Integrated delivery and protection device for digital objects

US 7,971,071 B2
Filed: 05/22/2007
Issued: 06/28/2011
Est. Priority Date: 05/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method of securing and controlling a digital object to prevent unauthorized distribution of the digital object by an end user, the digital object being portable for distribution from a distributor to the end user across at least one digital device and having a secure hardware adjunct in communication with the at least one digital device, the method of securing the digital object comprising:

executing a first portion of code on the at least one digital device in communication with the secure hardware adjunct; and

using the secure hardware adjunct to execute predefined digital rights verification and enforcement (a) located on the secure hardware adjunct, (b) configured prior to distribution of the secure hardware adjunct to the end user, and (c) updatable by a provider of the digital object using a secure channel after distribution of the secure hardware adjunct to the end user;

providing another storage data capacity on the secure hardware adjunct to control users access to the digital object by allowing the provider of the digital object to disable the secure hardware adjunct;

providing access management within the secure hardware adjunct of a plurality of NV-RAM segments that (a) enables different levels of access between the plurality of NV-RAM segments to provide different levels of access to different ones of the plurality of NV-RAM segments, and (b) provides the end user with (i) restricted access to a first one of a plurality of NV-RAM segments, (ii) unrestricted read only access to a second one of the plurality of NV-RAM segments, (iii) unrestricted read write access to a third one of the plurality of NV-RAM segments, and (iv) end-user restricted access to a fourth one of the plurality of NV-RAM segments; and

controlling the digital device and user access to the digital object at a remote location to permit disabling of the secure hardware adjunct via a remote-disable feature of the secure hardware adjunct that is enabled upon connection of the adjunct to a digital device with a network connection, the remote-disable feature controlled by the distributor of the digital object,wherein,the access management having restricted access to the first one of the plurality of NV-RAM segments is storage data capacity on the secure hardware adjunct to control user access to the digital object by allowing the provider of the digital object to disable the secure hardware adjunct,the access management having unrestricted read only access to the second one of the plurality of NV-RAM segments is storage data capacity on the secure hardware adjunct for mail application code, andthe access management having end-user restricted access to the fourth one of the plurality of NV-RAM segments is an end-user managed storage data capacity on the secure hardware adjunct for user application data, user application settings, and user access controls that can be controlled by the end user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing a digital object with a secure hardware adjunct in communication with a digital device, comprising configuring the digital object on the secure hardware adjunct so that the digital object may be portable among digital devices, executing a first portion of code on the digital device, and providing predefined digital rights verification and enforcement located on the secure hardware adjunct.

104 Citations

View as Search Results

19 Claims

1. A method of securing and controlling a digital object to prevent unauthorized distribution of the digital object by an end user, the digital object being portable for distribution from a distributor to the end user across at least one digital device and having a secure hardware adjunct in communication with the at least one digital device, the method of securing the digital object comprising:
- executing a first portion of code on the at least one digital device in communication with the secure hardware adjunct; and
  
  using the secure hardware adjunct to execute predefined digital rights verification and enforcement (a) located on the secure hardware adjunct, (b) configured prior to distribution of the secure hardware adjunct to the end user, and (c) updatable by a provider of the digital object using a secure channel after distribution of the secure hardware adjunct to the end user;
  
  providing another storage data capacity on the secure hardware adjunct to control users access to the digital object by allowing the provider of the digital object to disable the secure hardware adjunct;
  
  providing access management within the secure hardware adjunct of a plurality of NV-RAM segments that (a) enables different levels of access between the plurality of NV-RAM segments to provide different levels of access to different ones of the plurality of NV-RAM segments, and (b) provides the end user with (i) restricted access to a first one of a plurality of NV-RAM segments, (ii) unrestricted read only access to a second one of the plurality of NV-RAM segments, (iii) unrestricted read write access to a third one of the plurality of NV-RAM segments, and (iv) end-user restricted access to a fourth one of the plurality of NV-RAM segments; and
  
