Systems and methods for secure transaction management and electronic rights protection

US 8,572,411 B2
Filed: 05/14/2010
Issued: 10/29/2013
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving electronic content at a first user'"'"'s electronic appliance, the appliance comprising a secure processing unit, the electronic content having been sent from a second user'"'"'s electronic appliance,wherein the secure processing unit prevents unauthorized access to its components by selectively allowing data originating outside of the secure processing unit to cross a tamper-resistant security barrier and enter the secure processing unit, and by processing the allowed data within a compartmentalized secure execution space that prevents less trusted data from modifying more trusted data;

receiving, at the first user'"'"'s electronic appliance, control information associated with the electronic content, the control information indicating that the electronic content may be used only in one or more authorized ways; and

using a software application running on the first user'"'"'s electronic appliance to enable the first user to make at least one use of the electronic content in accordance with the control information, wherein the software application is configured to be resistant to attempts by users of the first electronic appliance to use the electronic content in unauthorized ways, and wherein the software application is operable to communicate with the secure processing unit to obtain information necessary to decrypt the electronic content.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”

Citations

50 Claims

1. A method comprising:
- receiving electronic content at a first user'"'"'s electronic appliance, the appliance comprising a secure processing unit, the electronic content having been sent from a second user'"'"'s electronic appliance,wherein the secure processing unit prevents unauthorized access to its components by selectively allowing data originating outside of the secure processing unit to cross a tamper-resistant security barrier and enter the secure processing unit, and by processing the allowed data within a compartmentalized secure execution space that prevents less trusted data from modifying more trusted data;
  
  receiving, at the first user'"'"'s electronic appliance, control information associated with the electronic content, the control information indicating that the electronic content may be used only in one or more authorized ways; and
  
  using a software application running on the first user'"'"'s electronic appliance to enable the first user to make at least one use of the electronic content in accordance with the control information, wherein the software application is configured to be resistant to attempts by users of the first electronic appliance to use the electronic content in unauthorized ways, and wherein the software application is operable to communicate with the secure processing unit to obtain information necessary to decrypt the electronic content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, in which control information is received separately from the electronic content.
  - 3. The method of claim 1, in which the control information is received at the first user'"'"'s electronic appliance from the second user'"'"'s electronic appliance together with the electronic content.
  - 4. The method of claim 3, in which control information is received together with the electronic content in a secure electronic container.
  - 5. The method of claim 4, in which the electronic content is encrypted within the secure electronic container, and in which the secure electronic container includes an unencrypted header.
  - 6. The method of claim 1, in which the control information further indicates that the electronic content may be used only by one or more designated users, the method further comprising:
    - using the software application on the first user'"'"'s electronic appliance to determine that the first user is one of said one or more designated users.
  - 7. The method of claim 1, in which the secure processing unit comprises memory storing one or more cryptographic keys and memory interface logic that is operable to prevent unauthorized access to the memory from outside the secure processing unit.
  - 8. The method of claim 1, in which the software application comprises a word processor.
  - 9. The method of claim 1, in which the software application comprises an electronic mail program.
  - 10. The method of claim 9, in which the electronic content comprises an electronic mail message.
  - 11. The method of claim 1, in which the electronic content comprises an electronic memorandum, an electronic mail message, a text file, and/or a multimedia file.
  - 12. The method of claim 1, in which the control information includes a requirement that a recipient of the electronic content contact the second user before using the electronic content, the method further comprising:
    - sending a request from the first user to the second user for permission to use the electronic content; and
      
      receiving permission from the second user.
  - 13. The method of claim 1, further comprising:
    - sending a request from the first user'"'"'s electronic appliance to the second user'"'"'s electronic appliance, the request seeking a modification to the control information;
      
