Trusted and secure techniques, systems and methods for item delivery and execution

US 6,185,683 B1
Filed: 12/28/1998
Issued: 02/06/2001
Est. Priority Date: 02/13/1995
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system including:

a first apparatus including, user controls, a communications port, a processor, a memory storing;

a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;

a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and

a second secure container, the second secure container containing audit information; and

hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;

a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and

hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).

1769 Citations

131 Claims

1. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  a second secure container, the second secure container containing audit information; and
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

2. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  the first secure container having been received from a second apparatus;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item, the first secure container rule, the first secure container rule having been received from a third apparatus different from said second apparatus; and
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

3. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  a second secure container containing a digital certificate;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (4)
- - 4. A system as in claim 3, said memory storing a rule associated with said second secure container, said rule associated with said second secure container at least in part governing at least one aspect of access to or use of said digital certificate.

5. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing, a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  a second secure container containing a digital signature, the second secure container being different from said first secure container;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (6)
- - 6. A system as in claim 5, said memory storing a rule at least in part governing an aspect of access to or use of said digital signature.

7. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure econainer governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including receipt information;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

8. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including usage information;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (9)
- - 9. A system as in claim 8, said usage information including information at least in part identifying usage of said governed item.

10. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including an image designed to allow for visual recognition of said seal;
  
  hardware or software used for receiving and opening secure containers, and secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said firs apparatus, said protected processing environment including hardware or software used for applying said first rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

11. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including encoded information;
  
  hardware or software used for receiving an opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (12)
- - 12. A system as in claim 11, said encoded information being steganographically encoded in said seal.

13. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including (a) a representation of an aspect of said governed item, said representation including a hash of at least a portion of said governed item after normalization of said portion, and (b) a item value;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

14. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including encrypted information;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure econatiner rule in combination to at least in part govern at least one aspect of access or to use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (15, 16)
- - 15. A system as in claim 14, said encrypted information being encrypted, at least in part, using a key from a public/private key pair.
  - 16. A system as in claim 15, said encryption key belonging to an individual or entity responsible at least in part for a transmission of said first secure container governed item.

17. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal including an error correction code derived from at least a portion of said first secure container governed item;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

18. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic seal stored in a secure container;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (19, 20)
- - 19. A system as in claim 18, said secure container in which said electronic seal is stored being a second secure container, different from said first secure container.
  - 20. A system as in claim 19, said memory storing a rule at least in part governing at least one aspect of access to or use of said electronic seal.

21. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
  
  an electronic fingerprint stored in a second secure container, different from said first secure container;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.

22. A system including:
- a first apparatus including, user controls, a communications port, a processor, a memory storing;
  
  a first secure container containing a governed item, the first secure container governed item being at least in part encrypted, the first secure container governed item including steganographically encoded information including a first portion encoded using a first steganographic encoding technique and a second portion encoded using a second steganographic encoding technique;
  
  a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item;
  
  hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. A system as in claim 22, in which said first steganographic encoding technique provides a higher degree of security than said second steganographic encoding technique.
  - 24. A system as in claim 23, in which at least a portion of said steganographically encoded information is encrypted.
  - 25. A system as in claim 24, in which said first portion is encrypted using a first technique which differs in at least one respect from a second encryption technique used for encryption of said second portion.
  - 26. A system as in claim 25, in which said encryption techniques differ in at least the key used for each technique.
  - 27. A system as in claim 25, in which said encryption techniques differ in the strength of encryption used.

28. A system including;
- a first apparatus including;
  
  user controls, a communications port, a processor, a memory containing a first rule, hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first rule and a secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item; and
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses; and
  
  a second apparatus including;
  
  user controls, a communications port, a processor, a memory containing a second rule, hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
  
  a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus, said protected processing environment including hardware or software used for applying said second rule and a secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item;
  
  hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses; and
  
  an electronic intermediary, said intermediary including a user rights authority clearinghouse.
- View Dependent Claims (29)
- - 29. A system as in claim 28, said user rights authority clearinghouse operatively connected to make rights available to users.

