Sipponen, Juha-pekka (Espoo, FI)
Ylitalo, Tapio (Espoo, FI)
Plaque It!
|
| 4114139 | Security controlled information exchange system | September, 1978 | Boyd et al. | |
| 4227253 | Cryptographic communication security for multiple domain networks | October, 1980 | Ehrsam et al. | |
| 4577289 | Hardware key-on-disk system for copy-protecting magnetic storage media | March, 1986 | Comerford et al. | |
| 4644493 | Implementing a shared higher level of privilege on personal computers for copy protection of software | February, 1987 | Chandra et al. | |
| 4714992 | Communication for version management in a distributed information service | December, 1987 | Gladney et al. | |
| 4757534 | Code protection using cryptography | July, 1988 | Matyas et al. | |
| 4817140 | Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor | March, 1989 | Chandra et al. | |
| 4866769 | Hardware assist for protecting PC software | September, 1989 | Karp | |
| 4888798 | Modular software security | December, 1989 | Earnest | |
| 4903296 | Implementing a shared higher level of privilege on personal computers for copy protection of software | February, 1990 | Chandra et al. | |
| 4930073 | Method to prevent use of incorrect program version in a computer system | May, 1990 | Cina, Jr. | |
| 5048085 | Transaction system security method and apparatus | September, 1991 | Abraham et al. | |
| 5109413 | Manipulating rights-to-execute in connection with a software copy protection mechanism | April, 1992 | Comerford et al. | |
| 5146575 | Implementing privilege on microprocessor systems for use in software asset protection | September, 1992 | Nolan, Jr. | |
| 5148481 | Transaction system security method and apparatus | September, 1992 | Abraham et al. | |
| 5224166 | System for seamless processing of encrypted and non-encrypted data and instructions | June, 1993 | Hartman, Jr. | |
| 5263158 | Method and system for variable authority level user access control in a distributed data processing system having multiple resource manager | November, 1993 | Janis | |
| 5276901 | System for controlling group access to objects using group access control folder and group identification as individual user | January, 1994 | Howell et al. | |
| 5287407 | Computer software protection | February, 1994 | Holmes | |
| 5310705 | High-field magnets using high-critical-temperature superconducting thin films | May, 1994 | Mitlitsky et al. | |
| 5349643 | System and method for secure initial program load for diskless workstations | September, 1994 | Cox et al. | |
| 5365587 | Self modifying access code for altering capabilities | November, 1994 | Campbell et al. | |
| 5381480 | System for translating encrypted data | January, 1995 | Butter et al. | |
| 5392351 | Electronic data protection system | February, 1995 | Hasebe et al. | |
| 5414852 | Method for protecting data in a computer system | May, 1995 | Kramer et al. | |
| 5421011 | Method and system for access and accounting control in a data processing system by using a single resource account for a user or a group of users | May, 1995 | Camillone et al. | |
| 5423042 | Remote procedure execution | June, 1995 | Jalili et al. | |
| 5442771 | Method for storing data in an interactive computer network | August, 1995 | Filepp et al. | |
| 5454000 | Method and system for authenticating files | September, 1995 | Dorfman | |
| 5457746 | System and method for access control for portable data storage media | October, 1995 | Dolphin | |
| 5490270 | Simultaneous updates to the modification time attribute of a shared file in a cluster having a server and client nodes | February, 1996 | Devarakonda et al. | |
| 5491750 | Method and apparatus for three-party entity authentication and key distribution using message authentication codes | February, 1996 | Bellare et al. | |
| 5495533 | Personal key archive | February, 1996 | Linehan et al. | |
| 5497491 | System and method for importing and exporting data between an object oriented computing environment and an external computing environment | March, 1996 | Mitchell et al. | |
| 5500897 | Client/server based secure timekeeping system | March, 1996 | Hartman, Jr. | |
| 5504757 | Method for selecting transmission speeds for transmitting data packets over a serial bus | April, 1996 | Cook et al. | |
| 5509070 | Method for encouraging purchase of executable and non-executable software | April, 1996 | Schull | |
| 5528759 | Method and apparatus for correlating network management report messages | June, 1996 | Moore | |
| 5530235 | Interactive contents revealing storage device | June, 1996 | Stefik et al. | |
| 5530920 | Automatic output level control system for multi-carrier radio transmission apparatus | June, 1996 | Takeda | |
| 5532920 | Data processing system and method to enforce payment of royalties when copying softcopy books | July, 1996 | Hartrick et al. | |
| 5535322 | Data processing system with improved work flow system and method | July, 1996 | Hecht | |
| 5537642 | Method for authenticating messages passed between tasks | July, 1996 | Iowny et al. | |
| 5539826 | Method for message authentication from non-malleable crypto systems | July, 1996 | Dwork et al. | |
| 5539828 | Apparatus and method for providing secured communications | July, 1996 | Davis | |
| 5542046 | Server entity that provides secure access to its resources through token validation | July, 1996 | Carlson et al. | |
| 5546573 | Specification of cultural bias in database manager | August, 1996 | Obermann et al. | |
| 5560008 | Remote authentication and authorization in a distributed data processing system | September, 1996 | Johnson et al. | |
| 5563946 | Method and apparatus for enabling trial period use of software products: method and apparatus for passing encrypted files between data processing systems | October, 1996 | Cooperr et al. | |
| 5564038 | Method and apparatus for providing a trial period for a software license product using a date stamp and designated test period | October, 1996 | Grantz et al. | |
| 5564040 | Method and apparatus for providing a server function in a logically partitioned hardware machine | October, 1996 | Kubala | |
| 5598470 | Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block | January, 1997 | Cooper et al. | |
| 5629980 | System for controlling the distribution and use of digital works | May, 1997 | Stefik et al. | |
| 5634012 | System for controlling the distribution and use of digital works having a fee reporting mechanism | May, 1997 | Stefik et al. | |
| 5636277 | System for licensing to use software products | June, 1997 | Nagahama | |
| 5638443 | System for controlling the distribution and use of composite digital works | June, 1997 | Stefik et al. | |
| 5642515 | Network server for local and remote resources | June, 1997 | Jones et al. | |
| 5652908 | Method and apparatus for establishing communications sessions in a remote resource control environment | July, 1997 | Douglas et al. | |
| 5661800 | Method and manufacture for preventing unauthorized use by judging the corresponding relationship between logical and physical addresses | August, 1997 | Nakashima et al. | |
| 5663896 | Broadcast key distribution apparatus and method using Chinese Remainder | September, 1997 | Aucsmith | |
| 5671360 | Project management tool implementing authority for a people oriented work environment tool | September, 1997 | Hambrick et al. | |
| 5673315 | Method and system for software asset usage detection and management | September, 1997 | Wolf | |
| 5673316 | Creation and distribution of cryptographic envelope | September, 1997 | Auerbach et al. | |
| 5677953 | System and method for access control for portable data storage media | October, 1997 | Dolphin | |
| 5689560 | Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy user interaction | November, 1997 | Cooper et al. | |
| 5692190 | Bios emulation of a hard file image as a diskette | November, 1997 | Williams | |
| 5703951 | System and method for access data control | December, 1997 | Dolphin | |
| 5706349 | Authenticating remote users in a distributed environment | January, 1998 | Aditham et al. | |
| 5712914 | Digital certificates containing multimedia data extensions | January, 1998 | Aucsmith et al. | |
| 5715403 | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar | February, 1998 | Stefik | |
| 5719943 | Digital information signal transmitting/receiving method and system | February, 1998 | Amada et al. | |
| 5721777 | Escrow key management system for accessing encrypted data with portable cryptographic modules | February, 1998 | Blaze | |
| 5721943 | Negotiable locks for concurrent access of control data by multiple programs | February, 1998 | Johnson | |
| 5734719 | Digital information accessing, delivery and production system | March, 1998 | Tsevdos et al. | |
| 5737416 | Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub | April, 1998 | Cooper et al. | |
| 5757417 | Method and apparatus for screening audio-visual materials presented to a subscriber | May, 1998 | Aras et al. | |
| 5757907 | Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification | May, 1998 | Cooper et al. | |
| 5757908 | Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing an encryption header | May, 1998 | Cooper et al. | |
| 5757915 | Parameterized hash functions for access control | May, 1998 | Aucsmith et al. | |
| 5758068 | Method and apparatus for software license management | May, 1998 | Brandt et al. | |
| 5768568 | System and method for initializing an information processing system | June, 1998 | Inui et al. | |
| 5771347 | Apparatus and method to allow a user a trial period before licensing a software program product | June, 1998 | Grantz et al. | |
