Rights-based system
First Claim
1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization component, a lockbox component, an escrow component, and a protected resource component;
- the mint component being configured to issue a plurality of vouchers, each voucher comprising a possession-based rights representation representing one or more corresponding rights, first vouchers of the plurality of vouchers each having encoded therein a refresh value and a sequence number, the refresh value being a pseudo-random value, a particular one of the first vouchers representing multiple different but related access rights for a corresponding resource, the mint component being configured to configure each of a first subset of the first vouchers to require submission of corresponding user credentials to enable redemption of the one or more corresponding rights, the mint component being further configured to configure each of a second subset of the first vouchers to enable redemption of the one or more corresponding rights by only a single holder but without requiring submission of corresponding user credentials, the mint component being further configured to configure second vouchers of the plurality of vouchers to enable redemption of the one or more corresponding rights by anyone having a copy of the second voucher and without requiring submission of corresponding credentials;
the authorization component being configured to validate the vouchers and issue corresponding tokens, each of the tokens being configured to enable redemption of at least one of the one or more corresponding rights for the corresponding voucher;
the lockbox component being configured to enable one or more users to manage corresponding collections of the vouchers, the lockbox component being further configured to submit the vouchers to the authorization component in response to user input from the one or more users, the user input representing attempts by the one or more users to redeem the rights corresponding to the vouchers, the lockbox component being further configured to transmit the tokens issued by the authorization component to the protected resource component;
the escrow component being configured to coordinate trades of the vouchers according to rules specified by one or more entities involved in the trades;
the protected resource component being configured to provide access to digital resources in response to presentation of corresponding ones of the tokens issued by the authorization component, and in accordance with the at least one of the one or more corresponding rights represented by each token;
wherein the authorization component is configured to generate initial refresh values and provide the initial refresh values to the mint component to enable issuance of the first vouchers by the mint component, to store separate from the first vouchers the initial refresh values as most recent values for the first vouchers, to validate the first vouchers by matching the corresponding refresh values to the corresponding most recent values maintained by the authorization component as identified with reference to the corresponding sequence numbers, to determine that the user credentials submitted in conjunction with presentation of each of the first subset of first vouchers correspond to the first voucher being presented, to generate the tokens in response to validation of the corresponding first vouchers, and to transmit the tokens to the lockbox component, a first one of the tokens generated in response to validation of the particular one of the first vouchers that represent multiple access rights being configured to provide access to a subset of fewer than all of the multiple access rights, the authorization component being further configured to generate new refresh values for insertion in the corresponding first vouchers each time the first vouchers are redeemed, and to update the corresponding most recent values maintained by the authorization component to match the new refresh values encoded in the corresponding first vouchers each time the corresponding first vouchers are redeemed, the authorization component being further configured to increment the sequence numbers encoded in the first vouchers each time the corresponding first vouchers are redeemed.
3 Assignments
0 Petitions
Accused Products
Abstract
A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.
