Methods and apparatus for secure distribution of program content

US 7,864,957 B2
Filed: 12/11/2002
Issued: 01/04/2011
Est. Priority Date: 12/21/2001
Status: Active Grant

First Claim

Patent Images

1. An apparatus operable to receive an encrypted program used in a rental system, the apparatus comprising:

a network interface operable to provide communication with a network such that (i) a first communication link is established between a user of the apparatus and an administrator over the network, (ii) a request by the user of the apparatus to become a member of the rental system is transmitted to the administrator using the first communication link, the request including a machine ID of the apparatus, (iii) an electronic membership certificate associated with the apparatus is received from the administrator using the first communication link, (iv) a second communication link is established between the user of the apparatus and a distributor over the network, (v) a rental request by the user of the apparatus and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the distributor using the second communication link, (vi) a list or menu of titles available for rental is received over the network from the distributor, (vii) a user-selected one of the titles available for rental and a remittance to cover rental cost for the user-selected title are transmitted over the network to the distributor using the second communication link, (viii) an electronic payment ticket is received from the distributor using the second communication link, the electronic payment ticket indicating that the remittance to cover the rental cost for the user-selected title has been provided and conferring a particular level of rental rights based on the transmitted remittance, (ix) the electronic payment ticket and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the administrator, (x) an electronic rental ticket is received over the network from the administrator that produced the electronic rental ticket in response to receiving the transmitted electronic payment ticket, the electronic rental ticket indicating that the user is now authorized to receive the encrypted program and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket, (xi) the electronic rental ticket and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the distributor, and (xii) the encrypted program, an encrypted decryption key and an encrypted virtual ID are received over the network from the distributor, the virtual ID being generated using at least the machine ID;

a decryption device operable to decrypt the encrypted decryption key, to decrypt the encrypted program using the decryption key, and to re-encrypt the decrypted program using the virtual ID; and

a first storage device operable to store the encrypted virtual ID and the re-encrypted program.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus in accordance with the present invention are operable to carry out certain functions including: receiving an encrypted program at a processing apparatus; transmitting a machine ID over a network to an administrator; receiving registration data over the network from the administrator in response to the machine ID; transmitting the registration data over the network to a distributor; receiving an encrypted decryption key and an encrypted virtual ID at the processing apparatus over the network from the distributor in response to the registration data; decrypting the encrypted decryption key using the virtual ID, and decrypting the encrypted program using the decryption key; re-encrypting the program using the virtual ID; and storing the encrypted virtual ID and the re-encrypted program in a first storage device.

Citations

78 Claims

1. An apparatus operable to receive an encrypted program used in a rental system, the apparatus comprising:
- a network interface operable to provide communication with a network such that (i) a first communication link is established between a user of the apparatus and an administrator over the network, (ii) a request by the user of the apparatus to become a member of the rental system is transmitted to the administrator using the first communication link, the request including a machine ID of the apparatus, (iii) an electronic membership certificate associated with the apparatus is received from the administrator using the first communication link, (iv) a second communication link is established between the user of the apparatus and a distributor over the network, (v) a rental request by the user of the apparatus and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the distributor using the second communication link, (vi) a list or menu of titles available for rental is received over the network from the distributor, (vii) a user-selected one of the titles available for rental and a remittance to cover rental cost for the user-selected title are transmitted over the network to the distributor using the second communication link, (viii) an electronic payment ticket is received from the distributor using the second communication link, the electronic payment ticket indicating that the remittance to cover the rental cost for the user-selected title has been provided and conferring a particular level of rental rights based on the transmitted remittance, (ix) the electronic payment ticket and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the administrator, (x) an electronic rental ticket is received over the network from the administrator that produced the electronic rental ticket in response to receiving the transmitted electronic payment ticket, the electronic rental ticket indicating that the user is now authorized to receive the encrypted program and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket, (xi) the electronic rental ticket and at least one of the machine ID or the electronic membership certificate are transmitted over the network to the distributor, and (xii) the encrypted program, an encrypted decryption key and an encrypted virtual ID are received over the network from the distributor, the virtual ID being generated using at least the machine ID;
  