| 5787169 | Method and apparatus for controlling access to encrypted data files in a computer system | July, 1998 | Eldridge et al. | |
| 5805712 | Apparatus and method for providing secured communications | September, 1998 | Davis | |
| 5825877 | Support for portable trusted software | October, 1998 | Dan et al. | |
| 5825892 | Protecting images with an image watermark | October, 1998 | Braudaway et al. | |
| 5832119 | Methods for controlling systems using control signals embedded in empirical data | November, 1998 | Rhoads | |
| 5836011 | Implementation of teams and roles within a people oriented work environment | November, 1998 | Hambrick et al. | |
| 5845281 | Method and system for managing a data object so as to comply with predetermined conditions for usage | December, 1998 | Benson et al. | |
| 5852800 | Method and apparatus for user controlled modulation and mixing of digitally stored compressed data | December, 1998 | Modeste et al. | |
| 5859973 | Methods, system and computer program products for delayed message generation and encoding in an intermittently connected data communication system | January, 1999 | Carpenter et al. | |
| 5862325 | Computer-based communication system and method using metadata defining a control structure | January, 1999 | Reed et al. | |
| 5870543 | System for preventing unauthorized copying of active software | February, 1999 | Ronning | |
| 5875249 | Invisible image watermark for image verification | February, 1999 | Mintzer et al. | |
| 5878144 | Digital certificates containing multimedia data extensions | March, 1999 | Aucsmith et al. | |
| 5878218 | Method and system for creating and utilizing common caches for internetworks | March, 1999 | Maddalozzo, Jr. et al. | |
| 5883954 | Self-launching encrypted try before you buy software distribution system | March, 1999 | Ronning | |
| 5883955 | On-line try before you buy software distribution system | March, 1999 | Ronning | |
| 5883958 | Method and device for data decryption, a method and device for device identification, a recording medium, a method of disk production, and a method and apparatus for disk recording | March, 1999 | Ishiguro et al. | |
| 5887060 | Central database system for automatic software program sales | March, 1999 | Ronning | |
| 5892900 | Systems and methods for secure transaction management and electronic rights protection | April, 1999 | Ginter et al. | |
| 5903647 | Self-launching encrypted digital information distribution system | May, 1999 | Ronning | |
| 5907617 | Try before you buy software distribution and marketing system | May, 1999 | Ronning | |
| 5910987 | Systems and methods for secure transaction management and electronic rights protection | June, 1999 | Ginter et al. | |
| 5915018 | Key management system for DVD copyright management | June, 1999 | Aucsmith | |
| 5915019 | Systems and methods for secure transaction management and electronic rights protection | June, 1999 | Ginter et al. | |
| 5917908 | File protection system, software utilization system using the file protection system and storage medium used in the software utilization system | June, 1999 | Takenaka et al. | |
| 5917910 | Encrypting method and apparatus, recording method, decrypting method and apparatus, and recording medium | June, 1999 | Ishiguro et al. | |
| 5917912 | System and methods for secure transaction management and electronic rights protection | June, 1999 | Ginter et al. | |
| 5920861 | Techniques for defining using and manipulating rights management data structures | July, 1999 | Hall et al. | |
| 5943422 | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels | August, 1999 | Van Wie et al. | |
| 5949876 | Systems and methods for secure transaction management and electronic rights protection | September, 1999 | Ginter et al. | |
| 5949877 | Content protection for transmission systems | September, 1999 | Traw et al. | |
| 5963944 | System and method for distributing and indexing computerized documents using independent agents | October, 1999 | Adams | |
| 5978482 | Method and system for protection of digital information | November, 1999 | Dwork et al. | |
| 5982891 | Systems and methods for secure transaction management and electronic rights protection | November, 1999 | Ginter et al. | |
| 5987440 | Personal information security and exchange tool | November, 1999 | O'Neil et al. | |
| 5991399 | Method for securely distributing a conditional use private key to a trusted entity on a remote system | November, 1999 | Graunke et al. | |
| 5991499 | Data recording apparatus and method for preventing illegal copying | November, 1999 | Yagasaki et al. | |
| 6003135 | Modular security device | December, 1999 | Bialick et al. | |
| 6005643 | Data hiding and extraction methods | December, 1999 | Morimoto et al. | |
| 6006332 | Rights management system for digital media | December, 1999 | Rabne et al. | |
| 6009401 | Relicensing of electronically purchased software | December, 1999 | Horstmann | |
| 6009525 | Multi-tier electronic software distribution | December, 1999 | Horstmann | |
| 6014442 | Decrypting method and electronic device | January, 2000 | Enari | |
| 6023764 | Method and apparatus for providing security certificate management for Java Applets | February, 2000 | Curtis | |
| 6028541 | Lossless data compression with low complexity | February, 2000 | Levine | |
| 6038316 | Method and system for protection of digital information | March, 2000 | Dwork et al. | |
| 6043763 | Lossless data compression with low complexity | March, 2000 | Levine | |
| 6044205 | Communications system for transferring information between memories according to processes transferred with the information | March, 2000 | Reed et al. | |
| 6055314 | System and method for secure purchase and delivery of video content programs | April, 2000 | Spies et al. | |
| 6055503 | Software program self-modification | April, 2000 | Horstmann | |
| 6075971 | Method and apparatus for providing and monitoring coupons via a network | June, 2000 | Williams et al. | |
| 6088717 | Computer-based communication system and method using metadata defining a control-structure | July, 2000 | Reed et al. | |
| 6088802 | Peripheral device with integrated security functionality | July, 2000 | Bialick et al. | |
| 6112181 | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information | August, 2000 | Shear et al. | |
| 6125348 | Lossless data compression with low complexity | September, 2000 | Levine | |
| 6134551 | Method of caching digital certificate revocation lists | October, 2000 | Aucsmith | |
| 6135646 | System for uniquely and persistently identifying, managing, and tracking digital objects | October, 2000 | Kahn et al. | |
| 6167093 | Method and apparatus for encoding the information, method and apparatus for decoding the information and method for information transmission | December, 2000 | Tsutsui et al. | |
| 6175626 | Digital certificates containing multimedia data extensions | January, 2001 | Aucsmith et al. | |
| 6182218 | Digital content management system using electronic watermark | January, 2001 | Saito | |
| 6185684 | Secured document access control using recipient lists | February, 2001 | Pravetz et al. | |
| 6189008 | Dynamic digital asset management | February, 2001 | Easty et al. | |
| 6189097 | Digital Certificate | February, 2001 | Tycksen, Jr. et al. | |
| 6202056 | Method for computer network operation providing basis for usage fees | March, 2001 | Nuttall | |
| 6205549 | Encapsulation of public key cryptography standard number 7 into a secured document | March, 2001 | Pravetz | |
| 6209103 | Methods and apparatus for preventing reuse of text, images and software transmitted via networks | March, 2001 | Schreiber et al. | |
| 6215745 | Decoding key recorded at a recording site in order to decode information transmitted to that site is encoded with information specific to the recording site | April, 2001 | Sato et al. | |
| 6219692 | Method and system for efficiently disbursing requests among a tiered hierarchy of service providers | April, 2001 | Stiles | 709/201 |
| 6223209 | Distributed world wide web servers | April, 2001 | Watson | 709/201 |
| 6223287 | Method for establishing a secured communication channel over the internet | April, 2001 | Douglas et al. | |
| 6223291 | Secure wireless electronic-commerce system with digital product certificates and digital license certificates | April, 2001 | Puhl et al. | |
| 6226618 | Electronic content delivery system | May, 2001 | Downs et al. | |
| 6233684 | System for controlling the distribution and use of rendered digital works through watermaking | May, 2001 | Stefik et al. | |
| 6236971 | System for controlling the distribution and use of digital works using digital tickets | May, 2001 | Stefik et al. | |
| 6266654 | Method for tracking software lineage | July, 2001 | Schull | |
| 6339423 | Multi-domain access control | January, 2002 | Sampson et al. | 715/854 |
| 6385596 | Secure online music distribution system | May, 2002 | Wiser et al. | |
| 6389402 | Systems and methods for secure transaction management and electronic rights protection | May, 2002 | Ginter et al. | |
| 6463534 | Secure wireless electronic-commerce system with wireless network domain | October, 2002 | Geiger et al. | |
| 6792113 | Adaptable security mechanism for preventing unauthorized access of digital data | September, 2004 | Ansell et al. | |
| 6954738 | Method and apparatus for distributing enforceable property rights | October, 2005 | Wang et al. | |
| 6974076 | Portable music player with pay per play usage and method for purchase of credits for usage | December, 2005 | Siegel | |