227 Citations
19 Claims
-
1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization component, a lockbox component, an escrow component, and a protected resource component;
-
the mint component being configured to issue a plurality of vouchers, each voucher comprising a possession-based rights representation representing one or more corresponding rights, first vouchers of the plurality of vouchers each having encoded therein a refresh value and a sequence number, the refresh value being a pseudo-random value, a particular one of the first vouchers representing multiple different but related access rights for a corresponding resource, the mint component being configured to configure each of a first subset of the first vouchers to require submission of corresponding user credentials to enable redemption of the one or more corresponding rights, the mint component being further configured to configure each of a second subset of the first vouchers to enable redemption of the one or more corresponding rights by only a single holder but without requiring submission of corresponding user credentials, the mint component being further configured to configure second vouchers of the plurality of vouchers to enable redemption of the one or more corresponding rights by anyone having a copy of the second voucher and without requiring submission of corresponding credentials; the authorization component being configured to validate the vouchers and issue corresponding tokens, each of the tokens being configured to enable redemption of at least one of the one or more corresponding rights for the corresponding voucher; the lockbox component being configured to enable one or more users to manage corresponding collections of the vouchers, the lockbox component being further configured to submit the vouchers to the authorization component in response to user input from the one or more users, the user input representing attempts by the one or more users to redeem the rights corresponding to the vouchers, the lockbox component being further configured to transmit the tokens issued by the authorization component to the protected resource component; the escrow component being configured to coordinate trades of the vouchers according to rules specified by one or more entities involved in the trades; the protected resource component being configured to provide access to digital resources in response to presentation of corresponding ones of the tokens issued by the authorization component, and in accordance with the at least one of the one or more corresponding rights represented by each token; wherein the authorization component is configured to generate initial refresh values and provide the initial refresh values to the mint component to enable issuance of the first vouchers by the mint component, to store separate from the first vouchers the initial refresh values as most recent values for the first vouchers, to validate the first vouchers by matching the corresponding refresh values to the corresponding most recent values maintained by the authorization component as identified with reference to the corresponding sequence numbers, to determine that the user credentials submitted in conjunction with presentation of each of the first subset of first vouchers correspond to the first voucher being presented, to generate the tokens in response to validation of the corresponding first vouchers, and to transmit the tokens to the lockbox component, a first one of the tokens generated in response to validation of the particular one of the first vouchers that represent multiple access rights being configured to provide access to a subset of fewer than all of the multiple access rights, the authorization component being further configured to generate new refresh values for insertion in the corresponding first vouchers each time the first vouchers are redeemed, and to update the corresponding most recent values maintained by the authorization component to match the new refresh values encoded in the corresponding first vouchers each time the corresponding first vouchers are redeemed, the authorization component being further configured to increment the sequence numbers encoded in the first vouchers each time the corresponding first vouchers are redeemed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method, comprising:
-
using one or more computing devices, issuing first, second, and third vouchers, each of the vouchers being a digital possession-based rights representation, the second and third vouchers each having encoded therein a corresponding refresh value and a corresponding sequence number, the refresh value being a pseudo-random value, the third voucher representing multiple different but related access rights for a corresponding digital resource, the first voucher being configured to enable redemption of a corresponding right by anyone having a copy of the first voucher and without requiring submission of corresponding user credentials, the second voucher being configured to enable redemption of a corresponding right by only a single holder but without requiring submission of corresponding user credentials, and the third voucher being configured to require submission of corresponding user credentials to enable redemption of the corresponding rights; using one or more computing devices, validating the first voucher; using the one or more computing devices, issuing a first token corresponding to the first voucher in response to validation of the first voucher, the first token being configured to enable redemption of the right corresponding to the first voucher; using the one or more computing devices, redeeming the right corresponding to the first voucher in response to presentation of the first token; using the one or more computing devices, validating the second voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the second voucher as identified with reference to the corresponding sequence number; using the one or more computing devices, issuing a second token corresponding to the second voucher in response to validation of the second voucher, the second token being configured to enable redemption of the right corresponding to the second voucher; using the one or more computing devices, generating a new refresh value for the second voucher; using the one or more computing devices, inserting the new refresh value in the second voucher; using the one or more computing devices, updating the most recent value for the second voucher to match the new refresh value for the second voucher; using the one or more computing devices, incrementing the sequence number encoded in the second voucher; using the one or more computing devices, redeeming the right corresponding to the second voucher in response to presentation of the second token; using the one or more computing devices, determining that the user credentials submitted in conjunction with presentation of the third voucher correspond to the third voucher; using the one or more computing devices, validating the third voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the third voucher as identified with reference to the corresponding sequence number; using the one or more computing devices, issuing a third token corresponding to the third voucher in response to validation of the third voucher, the third token being configured to enable access to the digital resource in accordance with a subset of fewer than all of the multiple access rights; using the one or more computing devices, generating a new refresh value for the third voucher; using the one or more computing devices, inserting the new refresh value in the third voucher; using the one or more computing devices, updating the most recent value for the third voucher to match the new refresh value for the third voucher; using the one or more computing devices, incrementing the sequence number encoded in the third voucher; and using the one or more computing devices, providing access to the digital resource according to the subset of the multiple access rights in response to presentation of the third token. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification