Rights-based system

US 9,509,704 B2
Filed: 07/25/2012
Issued: 11/29/2016
Est. Priority Date: 08/02/2011
Status: Active Grant

First Claim

Patent Images

1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization component, a lockbox component, an escrow component, and a protected resource component;

the mint component being configured to issue a plurality of vouchers, each voucher comprising a possession-based rights representation representing one or more corresponding rights, first vouchers of the plurality of vouchers each having encoded therein a refresh value and a sequence number, the refresh value being a pseudo-random value, a particular one of the first vouchers representing multiple different but related access rights for a corresponding resource, the mint component being configured to configure each of a first subset of the first vouchers to require submission of corresponding user credentials to enable redemption of the one or more corresponding rights, the mint component being further configured to configure each of a second subset of the first vouchers to enable redemption of the one or more corresponding rights by only a single holder but without requiring submission of corresponding user credentials, the mint component being further configured to configure second vouchers of the plurality of vouchers to enable redemption of the one or more corresponding rights by anyone having a copy of the second voucher and without requiring submission of corresponding credentials;

the authorization component being configured to validate the vouchers and issue corresponding tokens, each of the tokens being configured to enable redemption of at least one of the one or more corresponding rights for the corresponding voucher;

the lockbox component being configured to enable one or more users to manage corresponding collections of the vouchers, the lockbox component being further configured to submit the vouchers to the authorization component in response to user input from the one or more users, the user input representing attempts by the one or more users to redeem the rights corresponding to the vouchers, the lockbox component being further configured to transmit the tokens issued by the authorization component to the protected resource component;

the escrow component being configured to coordinate trades of the vouchers according to rules specified by one or more entities involved in the trades;

the protected resource component being configured to provide access to digital resources in response to presentation of corresponding ones of the tokens issued by the authorization component, and in accordance with the at least one of the one or more corresponding rights represented by each token;

wherein the authorization component is configured to generate initial refresh values and provide the initial refresh values to the mint component to enable issuance of the first vouchers by the mint component, to store separate from the first vouchers the initial refresh values as most recent values for the first vouchers, to validate the first vouchers by matching the corresponding refresh values to the corresponding most recent values maintained by the authorization component as identified with reference to the corresponding sequence numbers, to determine that the user credentials submitted in conjunction with presentation of each of the first subset of first vouchers correspond to the first voucher being presented, to generate the tokens in response to validation of the corresponding first vouchers, and to transmit the tokens to the lockbox component, a first one of the tokens generated in response to validation of the particular one of the first vouchers that represent multiple access rights being configured to provide access to a subset of fewer than all of the multiple access rights, the authorization component being further configured to generate new refresh values for insertion in the corresponding first vouchers each time the first vouchers are redeemed, and to update the corresponding most recent values maintained by the authorization component to match the new refresh values encoded in the corresponding first vouchers each time the corresponding first vouchers are redeemed, the authorization component being further configured to increment the sequence numbers encoded in the first vouchers each time the corresponding first vouchers are redeemed.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

227 Citations

19 Claims

1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization component, a lockbox component, an escrow component, and a protected resource component;
- the mint component being configured to issue a plurality of vouchers, each voucher comprising a possession-based rights representation representing one or more corresponding rights, first vouchers of the plurality of vouchers each having encoded therein a refresh value and a sequence number, the refresh value being a pseudo-random value, a particular one of the first vouchers representing multiple different but related access rights for a corresponding resource, the mint component being configured to configure each of a first subset of the first vouchers to require submission of corresponding user credentials to enable redemption of the one or more corresponding rights, the mint component being further configured to configure each of a second subset of the first vouchers to enable redemption of the one or more corresponding rights by only a single holder but without requiring submission of corresponding user credentials, the mint component being further configured to configure second vouchers of the plurality of vouchers to enable redemption of the one or more corresponding rights by anyone having a copy of the second voucher and without requiring submission of corresponding credentials;
  
  the authorization component being configured to validate the vouchers and issue corresponding tokens, each of the tokens being configured to enable redemption of at least one of the one or more corresponding rights for the corresponding voucher;
  
  the lockbox component being configured to enable one or more users to manage corresponding collections of the vouchers, the lockbox component being further configured to submit the vouchers to the authorization component in response to user input from the one or more users, the user input representing attempts by the one or more users to redeem the rights corresponding to the vouchers, the lockbox component being further configured to transmit the tokens issued by the authorization component to the protected resource component;
  
  the escrow component being configured to coordinate trades of the vouchers according to rules specified by one or more entities involved in the trades;
  
  the protected resource component being configured to provide access to digital resources in response to presentation of corresponding ones of the tokens issued by the authorization component, and in accordance with the at least one of the one or more corresponding rights represented by each token;
  