| 7013296 | Using electronic security value units to control access to a resource | March, 2006 | Yemini et al. | 705/77 |
| 7194764 | User authentication | March, 2007 | Martherus et al. | 726/8 |
| 20010008557 | System for controlling the distribution and use of rendered digital works through watermarking | July, 2001 | Stefik et al. | |
| 20010010045 | System for controlling the distribution and use of digital works using digital tickets | July, 2001 | Stefik et al. | |
| 20010056404 | Information providing apparatus and method, information processing apparatus and method, program storage medium, program, and information providing system | December, 2001 | Kuriya et al. | |
| 20020049679 | Secure digital content licensing system and method | April, 2002 | Russell et al. | |
| 20020156691 | Super distribution of music | October, 2002 | Hughes et al. | 705/26 |
| 20040059683 | Automated multi-level marketing system | March, 2004 | Epstein et al. | 705/64 |
| 20060095792 | Super-distribution of protected digital content | May, 2006 | Hurtado et al. | 713/189 |
| AU739693 | February, 1998 | |||
| EP0874299 | October, 1998 | Data transmission, reception, encryption, decryption and recording | ||
| EP0971350 | January, 2000 | INFORMATION ENCODING DEVICE AND METHOD, INFORMATION DECODING DEVICE AND METHOD, RECORDING MEDIUM, AND PROVIDED MEDIUM | ||
| EP0975111 | January, 2000 | Copyright management apparatus, copyrighted-work distribution apparatus, and copyrighted-work distribution and receiving system | ||
| EP0994404 | April, 2000 | Production protection system dealing with contents that are digital production | ||
| EP1001330 | May, 2000 | Method and system for copyright protection of digital images transmitted over networks | ||
| EP1001419 | May, 2000 | Data conversion apparatus and method in copyright protecting system | ||
| EP1001625 | May, 2000 | Method and apparatus for controlling digital data | ||
| EP1006730 | June, 2000 | Method and apparatus for information embedding in image data | ||
| EP1018733 | July, 2000 | DIGITAL DATA RECORDING DEVICE AND METHOD FOR PROTECTING COPYRIGHT AND EASILY REPRODUCING ENCRYPTED DIGITAL DATA AND COMPUTER READABLE RECORDING MEDIUM RECORDING PROGRAM | ||
| EP1032205 | August, 2000 | Additional information embedding and detecting method and apparatus | ||
| EP1037131 | September, 2000 | Data processing system and method for mutual identification between apparatuses | ||
| EP1037460 | September, 2000 | Reproducing apparatus and information distribution system with copyright protection | ||
| EP1043729 | October, 2000 | Memory and data processing units, and data processing methods | ||
| EP1052850 | November, 2000 | Digital signal recording/reproducing apparatus | ||
| EP1052853 | November, 2000 | Video-signal output apparatus, and video-signal input apparatus, and scramble method, and descramble method | ||
| EP1081575 | March, 2001 | Copyrighted data processing method and apparatus | ||
| EP1089241 | April, 2001 | Digital data copyright p | ||
| EP1093104 | April, 2001 | METHOD AND APPARATUS FOR SIGNAL PROCESSING | ||
| EP1104973 | June, 2001 | A method and a system for obtaining services using a cellular telecommunication system | ||
| EP1117053 | July, 2001 | COPYRIGHT INFORMATION MANAGEMENT SYSTEM | ||
| EP1158417 | November, 2001 | CONTENTS PROVIDING SYSTEM | ||
| JP2000315170 | November, 2000 | LINK MANAGEMENT DEVICE AND ITS METHOD | ||
| JP2000324096 | November, 2000 | CONTENTS PROTECTION SYSTEM | ||
| JP2000333141 | November, 2000 | COPYRIGHT PROTECTION METHOD AND DEVICE FOR HIGHLY PRECISE VIDEO SIGNAL, BROADCAST SYSTEM, RECEIVING DEVICE, RECORDING AND REPRODUCING METHOD AND DEVICE, AND REPRODUCING METHOD AND DEVICE | ||
| JP2001024990 | January, 2001 | METHOD FOR TRANSMITTING BROADCASTING SIGNAL, AND RECEIVER | ||
| JP2001078154 | March, 2001 | BROADCAST SIGNAL TRANSMITTING METHOD AND RECEIVING DEVICE | ||
| JP0200214053 | May, 2002 | |||
| WO/1998/008344 | February, 1998 | METHOD AND APPARATUS FOR VIEWING ELECTRONIC READING MATERIALS | ||
| WO/1998/010381 | March, 1998 | TRUSTED INFRASTRUCTURE SUPPORT SYSTEMS, METHODS AND TECHNIQUES FOR SECURE ELECTRONIC COMMERCE, ELECTRONIC TRANSACTIONS, COMMERCE PROCESS CONTROL AND AUTOMATION, DISTRIBUTED COMPUTING, AND RIGHTS MANAGEMENT | ||
| WO/1999/001815 | January, 1999 | OBFUSCATION TECHNIQUES FOR ENHANCING SOFTWARE SECURITY | ||
| WO/1999/036854 | July, 1999 | SYSTEM AND METHOD FOR AUTHENTICATING PEER COMPONENTS | ||
| WO/1999/045491 | September, 1999 | DIGITAL RIGHTS MANAGEMENT SYSTEM | ||
| WO/1999/048296 | September, 1999 | METHODS AND APPARATUS FOR CONTINUOUS CONTROL AND PROTECTION OF MEDIA CONTENT | ||
| WO/1999/063443 | December, 1999 | METHODS FOR EMBEDDING IMAGE, AUDIO AND VIDEO WATERMARKS IN DIGITAL DATA | ||
| WO/2000/001111 | January, 2000 | SECURE DATA ENCODER AND DECODER | ||
| WO/2000/004674 | January, 2000 | REFERRER-BASED SYSTEM FOR TRY/BUY ELECTRONIC SOFTWARE DISTRIBUTION | ||
| WO/2000/011827 | March, 2000 | DIGITAL TRADING CARD, SYSTEM, AND METHOD | ||
| WO/2000/016229 | March, 2000 | SERVER-SIDE COMMERCE FOR DELIVER-THEN-PAY CONTENT DELIVERY | ||
| WO/2001/022652 | March, 2000 | ELECTRONIC BOOK SECURITY AND COPYRIGHT PROTECTION SYSTEM | ||
| WO/2000/020950 | April, 2000 | DISTRIBUTING ACCESS TO A DATA ITEM | ||
| WO/2000/021087 | April, 2000 | DEVICE AND METHOD FOR RECORDING, REPRODUCING AND PROCESSING DATA | ||
| WO/2000/022495 | April, 2000 | TERRITORIAL DETERMINATION OF REMOTE COMPUTER LOCATION IN A WIDE AREA NETWORK FOR CONDITIONAL DELIVERY OF DIGITIZED PRODUCTS | ||
| WO/2000/022771 | April, 2000 | ROBUST WATERMARK METHOD AND APPARATUS FOR DIGITAL SIGNALS | ||
| WO/2000/022772 | April, 2000 | ROBUST WATERMARK METHOD AND APPARATUS FOR DIGITAL SIGNALS | ||
| WO/2000/034845 | June, 2000 | A SYSTEM AND METHOD OF OBFUSCATING DATA | ||
| WO/2000/034856 | June, 2000 | SYSTEM AND METHOD FOR CONTROLLING THE USAGE OF DIGITAL OBJECTS | ||
| WO/2000/052581 | September, 2000 | DATA PROCESSING DEVICE, DATA PROCESSING METHOD, TERMINAL, TRANSMISSION METHOD FOR DATA PROCESSING DEVICE | ||
| WO/2000/054127 | September, 2000 | METHOD AND SYSTEM FOR ENFORCING ACCESS TO A COMPUTING RESOURCE USING A LICENSING CERTIFICATE | ||
| WO/2000/057684 | October, 2000 | METHOD FOR OBTAINING A BLACK BOX FOR PERFOMING DECRYPTION AND ENCRYPTION FUNCTIONS IN A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM | ||
| WO/2000/058810 | October, 2000 | STRUCTURE OF A DIGITAL CONTENT PACKAGE | ||
| WO/2000/058811 | October, 2000 | STRUCTURE OF DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM | ||
| WO/2000/058859 | October, 2000 | DIGITAL LICENSE AND METHOD FOR OBTAINING/PROVIDING A DIGITAL LICENSE | ||
| WO/2000/058963 | October, 2000 | COPY SECURITY FOR PORTABLE MUSIC PLAYERS | ||
| WO/2000/059150 | October, 2000 | ENFORCEMENT ARCHITECTURE AND METHOD FOR DIGITAL RIGHTS MANAGEMENT | ||
| WO/2000/059151 | October, 2000 | RENDERING DIGITAL CONTENT IN AN ENCRYPTED RIGHTS-PROTECTED FORM | ||
| WO/2000/059152 | October, 2000 | METHOD FOR INTERDEPENDENTLY VALIDATING A DIGITAL CONTENT PACKAGE AND A CORRESPONDING DIGITAL LICENSE | ||
| WO/2000/059225 | October, 2000 | SECURE WIRELESS ELECTRONIC-COMMERCE SYSTEM WITH WIRELESS NETWORK DOMAIN | ||
| WO/2000/062292 | October, 2000 | DATA MANAGEMENT APPARATUS, DATA MANAGEMENT METHOD, AND RECORD MEDIUM RECORDING DATA MANAGEMENT PROGRAM | ||
| WO/2000/062293 | October, 2000 | COPY PROTECTION SIGNATURE FOR COMPACT DISKS | ||
| WO/2000/065426 | November, 2000 | CRYPTOGRAPHIC DEVICE AND METHOD FOR ASSURING INTEGRITY OF TRUSTED AGENT COMMUNICATIONS | ||
| WO/2000/065602 | November, 2000 | SEMICONDUCTOR MEMORY CARD AND DATA READING APPARATUS | ||
| WO/2001/001224 | January, 2001 | SYSTEM AND METHOD FOR REGULATING ACCESS AND FOR CREATING A SECURE AND CONVENIENT COMPUTING ENVIRONMENT | ||
| WO/2001/006727 | January, 2001 | METHOD AND SYSTEM FOR A POLICY ENFORCING MODULE | ||
| WO/2001/016672 | March, 2001 | COPYRIGHTED DATA PROCESSING METHOD AND APPARATUS | ||
| WO/2001/016821 | March, 2001 | DISTRIBUTION SYSTEM, SEMICONDUCTOR MEMORY CARD, RECEIVING APPARATUS, COMPUTER-READABLE RECORDING MEDIUM AND RECEIVING METHOD | ||
| WO/2001/022320 | March, 2001 | SYSTEMS AND METHODS FOR PRICING AND SELLING DIGITAL GOODS | ||
| WO/2001/031461 | May, 2001 | CONTENTS PROVIDING SYSTEM | ||
| WO/2001/035388 | May, 2001 | DATA DECODING DEVICE AND METHOD, CHARGING INFORMATION PROCESSING DEVICE AND METHOD, DATA REPRODUCING DEVICE AND METHOD, ELECTRONIC MONEY, ELECTRONIC RIGHT OF USE, AND TERMINAL | ||
| WO/2001/039143 | May, 2001 | METHOD AND SYSTEM FOR ORDERING AND DELIVERING DIGITAL CERTIFICATES | ||
| WO/2002/010907 | February, 2002 | METHOD OF REVOKING_AUTHORIZATIONS FOR SOFTWARE COMPONENTS |
Mori et al. “Superdistribution: The Concept and the Architecture”, Paper from Transactions of the IEICE, vol. E 73, No. 7, Jul. 1990, pp. 1113-1146.
Berners-Lee et al. “Uniform Resource Locators (URL)”, Network Working Group, http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1738.html, Dec. 1994, pp. 1-22.
Bradner “Key Words for Use in RFCs to Indicate Requirement Levels”, Network Working Group, http://.ietf.org/rfc/rf2119.txt, Harvard University, Mar. 1997, pp. 1-3.
Levinson “Content-ID and Message-ID Uniform Resource Locators”, Network Working Group, http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2111.html, Mar. 1997, pp. 1-4.
Berners-Lee et al. “Uniform Resource Identifiers (URI): Generic Syntax”, Network Working Group, http://www.ietf.org/rfc/rfc2396.txt, Aug. 1998, pp. 1-36.
WAP Binary XML Content Format, http://www.w3.org/TR/wbxml, W3C Note Jun. 24, 1999, pp. 1-21.
Open Digital Rights Language (ODRL), IPR Systems Pty Ltd., Version 0.8, Nov. 21, 2000, pp. 1-31.
