Method and system for conducting transactions between repositories using a repository transaction protocol

US 7,043,453 B2
Filed: 04/15/2003
Issued: 05/09/2006
Est. Priority Date: 11/23/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol for use in a system for conducting transactions, said method comprising:

generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;

receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;

validating the authenticity of the first repository, including,generating at the second repository a message to test the authenticity of the first repository,sending the generated message to the first repository, andverifying at the second repository if the first repository upon receiving the generated message to test the authenticity correctly process the generated message;

exchanging messages including at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and

conducting a transaction between the first repository and the second repository using the session, keys,wherein said step of conducting usage transactions comprises generating a request for a digital work specifying usage rights information and determining if the specified usage rights correspond to usage rights associated with the digital work,said step of conducting usage rights transactions further comprises granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights corresponds to usage rights associated with the digital work, andsaid step of conducting usage transactions further comprises determining if conditions in the usage rights associated with the digital work are satisfied.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol. A registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate are generated by the first repository. The registration identifier and message are sent to the second repository and the identity of the first repository by is verified by verifying the identification certificate. Messages containing at least one session key are exchanged between the first and second repositories and a usage transactions related to a digital work are conducted between the first repository and the second repository using the session keys.

Citations

81 Claims

1. A method for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol for use in a system for conducting transactions, said method comprising:
- generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;
  
  receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;
  
  validating the authenticity of the first repository, including,generating at the second repository a message to test the authenticity of the first repository,sending the generated message to the first repository, andverifying at the second repository if the first repository upon receiving the generated message to test the authenticity correctly process the generated message;
  
  exchanging messages including at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and
  
  conducting a transaction between the first repository and the second repository using the session, keys,wherein said step of conducting usage transactions comprises generating a request for a digital work specifying usage rights information and determining if the specified usage rights correspond to usage rights associated with the digital work,said step of conducting usage rights transactions further comprises granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights corresponds to usage rights associated with the digital work, andsaid step of conducting usage transactions further comprises determining if conditions in the usage rights associated with the digital work are satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 59, 61, 63, 65, 67, 69, 71, 73, 75, 76, 80, 81)
- - 2. The method as recited in claim 1, wherein said step of validating comprises generating an encrypted performance message as the generated message at the second repository based on the registration identifier and comparing a decrypted performance message returned by the first repository.
  - 3. The method as recited in claim 2, wherein the performance message is encrypted using a public key specified in the registration message.
  - 4. The method as recited in claim 1, wherein said step of verifying comprises decrypting the identification certificate with a key of the master repository.
  - 5. The method as recited in claim 1, further comprising conducting a login transaction for checking the authenticity of a user requesting a transaction.
  - 6. The method as recited in claim 5, wherein said step of conducting a login transaction comprises accepting user identification information through a user interface of the first repository and identifying the user at the second repository based on the identification information.
  - 7. The method as recited in claim 1, further comprising conducting a billing transaction related to the usage transaction between the first repository or the second repository and a credit server.
  - 8. The method as recited in claim 7, wherein said step of conducting a billing transaction comprises assigning a fee to digital content.
  - 9. The method as recited in claim 8, wherein the fee is a time based fee and wherein said step of conducting a billing transaction comprises metering time usage of the digital content.
  - 10. The method as recited in claim 9, wherein said step of conducting a billing transaction comprises ending charges for metered time usage of the digital work.
  - 11. The method as recited in claim 8, wherein said step of conducting a billing transaction comprises reporting charges for use of the digital work.
  - 12. The method as recited in claim 1, wherein said step of conducting usage transactions comprises granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights correspond to usage rights associated with the digital work and if conditions in the usage rights associated with the digital work are satisfied.
  - 13. The method as recited in claim 1, wherein said step of requesting comprises requesting to make a copy of the digital work.
  - 14. The method as recited in claim 1, wherein said step of requesting comprises requesting to transfer the digital work from one repository to another repository.
  - 15. The method as recited in claim 1, wherein said step of requesting comprises requesting a loan of a copy of the digital work.
  - 16. The method as recited in claim 1, wherein said step of requesting comprises requesting to play the digital work.
  - 17. The method as recited in claim 16, said step of requesting to play comprises requesting to render the digital work.
  - 18. The method as recited in claim 16, wherein the digital work comprises a computer program and said step of requesting to play the content comprises requesting to execute the computer program.
  - 19. The method as recited in claim 1, wherein said step of requesting comprises requesting to print the digital work.
  - 20. The method as recited in claim 1, wherein said step of requesting comprises requesting to make a backup copy of the digital work.
  - 21. The method as recited in claim 1, wherein said step of requesting comprises requesting to restore a backup copy of the digital work.
  - 22. The method as recited in claim 1, wherein said step of requesting comprises requesting to delete the digital work.
  - 23. The method as recited in claim 1, wherein said step of requesting comprises requesting information about the digital work.
  - 24. The method as recited in claim 23, wherein said step of requesting information comprises requesting a filename associated with the digital work.
  - 25. The method as recited in claim 23, wherein said step of requesting information comprises requesting descriptive information related to the usage rights associated with the digital work.
  - 26. The method as recited in claim 1, wherein said step of requesting comprises requesting to extract a portion of the digital work and make a new digital work with the extracted portion.
  - 27. The method as recited in claim 1, wherein said step of requesting comprises requesting to edit the digital work.
  - 28. The method as recited in claim 1, wherein the digital work includes a computer program and said step of requesting comprises requesting to install the computer program.
  - 29. The method as recited in claim 1, wherein the digital work includes a computer program and said step of requesting comprises requesting to uninstall the computer program.
  - 59. The method as recited in claim 1, wherein the method is for use in a system for controlling use of digital works in accordance with usage rights associated with the digital works.
  - 61. The method as recited in claim 1, wherein the transaction can be one of a usage transaction, and a financial transaction.
  - 63. The method as recited in claim 1, wherein the method is for use in a system for controlling financial repository transactions between a repository and a credit server.
  - 65. The method as recited in claim 1, wherein the conducted transaction is a usage transaction related to a digital work between the first repository and the second repository using the session keys.
  - 67. The method as recited in claim 1, wherein the verifying step comprises:
    - generating at the first repository a response for the generated message using an identification of the first repository;
      