  a decryption device operable to decrypt the encrypted decryption key, to decrypt the encrypted program using the decryption key, and to re-encrypt the decrypted program using the virtual ID; and
  
  a first storage device operable to store the encrypted virtual ID and the re-encrypted program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 59, 65, 66)
- - 2. The apparatus of claim 1, wherein the network interface is operable to provide communication with a network such that the machine ID and a distributor ID are transmitted over the network to the administrator, and registration data is received over the network from the administrator in response to the machine ID and the distributor ID, the registration data including the machine ID.
  - 3. The apparatus of claim 2, wherein the registration data includes at least one of the machine ID and the distributor ID.
  - 4. The apparatus of claim 1, wherein:
    - the machine ID is substantially unique to the apparatus;
      
      and the virtual ID is associated with the machine ID.
  - 5. The apparatus of claim 1, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, to decrypt the encrypted decryption key using the virtual ID, to decrypt the encrypted program using the decryption key, and to re-encrypt the program using the virtual ID.
  - 6. The apparatus of claim 5, wherein the first storage device is further operable to store the machine ID.
  - 7. The apparatus of claim 6, wherein the decryption device is operable to decrypt the encrypted virtual ID using the machine ID, and to decrypt the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 8. The apparatus of claim 6, wherein the first storage device is removably connectable with the apparatus.
  - 9. The apparatus of claim 6, further comprising:
    - a second storage device containing the machine ID; and
      
      a processor operable to compare the machine ID stored in the first storage device with the machine ID contained in the second storage device, and to proscribe use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 10. The apparatus of claim 9, wherein the processor is further operable to prompt a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 11. The apparatus of claim 9, wherein the network interface is further operable to facilitate:
    - the transmission of the machine ID contained in the second storage device, when it does do not match the machine ID stored in the first storage device, over the network to the distributor; and
      
      the reception of a new encrypted virtual ID over the network from the distributor, the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 12. The apparatus of claim 11, wherein the first storage device is further operable to replace the encrypted virtual ID with the new encrypted virtual ID.
  - 13. The apparatus of claim 12, wherein the decryption device is operable to decrypt the new encrypted virtual ID using the machine ID contained in the second storage device to obtain a new virtual ID, and to decrypt the re-encrypted program using the new virtual ID such that the apparatus is capable of executing the program.
  - 14. The apparatus of claim 1, wherein the encrypted program is one of an application program and a system program.
  - 59. The apparatus of claim 1, wherein the machine ID is used to decrypt the encrypted virtual ID.
  - 65. The apparatus of claim 1, wherein a rental time for the user-selected title is transmitted with the user-selected one of the titles available for rental and the remittance.
  - 66. The apparatus of claim 1, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.

15. A method carried out by an apparatus operable to receive an encrypted program used in a rental system, the method comprising:
- establishing a first communication link between a user of the apparatus and an administrator over a network;
  
  transmitting a request to become a member of the rental system by the user of the apparatus to the administrator using the first communication link, the request including a machine ID of the apparatus;
  
  receiving an electronic membership certificate associated with the apparatus from the administrator using the first communication link;
  
  establishing a second communication link between a user of the apparatus and a distributor over the network;
  
  transmitting a rental request by the user of the apparatus and at least one of the machine ID or the electronic certificate over the network to a distributor using the second communication link;
  
  receiving a list or menu of titles available for rental from the distributor over the network;
  
  transmitting a user-selected one of the titles available for rental and a remittance to cover rental cost for the user-selected title over the network to the distributor using the second communication link;
  
  receiving an electronic payment ticket from the distributor using the second communication link, the electronic payment ticket indicating that the remittance to cover the rental cost for the user-selected title has been provided and conferring a particular level of rental rights based on the transmitted remittance;
  
  transmitting the electronic payment ticket and at least one of the machine ID or the electronic membership certificate are over the network to the administrator;
  