Brochure for “Nokia Connecting People”, Nokia Networks 2000, pp. 1-2.
XRML: Extensible Rights Markup Language, ContentGuard, http://www.xrml.org, 2000, pp. 1-113.
Bermers-Lee, Universal Resource Identifiers in WWW, http://www.w3.org/Adressing /URL/uri-spec.html, Jun. 13, 2001, pp. 1-23.
1. A system, comprising: a plurality of content servers in a network, including a first content server storing a copy of a digital asset containing content encrypted with a content key; a plurality of voucher servers in the network coupled to said plurality of content servers, including a first voucher server in a first domain of the network, the first voucher server having registered said content by encrypting said content with said content key and having included with said encrypted content, a network address for said first voucher server, which it has returned to said content servers, and generating a voucher including said content key enabling access to said content in response to a request; a plurality of payment servers in the network, including a first payment server in a first domain of the network coupled to said first voucher server and a second payment server in a second domain of the network coupled to said first voucher server, either said first or said second payment server sending a request for said voucher using said network address to said first voucher server in response to a payment from a requestor in said first or said second domains, respectively, and forwarding the voucher to the requestor; a first wireless device having a first device ID, sending a request to the network while in said first domain for said content and receiving from said first content server the digital asset including a content ID, said encrypted content, said network address for said first voucher server, and information on obtaining rights to the content, which is expressed in a voucher generated by said first voucher server in the network; a second wireless device having a second device ID; said first wireless device performing super-distribution of the content to said second wireless device via messaging by sending said encrypted content and said network address for said first voucher server; said second wireless device sending while in said second domain to said second payment server an authorization for payment for access to said content, said network address for said first voucher server, and a request for said voucher; said second payment server using said network address for said first voucher server, requesting said voucher from said first voucher server and forwarding the voucher including said content key to said second wireless device.
2. A method, comprising: registering content with a first voucher server of a plurality of voucher servers, in a first domain of a network by encrypting said content with a content key and including with said encrypted content, a network address for said first voucher server; storing a copy of a digital asset containing said content encrypted with said content key and said network address for said first voucher server, in a plurality of content servers, including a first content server, in a network; generating a voucher including said content key enabling access to said content in response to a request to said first voucher server; sending a request to the network for said content from a first wireless device while in said first domain, and receiving in said first wireless device from said first content server the digital asset including a content ID, said encrypted content, and said network address for said first voucher server, requesting said voucher with a first payment server of a plurality of payment servers, in a first domain of the network by sending a request to said first voucher server for said voucher using said network address of said first voucher server in response to a payment from said first wireless device and forwarding the voucher to said first wireless device; performing super-distribution of the content from said first wireless device to a second wireless device via messaging by sending said encrypted content and said network address for said first voucher server; sending to a second payment server of the plurality of payment servers, in a second domain of the network an authorization for payment for access to said content, said network address for said first voucher server, and a request for said voucher, from said second wireless device while in said second domain; requesting said voucher from said first voucher servers-by said second payment server using said network address for said first voucher server, and forwarding the voucher including said content key to said second wireless device.
3. A program product, comprising: a computer readable medium; code in the computer readable medium for registering content with a first voucher server of a plurality of voucher servers, in a first domain of a network by encrypting said content with a content key and including with said encrypted content, a network address for said first voucher server; code in the computer readable medium for storing a copy of a digital asset containing said content encrypted with said content key and said network address for said first voucher server, in a plurality of content servers, including a first content server, in a network; code in the computer readable medium for generating a voucher including said content key enabling access to said content in response to a request to said first voucher server; code in the computer readable medium for sending a request to the network for said content from a first wireless device while in said first domain, and receiving in said first wireless device from said first content server the digital asset including a content ID, said encrypted content, and said network address for said first voucher server, code in the computer readable medium for requesting said voucher with a first payment server of a plurality of payment servers, in a first domain of the network by sending a request to said first voucher server for said voucher using said network address of said first voucher server in response to a payment from said first wireless device and forwarding the voucher to said first wireless device; code in the computer readable medium for performing super-distribution of the content from said first wireless device to a second wireless device via messaging by sending said encrypted content and said network address for said first voucher server; code in the computer readable medium for sending to a second payment server of the plurality of payment servers, in a second domain of the network an authorization for payment for access to said content, said network address for said first voucher server, and a request for said voucher, from said second wireless device while in said second domain; code in the computer readable medium for requesting said voucher from said first voucher server by said second payment server using said network address for said first voucher server, and forwarding the voucher including said content key to said second wireless device.
CROSS-REFERENCE TO A RELATED APPLICATION
This application for letters patent incorporates by reference the provisional application for letters patent Ser. No. 60/303,157 titled “A Method, System, and Computer Program Product for Controlling the Distribution of a Digital Asset in a Mobile Environment” and filed in the United States Patent and Trademark Office on Jul. 6, 2001. This application for letters patent also is related to and incorporates by reference provisional application for letters patent Ser. No. 60/303,686 titled “Smart Content Object” and filed in the United States Patent and Trademark Office on Jul. 6, 2001.
FIELD OF THE INVENTION
A method, system, and computer program product are disclosed for controlling the distribution of digital assets in communications networks. In particular, the method, system, and computer program product manages the lifecycle of a digital asset and the property rights held by the creator and owner of the digital asset in a mobile, wireless environment.
BACKGROUND OF THE INVENTION
Digital technology dramatically impacts the creation, distribution, sale, marketing, and consumption of copyrighted digital content. Recent developments indicate that producers of digital content are under pressure and have a desire to profit from these new developments and reduce their vulnerability to the risk. The risks are more obvious to content producers than the potential benefits of the new technologies.
Copyright protection systems of the pre-digital age consisted of legal mechanisms to prosecute individuals and groups that ran large-scale illegal reproduction facilities for profit. Since intellectual property pirates in the pre-digital age needed physical assets to reproduce the physical media of the books, music, or video, they were subject to traditional law enforcement techniques. The added complications imposed by distribution of these contraband copies made these pirates even more vulnerable to detection. From the consumer's perspective, the illegal copies produced by these pirates were less interesting because quality suffered and the copies were not always promptly available as legitimate copies.
The digital age introduced new risks because flawless copies are now infinitely reproducible and may be transmitted instantly anywhere in the world. There has been a shift from a paradigm where a large number of individuals made a few copies to one where relatively few individuals can make many copies.
When cassette tapes were first introduced, record companies had similar concerns as demonstrated by the record jackets printed in the early 1980s including the slogan “Home Taping Is Killing Music”. Eventually this lead to cassette tape manufacturers paying mandatory licensing fees to the holder of the property rights to the work.
Content producers are rightfully concerned with this new capacity to cheat them of a fair return on their intellectual property and, therefore, have been reluctant to take advantage of digital commerce opportunities. Yet digital commerce offers the potential to increase earnings while cutting the high overhead costs of production, distribution, warehousing their goods while presenting new business opportunities. It is believed that if content producers were sufficiently confident in their ability to protect their assets in digital form, they would gladly take part in such a system.
Legal and regulatory means exist to protect digital content, however a deterrent is necessary to make the illegal copying and distribution of copyrighted content difficult and traceable. For this reason, the deployment of a trusted end-to-end solution for the management of digital rights is a necessary precursor to digital production, dissemination and consumption of copyrighted content.
Digital Rights Management (DRM) involves the description, layering, analysis, valuation, trading, and monitoring of an owner's property rights to an asset. DRM covers the management of the digital rights to the physical manifestation of a work (e.g., a textbook) or the digital manifestation of a work (e.g., a Web page). DRM also covers the management of an asset whether the asset has a tangible or an intangible value. Current DRM technologies include languages for describing the terms and conditions for an asset, tracking asset usage by enforcing controlled environments or encoded asset manifestations, and closed architectures for the overall management of the digital rights.
The Open Digital Rights Language (ODRL) provides the semantics for implementing a DRM architecture in an open or trusted computing environment. ODRL defines a standard vocabulary for expressing the terms and conditions over an asset. ODRL covers a core set of semantics for these purposes including the identification of the property rights to the work and the expression of permissible uses for manifestations of a protected asset. Rights can be specified for a specific asset manifestation or format or could be applied to a range of manifestations of the asset. ODRL does not enforce or mandate any policy for DRM, but provides the mechanisms to express such a policy. ODRL does not, however, assume the existence of mechanisms to achieve a secure architecture. ODRL complements existing rights management standards by providing digital equivalents and supports an expandable range of new services that can be afforded by the digital nature of the assets in the Web environment. In the physical environment, ODRL can be used to enable machine-based processing for DRM. The web site “http://odrl.net” contains electronic ODRL resources including the ODRL Specification Format version 1.0, ODRL Expression Language version 1.0, and ODRL Data Dictionary version 1.0.
The Extensible Markup Language (XML) is a standard for exchanging data and metadata electronically. Metadata is data that describes data. For example, the term “author” is metadata that describes the data “William Shakespeare”. XML is an outgrowth of the Standard Generalized Markup Language (SGML) that allows the author of an XML document to separate the logical content of the document from the presentation of the content. An author of an XML document adds metadata to a document as hypertext transfer protocol (HTTP) tags in the document. A document type definitions (DTD) file is the mechanism that adds shared content to the XML document. The web site “http://www.w3.org/XML/1999/XML-in-10-points” provides an overview of XML.
Extensible Rights Markup Language (XrML) is an XML conforming language definition that specifies rights, fees, and conditions for using digital content. XrML also describes message integrity and entity authentication rules. XrML supports commerce in digital content such as publishing and selling electronic books, digital movies, digital music, interactive games, and computer software. In addition, XrML supports the specification of access and use controls for secure digital documents in cases where financial exchange is not part of the terms of use. The web site “http://www.xrml.org/faq.asp” provides an overview of XrML.
