Systems and methods for the secure transaction management and electronic rights protection
DCFirst Claim
1. A method comprising:
- receiving a digital file including music;
storing said digital file in a first secure memory of a first device;
storing information associated with said digital file in a secure database stored on said first device, said information including at least one budget control and at least one copy control, said at least one budget control including a budget specifying the number of copies which can be made of said digital file; and
said at least one copy control controlling the copies made of said digital file;
determining whether said digital file may be copied and stored on a second device based on at least said copy control;
if said copy control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
including playing said music through said audio output.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”
1642 Citations
72 Claims
-
1. A method comprising:
-
receiving a digital file including music;
storing said digital file in a first secure memory of a first device;
storing information associated with said digital file in a secure database stored on said first device, said information including at least one budget control and at least one copy control, said at least one budget control including a budget specifying the number of copies which can be made of said digital file; and
said at least one copy control controlling the copies made of said digital file;
determining whether said digital file may be copied and stored on a second device based on at least said copy control;
if said copy control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
including playing said music through said audio output. - View Dependent Claims (2, 3, 4, 5, 6)
at a time substantially contemporaneous with said transferring step, recording in said first device information indicating that said transfer has occurred.
-
-
3. A method as in claim 2, in which:
said information indicating that said transfer has occurred includes an encumbrance on said budget.
-
4. A method as in claim 3, in which:
said encumbrance operates to reduce the number of copies of said digital file authorized by said budget.
-
5. A method as in claim 4, further comprising:
-
at some point after said transferring step, taking at least one action to render said copy of said digital file unuseable at said second device; and
at said first digital device, removing said encumbrance on said budget, said removal including increasing the number of copies of said digital file authorized by said budget.
-
-
6. A method as in claim 5, in which:
-
said budget authorizes one copy prior to said encumbrance;
said budget authorizes zero copies during said encumbrance; and
said budget authorizes one copy following removal of said encumbrance.
-
-
7. A method comprising:
-
receiving a digital file stored on a video disk;
storing said digital file in a first secure memory of a first device;
storing budget information associated with said digital file in a secure database stored on said first device, said budget information relating to permitted uses of said digital file and including at least one control, said budget information having been received on a video disk;
determining whether said digital file may be copied and stored on a second device based on said at least one control;
if said at least one control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device, after checking said budget to determine if said transferring step is authorized;
including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
rendering said digital file through said output. - View Dependent Claims (8, 9, 10)
said video disk includes identification information identifying said video disk;
said first device includes identification information identifying said first device; and
said second device includes identification information identifying said second device.
-
-
9. A method as in claim 8, in which:
said digital file is stored in an encrypted form on said video disk.
-
10. A method as in claim 9, in which:
-
said digital file is transferred to said second device in an encrypted form;
and further comprising;
prior to said rendering step, decrypting said digital file at said second device;
said decryption based, at least in part, on use of said second device identification information as a key.
-
-
11. A method comprising:
-
receiving a digital file;
storing said digital file in a first secure memory of a first device;
storing information associated with said digital file in a secure database stored on said first device, said information including a first control;
determining whether said digital file may be copied and stored on a second device based on said first control, said determining step including identifying said second device and determining whether said first control allows transfer of said copied file to said second device, said determination based at least in part on the features present at the device to which said copied file is to be transferred;
if said first control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
rendering said digital file through said output.
-
-
12. A method comprising:
-
receiving a digital file;
storing said digital file in a first secure memory of a first device;
storing information associated with said digital file in a secure database stored on said first device, said information including at least one control, said step of storing information being performed during a process of registering said digital file at said first device, said registering process further comprising storing information identifying at least one authorized user of said digital file;
determining whether said digital file may be copied and stored on a second device based on said at least one control;
if said at least one control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
rendering said digital file through said output. - View Dependent Claims (13, 14)
said transferring step includes copying said information identifying said at least one authorized user and transferring said copied information to said second device.
-
-
14. A method as in claim 13, further comprising:
prior to said rendering step, using said transferred information identifying said at least one authorized user to determine whether the user of said second device is an authorized user.