      receiving at the first user'"'"'s electronic appliance from the second user'"'"'s electronic appliance a modified set of control information in response to the request.
  - 14. The method of claim 1, in which the control information specifies one or more auditing requirements, the method further comprising:
    - sending auditing information to the second user'"'"'s electronic appliance in compliance with the auditing requirements.
  - 15. The method of claim 14, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication of how the electronic content has been used.
  - 16. The method of claim 14, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been printed by the recipient.
  - 17. The method of claim 14, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been viewed by the recipient.
  - 18. The method of claim 14, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been stored by the recipient.
  - 19. The method of claim 14, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content been edited by the recipient.
  - 20. The method of claim 1, in which the control information specifies that certain or all information in the electronic content may be extracted by an authorized recipient.
  - 21. The method of claim 1, in which the control information specifies that the electronic content may be redistributed by an authorized recipient.
  - 22. The method of claim 1, in which the one or more authorized ways include viewing the electronic content.
  - 23. The method of claim 1, in which the one or more authorized ways include printing the electronic content.
  - 24. The method of claim 1, in which the one or more authorized ways include copying the electronic content.
  - 25. The method of claim 1, in which the one or more authorized ways include extracting text from, and/or embedding text within, the electronic content.
  - 26. The method of claim 1, in which the one or more authorized ways include redistributing the electronic content.
  - 27. The method of claim 1, in which the control information is configured to govern at least two of the following uses of the electronic content:
    - viewing the electronic content, printing the electronic content, copying the electronic content, or modifying the electronic content.

28. A computer-readable medium containing a software application comprising executable program instructions, the executable program instructions including instructions for:
- receiving electronic content and first control information associated with the electronic content, the first control information indicating that the electronic content may be used only in one or more authorized ways;
  
  separately receiving second control information associated with the electronic content; and
  
  applying the first control information and the second control information to enable at least one use of the electronic content in accordance with the first control information and the second control information;
  
  wherein the software application is configured to be resistant to attempts to use the electronic content in unauthorized ways, andwherein the executable program instructions further include instructions for decrypting the electronic content using at least one cryptographic key retrieved from a secure processing unit;
  
  wherein the secure processing unit prevents unauthorized access to its components by selectively allowing data originating outside the secure processing unit to cross a tamper-resistant security barrier and enter the secure processing unit, and by processing the allowed data within a compartmentalized secure execution space that prevents less trusted data from modifying more trusted data.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 29. The computer-readable medium of claim 28, in which the first control information further indicates that the electronic content may be used by one or more designated users, and in which the second control information indicates that the electronic content may be used by one or more additional users.
  - 30. The computer-readable medium of claim 28, in which the second control information indicates that the electronic content may be used in one or more additional authorized ways.
  - 31. The computer-readable medium of claim 28, in which the first control information includes a first expiration date, and in which the second control information includes a second expiration date after the first expiration date.
  - 32. The computer-readable medium of claim 28, in which the first control information includes a requirement that a return receipt be sent to a remote electronic appliance, and in which the executable program instructions further include instructions for sending a return receipt to a remote electronic appliance from which the electronic content was received.
  - 33. The computer-readable medium of claim 28, in which the first control information includes one or more auditing requirement, and in which the executable program instructions further include instructions for complying with the auditing requirements.
  - 34. The computer-readable medium of claim 33, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication of how the electronic content has been used.
  - 35. The computer-readable medium of claim 33, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been printed by the recipient.
  - 36. The computer-readable medium of claim 33, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been viewed by the recipient.
  - 37. The computer-readable medium of claim 33, in which the one or more auditing requirements include a requirement that a recipient of the electronic content send an indication if the electronic content has been edited by the recipient.
  - 38. The computer-readable medium of claim 28, in which the first control information specifies that certain or all information in the electronic content may be extracted by an authorized recipient.
  - 39. The computer-readable medium of claim 28, in which the first control information specifies that the electronic content may be redistributed by an authorized recipient.
  - 40. The computer-readable medium of claim 28, in which the one or more authorized ways include viewing the electronic content.
  - 41. The computer-readable medium of claim 28, in which the one or more authorized ways include printing the electronic content.
  - 42. The computer-readable medium of claim 28, in which the one or more authorized ways include copying the electronic content.
  - 43. The computer-readable medium of claim 28, in which the one or more authorized ways include extracting text from, or embedding text within, the electronic content.
  - 44. The computer-readable medium of claim 28, in which the one or more authorized ways include redistributing the electronic content.
  - 45. The computer-readable medium of claim 28, in which the first control information is configured to govern at least two of the following uses of the electronic content:
    - viewing the electronic content, printing the electronic content, copying the electronic content, or modifying the electronic content.
  - 46. The computer-readable medium of claim 28, in which the software application comprises a word processor or an electronic mail program.