Digital communications networks can be categorized in terms of their geographic coverage, their transmission media, their protocols, their transmission speeds, the types of equipment that they interconnect, and other criteria. An example of geographic coverage categories includes wide area networks (WANs), metropolitan area networks (MANs), local area networks (LANs), and personal area networks (PANs). An example of transmission media categories includes fixed station wireline networks, mobile wireless networks, and hybrid combinations of fixed station wireline networks communicating through wireless access points with wireless networks. There are many digital wireless, wide area network architectures. Most of them are connected to the public switched telephone network (PSTN) to provide access to wireline telephones and digital computers. A short list includes Global System for Mobile Communication (GSM), IS-136 TDMA-based Digital Advanced Mobile Phone Service (DAMPS), Personal Digital Cellular (PDC), IS-95 CDMA-based cdmaOne System, General Packet Radio Service (GPRS) and broadband wireless systems such as W-CDMA, and Broadband GPRS. For more information on these digital wireless, wide area network architectures, see the book by Yi-Bing Lin, et al. entitled Wireless and Mobile Network Architectures , John Wiley & Sons, 2001.
Wide area networks can include communications satellite links that interconnect nation-wide digital networks located on different continents. Nation-wide digital networks typically include backbone networks, regional distribution hubs, and routers, which interconnect access subnetworks serving local routers, servers, and service providers. The Internet is a familiar example of a wide area network. For more information on the Internet as a wide area network, see the book by Daniel Minoli, et al. entitled Internet Architectures , John Wiley & Sons, 1999.
At the other end of the range for geographic coverage are short-range wireless systems. Short-range wireless systems have a typical range of one hundred meters or less. They often combine with systems wired to the Internet to provide communication over long distances. The category of short-range wireless systems include both a wireless personal area network (PAN) and a wireless local area network (LAN). Both of these networks have the common feature of operating in unlicensed portions of the radio spectrum, usually either in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band or the 5 GHz Unlicensed-National Information Infrastructure (U-NII) band. Wireless personal area networks use low cost, low power wireless devices that have a typical range of ten meters. The best-known example of wireless personal area network technology is the Bluetooth Standard, which operates in the 2.4 GHz ISM band. It provides a peak air link speed of one Mbps and a power consumption low enough for use in personal, portable electronics such as PDAs and mobile phones. Wireless local area networks generally operate at higher peak speeds of from 10 to 100 Mbps and have a longer range, which requires greater power consumption. Wireless local area networks are typically used as wireless links from portable laptop computers to a wired LAN, via an access point (AP). Examples of wireless local area network technology include the IEEE 802.11 Wireless LAN Standard and the HIPERLAN Standard, which operates in the 5 GHz U-NII band. For more information on wireless LANs, see the book by Jim Geier entitled Wireless LANs , Macmillan Technical Publishing, 1999.
An ad hoc network is a short range wireless system composed primarily of mobile wireless devices, which associate together for a relatively short time to carry out a common purpose. A temporary network such as this is called a “piconet” in the Bluetooth Standard, an “independent basic service set” (IBSS) in the IEEE 802.11 Wireless LAN Standard, a “subnet” in the HIPERLAN Standard, and generally a radio cell or a “micro-cell” in other wireless LAN technologies. Ad hoc networks have the common property of being an arbitrary collection of wireless devices, which are physically close enough to be able to communicate and which are exchanging information on a regular basis. The networks can be constructed quickly and without much planning. Members of the ad hoc network join and leave as they move into and out of the range of each other. Most ad hoc networks operate over unlicensed radio frequencies at speeds of from one to fifty-four Mbps using carrier sense protocols to share the radio spectrum. The distance over which they can communicate ranges from ten meters for Bluetooth piconets to over one hundred meters for wireless LAN micro-cells in an open environment. Ad hoc networks consist primarily of mobile wireless devices, but can also include one or more access points, which are stationary wireless devices operating as a stand-alone server or connected as gateways to other networks.
Bluetooth is a short-range radio network, originally intended as a cable replacement. It can be used to create ad hoc networks of up to eight devices operating together. The Bluetooth Special Interest Group, “Specification Of The Bluetooth System”, Version 1.0B, Volumes 1 and 2, December 1999, describes the principles of Bluetooth device operation and communication protocols. The devices operate in the 2.4 GHz radio band reserved for general use by Industrial, Scientific, and Medical (ISM) applications. Bluetooth devices are designed to find other Bluetooth devices within their ten-meter radio communications range and to discover what services they offer, using a service discovery protocol (SDP). The SDP searching function relies on links being established between the requesting Bluetooth device in a client role and the responding Bluetooth device in a server role. Once a link has been established, it can be used to find out about services in the responding Bluetooth device and how to connect to them.
A connection between two Bluetooth devices is initiated by an inquiring device sending out an inquiry message searching for other devices in its vicinity. Any other Bluetooth device that is listening by means of conducting an inquiry scan, will recognize the inquiry message and respond. The inquiry response is a message packet containing the responding device's Bluetooth Device Address (BD_ADDR). A Bluetooth device address is a unique, 48-bit IEEE address that is electronically engraved into each Bluetooth device.
The inquiring device uses the information provided in the inquiry response packet, to prepare and send a paging message to the responding device. To establish a connection, the inquiring device must enter the page state. In the page state, the inquiring device will transmit initial paging messages to the responding device using the access code and timing information acquired from the inquiry response packet. The responding device must be in the page scan state to allow the inquiring device to connect with it. Once in the page scan state, the responding device will acknowledge the initial paging messages and the inquiring device will send a paging packet that provides the clock timing and access code of the inquiring device to the responding device. The responding device responds with a page acknowledgment packet. This enables the two devices to form a connection and both devices transition into the connection state. The inquiring device that has initiated the connection assumes the role of a master device and the responding device assumes the role of a slave device in a new ad hoc network piconet.
Each piconet has one master device and up to seven slave devices. All communication is directed between the master device and each respective slave device. The master initiates an exchange of data and the slave responds to the master. When two slave devices are to communicate with each other, they must do so through the master device. The master device maintains the piconet's network clock and controls when each slave device can communicate with the master device. Members of the ad hoc network piconet join and leave as they move into and out of the range of the master device. A piconet supports distributed activities, such as collaborative work projects, collaborative games, multi-user gateways to the Internet, and the like. A user's device that joins a particular piconet does so to enable its user to participate in the currently running collaborative activity.
A Bluetooth-enabled laptop computer can send information to a Bluetooth-enabled printer in the next room. A Bluetooth-enabled microwave oven can send a message to a Bluetooth-enabled mobile phone announcing that the meal is ready. Bluetooth will become the standard in mobile phones, PCs, laptops and other electronic devices, enabling users to share information, synchronize data, access the Internet, integrate with LANs or actuate electro-mechanical devices, such as unlocking a car. A passenger can use a laptop or handheld computer to compose an electronic mail message while flying in an airplane and then, after landing, the messages can be automatically forwarded to the Internet by Bluetooth devices that are ubiquitously located around the airport terminal. In another example, while waiting in an airport lounge, the passenger can receive interesting duty-free offers directly on the laptop or handheld computer or play multi-player games with friends.
The IEEE 802.11 Wireless LAN Standard defines at least two different physical (PHY) specifications and one common medium access control (MAC) specification. The IEEE 802.11(a) Standard is designed for either the 2.4 GHz ISM band or the 5 GHz U-NII band, and uses orthogonal frequency division multiplexing (OFDM) to deliver up to 54 Mbps data rates. The IEEE 802.11(b) Standard is designed for the 2.4 GHz ISM band and uses direct sequence spread spectrum (DSSS) to deliver up to 11 Mbps data rates. The IEEE 802.11 Wireless LAN Standard describes two major components, the mobile station and the fixed access point (AP). IEEE 802.11 ad hoc networks have an independent configuration where the mobile stations communicate directly with one another, without support from a fixed access point. The IEEE 802.11 standard provides wireless devices with service inquiry features similar to the Bluetooth inquiry and scanning features. IEEE 802.11 ad hoc networks support distributed activities similar those of a Bluetooth piconet, except that they have ten times the communications range.
In order for an IEEE 802.11 mobile station to communicate with other mobile stations in an ad hoc network, it must first find the stations. The process of finding another station is by inquiring. Active inquiry requires the inquiring station to transmit queries and invoke responses from other wireless stations in an ad hoc network. In an active inquiry, the mobile station will transmit a probe request frame. If there is an ad hoc network on the same channel that matches the service set identity (SSID) in the probe request frame, a station in that ad hoc network will respond by sending a probe response frame to the inquiring station. The probe response includes the information necessary for the inquiring station to access a description of the ad hoc network. The inquiring station will also process any other received probe response and Beacon frames. Once the inquiring station has processed any responses, or has decided there will be no responses, it may change to another channel and repeat the process. At the conclusion of the inquiry, the station has accumulated information about the ad hoc networks in its vicinity. Once a station has performed an inquiry that results in one or more ad hoc network descriptions, the station may choose to join one of the ad hoc networks. The IEEE 802.11 Wireless LAN Standard is published in three parts as “IEEE 802.11-1999”, “IEEE 802.11a-1999”, and “IEEE 802.11b-1999”. All three of these publications are available from the IEEE, Inc. web site at http://grouper.ieee.org/groups/802/11.
The HIPERLAN standard provides a wireless LAN with a high data rate of up to 54 Mbps and a medium-range of 50 meters. HIPERLAN wireless LANs provide multimedia distribution with video quality of service (QoS), reserved spectrum, and good in-building propagation. There are two HIPERLAN standards. HIPERLAN Type 1 is a dynamic, priority driven channel access protocol similar to wireless Ethernet. HIPERLAN Type 2 is a reserved channel access protocol similar to a wireless version of asynchronous transfer mode (ATM). Both HIPERLAN Type 1 and HIPERLAN Type 2 use dedicated spectrum at 5 GHz. HIPERLAN Type 1 uses an advanced channel equalizer to deal with intersymbol interference and signal multipath. HIPERLAN Type 2 avoids these interference problems by using orthogonal frequency division multiplex (OFDM) and a frequency transform function. The HIPERLAN Type 2 specification offers options for bit rates of 6, 16, 36, and 54 Mbps. The physical layer adopts an OFDM multiple carrier scheme using 48 carrier frequencies per OFDM symbol. Each carrier may then be modulated using binary phase shift keying (BPSK), quadrature phase shift keying (QPSK), or quadrature amplitude modulation (QAM) formats of 16-QAM or 64-QAM to provide different data rates. The modulation schemes chosen for the higher bit rates achieve throughput in the range 30-50 Mbps.