-
15. A method comprising:
-
receiving a digital file;
an authentication step comprising;
accessing at least one identifier associated with a first device or with a user of said first device; and
determining whether said identifier is associated with a device and/or user authorized to store said digital file;
storing said digital file in a first secure memory of said first device, but only if said device and/or user is so authorized, but not proceeding with said storing if said device and/or user is not authorized;
storing information associated with said digital file in a secure database stored on said first device, said information including at least one control;
determining whether said digital file may be copied and stored on a second device based on said at least one control;
if said at least one control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output;
storing said digital file in said memory of said second device; and
rendering said digital file through said output. - View Dependent Claims (16, 17)
said digital file is received in an encrypted form;
and further comprising;
decrypting said digital file after said authentication step and before said step of storing said digital file in said memory of said first device.
-
-
17. A method as in claim 16, in which:
said identifier is used as a key in said decrypting step.
-
18. A method comprising:
-
receiving a digital file;
storing said digital file in a first secure memory of a first device;
storing information associated with said digital file in a secure database stored on said first device, said information including at least one control;
determining whether said digital file may be copied and stored on a second device based on said at least one control;
if said at least one control allows at least a portion of said digital file to be copied and stored on a second device, copying at least a portion of said digital file;
transferring at least a portion of said digital file to a second device including a memory and an audio and/or video output, the portion of said digital file transferred to said second device representing a version of said digital file which, when rendered at said second device, provides a level of quality lower than the level of quality provided when said digital file is rendered at said first device;
storing said digital file in said memory of said second device; and
rendering said digital file through said output.
-
-
19. A method comprising:
-
receiving a digital file at a first device;
establishing communication between said first device and a clearinghouse located at a location remote from said first device;
said first device obtaining authorization information including a key from said clearinghouse;
said first device using said authorization information to gain access to or make at least one use of said first digital file, including using said key to decrypt at least a portion of said first digital file; and
receiving a first control from said clearinghouse at said first device;
storing said first digital file in a memory of said first device;
using said first control to determine whether said first digital file may be copied and stored on a second device;
if said first control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
transferring at least a portion of said first digital file to a second device including a memory and an audio and/or video output;
storing said first digital file portion in said memory of said second device; and
rendering said first digital file portion through said output. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
prior to said step of receiving said first digital file at said first device, storing said first digital file on a portable memory, said step of storing said first digital file in a memory of said first device further comprising copying said first digital file from said portable memory to said memory of said first device.
-
-
21. A method as in claim 20, in which:
said portable memory constitutes a disk.
-
22. A method as in claim 21, in which:
said disk constitutes an optical disk.
-
23. A method as in claim 22, in which:
said step of storing said first digital file on a portable memory further comprises storing at least one identifier on said portable memory.
-
24. A method as in claim 23, in which:
said identifier constitutes an identification of a user authorized to use said first digital file.
-
25. A method as in claim 23, in which:
said identifier constitutes an identification of said first device.
-
26. A method as in claim 23, in which:
said identifier is used as a key in said decryption step.
-
27. A method as in claim 22, in which,
said first digital file includes music; - and
said rendering step includes playing said music through said audio output.
- and
-
28. A method as in claim 27 in which:
said transferring step includes transferring at least a second control to said memory of said second device.
-
29. A method as in claim 28 in which:
said second control restricts at least one use which may be made of said first digital file at said second device.
-
30. A method as in claim 29, in which:
said second control operates to prohibit copying of said first digital file at said second device.
-
31. A method as in claim 30, in which:
at least one budget is stored at said first device.
-
32. A method as in claim 31, in which:
said budget specifies the number of copies which may be made of said first digital file.
-
33. A method as in claim 32, further comprising:
-
at a time prior to said transferring step, checking said budget to determine whether said budget is sufficient for said transfer; and
proceeding with said transfer if said budget is sufficient for said transfer.
-
-
34. A method as in claim 33, further comprising:
at a time substantially contemporaneous with said transferring step, recording in said first device information indicating that said transfer has occurred.
-
35. A method as in claim 34, in which:
said information indicating that said transfer has occurred includes an encumbrance on said budget.
-
36. A method as in claim 35, in which:
said encumbrance operates to reduce the number of copies of said first digital file authorized by said budget.
-
37. A method as in claim 36, further comprising:
-
at some point after said transferring step, taking at least one action to render said copy of said first digital file unuseable at said second device; and
at said first digital device, removing said encumbrance on said budget, said removal including increasing the number of copies of said first digital file authorized by said budget.
-
-
38. A method as in claim 37, in which:
-
said budget authorizes one copy prior to said encumbrance;
said budget authorizes zero copies during said encumbrance; and
said budget authorizes one copy following removal of said encumbrance.
