Systems and methods for secure transaction management and electronic rights protection

US 7,076,652 B2
Filed: 01/19/2001
Issued: 07/11/2006
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A method performed at a first site, comprising one or more electronic appliances and a first secure container, the first secure container containing first protected information and having associated a first control set, the method comprising:

using a control from the first control set to govern an aspect of use of the first protected information;

creating a second secure container having associated a second control set for governing an aspect of use of protected information contained within the second secure container;

incorporating a first portion of the first protected information into the second secure container, the first portion made up of some or all of the first protected information;

transmitting identification information to a second site, the identification information at least in part identifying the first portion, the transmission being governed at least in part by a control from the first control set;

transmitting the second secure container to a third site; and

separately transmitting the second control set to the third site.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”

696 Citations

40 Claims

1. A method performed at a first site, comprising one or more electronic appliances and a first secure container, the first secure container containing first protected information and having associated a first control set, the method comprising:
- using a control from the first control set to govern an aspect of use of the first protected information;
  
  creating a second secure container having associated a second control set for governing an aspect of use of protected information contained within the second secure container;
  
  incorporating a first portion of the first protected information into the second secure container, the first portion made up of some or all of the first protected information;
  
  transmitting identification information to a second site, the identification information at least in part identifying the first portion, the transmission being governed at least in part by a control from the first control set;
  
  transmitting the second secure container to a third site; and
  
  separately transmitting the second control set to the third site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, in which the first secure container further contains a third secure container having associated a third control set, the third secure container containing the first protected information and the step of incorporating the first portion in the second secure container includes copying or removing the first portion from the third secure container.
  - 3. The method of claim 1, in which the step of creating a second secure container includes:
    - creating the second control set by incorporating at least one control from the first control set.
  - 4. The method of claim 3, in which the step of incorporating at least one control from the first control set is accomplished in a secure manner.
  - 5. The method of claim 2, in which the step of creating a second secure container includes:
    - creating the second control set by incorporating at least one control from the third control set.
  - 6. The method of claim 5, in which the step of incorporating at least one control from the third control set is accomplished in a secure manner.
  - 7. The method of claim 2, in which the step of creating a second secure container includes:
    - creating the second control set by incorporating at least one control not found in the first control set or the third control set.
  - 8. The method of claim 7, in which the step of incorporating at least one control not found in the first control set or the third control set is accomplished in a secure manner.
  - 9. The method of claim 1, in which the step of creating a second secure container is governed at least in part by at least one control contained within the first control set.
  - 10. The method of claim 2, in which the step of creating a second secure container is governed at least in part by at least one control contained within the third control set.
  - 11. The method of claim 2 in which the step of creating a second secure container is governed at least in part by at least one control not contained within the first control set or the third control set.
  - 12. The method of claim 1, in which the first site is associated with a content distributor.
  - 13. The method of claim 12, in which the third site is associated with a user of content.
  - 14. The method of claim 13 further comprising the following step:
    - the user directly or indirectly initiating communication with the first site.
  - 15. The method of claim 13, in which the second control set includes one or more controls at least in part governing the use by the user of at least a portion of the first portion of the first protected information.
  - 16. The method of claim 13, in which the second control set includes one or more controls at least in part governing the price to be paid by the user for use of at least a portion of the first portion of the first protected information.
  - 17. The method of claim 13, in which the second control set includes one or more controls at least in part governing or specifying an auditing method to be used in connection with use by the user of at least a portion of the first portion of the first protected information.
  - 18. The method of claim 17, wherein at least some auditing performed in accordance with the auditing method is performed at the third site.
  - 19. The method of claim 17, in which the second control set includes one or more controls at least in part specifying one or more allowed clearinghouses to receive payment information from the user for use of at least a portion of the first portion of the first protected information.
  - 20. The method of claim 17, in which the second control set includes one or more controls at least in part specifying information to be provided by the user in return for use of at least a portion of the first portion of the first protected information.
  - 21. The method of claim 20, further comprising the step of:
    - encrypting at least a portion of the information to be provided by the user.
  - 22. The method of claim 1, further comprising:
    - establishing a level of compensation required for at least one of (a) the step of transmitting the second secure container;
      
      (b) the step of transmitting the second control set;
      
      or (c) at least one aspect of use at the third site of at least a portion of the first portion of the first protected information.
  - 23. The method of claim 22, further comprising:
    - calling a budget method to establish whether one or more budgets associated with the user are sufficient to satisfy the required compensation; and
      
      blocking the step of transmitting the second secure container, the step of transmitting the second control set, and/or the at least one aspect of use if the budget method establishes that the one or more budgets associated with the user are not sufficient to satisfy the required compensation.
  - 24. The method of claim 22, in which the budget method is governed at least in part by one or more controls contained in the first control set.
  - 25. The method of claim 2, in which the creation of the second secure container further comprises using a template which specifies one or more of the controls contained in the second control set.
  - 26. The method of claim 1, in which the creation of the second secure container further comprises using a template which specifies one or more attributes of the second secure container.
  - 27. The method of claim 1, in which the creation of the second secure container further comprises using a template which specifies one or more of the controls contained in the second control set.