30. A method of securely delivery an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus;
  
  establishing the identity of a user of said first apparatus; and
  
  at least partially integrating a rule with a user application, including altering the user interface of said user application;
  
  (b) specifying information to be used in said delivery, said information including;
  
  an address of a recipient of said item, delivery information, receipt information, authentication information, a rule to at least in part govern at least one access to or use of said item once delivered;
  
  (c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule; and
  
  (d) transmitting said secure electronic container to a second apparatus.
- View Dependent Claims (31, 32)
- - 31. A method as in claim 30, in which said alteration includes adding at least one option to a menu of user options provided by said user application.
  - 32. A method as in claim 30, in which said alteration includes altering the functionality of at least one user-selectable option.

33. A method of securely delivering an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initializing including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus; and
  
  establishing the identity of a user of said first apparatus;
  
  (b) specifying information to be used in said delivery, said information including;
  
  an address of a recipient of said item, delivery information, receipt information, authentication information, and a rule to at least in part govern at least one access to or use of said item once delivered, (c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a porting of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
  
  (d) transmitting said secure electronic container to a second apparatus;
  
  (e) receiving said secure electronic container at the second apparatus;
  
  (f) said second apparatus generating a receipt following reception of said secure container; and
  
  (g) using said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.
- View Dependent Claims (34, 35, 36, 37)
- - 34. A method as in claim 33, in which said receipt generation is controlled, at least in part, by at least one rule received by said second apparatus.
  - 35. A method as in claim 33, further including said second apparatus transmitting said receipt to another apparatus.
  - 36. A method as in claim 35, in which said other apparatus is said first apparatus.
  - 37. A method as in claim 36, in which said other apparatus is a third apparatus.

38. A method of securely delivering an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus; and
  
  establishing the identity of a user of said first apparatus;
  
  (b) specifying information to be used in said delivery and providing a key associated with an intended recipient, said information including;
  
  an address of a recipient of said item, information at least in part identifying at least one intended recipient, delivery information, receipt information, authentication information, and a rule to at least in part govern at least one access to or use of said item once delivered;
  
  (c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
  
  (d) transmitting said secure electronic container to a second apparatus;
  
  (e) receiving said secure electronic container at the second apparatus; and
  
  (f) using said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.

39. A method of securely delivering an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus; and
  
  establishing the identity of a suer of said first apparatus;
  
  (b) specifying information to be used in said delivery, said information including an address of a recipient of said item, delivery information, receipt information, authentication information, and a rule to at least in part govern at least one access to or use of said item once delivered;
  
  (c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
  
  (d) transmitting said secure electonic container to a second apparatus;
  
  (e) receiving said secure electronic container at the second apparatus;
  
  (f) using said second rule to at least in part govern at least on aspect of access to or use of said item at said second apparatus; and
  
  (g) determining the identity of a party required to make a payment relating to said delivery.

40. A method of securely delivering an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus; and
  
  establishing the identity of a user of said first apparatus;
  
  (b) specifying information to be used in said delivery, said information including an address of a receipt of said item, delivery information, receipt information, authentication information, and a rule to at least in part govern at least one access to or use of said item once delivered;
  
  (c) at least in part using said protected processing environment of said first apparatus, storing said item in secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
  
  (d) said first apparatus receiving a rule, said first apparatus using said received rule to govern an aspect of said method;
  
  (e) following said receipt in said step (d), transmitting said secure electronic container to a second apparatus;
  
  (f) receiving said secure electronic container at the second apparatus; and
  
  (g) using said second rule to at least in part govern an aspect of access to or use of said item at said second apparatus.
- View Dependent Claims (41, 42)
- - 41. A method as in claim 40, in which said received rule is received from said second apparatus.
  - 42. A method as in claim 40, in which said received rule is received from a control set archive located at a third apparatus.

43. A method of securely delivering an item, including the following steps:
- (a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including;
  
  registering a first rule associated with said first apparatus or a user of said first apparatus; and
  
  establishing the identity of a user of said first apparatus;
  
  (b) specifying information to be used in said delivery, including obtaining an address of a recipient of said item information from a third apparatus, said information including;
  
  said recipient address, delivery information, receipt information, authentication information, and a rule to at least in part govern at least one access to or use of said item once delivered;
  
  (c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part under control of said first rule;
  
  (d) transmitting said secure electronic container to a second apparatus;
  
  (e) receiving said secure electronic container at the second apparatus; and
  
  (f) using at least said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.
- View Dependent Claims (44)
- - 44. A method as in claim 43, in which said third apparatus includes a secure directory service from which said recipient address information is obtained.