-
-
39. A method as in claim 33, in which:
said step of establishing communication further comprises said first device receiving said budget from said clearinghouse.
-
40. A method as in claim 33, further comprising:
-
prior to said step of receiving said first digital file at said first device, storing said budget on said portable memory, and copying said budget from said portable memory to a memory of said first device.
-
-
41. A method as in claim 37, in which:
said second device is a portable device.
-
42. A method as in claim 40, in which,
said second device includes identification information identifying said second device; - and
at least one of said controls transferred to said second device operates to restrict use of said transferred first digital file so that it can only be used on said second device.
- and
-
43. A method as in claim 42, in which:
-
said first digital file is transferred to said second device in an encrypted form;
and further comprising;
prior to said rendering step, decrypting said first digital file at said second device;
said decryption based, at least in part, on use of said second device identification information as a key.
-
-
44. A method as in claim 37, in which:
said at least one action comprises deleting said first digital file from said memory of said second device.
-
45. A method as in claim 37, in which:
said at least one action comprises setting an indication, following which said second device will not render said first digital file until said indication is reset.
-
46. A method as in claim 42, further comprising:
-
prior to said step of receiving said first digital file at said first device, placing said first digital file into a first secure container; and
sending said first secure container to said first device.
-
-
47. A method as in claim 46, in which:
said step of storing said first digital file in a memory of said first device further comprises removing said first digital file from said first secure container.
-
48. A method as in claim 46, in which:
said step of storing said first digital file in a memory of said first device further comprises storing said first secure container in said memory of said first device.
-
49. A method as in claim 48, in which:
-
said step of transferring at least a portion of said first digital file to a second device further comprises;
removing said portion of said first digital file from said first secure container;
inserting said portion of said first digital file into a second secure container; and
transferring said second secure container to said second device.
-
-
50. A method as in claim 49, in which:
-
said first secure container further comprises at least one control used for governing access to or use of said first digital file while said first digital file is contained in said first secure container; and
said second secure container further comprises at least one control used for governing access to or use of said first digital file portion while said first digital file portion is contained in said second secure container.
-
-
51. A method comprising:
-
receiving a digital file at a first device;
establishing communication between said first device and a clearinghouse located at a location remote from said first device;
said first device obtaining authorization information from said clearinghouse; and
said first device using said authorization information to gain access to or make at least one use of said first digital file;
storing said first digital file in a memory of said first device;
using at least a first control to determine whether said first digital file may be copied and stored on a second device, said determination based at least in part on (1) identification information regarding said second device, and (2) the functional attributes of said second device;
if, based at least in part on said identification information, said first control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
transferring at least a portion of said first digital file to a second device including a memory and an audio and/or video output;
storing said first digital file portion in said memory of said second device; and
rendering said first digital file portion through said output.
-
-
52. A method comprising:
-
receiving a first digital file at a first device;
registering said first digital file at said first device;
said registering process further comprising storing information identifying. at least one authorized user of said first digital file;
establishing communication between said first device and a clearinghouse located at a location remote from said first device;
said first device obtaining authorization information from said clearinghouse; and
said first device using said authorization information to gain access to or make at least one use of said first digital file;
storing said first digital file in a memory of said first device;
using at least a first control to determine whether said first digital file may be copied and stored on a second device;
if said first control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
transferring at least a portion of said first digital file to a second device including a memory and an audio and/or video output;
storing said first digital file portion in said memory of said second device; and
rendering said first digital file portion through said output. - View Dependent Claims (53, 54)
said step of transferring said first digital file portion to said second device further comprises storing information identifying at least one authorized user of said first digital file portion at said second device.
-
-
54. A method as in claim 53, further comprising:
prior to said rendering step, using said information identifying said at least one authorized user to determine whether the user of said second device is an authorized user.
-
55. A method comprising:
-
receiving a digital file at a first device;
establishing communication between said first device and a clearinghouse located at a location remote from said first device;
said first device obtaining authorization information from said clearinghouse; and
said first device using said authorization information to gain access to or make at least one use of said first digital file;
an authentication step comprising;
accessing at least one identifier associated with said first device or with a user of said first device;
determining whether said identifier is associated with a device and/or user authorized to store said first digital file;
storing said first digital file in a memory of said first device if said device and/or user is so authorized, but not proceeding with said storing if said device and/or user is not authorized;
using at least a first control to determine whether said first digital file may be copied and stored on a second device;
if said first control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
transferring at least a portion of said first digital file to a second device including a nonvolatile random access memory, a tamper-resistant housing, a battery and an audio and/or video output;
storing said first digital file portion in said nonvolatile random access memory of said second device; and
rendering said first digital file portion through said output. - View Dependent Claims (56, 57)
said authentication step occurs at least in part under the control of at least one control received from said clearinghouse.