  wherein the authorization component is configured to generate initial refresh values and provide the initial refresh values to the mint component to enable issuance of the first vouchers by the mint component, to store separate from the first vouchers the initial refresh values as most recent values for the first vouchers, to validate the first vouchers by matching the corresponding refresh values to the corresponding most recent values maintained by the authorization component as identified with reference to the corresponding sequence numbers, to determine that the user credentials submitted in conjunction with presentation of each of the first subset of first vouchers correspond to the first voucher being presented, to generate the tokens in response to validation of the corresponding first vouchers, and to transmit the tokens to the lockbox component, a first one of the tokens generated in response to validation of the particular one of the first vouchers that represent multiple access rights being configured to provide access to a subset of fewer than all of the multiple access rights, the authorization component being further configured to generate new refresh values for insertion in the corresponding first vouchers each time the first vouchers are redeemed, and to update the corresponding most recent values maintained by the authorization component to match the new refresh values encoded in the corresponding first vouchers each time the corresponding first vouchers are redeemed, the authorization component being further configured to increment the sequence numbers encoded in the first vouchers each time the corresponding first vouchers are redeemed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The rights-based system of claim 1, wherein each of the system components has one or more network addresses associated therewith and is configured to communicate with one or more of the other system components using Hyper-Text Transfer Protocol (HTTP) requests and responses directed to the network addresses associated with the one or more other system components.
  - 3. The rights-based system of claim 1, wherein at least some of the vouchers also include a signed component for verifying the validity of the corresponding voucher, the signed component not being modifiable.
  - 4. The rights-based system of claim 1, wherein at least some of the vouchers are not transferable, the authorization component being further configured to authenticate owners of the at least some of the vouchers.
  - 5. The rights-based system of claim 1, wherein at least some of the vouchers include strings of text representing descriptive information regarding the corresponding voucher.
  - 6. The rights-based system of claim 1, wherein the mint component is further configured to generate new vouchers and to request initial refresh values for the new vouchers from another one of the system components.
  - 7. The rights-based system of claim 6, wherein the mint component is configured to generate one or more of the new vouchers only after validation of an existing one of the vouchers.
  - 8. The rights-based system of claim 6, wherein the mint component is further configured to generate voucher templates from which the new vouchers are generated.
  - 9. The rights-based system of claim 1, wherein the escrow component is configured to execute secure trades of the vouchers.
  - 10. The rights-based system of claim 1, wherein at least some of the vouchers are configured to control access to others of the vouchers.

11. A computer-implemented method, comprising:
- using one or more computing devices, issuing first, second, and third vouchers, each of the vouchers being a digital possession-based rights representation, the second and third vouchers each having encoded therein a corresponding refresh value and a corresponding sequence number, the refresh value being a pseudo-random value, the third voucher representing multiple different but related access rights for a corresponding digital resource, the first voucher being configured to enable redemption of a corresponding right by anyone having a copy of the first voucher and without requiring submission of corresponding user credentials, the second voucher being configured to enable redemption of a corresponding right by only a single holder but without requiring submission of corresponding user credentials, and the third voucher being configured to require submission of corresponding user credentials to enable redemption of the corresponding rights;
  
  using one or more computing devices, validating the first voucher;
  
  using the one or more computing devices, issuing a first token corresponding to the first voucher in response to validation of the first voucher, the first token being configured to enable redemption of the right corresponding to the first voucher;
  
  using the one or more computing devices, redeeming the right corresponding to the first voucher in response to presentation of the first token;
  
  using the one or more computing devices, validating the second voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the second voucher as identified with reference to the corresponding sequence number;
  
  using the one or more computing devices, issuing a second token corresponding to the second voucher in response to validation of the second voucher, the second token being configured to enable redemption of the right corresponding to the second voucher;
  
  using the one or more computing devices, generating a new refresh value for the second voucher;
  
  using the one or more computing devices, inserting the new refresh value in the second voucher;
  
  using the one or more computing devices, updating the most recent value for the second voucher to match the new refresh value for the second voucher;
  
  using the one or more computing devices, incrementing the sequence number encoded in the second voucher;
  
  using the one or more computing devices, redeeming the right corresponding to the second voucher in response to presentation of the second token;
  
  using the one or more computing devices, determining that the user credentials submitted in conjunction with presentation of the third voucher correspond to the third voucher;
  
  using the one or more computing devices, validating the third voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the third voucher as identified with reference to the corresponding sequence number;
  
  using the one or more computing devices, issuing a third token corresponding to the third voucher in response to validation of the third voucher, the third token being configured to enable access to the digital resource in accordance with a subset of fewer than all of the multiple access rights;
  
  using the one or more computing devices, generating a new refresh value for the third voucher;
  
  using the one or more computing devices, inserting the new refresh value in the third voucher;
  
  using the one or more computing devices, updating the most recent value for the third voucher to match the new refresh value for the third voucher;
  
  using the one or more computing devices, incrementing the sequence number encoded in the third voucher; and
  
  using the one or more computing devices, providing access to the digital resource according to the subset of the multiple access rights in response to presentation of the third token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer-implemented method of claim 11, wherein issuing the first, second, and third vouchers, validating the first, second, and third vouchers, issuing the first, second, and third tokens, generating the new refresh values, inserting the new refresh values in the second and third vouchers, updating the most recent values for the second and third vouchers, and incrementing the sequence numbers for the second and third vouchers are effected using Hyper-Text Transfer Protocol (HTTP) requests and responses directed to network addresses associated with the one or more computing devices.
  - 13. The computer-implemented method of claim 11, wherein the first voucher includes a signed component for verifying the validity of the first voucher, the signed component not being modifiable.
  - 14. The computer-implemented method of claim 11, wherein each of the first, second, and third vouchers includes a string of text representing descriptive information regarding the corresponding voucher.
  - 15. The computer-implemented method of claim 11, further comprising generating a new voucher in response to validation of one of the first voucher, second voucher, or third voucher.
  - 16. The computer-implemented method of claim 15, wherein the new voucher is generated using a voucher template.
  - 17. The computer-implemented method of claim 11, further comprising executing a secure trade of the second voucher and a fourth voucher.
  - 18. The computer-implemented method of claim 11, wherein one of the first voucher, second voucher, or third voucher is configured to control access to a fourth voucher.
  - 19. The computer-implemented method of claim 11, further comprising enabling a user to manage a corresponding collections of vouchers including one of the first voucher, second voucher, or third voucher.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
API Market, Inc.
Original Assignee
OnCircle, Inc.
Inventors
Roever, Stefan, Watson, David
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US13/558,238
Publication Number

US 20130036476A1
Time in Patent Office

1,588 Days
Field of Search

726/27
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

Rights-based system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

227 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Rights-based system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

227 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links