      sending the response to the second repository; and
      
      verifying the response against the generated message at the second repository.
  - 69. The method as recited in claim 67, wherein the identification of the first repository is private.
  - 71. The method as recited in claim 1, wherein the validating step comprises:
    - sending via a sending repository a performance message encrypted by the sending repository using an encryption key to a receiving repository; and
      
      correctly decrypting the received performance message using a decryption key at the receiving repository,wherein said encryption and decryption keys are corresponding cryptographic keys of the sending and receiving repositories.
  - 73. The method as recited in claim 1, wherein the step of receiving the registration message includes determining based on the identity of the first repository if the first repository is on a list of compromised repositories and if so terminating transactions with the first repository.
  - 75. The method as recited in claim 1, wherein the generated message comprises a performance message including a nonce message, the names of the respective repositories, a timestamp, and the registration identifier received from the first repository.
  - 76. The method as recited in claim 75, further comprising generating the nonce message based on at least one of random and variable information.
  - 80. The method of claim 1, wherein said method is implemented with one or more hardware and/or software components configured to perform the steps of the method.
  - 81. The method of claim 1, wherein said method is implemented with one or more computer readable instructions embedded on a computer readable medium and configured to cause one or more computer processors to perform the steps of the method.

30. An apparatus for establishing a secure communications channel between a first repository and a second repository using a repository transaction protocol for use in a system for conducting transactions, said apparatus comprising:
- means for generating from the first repository a registration identifier and registration message including an identification certificate, and an identifier of a master repository that encrypted the identification certificate;
  
  means for receiving the registration message at a second repository and verifying the identity of the first repository by verifying the identification certificate;
  
  means for validating the authenticity of the first repository, including,means for generating at the second repository a message to test the authenticity of the first repository,means for sending the generated message to the first repository, andmeans for verifying at the second repository if the first repository upon receiving the generated message to test the authenticity correctly process the generated message;
  