47. A method comprising:
- creating electronic content at a first user'"'"'s electronic appliance;
  
  at the first user'"'"'s electronic appliance, securely associating control information with the electronic content, the control information indicating that the electronic content may be used only in one or more authorized ways, the control information being configured to be enforced by tamper-resistant software and/or hardware to govern use of the electronic content;
  
  distributing the electronic content and the control information to a second user'"'"'s electronic appliance that comprises a secure processing unit,wherein the secure processing unit prevents unauthorized access to its components by selectively allowing data originating outside of the secure processing unit to cross a tamper-resistant security barrier and enter the secure processing unit, and by processing the allowed data within a compartmentalized secure execution space that prevents less trusted data from modifying more trusted data; and
  
  at the second user'"'"'s electronic appliance, securely enabling the second user to make at least one use of the electronic content in accordance with the control information, in which software and/or hardware at the second user'"'"'s electronic appliance is operable to perform, at least in part, said securely enabling step, said software and/or hardware at the second user'"'"'s electronic appliance being resistant to tampering by the second user with the performance of said securely enabling step, and said software and/or hardware being operable to communicate with the secure processing unit to obtain information necessary to decrypt the electronic content.
- View Dependent Claims (48, 49, 50)
- - 48. The method of claim 47, further comprising:
    - sending a request from the second user, the request seeking a modification to the control information; and
      
      receiving a modified set of control information in response to the request.
  - 49. The method of claim 47, in which the one or more authorized ways include at least two of the following:
    - viewing the electronic content, printing the electronic content, copying the electronic content, or modifying the electronic content.
  - 50. The method of claim 47, in which the control information specifies that the electronic content may be redistributed by an authorized recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Shear, Victor H., Spahn, Francis J., Van Wie, David M.
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Anderson, Michael D

Application Number

US12/780,702
Publication Number

US 20100228996A1
Time in Patent Office

1,264 Days
Field of Search

380/32, 345/59
US Class Current

713/194
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 20/12   specially adapted for elect...

G06Q 20/123 : Shopping for digital content

G06Q 20/1235 : with control of digital rig...

G06Q 20/14 : specially adapted for billi...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/306 : using TV related infrastruc...

G06Q 20/308 : using the Internet of Things

G06Q 2220/16 : Copy protection or prevention

G06Q 30/0273 : Determination of fees for a...

G06Q 30/0283 : Price estimation or determi...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 40/02 : Banking, e.g. interest calc...

G06Q 40/04 : Trading; Exchange, e.g. sto...

G06Q 40/12 : Accounting

G06Q 50/184 : Intellectual property manag...

G06Q 50/188 : Electronic negotiation

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/02 : for separating internal fro...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0442 : wherein the sending and rec...

H04L 63/08 : for authentication of entit...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/10 : for controlling access to d...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/16 : Implementing security featu...

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 9/006 : involving public key infras...

H04L 9/0819 : Key transport or distributi...

H04L 9/0838 : Key agreement, i.e. key est...

H04L 9/0861 : Generation of secret inform...

H04L 9/3218 : using proof of knowledge, e...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04N 2005/91364 : the video signal being scra...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/42646 : for reading from or writing...

H04N 21/4325 : by playing back content fro...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

H04N 7/162 : Authorising the user termin...

H04N 7/163 : by receiver means only

H04N 7/17309 : Transmission or handling of...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links