Method and system for managing a data object so as to comply with predetermined conditions for usage

US 5,845,281 A
Filed: 01/31/1996
Issued: 12/01/1998
Est. Priority Date: 02/01/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing a data object so as to comply with control conditions for usage of the data object, comprising the steps of:

storing the data object in a memory device, where it is accessible by means of a data object provider'"'"'s data processor;

providing a variable number of control conditions for usage of the data object;

creating, by said data processor, a general set of control data for the data object based on said variable number of control conditions for usage, said general set of control data comprising at least one or more usage control elements defining usages of the data object which comply with said variable number of control conditions,storing said general set of control data in a memory device, where it is accessible by said data processor;

concatenating the general set of control data with a copy of the data object; and

encrypting at least the copy of the data object and said one or more usage control elements to create a secure data package which is ready for transfer to a user.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for managing a data object so as to comply with predetermined conditions for usage of the data object. To control the usage of the data object, a set of control data, defining uses of the data object, which comply with the predetermined conditions, is created for the data object. The data object is concatenated with the user set of control data, encrypted and transferred to the user. When the user wants to use the data object, a special user program checks whether the usage complies with the control data. If so, the usage is enabled. Otherwise it is disabled.

586 Citations

29 Claims

1. A method for managing a data object so as to comply with control conditions for usage of the data object, comprising the steps of:
- storing the data object in a memory device, where it is accessible by means of a data object provider'"'"'s data processor;
  
  providing a variable number of control conditions for usage of the data object;
  
  creating, by said data processor, a general set of control data for the data object based on said variable number of control conditions for usage, said general set of control data comprising at least one or more usage control elements defining usages of the data object which comply with said variable number of control conditions,storing said general set of control data in a memory device, where it is accessible by said data processor;
  
  concatenating the general set of control data with a copy of the data object; and
  
  encrypting at least the copy of the data object and said one or more usage control elements to create a secure data package which is ready for transfer to a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as set forth in claim 1, wherein the step of encrypting comprises encrypting the data object and the general set of control data.
  - 3. A method as set forth in claim 1, wherein the step of creating control data comprises creating an identifier which uniquely identifies the general set of control data.
  - 4. A method as set forth in claim 1, wherein the step of creating a general set of control data comprises creating a security control element which identifies a security process to be applied before usage of the data object is allowed.
  - 5. A method as set forth in claim 1, wherein the step of creating a general set of control data comprises creating a format control element which identifies the format of the control data.
  - 6. A method as set forth in claim 1, further comprising the steps of receiving in said data processor a request for authorization for usage by a user;
    - comparing the usage for which authorization is requested with said one or more usage control elements of the general set of control data and granting the authorization if the usage for which authorization is requested complies with the usages defined by said one or more usage control elements.
  - 7. A method as set forth in claim 6, further comprising the step of securing payment for the requested authorization for usage before granting the authorization.
  - 8. A method as set forth in claim 1, comprising the further steps of:
    - receiving the data package in a user'"'"'s data processor;
      
      storing the data package in a memory device where it is accessible by means of the user'"'"'s data processor;
      
      decrypting said one or more usage control elements;
      
      checking, in response to a request by the user for usage of the data object, whether the requested usage complies with the usage defined by the at least one usage control element of the general set of control data;
      
      decrypting, in response to the requested usage complying with the usage defined by the at least one usage control element of the general set of control data, the data object and enabling the requested usage, otherwise disabling it.
  - 9. A method as set forth in claim 8, comprising the further steps of reconcatenating, after the usage of the data object, the data object and the one or more usage control elements, reencrypting at least the data object and the one or more usage control elements, and storing the thus-repackaged data package in the memory of the user'"'"'s data processor.

10. A method for controlling the usage by a user of a data object so as to comply with control conditions for usage of the data object, comprising the steps of:
- providing a varible number of control conditions for usage of the data object;
  
  storing a data package in a memory device, where it is accessible by means of a data processor of the user, said data package comprising the data object and control data, which comprises at least one usage control element defining a usage of the data object which complies with the variable number of control conditions, the data object and said at least one usage control element being encrypted;
  
  receiving a request by the user for usage of the data object;
  
  decrypting the control data;
  
  checking, in response to the request by the user for usage of the data object, whether the requested usage complies with the usage defined by the at least one usage control element of the control data; and
  
