System and methods for secure transaction management and electronic rights protection

US 7,133,845 B1
Filed: 06/09/1999
Issued: 11/07/2006
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A method for processing based on independent deliverables comprising:

delivering a first piece of executable code representing a first part of a commercial process, said commercial process involving a governed item, said first piece of executable code being separate from said governed item;

separately delivering a second piece of executable code representing a second part of said commercial process, said second piece of executable code being separate from said governed item;

ensuring the integrity of said first and second delivered pieces of executable code, by generating a first hash of at least a portion of said first piece of executable code and comparing said first hash with a first expected value, and by generating a second hash of at least a portion of said second piece of executable code and comparing said second hash with a second expected value;

ensuring that a calling process has authorization to call said first and second delivered pieces of executable code by verifying the calling process'"'"'s knowledge of a value of a first tag associated with said first piece of executable code and a value of a second tag associated with said second piece of executable code; and

performing said process involving said governed item based at least in part on said first and second delivered executable code pieces, wherein said process includes recording information regarding at least one performance of at least a portion of said process.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway”.

952 Citations

15 Claims

1. A method for processing based on independent deliverables comprising:
- delivering a first piece of executable code representing a first part of a commercial process, said commercial process involving a governed item, said first piece of executable code being separate from said governed item;
  
  separately delivering a second piece of executable code representing a second part of said commercial process, said second piece of executable code being separate from said governed item;
  
  ensuring the integrity of said first and second delivered pieces of executable code, by generating a first hash of at least a portion of said first piece of executable code and comparing said first hash with a first expected value, and by generating a second hash of at least a portion of said second piece of executable code and comparing said second hash with a second expected value;
  
  ensuring that a calling process has authorization to call said first and second delivered pieces of executable code by verifying the calling process'"'"'s knowledge of a value of a first tag associated with said first piece of executable code and a value of a second tag associated with said second piece of executable code; and
  
  performing said process involving said governed item based at least in part on said first and second delivered executable code pieces, wherein said process includes recording information regarding at least one performance of at least a portion of said process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein said first piece of code at least in part controls decrypting content.
  - 3. The method of claim 1 further including securely and persistently associating at least one of said first and second executable code pieces with said process.
  - 4. The method of claim 1 wherein at least said performing step is performed at an end user electronic appliance.
  - 5. The method of claim 1 wherein the step of delivering said first piece of executable code comprises securely delivering said first piece of code from at least one remote location over a telecommunications link, and the step of delivering a second piece of executable code comprises securely delivering said second piece of code from the same or different remote location over the same or different telecommunications link.
  - 6. The method of claim 1 wherein the performing step comprises executing said first and second delivered code pieces within the same secure processing environment.
  - 7. The method of claim 1 further including combining said first and second code pieces to provide a combined executable.
  - 8. The method of claim 1 wherein said performing step includes the step of putting said first and second executable code pieces together to at least in part define said process.
  - 9. The method of claim 1 wherein said step of delivering said second piece of executable code is performed at a different time than said step of delivering said first piece of executable code.
  - 10. The method of claim 1 wherein:
    - said step of delivering a first piece of executable code comprises delivering said first piece of executable code to an arrangement at a user site comprising an input/output bus connecting a first electronic appliance with at least a second electronic appliance, said first electronic appliance including a first electrical connector connected to said input/output bus, said second electronic appliance including a second electrical connector connected to said input/output bus;
      
      said step of delivering a second piece of executable code comprises delivering said second piece of executable code to said arrangement at said user site; and
      
      said method further comprises establishing a secure transmission channel on said input/output bus, and transferring at least a portion of a data item over said secure transmission channel from said first electronic appliance to said second electronic appliance through said first and second connectors and said input/output bus.
  - 11. The method of claim 1, in which the first tag and the second tag are at least in part encrypted.
  - 12. The method of claim 1, in which the first tag is included in a header associated with said first piece of executable code, and in which the second tag is included in a header associated with said second piece of executable code.
  - 13. The method of claim 11, in which the first tag is included in a header associated with said first piece of executable code, and in which the second tag is included in a header associated with said second piece of executable code.
  - 14. The method of claim 12, in which verifying the calling process'"'"'s knowledge of a value of the first tag and a value of the second tag comprises:
    - decrypting the first tag to obtain the value of the first tag;
      
      comparing the value of the first tag with a first value provided by the calling process;
      
      decrypting the second tag to obtain the value of the second tag; and
      
      comparing the value of the second tag with a second value provided by the calling process.
  - 15. The method of claim 14, in which the value of the first tag comprises a first random number having a predefined length, and in which the value of the second tag comprises a second random number having a predefined length.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Spahn, Francis J., Shear, Victor H., Van Wie, David M.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/328,668
Time in Patent Office

2,708 Days
Field of Search

713/200, 713/187, 713/164, 713/165, 713/167, 713/193, 705/54, 705/52, 705/51
US Class Current

705/51
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06F 2221/2151   Time stamp

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/123   Shopping for digital content

G06Q 20/1235   with control of digital rig...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/389   Keeping log of transactions...

G06T 1/0021   Image watermarking

G07F 9/026   for alarm, monitoring and a...

H04L 12/14   Charging , metering or bill...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/20 : for managing network securi...

H04N 21/2347 : involving video stream encr...

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 7/162 : Authorising the user termin...

H04N 7/17309 : Transmission or handling of...

View All

System and methods for secure transaction management and electronic rights protection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

952 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for secure transaction management and electronic rights protection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

952 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links