-
-
57. A method as in claim 56, in which:
said identifier is used as a key in said decrypting step.
-
58. A method comprising:
-
receiving a digital file at a first device;
establishing communication between said first device and a clearinghouse located at a location remote from said first device;
said first device obtaining authorization information from said clearinghouse; and
said first device using said authorization information to gain access to or make at least one use of said first digital file;
storing said first digital file in a memory of said first device;
using at least a first control to determine whether said first digital file may be copied and stored on a second device;
if said first control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first dig file;
transferring at least a portion of said first digital file to a second device including a memory and an audio and/or video output, said transferred portion representing a version of said first digital file which, when rendered at said second device, provides a level of quality lower than the level of quality provided when said first digital file is rendered at said first device;
storing said first digital file portion in said memory of said second device; and
rendering said first digital file portion through said output.
-
-
59. A method comprising:
-
storing a first digital file and a first control in a first secure container, said first secure container being stored on a first portable memory disk, said first control constituting a first budget which allows a single copy to be made of said first digital file or a portion thereof;
receiving said first portable memory disk including said first secure container at a first device;
establishing communication between said first device and a first clearinghouse located at a location remote from said first device;
obtaining information from said first clearinghouse;
said first device using said information to gain access to or make at least one use of said first digital file;
removing said first digital file from said first secure container;
storing said first digital file in a memory of said first device;
storing a second digital file and a second control in a second secure container, said second secure container being stored on a second portable memory disk different from said first portable memory disk, said second control constituting a second budget which allows a single copy to be made of said second digital file or a portion thereof;
receiving said second portable memory disk including said second secure container at said first device;
establishing communication between said first device and a second clearinghouse located at a location remote from said first device, said first device obtaining information from said second clearinghouse and said first device using said information to gain access to or make at least one use of said second digital file;
removing said second digital file from said second secure container;
storing said second digital file in a memory of said first device;
using at least a third control to determine whether some or all of said first digital file may be copied and stored on a second device;
if said third control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
storing said first digital file portion in a third secure container, said third secure container including said first digital file portion and at least one control governing at least one aspect of use or access to any file contained within said third secure container using at least a fourth control to determine whether some or all of said second digital file may be copied and stored on said second device;
if said fourth control allows at least a portion of said second digital file to be copied and stored on said second device, copying at least a portion of said second digital file;
storing said second digital file portion in said third secure container;
transferring said third secure container including said first digital file portion and said second digital file portion to said second device including a memory and an audio and/or video output, at least one of said third secure container controls prohibits a user of said second device from making copies of said first digital file portion and said second digital file portion while said first digital file portion and said second digital file portion are stored in said memory of said second device;
storing said first digital file portion and said second digital file portion in said memory of said second device while said first digital file portion is also stored in said memory; and
rendering said first or said second digital file portion through said output.