  receiving an electronic rental ticket over the network from the administrator that produced the electronic rental ticket in response to receiving the transmitted electronic payment ticket, the electronic rental ticket indicating that the user is now authorized to receive the encrypted program and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket;
  
  transmitting the electronic rental ticket and at least one of the machine ID or the electronic membership certificate over the network to the distributor;
  
  receiving the encrypted program, an encrypted decryption key and an encrypted virtual ID at the apparatus over the network from the distributor, the virtual ID being generated using at least the machine ID;
  
  decrypting the encrypted decryption key using the virtual ID, and decrypting the encrypted program using the decryption key;
  
  re-encrypting the program using the virtual ID; and
  
  storing the encrypted virtual ID and the re-encrypted program in a first storage device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 60, 67, 68)
- - 16. The method of claim 15, further comprising:
    - transmitting the machine ID and a distributor ID over a network to the administrator; and
      
      receiving registration data over the network from the administrator in response to the machine ID and the distributor ID, the registration data including the machine ID.
  - 17. The method of claim 16, wherein the registration data contains the machine ID and the distributor ID.
  - 18. The method of claim 16, wherein the virtual ID is associated with the machine ID.
  - 19. The method of claim 18, further comprising:
    - decrypting the encrypted virtual ID using the machine ID;
      
      decrypting the encrypted decryption key using the virtual ID;
      
      decrypting the encrypted program using the decryption key; and
      
      re-encrypting the program using the virtual ID.
  - 20. The method of claim 19, further comprising storing the machine ID and the encrypted virtual ID in the first storage device.
  - 21. The method of claim 20, further comprising:
    - decrypting the encrypted virtual ID using the machine ID, anddecrypting the re-encrypted program using the virtual ID such that the apparatus is capable of executing the program.
  - 22. The method of claim 20, wherein the first storage device is removably connectable with the apparatus.
  - 23. The method of claim 20, wherein the apparatus includes a second storage device containing the machine ID, the method further comprising:
    - comparing the machine ID stored in the first storage device with the machine ID contained in the second storage device, andproscribing use of the machine ID contained in either of the storage devices to decrypt the encrypted virtual ID when they do not match.
  - 24. The method of claim 23, further comprising prompting a user of the apparatus to select a re-association routine when the machine ID stored in the first storage device does not match the machine ID contained in the second storage device.
  - 25. The method of claim 23, further comprising:
    - transmitting the machine ID contained in the second storage device, when it does not match the machine ID stored in the first storage device, over the network to the distributor; and
      
      receiving a new encrypted virtual ID over the network from the distributor, the new encrypted virtual ID being associated with the machine ID contained in the second storage device.
  - 26. The method of claim 25, further comprising:
    - replacing the encrypted virtual ID with the new encrypted virtual ID in the first storage device.
  - 27. The method of claim 26, further comprising:
    - decrypting the new encrypted virtual ID using the machine ID contained in the second storage device, anddecrypting the re-encrypted program using the new encrypted virtual ID such that the apparatus is capable of executing the program.
  - 28. The method of claim 15, wherein the encrypted program is one of an application program and a system program.
  - 60. The method of claim 15, further comprising decrypting the encrypted virtual ID using the machine ID.
  - 67. The method of claim 15, wherein a rental time for the user-selected title is transmitted with the user-selected one of the titles available for rental and the remittance.
  - 68. The method of claim 15, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.

29. An apparatus operable to distribute an encrypted program used in a rental system, the apparatus comprising:
- an input interface operable to receive the encrypted program and a non-activated decryption key from an administrator, the non-activated decryption key, when activated, being usable to decrypt the encrypted program;
  
  a network interface operable to provide communication with a network such that (i) a request to activate the non-activated decryption key is transmitted to an administrator over the network, and (ii) activation grant information is received from the administrator over the network in response to the activation request;
  
  a data processor operable to convert the non-activated decryption key into an activated decryption key using the activation grant information; and
  
  a database operable to store a plurality of such activated decryption keys corresponding to a plurality of encrypted programs;
  