The HIPERLAN Type 1 is a dynamic, priority driven channel access protocol that can form ad hoc networks of wireless devices. HIPERLAN Type 1 ad hoc networks support distributed activities similar those of the Bluetooth piconets and IEEE 802.11 independent basic service sets (IBSS). The HIPERLAN Type 1 standard provides wireless devices with service inquiry features similar to those of the Bluetooth inquiry and scanning features and the IEEE 802.11 probe request and response features. An overview of the HIPERLAN Type 1 principles of operation is provided in the publication “HIPERLAN Type 1 Standard”, ETSI ETS 300 652, WA2 December 1997.
HIPERLAN Type 2 is a reserved channel access protocol that forms ad hoc networks. HIPERLAN Type 2 ad hoc networks support distributed activities similar to those of the HIPERLAN Type 1 ad hoc networks, Bluetooth piconets and IEEE 802.11 independent basic service sets (IBSS). HIPERLAN Type 2 provides high speed radio communication with typical data rates from 6 MHz to 54 Mbps. It connects portable devices with broadband networks that are based on IP, ATM and other technologies. Centralized mode is used to operate HIPERLAN Type 2 as an access network via a fixed access point. In addition a capability for direct link communication is provided. This mode is used to operate HIPERLAN Type 2 as an ad hoc network without relying on a cellular network infrastructure. In this case a central controller (CC), which is dynamically selected among the portable devices, provides the same level of QoS support as the fixed access point. Restricted user mobility is supported within the local service area. Wide area roaming mobility can also be supported. An overview of the HIPERLAN Type 2 principles of operation is provided in the Broadband Radio Access Networks (BRAN), “HIPERLAN Type 2; System Overview”, ETSI TR 101 683 VI.I.1 (2000-02) and a more detailed specification of its ad hoc network architecture is described in “HIPERLAN Type 2, Data Link Control (DLC) Layer; Part 4. Extension for Home Environment”, ETSI TS 101 761-4 V1.2.1 (2000-12).
Other wireless standards support ad hoc networks. Examples include the IEEE 802.15 Wireless Personal Area Network (WPAN) standard, the Infrared Data Association (IrDA) standard, the Digital Enhanced Cordless Telecommunications (DECT) standard, the Shared Wireless Access Protocol (SWAP) standard, the Japanese 3rd Generation (3G) wireless standard, and the Multimedia Mobile Access Communication (MMAC) Systems standard of the Japanese Association of Radio Industries and Businesses.
Thus, there is a need for a method, system, and computer program product for integrating digital rights management into a mobile computing environment. The mobile computing environment can include any wireless wide area network such as a cellular network or short range wireless system such as a wireless LAN or a wireless personal area network. The method, system, and computer program product disclosed herein would provide a light-weight and efficient DRM architecture that can promote the growth of electronic commerce in the mobile computing environment.
SUMMARY OF THE INVENTION
The memory size of mobile, wireless devices is small when compared to that of fixed station computers and servers. To accommodate the limited memory capacity in mobile devices, the invention provides light-weight digital vouchers to represent larger sized digital assets. The invention provides a method to control the access, copying and/or transfer of a digital asset by mobile, wireless devices using the digital vouchers. In this manner, only content that is currently required in a mobile device needs to be located there.
The totality of information constituting a digital asset is its primary content, which contains all of the expression of its author for that particular asset. The expression may be in the form of text, graphics, sound, video, or other multimedia forms. Portions of the information in the primary content can be distilled out as a preview, such as a text abstract, a thumbnail view, a sound bite, a video clip, executable code fragment, or the like, which are generically referred to as secondary content. The presentation of the information in the primary content can be limited to a specified duration or a specific number of viewings.
The author, owner, or possessor of the digital asset can specify the terms and conditions for distribution of the primary content and the secondary content. The principal methods of distribution are by sharing access to the content, by duplicating a copy of the content and transferring possession of the copy, and by giving or transferring possession of the content, itself.
In accordance with the invention, distribution by sharing access to the content is accomplished by a digital voucher that is stored in the mobile, wireless device. The digital voucher authorizes the mobile, wireless device to access to a specified primary or secondary content that may be located elsewhere in the network. The mobile, wireless device can download a copy of portions or all of the content to be viewed, played, or executed, depending on the terms specified in the voucher. The principles of the invention apply even where the voucher and the content are located in any other nodes in the network.
Further in accordance with the invention, distribution by copying the whole content is accomplished by a digital voucher that is stored in the mobile, wireless device. The digital voucher authorizes the mobile, wireless device to cause the duplication of the entire portion of a specified primary or secondary content which may be located elsewhere in the network. The mobile, wireless device can then download the duplicated copy of the content, based on the terms specified in the voucher. The principles of the invention apply even where the voucher and the content are located in any other nodes in the network.
Still further in accordance with the invention, distribution by giving or transferring possession of the content is accomplished by a digital voucher that is stored in the mobile, wireless device. The digital voucher authorizes the mobile, wireless device to cause the transfer of possession of a specified primary or secondary content, from a currently specified distributing computer to receiving terminal. The digital voucher is sent from the mobile, wireless device to a voucher server in the network, which transforms the identity of the custodian specified in the voucher from the distributing computer to the receiving terminal. The receiving terminal can then download the content from the distributing terminal, based on the terms specified in the voucher. The principles of the invention apply even where the voucher and the content are located in any other nodes in the network.
In one aspect of the invention, the method begins by storing the primary content in a distributing computer. To control the disposition of the content, the mobile, wireless device stores a primary voucher and a secondary, preview voucher. The primary voucher allows the user of the mobile, wireless device to control the primary content in accordance with the terms and conditions specified in the primary voucher. The primary voucher includes a first pointer to the primary content and a reference to the secondary voucher. The secondary voucher allows the user of the mobile, wireless device to control the secondary content in accordance with the terms and conditions specified in the secondary voucher. The secondary voucher includes a second pointer to the primary content. The secondary voucher can further include a second reference to itself, allowing the secondary voucher to create a duplicate of itself.
In accordance with the invention, when the user invokes an access sharing operation in the mobile, wireless device, a primary voucher that contains the access sharing authorization, uses the first pointer therein to signal the distributing computer to allow the mobile, wireless device to access the primary content therein, based on the terms specified in the primary voucher. The method uses the first reference in the primary voucher to access the secondary voucher to use the second pointer therein to signal the distributing computer to allow the mobile, wireless device to access a secondary, preview content therein, based on the terms specified in the secondary voucher.
Further in accordance with the invention, when the user invokes a third party access sharing operation in the mobile, wireless device, a primary voucher that contains the third party access sharing authorization, uses the first pointer therein to signal the distributing computer to issue a digital voucher to the third party receiving device, based on the terms specified in the primary voucher. The issued voucher authorizes the third party device to access the primary content or the secondary content in the distributing computer, based on the terms specified in the secondary voucher.
Still further in accordance with the invention, when the user invokes a copy operation in the mobile, wireless device, a method controls the distribution of a copy of a primary content and a secondary, preview content. The method begins by storing a primary content and a secondary content in a distributing computer. To control the disposition of the content, the mobile, wireless device stores a primary voucher and a secondary voucher. The primary voucher allows the user of the mobile, wireless device to render the content multiple times, but does not allow the duplication of the content. The primary voucher further includes a first pointer to the primary content and a second pointer to the secondary content, and further includes a first reference to the secondary voucher. The secondary voucher in the mobile, wireless device allows a preview of the content to be distributed to another user. The secondary voucher includes a third pointer to the primary content and a fourth pointer to the secondary content. The secondary voucher can also include a second reference to itself, allowing the secondary voucher to create a duplicate of itself.
In accordance with the invention, the user invokes a copy operation in the mobile, wireless device, to access the primary voucher and use the first pointer therein to signal the distributing computer to duplicate the primary content as a primary content copy and to transmit it to a receiving terminal. The method uses the first reference in the primary voucher to access the secondary voucher to use the third pointer therein to signal the distributing computer to duplicate the secondary content as a secondary content copy and to duplicate the secondary voucher as a duplicate voucher and to transmit them to the receiving terminal. Since the primary voucher does not allow the duplication of the content, the invocation step causes the primary voucher to be reset to a no-rights state in the mobile, wireless device. In this manner, the copy operation results in the primary content copy, the secondary content copy, and the duplicate voucher being resident in the receiving terminal. The duplicate voucher includes pointers to the primary content copy, the secondary content copy, and a reference to itself, to allowing the duplicate voucher to create a duplicate of itself.
In another aspect of the invention, a method controls the giving of a preview copy of a digital asset to another in a mobile environment. The method begins by storing a primary content in a distributing computer. To control the disposition of the content, the mobile, wireless device stores a primary voucher and a secondary voucher. The primary voucher allows the user of the mobile, wireless device to render the content multiple times, but does not allow the duplication of the content. The primary voucher includes a first pointer to the primary content, and further includes a first reference, in a narrow element, to the secondary voucher. The secondary voucher in the mobile, wireless device allows a preview of the content to be distributed to another user. The secondary voucher includes a second pointer to the primary content. The secondary voucher further includes a second reference, in a narrow element, to the secondary voucher allowing the secondary voucher to create a duplicate of itself.