45. A method of securely delivering an item, including the following steps:
- steganographically encoding information in an electronic seal, using a first steganographic technique to encode a first portion of said encoded information, and using a second steganographic technique to encode a second portion of said encoded information;
  
  associating said electronic seal with said item;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing enviormnment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said rule and by a second rule present at said intended recipient'"'"'s site.
- View Dependent Claims (46, 47)
- - 46. A method as in claim 45, in which said first steganographic technique is more secure in one respect than said second steganographic technique.
  - 47. A method as in claim 46, in which said first steganographic technique uses a first encryption key and said second steganographic technique uses a second encryption key different from said first encryption key.

48. A method of securely delivering an item, including the following steps:
- incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  steganographically encoding information in an electronic seal, at least a portion of said steganographically encoded information being encrypted;
  
  associating said electronic seal with said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.

49. A method of securely delivering an item, including the following steps:
- creating a hash value representing an aspect of said item;
  
  encrypting said hash value;
  
  associating said hash value with an electronic seal;
  
  associating said electronic seal with said item;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.
- View Dependent Claims (50)
- - 50. A method as in claim 49, in which said hash value encryption is performed at least in part using a private key of at least one transmitter of said item.

51. A method of securely delivering an item, including the following steps:
- associating a digital signature with said item, said digital signature having associated a rule, said digital signature rule requiring connection to a remote server prior to a use of said digital signature;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.

52. A method of securely delivering an item, including the following steps:
- receiving a digital signature from a remote site, said remote site including a secure director;
  
  embedding said digital signature in said item, incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.

53. A method of securely delivering an item, including the following steps:
- receiving a digital signature in a secure electronic container;
  
  embedding said digital signature in said item;
  
  incorporating said item into a secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.

54. A method of securely delivering an item, including the following steps:
- associating a digital signature with said item, said digital signature including a digital image representation of a handwritten signature of a user associated with said digital signature;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.
- View Dependent Claims (55)
- - 55. A method as in claim 54, further including capturing said digital image representation, said capturing including said user associated with said digital signature using an input device to store a representation of said user'"'"'s handwritten signature.

56. A method of securely delivering an item, including the following steps:
- performing an authentication step;
  
  associating a digital signature with said item;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.
- View Dependent Claims (57, 58)
- - 57. A method as in claim 56, in which said authentication step includes authenticating a suer associated with said digital signature.
  - 58. A method as in claim 57, in which said user associated with said digital signature is at least in part responsible for said transmission of said digital item to said intended recipient.

59. A method of securely delivering an item, including the following step:
- associating an electronic fingerprint with said item, said electronic fingerprint containing a cryptographic key;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.
- View Dependent Claims (60, 61)
- - 60. A method as in claim 59, in which said cryptographic key constitutes a public key associated with a transmitter of said item.
  - 61. A method as in claim 59, further including using said public key to perform at least one decryption, said decryption being performed by a recipient of said item.

62. A method of securely delivering an item, including the following steps:
- associating an electronic fingerprint with said item, said electronic fingerprint container the date of transmission of said item;
  
  incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  in said first protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  authenticating an intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to said intended recipient; and
  
  using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient'"'"'s site.

63. A method of securely delivering an item, including the following steps:
- incorporating said item into a first secure electronic container;
  
  associated a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  providing an address for at least one intended recipient of said item;
  
  transmitting said first secure electronic container and said first rule to an apparatus associated with said intended recipient, said apparatus already storing a second rule, said apparatus including a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
  
  providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule, said governance at least in part using said protected processing environment; and
  
