System and methods for secure transaction management and electronic rights protection
DCFirst Claim
1. A process which takes place in an apparatus including a secure processing unit, comprising the following steps:
- accessing a first record containing information directly or indirectly identifying one or more elements of a first component assembly, at least one of said elements including at least some executable programming;
using said information to identify and locate said one or more elements;
said step of identifying and locating one or more elements includes locating one or more load modules, said load module(s) locating step comprising;
searching in at least one memory of said secure processing unit to determine whether at least one of said one or more load modules is located in said memory;
if at least one of said one or more load modules is located in a memory of said secure processing unit, loading and using said load module without decrypting said load module; and
if at least one of said one or more load modules is located outside of a memory of said secure processing unit, decrypting said load module prior to use of said load module;
accessing said located one or more elements;
securely assembling said one or more elements to form at least a portion of said first component assembly; and
executing at least some of said executable programming.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the "electronic highway."
1344 Citations
58 Claims
-
1. A process which takes place in an apparatus including a secure processing unit, comprising the following steps:
-
accessing a first record containing information directly or indirectly identifying one or more elements of a first component assembly, at least one of said elements including at least some executable programming; using said information to identify and locate said one or more elements; said step of identifying and locating one or more elements includes locating one or more load modules, said load module(s) locating step comprising; searching in at least one memory of said secure processing unit to determine whether at least one of said one or more load modules is located in said memory; if at least one of said one or more load modules is located in a memory of said secure processing unit, loading and using said load module without decrypting said load module; and if at least one of said one or more load modules is located outside of a memory of said secure processing unit, decrypting said load module prior to use of said load module; accessing said located one or more elements; securely assembling said one or more elements to form at least a portion of said first component assembly; and executing at least some of said executable programming. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A process comprising the following steps:
-
accessing a first record containing information directly or indirectly identifying one or more elements of a first component assembly, at least one of said elements including at least some executable programming, at least one of said elements constituting a load module, said load module including executable programming and a header; at least a portion of said header is a public portion which is characterized by a relatively lower level of security protection; and at least a portion of said header is a private portion which is characterized, at least some of the time, by a level of security protection which is relatively higher than said relatively lower level of security protection, using said information to identify and locate said one or more elements; accessing said located one or more elements; securely assembling said one or more elements to form at least a portion of said first component assembly; executing at least some of said executable programming; and checking said record for validity prior to performing said executing step. - View Dependent Claims (7, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
8. A process comprising the following steps:
accessing a first record containing information directly or indirectly identifying one or more elements of a first component assembly, at least one of said elements including at least some executable programming, at least one of said elements constituting a load module, said load module including executable programming and a header; said header including an execution space identifier identifying at least one aspect of an execution space required for use and/or execution of the load module associated with said header; said execution space identifier provides the capability for distinguishing between execution spaces providing a higher level of security and execution spaces providing a lower level of security; using said information to identify and locate said one or more elements; accessing said located one or more elements; securely assembling said one or more elements to form at least a portion of said first component assembly; executing at least some of said executable programming; and checking said record for validity prior to performing said executing step. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
31. A process comprising the following steps:
-
accessing a first record containing information directly or indirectly identifying one or more elements of a first component assembly, at least one of said elements including at least some executable programming consisting of at least two code segments; a first of said code segments being written in a first programming language; and a second of said code segments being written in a second programming language different from said first programming language, at least one of said elements constituting a load module, said load module including executable programming; using said information to identify and locate said one or more elements; accessing said located one or more elements; securely assembling said one or more elements to form at least a portion of said first component assembly; choosing said first code segment for inclusion in said component assembly; including said first code segment in said component assembly; and excluding said second code segment from said component assembly; executing at least some of said first code segment executable programming; and checking said record for validity prior to performing said executing step. - View Dependent Claims (32, 33)
-
-
34. A process comprising the following steps:
-
at a first processing environment receiving a first record from a second processing environment remote from said first processing environment; said first record containing identification information directly or indirectly identifying one or more elements of a component assembly; at least one of said elements including at least some executable programming; a first of said elements being designed to carry out or participate in metering of user activities; a second of said elements being designed to carry out or participate in budgeting functions said second element specifying a credit method; said component assembly allowing access to or use of specified information; accessing said first record; using said identification information to identify and locate said one or more elements; said element locating step including locating said first element at said second processing environment and locating said second element at a third processing environment located remotely from said first processing environment and said second processing environment; accessing said located one or more elements; said element accessing step including retrieving said first element from said second processing environment and retrieving said second element from said third processing environment; securely assembling said one or more elements to form at least a portion of said component assembly specified by said first record; and executing at least some of said executable programming, said executing step taking place at said first processing environment; said executing step including metering use of said specified information, using said first element.
