System and method for access control for portable data storage media
First Claim
1. A system for accessing data by a user, comprising:
- a processor for processing said data;
a data storage unit for storing said data in a manner requiring different access code for accessing correspondingly different data stored on said storage unit by the user;
a controller in communication with said processor for receiving a signal representative of one of said different access codes from a remote location and for sending a signal which enables access by said processor means to a selected portion of said data on said storage unit using one of said access codes;
a remote authorization unit located at a location remote from said processor and said controller, said remote authorization unit for transmitting an access code to said controller from said remote location in response to an authorization request signal sent by the user to said remote authorization unit; and
wherein said data storage unit stores update means cooperative with said transmitted access code for automatically generating updated access codes for access to previously unaccessible parts of said data storage unit when electronic update counter conditions are met.
6 Assignments
0 Petitions
Accused Products
Abstract
The system and method of the present invention provides the support of high density removable media, such as CD-ROM or MO, to be used as a distributed media for storing data where access thereto is securely restricted. Through this system and method, the secure periodic distribution of several different sets of data information to the end user is achieved with access control selectively performed by at the user'"'"'s site through communication with the billing/access center. User billing is based on the purchase of the decryption access codes as indicated by the access code attributes encoded on the media. Access code availability is further controlled by selectively providing for updates of decryption access codes.
-
Citations
66 Claims
-
1. A system for accessing data by a user, comprising:
-
a processor for processing said data; a data storage unit for storing said data in a manner requiring different access code for accessing correspondingly different data stored on said storage unit by the user; a controller in communication with said processor for receiving a signal representative of one of said different access codes from a remote location and for sending a signal which enables access by said processor means to a selected portion of said data on said storage unit using one of said access codes; a remote authorization unit located at a location remote from said processor and said controller, said remote authorization unit for transmitting an access code to said controller from said remote location in response to an authorization request signal sent by the user to said remote authorization unit; and wherein said data storage unit stores update means cooperative with said transmitted access code for automatically generating updated access codes for access to previously unaccessible parts of said data storage unit when electronic update counter conditions are met. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for distributing data to a user comprising the steps of:
-
on a storage unit, providing encrypted data, such requiring an access code to decrypt said data to provide access thereto wherein a least a portion of said encrypted data is correlated with a corresponding access code identifier for identifying access codes; at a remote location, storing a plurality of access codes together with corresponding access code identifiers; at a remote location, generating an authorization signal when particular conditions are met, wherein said authorization signal causes one of said access codes to be transmitted to said user to enable said user to access a portion of said encrypted data by decrypting a portion of said encrypted data and wherein said access conditions include the receipt of one of said access code identifiers from said user; applying said access code to said encrypted data to decrypt a portion of said encrypted data; and processing said decrypted portion of said encrypted data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of distributing information in the form of data sets and providing access thereto, comprising the steps of.
encrypting said data sets so that different access codes are required to decrypt different portions of said data sets; -
correlating said data sets with access code identifiers which identify particular access codes which will decrypt said data sets; writing said data sets on a data storage unit; providing a data storage controller which is capable of applying said access codes to said data storage means; remotely providing a data access controller with one of said different access codes to decrypt a selected one of said encrypted data sets in response to the receipt of one of said access code identifiers; said data access controller accessing said data sets written onto said data storage means; and wherein said access codes are further stored with attributes defined in a manner which corresponds to particular properties of said data sets, both of which are transmitted to said data access controller in response to the receipt of one of said access code identifiers. - View Dependent Claims (24, 25, 26)
-
-
27. A system for encrypting data, comprising:
-
a memory medium including programming codes stored thereon for encrypting individual data sets and for assigning access code identifiers to said individual data sets, each of said access code identifiers associated with and used in identifying a particular access code for decrypting one of said individual data sets, said access code identifier for identifying said particular access code; a processor in communication with said memory medium for writing said encrypted individual data sets to a data storage unit so that at least some of said individual data sets are stored in conjunction with access code identifiers on said data storage unit; and a remote access code distribution controller for transferring a particular one of said access codes for use with a particular one of said portable data storage means on receipt of one of said access code identifiers from a second location. - View Dependent Claims (28, 29, 30)
-
-
31. A method for encrypting data sets to control access thereto, comprising the steps of:
-
defining attributes in a manner which corresponds to particular properties of said data sets; binding said attributes to access codes and storing them in a first location; encoding said data sets so they may be decrypted by said access codes when said access codes signal are applied to said data sets by a processor; storing said encoded data sets on a data storage unit; transmitting to a second location from said first location one of said access codes bound to one of said attributes. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A data retrieval system-for use by a user comprising:
-
a data storage unit including data stored thereon including portions selected by said user, said selected portions on said data storage unit being accessible by a set of access codes, wherein one of said set of access codes is transmitted by a remote central processing unit to a user at a different location, such transmitted to said user to provide access to said selected portions of said data stored on said data storage unit; and wherein said data storage unit includes update means cooperative with said transmitted access codes for automatically generating updated access codes for access to previously unaccessible parts of said selected portions of said data on said data storage unit when electronic update counter conditions are met. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
-
45. A system for providing authentication of electronic transmissions, comprising:
-
an authorization center for transmitting access codes to different locations upon receipt of authenticated requests for said access codes, wherein one of said access codes is electronically transmitted to a different location when said authenticated request meets particular electronic signature conditions; and a controller at said different location for receiving said access codes from said authorization Center, said controller capable of verifying that said access code was transmitted from said remote authorization center. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A method for providing authentication of electronic transmissions, comprising the steps of:
-
providing an authorization center for transmitting access codes to different locations upon receipt of authenticated requests for said access codes, wherein one of said access codes is electronically transmitted to a different location when said authenticated request meets particular electronic signature conditions; and providing a controller at said different location for receiving said access codes from said authorization center, said controller capable of verifying that said access code was transmitted from said remote authorization center. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A method as recited in claim 66 wherein said attribute is representative of use of said data.
Specification