  generating a first digital receipt documenting at least one aspect of said transmission, said generation being governed at least in part by said first rule and by said second rule, said generation occurring at least in part in said protected processing environment.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106)
- - 64. A method as in claim 63, further including selecting a delivery option prior to said transmission step.
  - 65. A method as in claim 64, in which said selected delivery option constitutes direct delivery.
  - 66. A method as in claim 63, in which said selected delivery option constitutes store and forward.
  - 67. A method as in claim 64, in which said selected delivery option constitutes proxy delivery.
  - 68. A method as in claim 63, further including selecting an authentication option prior to said transmission step.
  - 69. A method as in claim 68, in which said selection includes selecting a type of authentication to be used.
  - 70. A method as in claim 63, further including selecting at least one integrity guarantee option prior to said transmission step.
  - 71. A method as in claim 70, in which at least one of said selected integrity guarantee option(s) includes an option relating to a digital signature.
  - 72. A method as in claim 71, in which at least one of said selected integrity guarantee option(s) includes an option relating to an electronic seal.
  - 73. A method as in claim 72, in which said electronic seal is associated with a sender of said item.
  - 74. A method as in claim 63, further including selecting at least one privacy option prior to said transmission step.
  - 75. A method as in claim 74, in which said privacy option at least in part governs the extent to which the recipient of said item will be provided with information relating to the identity or location of the sender of said item.
  - 76. A method as in claim 63, further including selecting at least one use option prior to said transmission step.
  - 77. A method as in claim 76, in which said use option relates to whether and/or to what extent said item may be modified following transmission.
  - 78. A method as in claim 63, further including selecting at least one receipt option prior to said transmission step.
  - 79. A method as in claim 78, in which at least one of said selected receipt options requires that said digital receipt be electronically sent to the sender of said item following receipt of said item by the intended recipient.
  - 80. A method as in claim 78, in which at least one of said selected receipt options requires that a digital receipt be electronically sent to a trusted intermediary following receipt of said item by the intended recipient.
  - 81. A method as in claim 63, further including authenticating said intended recipient, said authentication occurring before said step of providing access to said recipient.
  - 82. A method as in claim 81, in which said recipient authentication step includes presentation of at least some information from a digital certificate associated with said recipient.
  - 83. A method as in claim 81, in which said recipient authentication step includes:
84. A method as in claim 81, in which said recipient authentication step includes the presentation and evaluation of biometric information associated with said recipient.
85. A method as in claim 84, in which said recipient authentication step includes:
- presenting at least one smart card;
  
  accessing information from said smart card; and
  
  comparing said accessed information to expected information.
86. A method as in claim 85, in which said information accessed from said smart card includes information from at least one digital certificate.
87. A method as in claim 81, in which said recipient authentication step includes:
- receiving a digital certificate associated with an intended recipient of said item;
  
  comparing said digital certificate to an expected value;
  
  receiving biometric information associated with an intended recipient of said item; and
  
  comparing said biometric information with an expected value.
88. A method as in claim 63, further including calculation of at least one price associated with delivery of said item.
90. A method as in claim 88, in which said price is calculated at least in part based on the number of items delivered.
91. A method as in claim 88, further including providing at least one payment.
92. A method as in claim 63, in which said first rule is transmitted to said recipient apparatus separately from said transmission of said first secure container containing said item.
93. A method as in claim 63, further including said recipient apparatus obtaining and registering said first rule.
94. A method as in claim 63, further including said recipient apparatus authenticating said received item.
95. A method as in claim 94, in which said recipient apparatus authentication of said received item includes checking at least one digital signature.
96. A method as in claim 94, in which said recipient apparatus authentication of said received item includes checking at least one electronic seal.
97. A method as in claim 96, in which said electronic seal checking step includes decrypting information contained in or associated with said electronic seal.
98. A method as in claim 94, in which said recipient apparatus authentication of said received item includes comparing at least one value to a value received from a trusted intermediary.
99. A method as in claim 95, further including said recipient apparatus associating certain information with said item following said item authentication step.
100. A method as in claim 99, in which said certain information includes a electronic fingerprint.
101. A method as in claim 100, in which said electronic fingerprint includes information at least in part identifying said intended recipient and/or said recipient apparatus.
102. A method as in claim 101, in which said electronic fingerprint includes information at least in part identifying at least one access to or use of said item at said recipient apparatus.
103. A method as in claim 63, further including:
- said recipient apparatus transmitting said first digital receipt to another apparatus, and said intended recipient retransmitting at least a portion of said item to a second recipient, said retransmission being governed at least in part by said first rule.
104. A method as in claim 103, in which said first rule requires the transmission of a second digital receipt in connection with said retransmission.
105. A method as in claim 104, further including transmitting said second digital receipt to at least one apparatus to which said first receipt was transmitted.
106. A method as in claim 63, further including:
- generating audit information relating to said transmission, and reporting said audit information.

