Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management

US 8,751,793 B2
Filed: 12/02/2003
Issued: 06/10/2014
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing access to an online service, the method comprising:

receiving, at a first electronic appliance, a first digital certificate from a second electronic appliance associated with a user, the first digital certificate attesting to at least one attribute of the user;

determining, by the first electronic appliance, based at least in part on the first digital certificate, whether the user is authorized to access the online service;

issuing, by the first electronic appliance, based on the determination of whether the user is authorized to access the online service, a second digital certificate to the user, the second digital certificate attesting to the user'"'"'s permission to access the online service;

sending, from the first electronic appliance to the second appliance, the second digital certificate; and

receiving audit record information relating to the user'"'"'s use of the online service, the audit record information comprising an aggregation of usage information that masks one or more details of individual service items accessed or utilized in accordance with a level of detail associated with the usage information that is deemed acceptable by the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present inventions provide an integrated, modular array of administrative and support services for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting financial management, rights management, certificate authority, rules clearing, usage clearing, secure directory services, and other transaction related capabilities functioning over a vast electronic network such as the Internet and/or over organization internal Intranets.

These administrative and support services can be adapted to the specific needs of electronic commerce value chains. Electronic commerce participants can use these administrative and support services to support their interests, and can shape and reuse these services in response to competitive business realities.

A Distributed Commerce Utility having a secure, programmable, distributed architecture provides administrative and support services. The Distributed Commerce Utility makes optimally efficient use of commerce administration resources, and can scale in a practical fashion to accommodate the demands of electronic commerce growth.

The Distributed Commerce Utility may comprise a number of Commerce Utility Systems. These Commerce Utility Systems provide a web of infrastructure support available to, and reusable by, the entire electronic community and/or many or all of its participants.

Different support functions can be collected together in hierarchical and/or in networked relationships to suit various business models and/or other objectives. Modular support functions can combined in different arrays to form different Commerce Utility Systems for different design implementations and purposes. These Commerce Utility Systems can be distributed across a large number of electronic appliances with varying degrees of distribution.

Citations

19 Claims

1. A method for providing access to an online service, the method comprising:
- receiving, at a first electronic appliance, a first digital certificate from a second electronic appliance associated with a user, the first digital certificate attesting to at least one attribute of the user;
  
  determining, by the first electronic appliance, based at least in part on the first digital certificate, whether the user is authorized to access the online service;
  
  issuing, by the first electronic appliance, based on the determination of whether the user is authorized to access the online service, a second digital certificate to the user, the second digital certificate attesting to the user'"'"'s permission to access the online service;
  
  sending, from the first electronic appliance to the second appliance, the second digital certificate; and
  
  receiving audit record information relating to the user'"'"'s use of the online service, the audit record information comprising an aggregation of usage information that masks one or more details of individual service items accessed or utilized in accordance with a level of detail associated with the usage information that is deemed acceptable by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method as in claim 1, further comprising:
    - receiving, at the second electronic appliance, a request from the user to access the online service;
      
      checking, by the second electronic appliance, the second digital certificate to determine whether the user has permission to access the online service; and
      
      allowing, by the second electronic appliance, the user to access the online service based on the determination of whether the user has permission to access the online service.
  - 3. A method as in claim 2, in which said checking step is performed in a protected processing environment at the second electronic appliance.
  - 4. A method as in claim 1, further comprising:
    - sending, from the first electronic appliance to the second electronic appliance, software for using the online service to the second electronic appliance; and
      
      sending, from the first electronic appliance to the second electronic appliance, a digital signature for determining the integrity of the software to the user.
  - 5. A method as in claim 4, in which the digital signature is bound, at least in part, to the identity of the online service.
  - 6. A method as in claim 1, further comprising:
    - sending, from the first electronic appliance to the second electronic appliance, a third digital certificate, the third digital certificate attesting to the identity of the online service, the third digital certificate being issued by a certifying authority.
  - 7. A method as in claim 6, in which the first digital certificate is issued by the certifying authority.
  - 8. A method as in claim 1, in which the first digital certificate includes an indication of the user'"'"'s age.
  - 9. A method as in claim 1, in which the first digital certificate identifies a party responsible for paying for the user'"'"'s access to online services.
  - 10. A method as in claim 9, further comprising:
    - sending, by the first electronic appliance, a request for payment to the party responsible for paying for the user'"'"'s access to online services; and
      
      receiving, at the first electronic appliance, an indication that payment has been received.
  - 11. A method as in claim 10, in which the steps of (a) sending a request for payment and (b) receiving an indication that payment has been received are performed prior to performing the step of sending the second digital certificate to the user.
  - 12. A method as in claim 1, in which the second digital certificate attests to the user'"'"'s permission to access the online service until a specified date.
  - 13. A method as in claim 1, in which the at least one attribute comprises an indication of the amount of purchases the user is allowed to make in a given time period.
  - 14. A method as in claim 1, in which the online service comprises an interactive online game.
  - 15. A method as in claim 14, further comprising:
    - sending, from the first electronic appliance to the second electronic appliance software for playing the online game to the user in a secure container.
  - 16. A method as in claim 1, in which the second digital certificate includes an expiration date of the subscription.
  - 17. A method as in claim 1, further comprising:
    - collecting, by the first electronic appliance, payment information from the user.
  - 18. A method as in claim 17, further comprising:
    - sending, by the first electronic appliance, the payment information to a financial clearinghouse.
  - 19. A method as in claim 1, further comprising:
    - sending, by the first electronic appliance, the audit record information to a usage clearinghouse.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Shear, Victor H., Spahn, Francis J., Van Wie, David M., Weber, Robert P.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US10/727,324
Publication Number

US 20040123129A1
Time in Patent Office

3,843 Days
Field of Search

713/193, 713/156, 713/157, 713/158, 713/175, 726/4, 726/10, 726/28, 380/255, 705/14.23, 705/14.51
US Class Current

713/156
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1483   using an access-table, e.g....

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/606   by securing the transmissio...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2151   Time stamp

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/123   Shopping for digital content

G06Q 20/1235   with control of digital rig...

G06Q 20/14   specially adapted for billi...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

G11B 20/00086 : Circuits for prevention of ...

G11B 20/00159 : Parental control systems

G11B 20/00188 : involving measures which re...

G11B 20/00557 : wherein further management ...

G11B 20/0071 : involving a purchase action

G11B 20/00768 : wherein copy control inform...

G11B 2220/216 : Rewritable discs

G11B 2220/218 : Write-once discs

G11B 2220/2562 : DVDs [digital versatile dis...

G11B 2220/2575 : DVD-RAMs

G11B 27/031 : Electronic editing of digit...

G11B 27/329 : on a disc [VTOC]

H04L 12/40104 : Security; Encryption; Conte...

H04L 12/40117 : Interconnection of audio or...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/603 : Digital right managament [DRM]

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/04 : for providing a confidentia...

H04L 63/068 : using time-dependent keys, ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/10 : for controlling access to d...

H04L 63/20 : for managing network securi...

H04L 9/321 : involving a third party or ...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 7/162 : Authorising the user termin...

H04N 7/17309 : Transmission or handling of...

Y10S 707/99939 : Privileged access

View All

Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links