28. An electronic appliance located at a first site comprising:
- a memory storing a first secure container having associated a first rule set and containing first protected information; and
  
  a secure processing unit comprisingmeans for creating a second secure container having associated a second rule set, the means further comprisingmeans for copying or removing a first rule from the first rule set,and means for incorporating the first rule in the second rule set;
  
  means by which a rule from the first rule set governs, at least in part, the means for creating a second secure container;
  
  means for copying or removing at least a first portion of the first protected information from the first secure container;
  
  means for copying or transferring the first portion of the first protected information from the first secure container to the second secure container,the means for copying or transferring operating at least in partunder the control of the first rule set;
  
  memory means for storing identification information at least in part identifying the first portion of the first protected information, the memory means operating at least in part under the control of the first rule set; and
  
  telecommunications means for (a) communicating the identification information to a second site located remotely from the first site;
  
  (b) communicating the second secure container to a third site located remotely from the first and second sites; and
  
  (c) separately communicating the second rule set to the third site.
- View Dependent Claims (29)
- - 29. The electronic appliance of claim 28, further comprising means by which a rule from one or both of the first and second rule sets at least in part governs use of the telecommunications means communicating identification information to the second site.

30. A method comprising the steps ofcreating a first secure container having associated a first rule set and containing first protected information;
- storing the first secure container in a first memory;
  
  creating a second secure container having an associated second rule set;
  
  storing the second secure container in a second memory;
  
  copying or transferring at least a first portion of the first protected information to the second secure container, the copying or transferring step being at least in part governed by a first rule from the first rule set;
  
  in compliance with the first rule, storing information at least in part identifying the first portion;
  
  in compliance with the first rule, communicating at least a portion of the identification information to a remote site;
  
  copying or transferring the second secure container to a second remote site; and
  
  separately copying or transferring the second control set to the second remote site.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The method of claim 30, wherein the steps of creating the second secure container, and copying the first portion of the first protected information, are securely performed by one or more protected processing environments.
  - 32. The method of claim 30, in which the first portion of the first protected information consists of the entirety of the first protected information.
  - 33. The method of claim 30, in which the first portion of the first protected information consists of less than the entirety of the first protected information.
  - 34. The method of claim 30, in whichthe first memory is located at a first site,the second memory is located at a third site remote from the first site, andthe step of copying or transferring the first portion of the first protectedinformation to the second secure container further comprises copying ortransferring the first protected information from the first site to the third site.
  - 35. The method of claim 30, in which the first memory and the second memory are located at the same site.
  - 36. The method of claim 35, in which the first memory comprises first addressable memory locations, and the second memory comprises second addressable memory locations in the same address space as the first addressable memory locations.
  - 37. The method of claim 36, in which the first addressable memory locations and the second addressable memory locations are located within the same physical memory device.
  - 38. The method of claim 30, in which the step of copying or transferring the first portion of the first protected information from the first secure container to the second secure container further comprises storing a third secure container in the second secure container.
  - 39. The method of claim 30, further comprising:
    - creating a third rule set.
  - 40. The method of claim 39, further comprising:
    - using the third rule set to govern at least one aspect of use of the copied first portion of the first protected information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Spahn, Francis J., Shear, Victor H., Van Wie, David M.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/764,370
Publication Number

US 20020112171A1
Time in Patent Office

1,999 Days
Field of Search

713/153, 713/155, 713/165, 713/189, 713/190, 713/193, 713/27, 713/200, 713/201, 380/230, 380/231, 380/232, 380/233, 705/39, 705/51, 705/52, 705/53, 705/59, 707/9, 707/10, 709/225, 709/226, 711/163, 711/164
US Class Current

713/153
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 20/12   specially adapted for elect...

G06Q 20/123 : Shopping for digital content

G06Q 20/1235 : with control of digital rig...

G06Q 20/14 : specially adapted for billi...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/306 : using TV related infrastruc...

G06Q 20/308 : using the Internet of Things

G06Q 2220/16 : Copy protection or prevention

G06Q 30/0273 : Determination of fees for a...

G06Q 30/0283 : Price estimation or determi...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 40/02 : Banking, e.g. interest calc...

G06Q 40/04 : Trading; Exchange, e.g. sto...

G06Q 40/12 : Accounting

G06Q 50/184 : Intellectual property manag...

G06Q 50/188 : Electronic negotiation

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/02 : for separating internal fro...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0442 : wherein the sending and rec...

H04L 63/08 : for authentication of entit...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/10 : for controlling access to d...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/16 : Implementing security featu...

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 9/006 : involving public key infras...

H04L 9/0819 : Key transport or distributi...

H04L 9/0838 : Key agreement, i.e. key est...

H04L 9/0861 : Generation of secret inform...

H04L 9/3218 : using proof of knowledge, e...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04N 2005/91364 : the video signal being scra...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/42646 : for reading from or writing...

H04N 21/4325 : by playing back content fro...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

H04N 7/162 : Authorising the user termin...

H04N 7/163 : by receiver means only

H04N 7/17309 : Transmission or handling of...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

696 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

696 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links