89. A method as in clam 88, in which said price is calculated at least in part based on the size of said item.

107. A method of providing trusted intermediary services including the following steps:
- providing a secure communications node on a first network, said secure communications node being connected to said first network and to a second network;
  
  receiving a first item from a node on said first network;
  
  incorporating said first item into a first secure digital container;
  
  associated at least one rule with said first secure digital container, said first rule at least in part governing at least one aspect of access to or use of said first item;
  
  associating authentication information with said first item, transmitting said first secure digital container to an intended recipient of said first item, said intended recipient being located at a node on said second network, receiving a second secure digital container and a second rule from said second network node, removing a second item from said second secure digital container, said removal at least in part occurring under the control of said second rule, and transmitting said second item to said first network node.
- View Dependent Claims (108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125)
- - 108. A method as in claim 107, in which said second network is a publicly accessible network.
  - 109. A method as in claim 108, in which said second network is the internet.
  - 110. A method as in claim 109, in which said authentication association step further includes associating a digital signature with said first item.
  - 111. A method as in claim 110, in which said digital signature includes information at least in part identifying a provider of trusted intermediary services.
  - 112. A method as in claim 107, in which said authentication association step further includes associating hash information with said first item.
  - 113. A method as in claim 112, further including preparing said hash information by applying at least one hash algorithm to at least a portion of said first item.
  - 114. A method as in claim 107, in which said authentication association step further includes associating at least one electronic seal with said first item.
  - 115. A method as in claim 107, in which said authentication association step further includes associating item stamp information with said first item.
  - 116. A method as in claim 107, further including storing information relating to said first item in an archive.
  - 117. A method as in claim 116, in which said information relating to said first item includes at least one digital receipt relating to the transmission of said first item to said intended recipient, and further including the steps of:
118. A method as in claim 116, further including:
- using a hashing algorithm to create a hash value representative of at least a portion of said first item; and
  
  storing said hash value in said archive.
119. A method as in claim 116, in which said information relating to said first item includes information relating to the transmission of said first item to said intended recipient.
120. A method as in claim 107, further including storing at least one rule in a secure archive.
121. A method as in claim 120, in which said step of association of at least one rule with said first secure digital container further includes obtaining at least one rule from said secure archive.
122. A method as in claim 107, further including:
- said secure communications node generating receipt information; and
  
  said secure communications node transmitting said receipt information to said first network node.
123. A method as in claim 122, further including:
- following said transmission of said first secure digital container to said intended recipient, said second network node generating information relating to said transmission;
  
  said second network node transmitting said information relating to said transmission to said secure communications node;
  
  said secure communications node using at least some of said information relating to said transmission in the process of preparing said receipt information.
124. A method as in claim 107, further including:
- performing at least one transaction.
125. A method as in claim 124, in which the participants to said transaction include a user of said first network node and said intended recipient, and said performance step includes:
- said secure communications node receiving information regarding transaction requirements of a first participant to said transaction;
  
  said secure communications node comparing said first participant transaction requirement information to information regarding transaction requirements of a second participant to said transaction; and
  
  said secure communications node communicating the results of said comparison to at least one of said participants.