  the network interface being further operable to (iii) establish a communication link with a user of a processing apparatus over the network, (iv) receive a rental request by the user of the apparatus and at least one of a machine ID or an electronic membership certificate over the network from the processing apparatus, the electronic membership certificate being associated with the processing apparatus, (v) verify the received at least one of a machine ID or an electronic certificate, and (vi) in response to successfully verifying the received at least one of a machine ID or an electronic certificate, to (a) transmit a list or menu of titles available for rental over the network to the processing apparatus, (b) receive a user-selected one of the titles available for rental and a remittance to cover rental cost for the user-selected title over the network from the processing apparatus, (c) transmit an electronic payment ticket over the network to the processing apparatus, the electronic payment ticket indicating that the remittance to cover the rental cost for the user-selected title has been provided and conferring a particular level of rental rights based on the received remittance, (d) receive an electronic rental ticket over the network from the processing apparatus, the electronic rental ticket being produced by the administrator in response to receiving the electronic payment ticket, indicating that the user is now authorized to receive the encrypted program, and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket, and (e) transmit at least one of the plurality of encrypted programs over the network to the processing apparatus.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 61, 69, 70, 71)
- - 30. The apparatus of claim 29, wherein the input interface is further operable to(i) receive decryption key management data containing a distributor ID from the administrator, the distributor ID being a substantially unique identifier;
    - (ii) transmit the decryption key management data and the activation request to the administrator; and
      
      (iii) receive the activation grant information if the decryption key management data is valid.
  - 31. The apparatus of claim 29, wherein the non-activated decryption key is an initially encrypted decryption key, and the data processor is operable to decrypt the initially encrypted decryption key using the activation grant information to produce the activated decryption key.
  - 32. The apparatus of claim 29, wherein:
    - the network interface is further operable to provide communication with the network such that respective registration data, each being related to a respective processing apparatus, is received over the network from the processing apparatus;
      
      the database operable to store respective machine ID'"'"'s, each corresponding with a respective one of the processing apparatus;
      
      the data processor is further operable to search the database for a machine ID matching any received registration data;
      
      the network interface is further operable to facilitate the transmission of an encrypted activated decryption key to the processing apparatus over the network in response to the received registration data; and
      
      the activated decryption key is used to decrypt an encrypted program located at the processing apparatus.
  - 33. The apparatus of claim 32, wherein:
    - the registration data includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the data processor is operable to produce the encrypted activated decryption key in response to the machine ID.
  - 34. The apparatus of claim 33, wherein:
    - the data processor is further operable to produce a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID, to encrypt the activated decryption key using the virtual ID, and to encrypt the virtual ID using the machine ID; and
      
      the network interface is further operable to facilitate the transmission of the encrypted virtual ID over the network to the processing apparatus.
  - 35. The apparatus of claim 34, wherein:
    - the processing apparatus includes a second storage device containing the machine ID;
      
      the processing apparatus is operable to request an identification re-assignment when the machine ID stored in the first storage device does not match with the machine ID contained in the second storage device;
      
      the network interface is further operable to receive the machine ID (an old machine ID) stored in the first storage device and the machine ID (a new machine ID) contained in the second storage device of the processing apparatus over the network;
      
      the data processor is further operable to (i) search the database for a machine ID matching the old machine ID, (ii) obtain the virtual ID associated with the old machine ID, (iii) associate the virtual ID with the new machine ID, and (iv) encrypt the virtual ID using the new machine ID; and
      
      the network interface is further operable to facilitate the transmission of the new encrypted virtual ID over the network to the processing apparatus.
  - 36. The apparatus of claim 32, wherein the network interface is further operable to facilitate the transmission of the encrypted program over the network to the processing apparatus.
  - 37. The apparatus of claim 32, wherein the program is one of an application program and a system program.
  - 38. The apparatus of claim 32, wherein:
    - the database is further operable to store history data containing accounts relating to at least one of (i) the registration data received over the network from the processing apparatus, (ii) the respective machine IDs corresponding with the respective processing apparatus, and (iii) the activated decryption keys transmitted to the processing apparatus; and
      
