means are provided to said user sequentially and said transmitted access code provides said user with access to said data stored on the first portable data storage means of said sequence of portable data storage means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SPEX Technologies, Inc.
Original Assignee
Spyrus, Inc.
Inventors
Dolphin, Janet L.
Primary Examiner(s)
Swann, Tod R.

Application Number

US08/359,347
Time in Patent Office

295 Days
Field of Search

380/23, 380/24, 380/25, 380/28, 380/29, 380/30, 380/49.50, 380/3.4
US Class Current

705/51
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/105   Arrangements for software l...

G06F 21/109   by using specially-adapted ...

G06F 2221/2107   File encryption

G06F 2221/2135   Metering

G06Q 20/085   involving remote charge det...

System and method for access control for portable data storage media

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for access control for portable data storage media

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links