  means for exchanging messages including at least one session key between the first and second repositories, said session key to be used in communications during a session between the first and second repository; and
  
  means for conducting a transaction between the first repository and the second repository using the session keys,wherein said means for conducting usage transactions comprise means for generating a request for a digital work specifying usage rights information and means for determining if the specified usage rights correspond to usage rights associated with the digital work,said means for conducting usage rights transactions further comprises means for granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights corresponds to usage rights associated with the digital work, andsaid means for conducting usage transactions further comprises means for determining if conditions in the usage rights associated with the digital work are satisfied.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 60, 62, 64, 66, 68, 70, 72, 74, 77, 78, 79)
- - 31. The apparatus as recited in claim 30, wherein said means for validating comprises means for generating an encrypted performance message as the generated message at the second repository based on the registration identifier and comparing a decrypted performance message returned by the first repository.
  - 32. The apparatus as recited in claim 31, wherein the performance message is encrypted using a public key specified in the registration message.
  - 33. The apparatus as recited in claim 30 wherein said means for verifying comprises means for decrypting the identification certificate with a key of the master repository.
  - 34. The apparatus as recited in claim 30, further comprising means for conducting a login transaction for checking the authenticity of a user requesting a transaction.
  - 35. The apparatus as recited in claim 34, wherein said means for conducting a login transaction comprises means for accepting user identification information through a user interface of the first repository and means for identifying the user at the second repository based on the identification information.
  - 36. The apparatus as recited in claim 30, further comprising means for conducting a billing transaction related to the usage transaction between the first repository or the second repository and a credit server.
  - 37. The apparatus as recited in claim 36, wherein said means for conducting a billing transaction comprises means for assigning a fee to digital content.
  - 38. The apparatus as recited in claim 37, wherein the fee is a time based fee and wherein said means for conducting a billing transaction comprises means for metering time usage of the digital content.
  - 39. The apparatus as recited in claim 38, wherein said means for conducting a billing transaction comprises means for ending charges for metered time usage of the digital work.
  - 40. The apparatus as recited in claim 37, wherein said means for conducting a billing transaction comprises means for reporting charges for use of the digital work.
  - 41. The apparatus as recited in claim 30, wherein said means for conducting usage transactions comprises means for granting access to the digital work in accordance with the usage rights associated with the digital work if the specified usage rights correspond to usage rights associated with the digital work and if conditions in the usage rights associated with the digital work are satisfied.
  - 42. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to make a copy of the digital work.
  - 43. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to transfer the digital work from one repository to another repository.
  - 44. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting a loan of a copy of the digital work.
  - 45. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to play the digital work.
  - 46. The apparatus as recited in claim 45, said means for requesting to play comprises means for requesting to render the digital work.
  - 47. The apparatus as recited in claim 45, wherein the digital work comprises a computer program and said means for requesting to play the content comprises means for requesting to execute the computer program.
  - 48. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to print the digital work.
  - 49. The apparatus as recited in claim 30, said means for requesting comprises means for requesting to make a backup copy of the digital work.
  - 50. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to restore a backup copy of the digital work.
  - 51. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to delete the digital work.
  - 52. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting information about the digital work.
  - 53. The apparatus as recited in claim 52, wherein said means for requesting information comprises means for requesting a filename associated with the digital work.
  - 54. The apparatus as recited in claim 52, wherein said means for requesting information means for comprises requesting descriptive information related to the usage rights associated with the digital work.
  - 55. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to extract a portion of the digital work and make a new digital work with the extracted portion.
  - 56. The apparatus as recited in claim 30, wherein said means for requesting comprises means for requesting to edit the digital work.
  - 57. The apparatus as recited in claim 30, wherein the digital work includes a computer program and said means for requesting comprises means for requesting to install the computer program.
  - 58. The apparatus as recited in claim 30, wherein the digital work includes a computer program and means for requesting comprises means for requesting to uninstall the computer program.
  - 60. The apparatus as recited in claim 30, wherein the apparatus is for use in a system for controlling use of digital works in accordance with usage rights associated with the digital works.
  - 62. The apparatus as recited in claim 30, wherein the transaction can be one of a usage transaction, and a financial transaction.
  - 64. The apparatus as recited in claim 30, wherein the apparatus is for use in a system for controlling financial repository transactions between a repository and a credit server.
  - 66. The apparatus as recited in claim 30, wherein the conducted transaction is a usage transaction related to a digital work between the first repository and the second repository using the session keys.
  - 68. The apparatus as recited in claim 30, wherein the verifying means comprises:
    - means for generating at the first repository a response for the generated message using an identification of the first repository;
      