      the network interface is further operable to facilitate the transmission of the history data to the administrator over the network.
  - 39. The apparatus of claim 38, wherein the database is further operable to store the history data in a format that is accessible only by the administrator.
  - 61. The apparatus of claim 29, wherein a virtual ID based on the machine ID, is decrypted by the machine ID.
  - 69. The apparatus of claim 29, wherein a rental time for the user-selected title is received with the user-selected one of the titles available for rental and the remittance.
  - 70. The apparatus of claim 29, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.
  - 71. The apparatus of claim 29, wherein the electronic membership certificate is obtained by the processing apparatus over the network from the administrator in response to a request that includes a machine ID associated with the processing apparatus.

40. A method performed by an apparatus operable to distribute an encrypted program used in a rental system, the method comprising:
- receiving an encrypted program and a non-activated decryption key from an administrator, the non-activated decryption key, when activated, being usable to decrypt the encrypted program;
  
  transmitting a request to activate the non-activated decryption key to an administrator over a network, and receiving activation grant information from the administrator over the network in response to the activation request;
  
  converting the non-activated decryption key into an activated decryption key using the activation grant information;
  
  storing, in a database, a plurality of such activated decryption keys corresponding to a plurality of encrypted programs;
  
  establishing a communication link with a user of a processing apparatus over the network;
  
  receiving, over the network from the processing apparatus, a rental request by the user of the apparatus and an electronic membership certificate associated with the processing apparatus,;
  
  verifying the received at least one of a machine ID or an electronic certificate; and
  
  in response to successfully verifying the received at least one of a machine ID or an electronic certificate,transmitting a list or menu of titles available for rental over the network to the processing apparatus,receiving a user-selected one of the titles available for rental and a remittance to cover rental cost for the user-selected title over the network from the processing apparatus,transmitting an electronic payment ticket over the network to the processing apparatus, the electronic payment ticket indicating that the remittance to cover the rental cost for the user-selected title has been provided and conferring a particular level of rental rights based on the received remittance,receiving an electronic rental ticket over the network from the processing apparatus, the electronic rental ticket being produced by the administrator in response to receiving the electronic payment ticket, indicating that the user is now authorized to receive the encrypted program, and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket, andtransmitting at least one of the plurality of encrypted programs over the network to the processing apparatus.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 62, 72, 73, 74)
- - 41. The method of claim 40, further comprising:
    - receiving decryption key management data containing a distributor ID from the administrator over the network, the distributor ID being a substantially unique identifier;
      
      transmitting the decryption key management data and the activation request to the administrator over the network; and
      
      receiving the activation grant information over the network if the decryption key management data is valid.
  - 42. The method of claim 40, wherein the non-activated decryption key is an initially encrypted decryption key, the method further comprising decrypting the initially encrypted decryption key using the activation grant information to produce the activated decryption key.
  - 43. The method of claim 40, further comprising:
    - receiving respective registration data, each being related to a respective processing apparatus, over a network from the processing apparatus;
      
      storing in a database respective machine IDs, each corresponding with a respective one of the processing apparatus;
      
      searching the database for machine IDs matching any received registration data;
      
      transmitting an encrypted activated decryption key over the network to the processing apparatus in response to the received registration data, where the decryption key is used to decrypt an encrypted program located at the processing apparatus.
  - 44. The method of claim 43, wherein:
    - the registration data includes a machine ID that is substantially unique to the corresponding processing apparatus; and
      
      the encrypted activated decryption key is produced and transmitted in response to the machine ID.
  - 45. The method of claim 44, further comprising:
    - producing a virtual ID as a function of the machine ID such that the virtual ID is associated with the machine ID;
      
      encrypting the activated decryption key using the virtual ID;
      