In accordance with the invention, the user invokes a give operation in the mobile, wireless device, to send a copy of the secondary voucher to a voucher server. The voucher server recognizes the give operation and responds with a reference voucher that includes an indication of no rights to the primary content. The mobile, wireless device receives the reference voucher from the voucher server. The mobile, wireless device then sends the reference voucher to a receiving terminal. The receiving terminal then sends a request to the voucher server, requesting a new secondary voucher. The new secondary voucher confers the same preview rights onto the receiving terminal are available to the mobile, wireless device. Since the primary voucher does not allow the duplication of the content, the invocation step causes the primary voucher to be reset to a no-rights state in the mobile, wireless device. Still further in accordance with the invention, the receiving terminal can purchase a primary voucher from the voucher server, to obtain the same rights to the primary content as are possessed by the mobile, wireless device.
In another aspect of the invention, a method controls the giving of a primary content digital asset to another in a mobile environment. The method begins by storing a primary content in a distributing computer. Since the memory of the mobile, wireless device is much smaller than that of the distributing computer, only that content that is currently required in the mobile, wireless device is located there. To control the disposition of the content, the mobile, wireless device stores a primary voucher and a secondary voucher. The primary voucher allows the user of the mobile, wireless device to render the content multiple times, but does not allow the duplication of the content. The primary voucher includes a first pointer to the primary content, and further includes a first reference, in a narrow element, to the secondary voucher. The secondary voucher in the mobile, wireless device allows a preview of the content to be distributed to another user. The secondary voucher includes a second pointer to the primary content. The secondary voucher further includes a second reference, in a narrow element, to the secondary voucher allowing the secondary voucher to create a duplicate of itself.
In accordance with the invention, the user invokes a give operation in the mobile, wireless device, to send a copy of the primary voucher to a voucher server. This operation resets the primary voucher to a no-rights state in the mobile, wireless device. The voucher server recognizes the give operation and responds with a reference voucher that includes an indication of no rights to the primary content. The mobile, wireless device receives the reference voucher from the voucher server. The mobile, wireless device then sends the reference voucher to a receiving terminal. The receiving terminal then sends a request to the voucher server, requesting a new primary voucher. The new primary voucher confers the same full rights onto the receiving terminal were previously available to the mobile, wireless device.
Further in accordance with the invention, a method is disclosed for controlling the transfer of dormant rights to digital asset in a mobile environment. The method begins by storing a digital asset content in a distributing computer in a network. Then, in accordance with the invention, the method stores a voucher in a first device in the network, the voucher including a pointer to the content, use information specifying the type of use intended for the content, restriction information limiting usage of the content, and identity information identifying a second device in the network. The restriction and identity information in the voucher prevents the first device from using the content. However, the first device can super-distribute the content by transferring the voucher to the second device. There, the voucher permits the second device to use the content, in response to the restriction and identity information in the voucher. The voucher can also include clearing house information which requires the second device to report is use of the content to a clearinghouse computer in the network. The clearinghouse information can include a name of the clearinghouse, its public signature verification key, and a network address where the use of the content can be reported.
Further in accordance with the invention, a method is disclosed for deferring payment for a digital asset in a mobile environment. The method begins by storing a digital asset content in a distributing computer in a network. Then, in accordance with the invention, the method registers a buyer device in the network, with a clearinghouse computer in the network. The clearinghouse sends to the buyer device a certificate including a signing key for the buyer device and a charge authorization ticket that is valid for a specified total purchase amount. The buyer device then sends to a seller device in the network, a copy of the certificate and an offer indication to pay a price to the seller device for the content. The seller device verifies the validity of the certificate as the offer of payment by the buyer device. The seller device then sends to the buyer device a voucher including a pointer to the content, use information specifying the type of use intended for the content, and restriction information limiting usage of the content. The restriction and use information in the voucher allows the buyer device to use the content. The seller device then sends to the clearinghouse, the offer indication by the buyer device, to obtain compensation for the price of the content. In one embodiment, the clearinghouse sends a bill to the buyer device to collect the price. In another embodiment, the clearinghouse deducts the price from a prepaid amount previously paid by the buyer device. In still another embodiment, the clearinghouse adds the price to a debt amount to be paid by the buyer device. In yet another embodiment, the clearinghouse provides a bonus to the seller device as the compensation.
Further in accordance with the invention, a method is disclosed for controlling the transfer of dormant rights to digital asset in a mobile environment. The method begins by storing a digital asset content in a distributing computer in a network. Then, in accordance with the invention, the method stores a voucher in a first device in the network, the voucher including a pointer to the content, use information specifying the type of use intended for the content, restriction information limiting usage of the content, identity information identifying a second device in the network, and clearing house information specifying a first clearinghouse. The first device is registered with second, different clearinghouse. The clearinghouse information in the voucher prevents the first device from using the content, because the second clearinghouse does not match with the specification of the first clearing house in the voucher. However, the first device can super-distribute the content by transferring the voucher to the second device. There, the voucher permits the second device to use the content, in response to the clearing house information, because the first clearinghouse matches with the specification of the first clearing house in the voucher. The clearing house information in the voucher can requiring the second device to report is use of the content to the first clearinghouse computer in the network.
Further in accordance with the invention, a method is disclosed for conducting transactions up to a limit, for transferring rights to a digital asset in a mobile environment. The method begins by storing a digital asset content in a distributing computer in a network. Then, in accordance with the invention, the method stores a content of a digital asset in a distributing computer in a network. Then the method registers a seller device in the network, with a clearinghouse computer in the network. The clearinghouse then sends the seller device a seller's voucher from, including a pointer to the content, use information specifying the type of use intended for the content, restriction information limiting usage of the content; and transaction information allowing transactions up to a limit, for transferring rights to the content. Thereafter, a buyer device in the network is registered with the clearinghouse computer. The clearinghouse then sends the buyer device a certificate including a signing key for the buyer device and a charge authorization ticket that is valid for a specified total purchase amount. Thereafter, the buyer device sends to the seller device, a copy of the certificate and an offer indication to pay a price to the seller device for the content. The seller device verifies the validity of the certificate as the offer of payment by the buyer device. After the verification, the seller sends the buyer device a buyer's voucher including a pointer to the content, use information specifying the type of use intended for the content, and restriction information limiting usage of the content. The restriction and use information in the buyer's voucher allows the buyer device to use the content, in response to. The seller device then sends to the clearinghouse, the offer indication by the buyer device, to obtain compensation to the seller device for the price of the content. The transaction information of the seller's voucher prohibits the seller device from conducting further transactions beyond the limit.
Further in accordance with the invention, a method is disclosed for transferring rights to a digital asset that includes preview copies that convey with the asset in a mobile environment. The method begins by storing a primary content and a secondary content of a digital asset in a distributing computer in a network. Then the method registers a seller device in the network, with a clearinghouse computer in the network. The clearinghouse then sends the seller device a seller's primary voucher, including a pointer to the primary content, use information specifying the type of use intended for the primary content, restriction information limiting usage of the primary content; transaction information allowing transactions up to a primary limit, for transferring rights to the primary content, and a reference to a seller's secondary voucher. In addition, the clearinghouse then sends the seller device the seller's secondary voucher from the clearinghouse, the secondary voucher including a pointer to the secondary content, use information specifying the type of use intended for the secondary content, restriction information allowing a preview copy of the content to be distributed to another user; and transaction information allowing transactions up to a secondary limit, for transferring a preview copy. Thereafter, a buyer device in the network is registered with the clearinghouse computer. The clearinghouse then sends the buyer device a certificate including a signing key for the buyer device and a charge authorization ticket that is valid for a specified total purchase amount. Thereafter, the buyer device sends to the seller device, a copy of the certificate and an offer indication to pay a price to the seller device for the content. The seller device verifies the validity of the certificate as the offer of payment by the buyer device. After the verification, the seller sends the buyer device, a buyer's primary voucher including a pointer to the primary content, use information specifying the type of use intended for the primary content, restriction information limiting usage of the primary content, and a reference to a buyer's secondary voucher. In addition, the seller sends the buyer device the buyer's secondary voucher from the clearinghouse, the buyer's secondary voucher including a pointer to the secondary content, use information specifying the type of use intended for the secondary content, restriction information allowing a preview copy of the content to be distributed to another user; and transaction information allowing transactions up to a secondary limit, for transferring a preview copy. The restriction and use information in the buyer's primary and secondary vouchers allow the buyer device to use the content. The seller device then sends to the clearinghouse, the offer indication by the buyer device, to obtain compensation to the seller device for the price of the content. The transaction information of the seller's vouchers enables the buyer device to distribute preview copies of the content up to the secondary limit.
Further in accordance with the invention, a method is disclosed to control the downloading of digital asset content from a server to protect against resource exhaustion in a mobile environment. The method begins by storing a digital asset content in a distributing computer in a network. Then, in accordance with the invention, the method stores a voucher in a device in the network, the voucher including a pointer to the content, use information specifying the type of use intended for the content, restriction information limiting usage of the content, and protection information specifying an ID for the content and an encryption key for the content. The method continues by forming a download token in the device, using the ID for the content and the encryption key for the content. Then the method sends the download token from the device to the distributing computer with a request to download the content after validating the download token. Then the device receives the content at the device, in response to the validation of the download token at the distributing computer. As a result, only authorized devices in the network can successfully download the content. The download token can further include a digital signature of the device and a certificate issued by a certifying authority that certifies the authenticity of the digital signature of the device. Still further, a payment authorization can accompany the download token sent to the distributing computer.
In another aspect of the invention, a system is disclosed to enable a wireless device in a mobile communication environment, to obtain a right to give to another device, protected content of a digital asset stored in any one of a plurality of content servers. The system includes a plurality of content servers in a network, each storing a content of a digital asset. The system further includes a voucher server in the network, for registering the digital content in the plurality of content servers. In addition, the system includes a DRM agent or payment server in the network, for obtaining information about the content from the voucher server. The operation of the system begins with a wireless device in a mobile communication environment, sending to the DRM agent a request for a right to give to a terminal device, content of a digital asset. The DRM agent responds by sending an offer of consideration to the wireless device, including consideration information obtained from the voucher server. The user of the wireless device then sends an acceptance of the consideration to the DRM agent. The DRM agent then obtains a give voucher for the content from the voucher server and forwards it to the wireless device. In accordance with the invention, the give voucher has metadata including a plurality of pointers to the content in any one of the plurality of content servers, use information specifying the type of use intended for the content, restriction information limiting usage of the content, and transaction information about the right to give the content, an identity for the wireless device, and an identity for the terminal device. The wireless device then sends the give voucher to the terminal device to enable the terminal device to select one of the plurality of content servers and access the content from a selected content server, in response to the metadata.