  decrypting, in response to the requested usage complying with the usage defined by the at least one usage control element of the control data, the data object and enabling the requested usage, otherwise disabling it.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A method as set forth in claim 10, wherein the usage control element is updated after the at least one usage of the data object.
  - 12. A method as set forth in claim 10, wherein said control data comprises an indication of the number of times the user is authorized to use the data object in accordance with said at least one usage control element;
    - wherein the requested usage of the data object is only enabled when said number of times is one or more; and
      
      wherein said number of times is decremented by one when the requested usage is enabled.
  - 13. A method as set forth in claim 10, wherein the control data comprise a security control element, and further comprising the step of carrying out, before each usage of the data object, a security procedure defined in the security control element.
  - 14. A method as set forth in claim 10, wherein the step of checking whether the requested usage complies with the usage defined by the at least one usage control element comprises the step of checking that the user'"'"'s data processor is capable of carrying out a security procedure specified in a security control element of the at least one usage control element, and if not, disabling the usage.
  - 15. A method as set forth in claim 10, comprising the further steps of reconcatenating, after the usage of the data object, the data object and the one or more usage control elements, reencrypting at least the data object and the one or more usage control elements, and storing the thus-repackaged data package in the memory of the user'"'"'s data processor.

16. A system for managing a data object so as to comply with control conditions for usage of the data object, comprisingmeans for providing a vanable number of control conditions;
- first means in the data object provider'"'"'s data processor for creating a general set of control data for the data object based on the variable number of control conditions for usage, said general set of control data comprising at least one or more usage control elements defining usages of the data object which comply with the variable number of control conditions;
  
  storing means, which are accessible by means of said data processor, for storing the data object and the general set of control data;
  
  concatenating means for concatenating the general set of control data with a copy of the data object; and
  
  encrypting means for encrypting the copy of the data object and at least said one or more usage control elements to create a secure data package, which is ready for transfer to a user.
- View Dependent Claims (17)
- - 17. A system as set forth in claim 16, wherein the general set of control data comprises a control data element which defines the right to further distribution of the data object by the user.

18. A system for controlling the usage by a user of a data object so as to comply with control conditions for usage of the data object, comprising:
- means for providing variable number of control conditions;
  
  storing means for storing a data package which comprises a data object and a control data comprising at least one usage control element defying a usage of the data object which complies with the variable number of control conditions;
  
  means for decrypting the at least one usage control element and the data object;
  
  checking means for checking whether a usage requested by the user complies with the usage defined by said at least one usage control element;
  
  enabling means for enabling the usage requested by the user when the usage complies with the usage defined by said at least one usage control element; and
  
  disabling means for disabling the usage requested by the user when the usage does not comply with the usage defined by said at least one usage control element.
- View Dependent Claims (19)
- - 19. A system as set forth in claim 18, further comprising means for repackaging the data object after usage thereof.

20. A method for controlling the usage by a user of data objects so as to comply with predetermined conditions for usage of the data objects, comprising the steps of:
- storing at least two data packages in a memory device, where they are accessible by a data processor of the user, each said data package comprising a data object and a user set of control data, which comprises at least one usage control element defining a usage of the data object which complies with the predetermined conditions, the data object and said at least one usage control elements being encrypted;
  
  decrypting the usage control elements of the user sets of control data;
  
  examining the usage control elements of said at least two data packages to find a match;
  
  using, in response to the finding of a match, the data processor to carry out an action, which is specified in the user sets of control data.
- View Dependent Claims (21)
- - 21. A method as set forth in claim 20, comprising the further steps of updating the at least one usage control element of each data package, concatenating after the usage of the data objects, each of the data objects and its at least one usage control element, reencrypting each of the concatenated data objects and its at least one usage control element and transferring the repackaged data objects to their creators.

22. A method for managing a data object so as to comply with predetermined conditions for usage of the data object, comprising the steps of:
- storing the data object in a memory device, where it is accessible by means of a data object provider'"'"'s data processor;
  
  providing control conditions for usage of the data object;
  
  creating, by said data processor, a general set of control data for the data object based on said control conditions for usage, said general set of control data comprising at least one or more usage control elements defining usages of the data object which comply with said control conditions;
  
  storing said general set of control data in a memory device, where it is accessible by said data processor;
  
  concatenating the general set of control data with a copy of the data object;
  
  encrypting at least the copy of the data object and said one or more usage control elements to create a secure data package which is ready for transfer to a user;
  
  creating, in response to a request for authorization for usage of the data object by a user, a user set of control data, which comprises at least a subset of the general set of control data, including at least one of said usage control elements;
  