      encrypting the virtual ID using the machine ID; and
      
      transmitting the encrypted activated decryption key and the encrypted virtual ID over the network to the processing apparatus.
  - 46. The method of claim 45, wherein the processing apparatus includes a second storage device containing the machine ID (a new machine ID), and the processing apparatus is operable to request an identification re-assignment when the machine ID (an old machine ID) stored in a first storage device does not match with the new machine ID, the method further comprising:
    - receiving the old machine ID and the new machine ID;
      
      searching the database for the old machine ID;
      
      obtaining the virtual ID associated with the old machine ID;
      
      associating the virtual ID with the new machine ID;
      
      encrypting the virtual ID using the new machine ID; and
      
      transmitting the new encrypted virtual ID to the processing apparatus.
  - 47. The method of claim 43, further comprising transmitting the encrypted program over the network to the processing apparatus.
  - 48. The method of claim 43, wherein the program is one of an application program and a system program.
  - 49. The method of claim 40, further comprising:
    - storing history data in the database containing accounts relating to at least one of (i) the registration data received over the network from the processing apparatus, (ii) the respective machine IDs corresponding with the respective processing apparatus, and (iii) the activated decryption keys transmitted to the processing apparatus; and
      
      transmitting the history data to the administrator over the network.
  - 50. The method of claim 49, wherein the history data is stored in a format that is accessible only by the administrator.
  - 62. The method of claim 40, further comprising decrypting an encrypted virtual ID, using the machine ID, based on the machine ID.
  - 72. The method of claim 40, wherein a rental time for the user-selected title is received with the user-selected one of the titles available for rental and the remittance.
  - 73. The method of claim 40, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.
  - 74. The method of claim 40, wherein the electronic membership certificate is obtained by the processing apparatus over the network from the administrator in response to a request that includes a machine ID associated with the processing apparatus.

51. An apparatus operable to administer distribution of an encrypted program used in a rental system, the apparatus comprising:
- a network interface operable to provide communication with a network such that (i) respective communication links are established over a network with each of one or more processing apparatuses, (ii) respective requests by users of the one or more processing apparatuses to become members of the rental system are received over the network using the respective communication links, each of the requests including a specific machine ID associated with its respective processing apparatus, (iii) respectively associated electronic membership certificates are transmitted to each of the processing apparatuses using the respective communication links in response to receiving the machine IDs, (iv) an electronic payment ticket and at least one of the machine ID or the electronic membership certificate respectively associated with a given one of the processing apparatuses are further received over the network from that processing apparatus, the electronic payment ticket indicating that a remittance to cover rental cost for a user-selected title has been transmitted by that processing apparatus to a distributor and conferring a particular level of rental rights based on the transmitted remittance (v) in response to receiving the electronic payment ticket and at least one of the machine ID or the electronic membership certificate, an electronic rental ticket indicating that the user of that processing apparatus is now authorized to receive the encrypted program and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket is produced, and (v) the electronic rental ticket is transmitted over the network to that processing apparatus; and
  
  a database operable to store the received machine IDs and the respectively associated electronic membership certificates;
  
  wherein the electronic rental ticket and at least one of the machine ID or the electronic certificate is used by the associated processing apparatus to obtain an encrypted program, an associated encrypted decryption key and an associated encrypted virtual ID from the distributor over the network, the virtual ID being generated using at least the machine ID of that processing apparatus, the encrypted decryption key is decrypted by the processing apparatus using the virtual ID, and the encrypted program is decrypted by the processing apparatus using the decryption key.
- View Dependent Claims (52, 53, 54, 63, 75, 76)
- - 52. The apparatus of claim 51, wherein the network interface is further operable to transmit an encrypted program and a non-activated decryption key to a distributor over the network, the non-activated decryption key, when activated, being usable to decrypt the encrypted program.
  - 53. The apparatus of claim 52, wherein the network interface is further operable to (i) receive an activation request from the distributor over the network, and (ii) transmit activation grant information to the distributor over the network in response to the activation request, wherein the non-activated decryption key is converted into an activated decryption key in response to the activation grant information.
  - 54. The apparatus of claim 51, wherein the network interface is further operable to (i) transmit decryption key management data containing a distributor ID to the distributor, the distributor ID being a substantially unique identifier;
    - (ii) receive the decryption key management data and the activation request from the distributor; and
      