-
-
35. A process comprising the following steps:
-
at a first processing environment receiving a first record from a second processing environment remote from said first processing environment; said first record being received in a secure container; said first record containing identification information directly or indirectly identifying one or more elements of a first component assembly; at least one of said elements including at least some executable programming; said component assembly allowing access to or use of specified information; said secure container also including a first of said elements; accessing said first record; using said identification information to identify and locate said one or more elements; said locating step including locating a second of said elements at a third processing environment located remotely from said first processing environment and said second processing environment; accessing said located one or more elements; said element accessing step including retrieving said second element from said third processing environment; securely assembling said one or more elements to form at least a portion of said first component assembly specified by said first record; and executing at least some of said executable programming, said executing step taking place at said first processing environment. - View Dependent Claims (36, 37)
-
-
38. A process comprising the following steps:
-
creating an initial channel; after creation of said initial channel, creating a first channel; said initial channel allocating said first channel to handle a first component assembly; accessing a first record containing information directly or indirectly identifying one or more elements of said first component assembly, at least one of said elements including at least some executable programming; using said information to identify and locate said one or more elements; accessing said located one or more elements; within said first channel, securely assembling said one or more elements to form at least a portion of said first component assembly; and executing at least some of said executable programming. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A load module comprising:
-
a load module header including a public portion and a private portion; said public portion including identification information; said private portion including at least one correlation tag; said correlation tag including information used to determine whether a method has authorization to call or load the load module; and a load module body including; executable programming which calls or includes; programming which controls at least one aspect of use of at least one file, said programming calling or including programming which provides information relating to the user of said file to an external site; said programming providing information provides such information in a summary fashion which does not include information deemed confidential by said user; and a reference to data; at least some of said data being associated with or used by said executable programming.
-
-
55. An operating system comprising:
-
component assembling programming which assembles a plurality of elements into a component, said component assembling programming including; validation programming used to validate said elements, said validation programming including; tag checking programming used to check the identity, validity or integrity of elements by comparing tags incorporated in said elements to expected values; and element identification and referencing programming; and an object switch which controls and communicates objects, said object switch including; a stream router; one or more stream interfaces; a container manager used to manage secure containers; said container manager contains programming which recognizes secure containers and performs operations on said secure containers; buffering and storage programming; and an object switch interface. - View Dependent Claims (56)
-
-
57. A component assembly comprising:
a first load module and a second load module, each load module comprising; a load module header, made up of a public portion and a private portion; said public portion including identification information; said private portion including at least one correlation tag; said correlation tag including information used to determine whether a method has authorization to call or load the load module; and a load module body, including; executable programming which calls or includes; programming which controls at least one aspect of use of at least one file, said programming controlling at least one aspect of use of at least one file calls or includes programming which provides information relating to the user of said file to an external site; said programming providing information provides such information in a summary fashion which does not include information deemed confidential by said user; and a reference to data; at least some of said data being associated with or used by said executable programming.
-
58. A component assembly comprising:
-
a first load module received from a first source and a second load module received from a second source remote from said first source, each load module comprising; a load module header, made up of a public portion and a private portion; said public portion including identification information; said private portion including at least one correlation tag; said correlation tag including information used to determine whether a method has authorization to call or load the load module; and a load module body, including; executable programming; and a reference to data; at least some of said data being associated with or used by said executable programming.
-
Specification