  using the user set of control data instead of the general set of control data in said concatenating step;
  
  using the at least one or usage control element of the user set of control data instead of the one or more usage control elements of the general set of control data in the encrypting step; and
  
  checking, before allowing transfer of the data package to the user, that said request for authorization for usage of the data object has been granted.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. A method as set forth in claim 22, wherein the data object is composed of at least two constituent data objects and wherein the user set of control data, in response to a request for authorization for usage of one of said constituent data objects by a user, is created only for that constituent data object and concatenated only with a copy of that constituent data object.
  - 24. A method as set forth in claim 22, wherein the data provider'"'"'s data processor is connected to a data network and the request for authorization is received from a data processor of the user, which is also connected to the data network, further comprising the step of transferring the data package through the data network to the user'"'"'s data processor.
  - 25. A method as set forth in claim 22, wherein the data object is a composite data object including at least two constituent data objects and wherein the step of creating a general set of control data comprises the step of creating a respective general set of control data for each of the constituent data objects and the composite data object and wherein the step of creating a user set of control data comprises the step of creating a respective user set of control data for each of the constituent data objects and the composite data object.
  - 26. A method as defined in claim 22, comprising the further step of storing a copy of the user set of control data in the data object provider'"'"'s processor.
  - 27. A method as defined in claim 22, comprising the further steps of:
    - receiving the data package in a user'"'"'s data processor;
      
      storing the data package in a memory device where it is accessible by means of the user'"'"'s data processor;
      
      decrypting the at least one usage control element of the user set of control data;
      
      checking, in response to a request by the user for usage of the data object, whether the requested usage complies with the usage defined by the at least one usage control element of the user set of control data; and
      
      decrypting, in response to the requested usage complying with the usage defined by the at least one usage control element of the user set of control data, the data object and enabling the requested usage, otherwise disabling it.
  - 28. A method as set forth in claim 22, further comprising:
    - receiving the data package in a user'"'"'s data processor;
      
      storing the data package in a memory device where it is accessible by means of the user'"'"'s data processor;
      
      decrypting the at least one usage control element of the user set of control data;
      
      checking, in response to a request by the user for usage of the data object, whether the requested usage complies with the usage defined by the at least one usage control element of the user set of control data;
      
      decrypting, in response to the requested usage complying with the usage defined by the at least one usage control element of the user set of control data, the data object and enabling the requested usage, otherwise disabling it; and
      
      reconcatenating, after the usage of the data object, the data object and the one or more usage control elements of the user set of control data, and reencrypting at least the data object and the one or more usage of the user set of control data.

29. A system for managing a data object so as to comply with control conditions for usage of the data object, comprising:
- first means in the data object provider'"'"'s data processor for creating a general set of control data for the data object based on the predetermined conditions for usage, said general set of control data comprising at least one or more usage control elements defining usages of the data object which comply with the predetermined conditions;
  
  storing means, which are accessible by means of said data processor, for storing the data object and the general set of control data;
  
  concatenating means for concatenating the general set of control data with a copy of the data object;
  
  encrypting means for encrypting the copy of the data object and at least said one or more usage control elements to create a secure data package, which is ready for transfer to a user;
  
  second means in said data processor for creating, in response to a request for authorization for usage of the data object by a user, a user set of control data, which comprises at least a subset of the general set of control data, which subset comprises at least one of said usage control elements;
  
  using the user set of control data instead of the general set of control data in the storing means;
  
  using the user set of control data instead of the general set of control data in the concatenating means;
  
  using the user set of control data instead of the general set of control data in the encrypting means; and
  
  checking means in said data processor for checking that said request for authorization for usage of the data object has been granted before allowing transfer of the data package to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Solutions Corporation (Adeia Inc.)
Original Assignee
Mediadna, Inc.
Inventors
Benson, Greg, Urich, Gregory H.
Primary Examiner(s)
Von Buhr, Maria N.

Application Number

US08/594,811
Time in Patent Office

1,035 Days
Field of Search

395/609, 395/610, 395/614, 707/9, 707/10, 707/103
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6236   between heterogeneous systems

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2151   Time stamp

Y10S 707/99939   Privileged access

Method and system for managing a data object so as to comply with predetermined conditions for usage

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

586 Citations

29 Claims

Specification

Use Cases

Quick Links

Others

Method and system for managing a data object so as to comply with predetermined conditions for usage

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

586 Citations

29 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others