      (iii) transmit the activation grant information if the decryption key management data is valid.
  - 63. The apparatus of claim 51, wherein the machine ID is used to decrypt the virtual ID.
  - 75. The apparatus of claim 51, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.
  - 76. The apparatus of claim 51, wherein the electronic payment ticket is obtained by the processing apparatus from the distributor in response to the processing apparatus transmitting the user-selected title, a rental time for the user-selected title, and the remittance over the network to the distributor.

55. A method performed by an apparatus operable to administer distribution of an encrypted program used in a rental system, the method comprising:
- establishing respective communication links over a network with each of one or more processing apparatuses;
  
  receiving respective requests to become members of the rental system by users of the one or more processing apparatuses over the network using the respective communication links, each of the requests including a specific machine ID associated with its respective processing apparatus;
  
  transmitting respectively associated electronic membership certificates to each of the processing apparatuses using the respective communication links in response to receiving the machine IDs;
  
  receiving, from a given one of the processing apparatuses over the network, an electronic payment ticket and at least one of the machine ID or the electronic membership certificate respectively associated with that processing apparatus, the electronic payment ticket indicating that a remittance to cover rental cost for a user-selected title has been transmitted by that processing apparatus to a distributor and conferring a particular level of rental rights to based on the transmitted remittance;
  
  producing, in response to receiving the electronic payment ticket and the at least one of the machine ID or the electronic membership certificate, an electronic rental ticket indicating that the user of that processing apparatus is now authorized to receive the encrypted program and conferring a same or greater level of rental rights than that conferred by the electronic payment ticket;
  
  transmitting the electronic rental ticket over the network to that processing apparatus; and
  
  storing the received machine IDs and the respectively associated electronic certificates in a database;
  
  wherein the electronic rental ticket and at least one of the machine ID or the electronic certificate is used by the associated processing apparatus to obtain the encrypted program, an associated encrypted decryption key and an associated encrypted virtual ID from the distributor over the network, the virtual ID being generated using at least the machine ID of that processing apparatus, the encrypted decryption key is decrypted by the processing apparatus using the virtual ID, and the encrypted program is decrypted by the processing apparatus using the decryption key.
- View Dependent Claims (56, 57, 58, 64, 77, 78)
- - 56. The method of claim 55, further comprising transmitting an encrypted program and a non-activated decryption key to a distributor over the network, the non-activated decryption key, when activated, being usable to decrypt the encrypted program.
  - 57. The method of claim 56, further comprising (i) receiving an activation request from the distributor over the network, and (ii) transmitting activation grant information to the distributor over the network in response to the activation request, wherein the non-activated decryption key is converted into an activated decryption key in response to the activation grant information.
  - 58. The method of claim 55, further comprising (i) transmitting decryption key management data containing a distributor ID to the distributor, the distributor ID being a substantially unique identifier;
    - (ii) receiving the decryption key management data and the activation request from the distributor; and
      
      (iii) transmitting the activation grant information if the decryption key management data is valid.
  - 64. The method of claim 55, further comprising decrypting the encrypted virtual ID using the machine ID.
  - 77. The method of claim 55, wherein the remittance is at least one of a credit card number, a demand deposit account number, or an invoice.
  - 78. The method of claim 55, wherein the electronic payment ticket is obtained by the processing apparatus from the distributor in response to the processing apparatus transmitting a user-selected title, a rental time for the user-selected title, and the remittance over the network to the distributor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Original Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Inventors
Shimada, Muneki, Kanee, Kazuhiro, Okada, Toyoshi, Kimoto, Yousuke, Komaki, Kenjiro
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US10/316,309
Publication Number

US 20030126430A1
Time in Patent Office

2,946 Days
Field of Search

380/233, 713/175
US Class Current

380/233
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

78 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for secure distribution of program content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

78 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links