126. A method of providing trusted intermediary services including the following steps:
- at a first apparatus, receiving an item from a second apparatus;
  
  associating authentication information with said item;
  
  incorporating said item into a secure digital container;
  
  associating a first rule with said secure digital container, said first rule at least in part governing at least one aspect of access to or use of said item;
  
  transmitting said secure digital container and said first rule to a third apparatus, said third apparatus including a protected processing environment at least in part protecting information stored in said protected processing environment from tampering by a user of said third apparatus;
  
  said third apparatus receiving said secure digital container and said first rule;
  
  said third apparatus checking said authentication information; and
  
  said third apparatus performing at least one action on said item, said at least one action being governed, at least in part, by said first rule and by a second rule resident at said third apparatus prior to said receipt of said secure digital container and said first rule, said action governance occurring at least in part in said protected processing environment.
- View Dependent Claims (127, 128, 129, 130, 131)
- - 127. A method as in claim 126, in which said authentication information at least in part identifies said first apparatus and/or a user of said first apparatus.
  - 128. A method as in claim 127, in which said authentication information at least in part identifies said second apparatus and/or a suer of said second apparatus.
  - 129. A method as in claim 128, in which said step of incorporating said item into a secure digital container includes encrypting at least a portion of said item.
  - 130. A method as in claim 129, in which said step of said third apparatus performing at least one action includes decrypting at least a portion of said item.
  - 131. A method as in claim 130, in which said first rule includes a key, and said step of said third apparatus decrypting at least a portion of said item includes said third apparatus gaining access to said key and using said key for at least a portion of said decryption.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Weber, Robert P., Spahn, Francis J., Shear, Victor H., Van Wie, David M.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US09/221,479
Time in Patent Office

771 Days
Field of Search

713/176, 713/167, 705/51-54, 705/77-79
US Class Current

713/176
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/71   to assure secure computing ...

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/102   Bill distribution or payments

G06Q 20/12   specially adapted for elect...

G06Q 20/123 : Shopping for digital content

G06Q 20/1235 : with control of digital rig...

G06Q 20/14 : specially adapted for billi...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/306 : using TV related infrastruc...

G06Q 20/308 : using the Internet of Things

G06Q 2220/16 : Copy protection or prevention

G06Q 30/0273 : Determination of fees for a...

G06Q 30/0283 : Price estimation or determi...

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 30/0609 : Buyer or seller confidence ...

G06Q 40/02 : Banking, e.g. interest calc...

G06Q 40/04 : Trading; Exchange, e.g. sto...

G06Q 40/12 : Accounting

G06Q 50/184 : Intellectual property manag...

G06Q 50/188 : Electronic negotiation

G06T 1/0021 : Image watermarking

G07F 9/026 : for alarm, monitoring and a...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 2463/103 : applying security measure f...

H04L 63/02 : for separating internal fro...

H04L 63/04 : for providing a confidentia...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0442 : wherein the sending and rec...

H04L 63/08 : for authentication of entit...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/10 : for controlling access to d...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/16 : Implementing security featu...

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 9/006 : involving public key infras...

H04L 9/0819 : Key transport or distributi...

H04L 9/0838 : Key agreement, i.e. key est...

H04L 9/0861 : Generation of secret inform...

H04L 9/3218 : using proof of knowledge, e...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04N 2005/91364 : the video signal being scra...

H04N 21/2347 : involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/235 : Processing of additional da...

H04N 21/2362 : Generation or processing of...

H04N 21/2541 : Rights Management protectin...

H04N 21/2543 : Billing , e.g. for subscrip...

H04N 21/2547 : Third Party Billing, e.g. b...

H04N 21/25875 : involving end-user authenti...

H04N 21/4143 : embedded in a Personal Comp...

H04N 21/42646 : for reading from or writing...

H04N 21/4325 : by playing back content fro...

H04N 21/4345 : Extraction or processing of...

H04N 21/435 : Processing of additional da...

H04N 21/4405 : involving video stream decr...

H04N 21/44204 : Monitoring of content usage...

H04N 21/443 : OS processes, e.g. booting ...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 21/6581 : Reference data, e.g. a movi...

H04N 21/8166 : involving executable data, ...

H04N 21/835 : Generation of protective da...

H04N 21/8355 : involving usage data, e.g. ...

H04N 21/83555 : using a structured language...

H04N 21/8358 : involving watermark protect...

H04N 5/913 : for scrambling ; for copy p...

H04N 7/162 : Authorising the user termin...

H04N 7/163 : by receiver means only

H04N 7/17309 : Transmission or handling of...

View All

Trusted and secure techniques, systems and methods for item delivery and execution

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

1769 Citations

131 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted and secure techniques, systems and methods for item delivery and execution

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1769 Citations

131 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links