  controlling the digital device and user access to the digital object at a remote location to permit disabling of the secure hardware adjunct via a remote-disable feature of the secure hardware adjunct that is enabled upon connection of the adjunct to a digital device with a network connection, the remote-disable feature controlled by the distributor of the digital object,wherein,the access management having restricted access to the first one of the plurality of NV-RAM segments is storage data capacity on the secure hardware adjunct to control user access to the digital object by allowing the provider of the digital object to disable the secure hardware adjunct,the access management having unrestricted read only access to the second one of the plurality of NV-RAM segments is storage data capacity on the secure hardware adjunct for mail application code, andthe access management having end-user restricted access to the fourth one of the plurality of NV-RAM segments is an end-user managed storage data capacity on the secure hardware adjunct for user application data, user application settings, and user access controls that can be controlled by the end user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of securing the digital object according to claim 1, further comprising:
    - securing against unauthorized access of end-user data that is provided by the end user by requiring a password, biometric inputs, or other user-specific identifier to access the end-user data.
  - 3. The method of securing the digital object according to claim 1, further comprising:
    - enabling communication of the digital object with the secure hardware adjunct by two-way communication by a standard or non standard interface method, integration of the secure hardware adjunct functions into a larger chip set or an integrated circuit device to support functions of the digital device, or two-way communication with the secure hardware adjunct configured and policy-managed for multi-user over an area communication protocol.
  - 4. The method of securing the digital object according to claim 1, further comprising:
    - enabling communication of the digital device with the secure hardware adjunct by analog or digital interfaces.
  - 5. The method of securing the digital object according to claim 1, wherein the communication of the digital device with the secure hardware adjunct is supported by hardware for the decryption or presentation of media content.
  - 6. The method of securing the digital object according to claim 1, wherein a unique identifier is associated with the secure hardware adjunct to enable periodic validation of the secure hardware adjunct by the digital object using an internal clock within the secure hardware adjunct and to permit the digital object to stop working if the secure adjunct is not validated.
  - 7. The method of securing the digital object according to claim 1, further comprising:
    - implementing digital rights management for the digital object by having processing elements and internal RAM on the secure hardware adjunct to run at least one or critical code segments and critical decryption processes directly on the secure hardware adjunct to generate values to a main application.
  - 8. The method of securing the digital object according to claim 4, further comprising:
    - outputting from the secure hardware adjunct in an analog format by processing digital material through a digital to analog converter on the hardware adjunct.
  - 9. The method of securing the digital object according to claim 1, further comprising:
    - storing user access controls on the hardware adjunct.
  - 10. The method of securing the digital object according to claim 1, further comprising:
    - obtaining local access to the digital object to remotely control the digital object by providing an update control mechanism to temporarily override access control restrictions of at least one of the plurality of NV-RAM segments on the secure hardware adjunct to enable remote modification of data stored in the secure digital adjunct.
  - 11. The method of securing the digital object according to claim 1, wherein the digital device is a computer, a laptop, a PDA, a television, a stereo, a car, a cell phone, or a gaming device.
  - 12. The method of securing the digital object according to claim 1, wherein the digital object is application software or digital media.
  - 13. The method of securing the digital object according to claim 10, wherein the access is obtained over a secure channel.
  - 14. The method of securing the digital object according to claim 1, wherein the predefined digital rights verification and enforcement located on the secure hardware adjunct control access to the digital object and is capable of blocking access to the digital object of the end user.
  - 15. The method of securing the digital object according to claim 1, further comprising:
    - providing access management within the secure hardware adjunct of a plurality of NV-RAM segments,wherein the access management provides (i) restricted access to a first one of the plurality of NV-RAM segments, (ii) unrestricted read write access to a third one of the plurality of NV-RAM segments, (iii) unrestricted read write access to a third one of the plurality of NV-RAM segments, and (iv) end-user restricted access to a fourth one of the plurality of NV-RAM segments.
  - 16. The method of securing the digital object according to claim 1, wherein the digital object is application software distributed by the distributor via the secure hardware adjunct and the secure hardware adjunct allows the user to save information related to the application software on the secure hardware adjunct to permit use of the application software on different digital devices while maintaining application software settings of the user.
  - 17. The method of securing the digital object according to claim 15, whereinthe first one of the plurality of NV-RAM segments is secret application enablers, application usage policy rules, policy enforcement state information, update control algorithm, and IDPD identifier, and IDPD operational code;
    - the second one of the plurality of NV-RAM segments is application startup instructions and main application code;
      
      the third one of the plurality of NV-RAM segments is a device driver; and
      
      the fourth one of the plurality of NV-RAM segments is user application settings, user application data, and user access controls.
  - 18. The method of securing the digital object according to claim 1, wherein the capability of being updated by a provider of the digital object after distribution of the secure hardware adjunct to the end users using a secure channel includes disabling the secure hardware adjunct.
  - 19. The method of securing the digital object according to claim 1, further comprising:
    - running an application using application code entirely contained within the secure hardware adjunct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
John Walkoe, Wilbur J. Walkoe
Original Assignee
John Walkoe, Wilbur J. Walkoe
Inventors
Walkoe, Wilbur J., Walkoe, John
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US11/752,072
Publication Number

US 20080141381A1
Time in Patent Office

1,498 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 21/109 by using specially-adapted ...

Integrated delivery and protection device for digital objects

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated delivery and protection device for digital objects

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links