      means for sending the response to the second repository; and
      
      means for verifying the response against the generated message at the second repository.
  - 70. The apparatus as recited in claim 68, wherein the identification of the first repository is private.
  - 72. The apparatus as recited in claim 30, wherein the validating means comprises:
    - means for sending via a sending repository a performance message encrypted by the sending repository using an encryption key to a receiving repository; and
      
      means for correctly decrypting the received performance message using a decryption key at the receiving repository,wherein said encryption and decryption keys are corresponding cryptographic keys of the sending and receiving repositories.
  - 74. The apparatus as recited in claim 30, wherein the means for receiving the registration message includes means for determining based on the identity of the first repository if the first repository is on a list of compromised repositories and if so means for terminating transactions with the first repository.
  - 77. The apparatus as recited in claim 30, wherein the generated message comprises a performance message including a nonce message, the names of the respective repositories, a timestamp, and the registration identifier received from the first repository.
  - 78. The apparatus as recited in claim 77, further comprising means for generating the nonce message based on at least one of random and variable information.
  - 79. The apparatus as recited in claim 30, wherein said apparatus is implemented with one or more hardware and/or software components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Original Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Inventors
Pirolli, Peter L. T., Stefik, Mark J.
Primary Examiner(s)
Abdi, Kambiz

Application Number

US10/413,287
Publication Number

US 20040073513A1
Time in Patent Office

1,120 Days
Field of Search

705 50- 59, 705/1, 380201-202, 380/259, 380/278, 380283-285, 380/231, 713150-194
US Class Current

705/52
CPC Class Codes

A61B 2017/0046   with a releasable handle; w...

A61B 2034/301   for introducing or steering...

A61B 2090/031   torque limiting

A61B 2090/376   using X-rays, e.g. fluoroscopy

A61B 34/30   Surgical robots

A61B 34/37   Master-slave robots A61B34/...

A61M 25/0113   Mechanical advancing means,...

G06F 21/10   Protecting distributed prog...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06Q 10/101   Collaborative creation, e.g...

G06Q 20/12   specially adapted for elect...

G06Q 20/1235   with control of digital rig...

G06Q 20/3674   involving authentication

G06Q 30/00   Commerce

G06Q 30/0185   Product, service or busines...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0283   Price estimation or determi...

G06Q 30/04   Billing or invoicing

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 50/184 : Intellectual property manag...

H04L 12/14 : Charging , metering or bill...

H04L 12/1403 : Architecture for metering, ...

H04L 12/146 : using digital cash

H04L 12/1485 : Tariff-related aspects

H04L 12/1496 : involving discounts

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/603 : Digital right managament [DRM]

H04L 2463/101 : applying security measures ...

H04L 61/00 : Network arrangements, proto...

H04L 61/45 : Network directories; Name-t...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/0464 : using hop-by-hop encryption...

H04L 63/0807 : using tickets, e.g. Kerbero...

H04L 63/0823 : using certificates cryptogr...

H04L 63/10 : for controlling access to d...

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/123 : received data contents, e.g...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3297 : involving time stamps, e.g....

H04L 9/40 : Network security protocols

H04N 21/23412 : for generating or manipulat...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/26613 : for generating or managing ...

H04N 21/4627 : Rights management associate...

H04N 21/6332 : directed to client

H04N 21/6377 : directed to server one-way ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 7/16 : Analogue secrecy systems; A...

Y10S 707/99939 : Privileged access

Y10S 707/99945 : Object-oriented database st...

View All

Method and system for conducting transactions between repositories using a repository transaction protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

81 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for conducting transactions between repositories using a repository transaction protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

81 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links