-
-
60. A method comprising:
- storing a first digital file and a first control in a first secure container, said first control constituting a first budget which governs the number of copies which may be made of said first digital file or a portion of said first digital file while said first digital file is contained in said first secure container, said first secure container being stored on a first portable memory disk;
receiving said first portable memory disk including said first secure container at a first device;
establishing communication between said first device and a first clearinghouse located at a location remote from said first device;
obtaining information from said first clearinghouse;
said first device using said information to gain access to or make at least one use of said first digital file;
removing said first digital file from said first secure container;
storing said first digital file in a memory of said first device;
storing a second digital file and a second control in a second secure container, said second control constituting a second budget which controls the number of copies which may be made of said second digital file or a portion of said second digital file while said second digital file is contained in said second secure container, said second secure container being stored on a second portable memory disk different from said first portable memory disk;
receiving said second portable memory disk including said second secure container at said first device;
establishing communication between said first device and a second clearinghouse located at a location remote from said first device, said first device obtaining information from said second clearinghouse and said first device using said information to gain access to or make at least one use of said second digital file;
removing said second digital file from said second secure container;
storing said second digital file in a memory of said first device;
using at least a third control to determine whether some or all of said first digital file may be copied and stored on a second device;
if said third control allows at least a portion of said first digital file to be copied and stored on a second device, copying at least a portion of said first digital file;
storing said first digital file portion in a third secure container, said third secure container including said first digital file portion and at least one control governing at least one aspect of use or access to any file contained within said third secure container;
using at least a fourth control to determine whether some or all of said second digital file may be copied and stored on a second device including a memory and an audio and/or video output;
if said fourth control allows at least a portion of said second digital file to be copied and stored on said second device, copying at least a portion of said second digital file;
storing said second digital file portion in said third secure container;
transferring said third secure container including said first digital file portion and said second digital file portion to said second device, at least one of said third secure container controls prohibits a user of said second device from making copies of said first digital file portion and said second digital file portion while said first digital file portion and said second digital file portion are stored in said memory of said second device;
substantially contemporaneously with said step of transferring said first digital file portion to said second device, placing a first encumbrance on said first budget, said first encumbrance reducing the number of copies which may be made of said first digital file portion;
substantially contemporaneously with said step of transferring said second digital file portion to said second device, placing a second encumbrance on said second budget, said second encumbrance reducing the number of copies which may be made of said second digital file portion;
storing said first digital file portion in said memory of said second device;
storing said second digital file portion in said memory of said second device while said first digital file portion is also stored in said memory; and
rendering said first or said second digital file portion through said output. - View Dependent Claims (61, 62, 63)
said first encumbrance and said second encumbrance each reduce said number of copies to zero. -
62. A method as in claim 60, further comprising:
-
at some point following said transfer of said first digital file portion to said second device, taking at least one action so that said first digital file portion may no longer be used at said second device, and following said action, removing said first encumbrance on said first budget.
-
-
63. A method as in claim 62, further comprising:
-
at some point following said transfer of said second digital file portion to said second device, taking at least one action so that said second digital file portion may no longer be used at said second device, and following said action, removing said second encumbrance on said second budget.
-
- storing a first digital file and a first control in a first secure container, said first control constituting a first budget which governs the number of copies which may be made of said first digital file or a portion of said first digital file while said first digital file is contained in said first secure container, said first secure container being stored on a first portable memory disk;
-
64. A method of operating a portable rights management system, including the steps of:
-
providing a protected processing environment in a tamper-resistant, portable, hardware housing arrangement;
operatively coupling said housing arrangement to an electronic appliance arrangement including a speaker;
ensuring secure communications between said housing arrangement and said appliance arrangement, including confirming the identity of both arrangements and/or users of such arrangements;
communicating from said housing arrangement information for use, at least in part, in controlling at least one process operating, at least in part, on said electronic appliance arrangement;
securely recording, in said housing arrangement, information derived from, at least in part, secure communications between said housing arrangement and said appliance arrangement and/or said at least one operating process;
storing a first digital file in said protected processing environment;
storing a first control in said protected processing environment, said first control governing at least one aspect of access to or use of at least a portion of said first digital file;
storing a first budget in said protected processing environment, said first budget specifying a number of copies which may be made of said first digital file or a portion thereof;
communicating a copy of at least a portion of said first digital file from said hardware housing arrangement to said electronic appliance arrangement; and
outputting said first digital file at least in part through said speaker. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72)
said number of copies is one.
-
-
66. A method as in claim 64, in which:
-
said communicating step further comprises communicating at least a second control to said electronic appliance arrangement; and
using said second control to govern at least one aspect of access or use of said first digital file portion while said first digital file portion is stored at said electronic appliance arrangement.
-
-
67. A method as in claim 66, in which:
said second control prohibits further copying of said first digital file portion while said first digital file portion is stored at said electronic appliance arrangement.
-
68. A method as in claim 67, further comprising:
at a point substantially contemporaneous with said communication of said first digital file portion to said electronic appliance arrangement, placing an encumbrance on said first budget.
-
69. A method as in claim 68, in which:
said encumbrance reduces the number of copies allowed by said first budget.
-
70. A method as in claim 69, in which:
said encumbrance reduces the number of copies allowed by said first budget to zero.
-
71. A method as in claim 69, further comprising;
following said communication of said first digital file portion to said electronic appliance arrangement, taking at least one action to render said first digital file portion unuseable at said electronic appliance arrangement.
-
72. A method as in claim 71, further comprising:
following or substantially contemporaneous with said action, removing said encumbrance from said first budget.
Specification