Still further in accordance with the invention, the terminal device sends the give voucher to the DRM agent to exchange it for a second, normal voucher. The second voucher has metadata including a plurality of pointers to the content in any one of the plurality of content servers, use information specifying the type of use intended for the content, restriction information limiting usage of the content, and the identity for the terminal device. The terminal device is now able to select one of the plurality of content servers, and access the content from a selected content server, in response to the metadata.
In an alternate embodiment of the invention, the terminal device sends the give voucher to a second DRM agent in the network, different from the first DRM agent. The second DRM agent transforms the give voucher into the second voucher. The terminal device is now able to select one of the plurality of content servers and access the content from a selected content server, in response to the metadata.
In another aspect of the invention, a method is disclosed to enable a wireless device to decrypt the protected content with a content key. An author or publisher will originally submit the content to the voucher server in the network, to register the content in the plurality of content servers. The voucher server encrypts the content with a content key and either retains the key or appends the protected key to the encrypted content before storing it in the content servers. Several techniques are disclosed to protect the content and the content key. In one embodiment, the wireless device is enabled to recover the content key to decrypt the encrypted content. At the time that the wireless device requests the content, it provides its unique device ID and/or user ID. The voucher server joins the content key with the unique device ID to form a key token that is either appended to the content or is included in the voucher. The wireless device is able to recover the content key from the key token by matching its device ID and/or user ID with that in the key token. By using combinations of such unique IDs, the danger of loosing one of the IDs and thus failing to recover the key, is minimized. A randomized version of the user ID can be used to provide privacy, if desired.
In one embodiment, the content key is joined with a reference device ID by performing an exclusive OR operation between the content key and the reference device ID, forming a first key token. A similar operation is performed on a reference user ID to form a second key token. These key tokens can either be appended to the content or included in the voucher. When the wireless device gains possession of the voucher it will have any of the key tokens included therein. Using the metadata in the voucher, the wireless device gains possession of the encrypted content and will have any of the remaining key tokens included therein. Then, the wireless device can recover the content key either if the device ID matches the reference device ID in the first key token or if the user ID matches the reference user ID in the second key token. Then, the wireless device can decrypt the encrypted content with the recovered content key.
Further in accordance with the invention, the content also has a media ID. The voucher server can form the voucher's transaction information to include a third key token containing the content key joined with a reference media ID for the content. In one embodiment, the content key is joined with the reference media ID by performing an exclusive OR operation between the content key and the reference media ID, forming the third key token. When the wireless device receives the voucher, the metadata enables the wireless device to access one of the plurality of content servers, to obtain the encrypted content. Then, the wireless device can recover the content key if the media ID of the encrypted content matches the reference media ID in the third key token. The recovery of the content key is by performing an exclusive OR operation between the media ID and the third key token. The recovered content key can then be used by the wireless device to decrypt the encrypted content.
In another embodiment of the invention, the wireless device can use its private key from a public key/private key pair, to recover the content key. At the time that the wireless device requests the content, it provides its public key. The voucher server encrypts the content key with the wireless device's public key to form a key token that is either appended to the content or is included in the voucher. The wireless device is able to recover the content key from the key token by decrypting the key token with its private key. The recovered content key can then be used by the wireless device to decrypt the encrypted content.
In another embodiment of the invention, the wireless device can use its shared symmetric key, to recover the content key. At the time that the wireless device requests the content, the voucher server encrypts the content key with the shared symmetric key to form a key token that is either appended to the content or is included in the voucher. The wireless device is able to recover the content key from the key token by decrypting the key token with the shared symmetric key. The recovered content key can then be used by the wireless device to decrypt the encrypted content.
In another embodiment of the invention, the encrypted content can be transferred on a tangible medium such as a CD ROM or a floppy disk. The tangible medium has a media ID. The voucher server can form the voucher's transaction information to include a key token containing the content key joined with a reference media ID for the content. In one embodiment, the content key is joined with the reference media ID by performing an exclusive OR operation between the content key and the reference media ID, forming the key token. When the wireless device receives the voucher, it can recover the content key if the media ID of the encrypted content matches the reference media ID in the key token. The recovery of the content key is by performing an exclusive OR operation between the media ID and the key token. The recovered content key can then be used by the wireless device to decrypt the encrypted content.
The invention is applicable to virtually all digital communications networks, including wide area networks (WANs), metropolitan area networks (MANs), local area networks (LANs), and personal area networks (PANs). The invention is applicable to fixed station wireline networks, mobile wireless networks, and hybrid combinations of fixed station wireline networks communicating through wireless access points with mobile wireless networks. In particular, the invention is applicable to any mobile computing environment, including any wireless wide area network such as a cellular telephone network or any short range wireless system such as a wireless local area network or a wireless personal area network. Examples of wireless, wide area network architectures to which the invention applies include Global System for Mobile Communication (GSM), IS-136 TDMA-based Digital Advanced Mobile Phone Service (DAMPS), Personal Digital Cellular (PDC), IS-95 CDMA-based cdmaOne System, General Packet Radio Service (GPRS) and broadband wireless systems such as W-CDMA, and Broadband GPRS. Examples of short-range wireless systems to which the invention applies include the Bluetooth Standard, the IEEE 802.11 Wireless LAN Standard the HIPERLAN Standard, the IEEE 802.15 Wireless Personal Area Network (WPAN) standard, the Infrared Data Association (IrDA) standard, the Digital Enhanced Cordless Telecommunications (DECT) standard, the Shared Wireless Access Protocol (SWAP) standard, the Japanese 3rd Generation (3G) wireless standard, and the Multimedia Mobile Access Communication (MMAC) Systems standard of the Japanese Association of Radio Industries and Businesses.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying figures best illustrate the details of the method, system, and apparatus for controlling the distribution of a digital asset in a mobile communication environment, both as to its structure and operation. Like reference numbers and designations in these figures refer to like elements.
FIG. 1 is a network diagram that depicts the delivery of a Mobile Rights Voucher content package to a receiving terminal from either a distributing terminal or a network service.
FIG. 2 is a network diagram that expands the system shown in FIG. 1 by illustrating an exemplary communication between the receiving terminal and the network service.
FIG. 3A is an abstract representation of an embodiment of a Mobile Rights Voucher.
FIG. 3B is an illustration of an XML embodiment of the Mobile Rights Voucher shown in FIG. 3A.
FIGS. 4A through 4V illustrate the DTD declarations for the XML embodiment of the Mobile Rights Voucher shown in FIG. 3A.
FIGS. 5A through 5D illustrate, respectively, an exemplary DTD for subset A, subset B, subset C, and a baseline DTD for the XML embodiment of the Mobile Rights Voucher shown in FIG. 3A.
FIG. 6 is a functional block diagram that illustrates the interaction of a distribution terminal and a receiving terminal in the distribution of a primary and a secondary content in the Mobile Rights Voucher copy intent process.
FIG. 7 is a functional block diagram that illustrates the interaction of a distribution terminal and a receiving terminal in the non-personalized Mobile Rights Voucher copy intent process for sending a preview copy of protected digital content.
FIG. 8 is a functional block diagram that illustrates the interaction of a distribution terminal, a receiving terminal, and a voucher server in the personalized Mobile Rights Voucher give intent process for sending a preview copy of protected digital content.
FIG. 9 is a functional block diagram that depicts a network environment for distributing a Mobile Rights Voucher by illustrating a use case scenario in which a sending terminal accesses a content service and a voucher service via a cellular network to purchase two screen savers.
FIG. 10 is a network process diagram illustrating the basic controlled download protocol between a receiving DRM device, the receiver protocol engine, the sender protocol engine, and the sending DRM device.
FIG. 11 is a functional block diagram illustrating the interaction of a mobile device, a rights gateway, a retail content service, and a clearinghouse in the process of the mobile device purchasing rights from the retail content service.
FIG. 12 is a functional block diagram illustrating the interaction of the architectural elements of the Mobile DRM system.
FIG. 13 is a functional block diagram that expands upon the architecture shown in FIG. 12 to illustrate the interaction of a more complex Mobile DRM system to illustrate the relationships between the participating entities.
FIG. 14 is a functional block diagram that expands upon the architecture shown in FIG. 12 to illustrate the interaction of a more complex Mobile DRM system to illustrate the relationships between the participating entities.
FIG. 15 is a flow diagram that demonstrates the message flows among the elements shown in FIG. 12.
DETAILED DESCRIPTION OF THE INVENTION
Mobile Rights Voucher
The Mobile Rights Voucher disclosed herein manages the lifecycle of a piece of content and the associated property rights held by the creator or agent of the digital content. In addition, the Mobile Rights Voucher can facilitate flexible payment for content and can deliver the content separate from the voucher. The Mobile Rights Voucher is a message that can be sent by electronic mail, a Multimedia Messaging Service (MMS), or a Short Messaging Service (SMS). Alternatively, the Mobile Rights Voucher can be downloaded using a Wireless Application Protocol (WAP) or a Hypertext Transfer Protocol (HTTP).
Smart Content Object is a content encapsulation architecture that includes smart routing capabilities for content and can be useful for application routing. The Mobile Rights Voucher can use the Smart Content Object for expressing rights information. The Smart Content Object and Mobile Rights Voucher are both implemented on memory-limited devices such as a mobile phone or a personal digital assistant. The Mobile Rights Voucher is not bound in any way to the Smart Content Object and can be used in other transport architectures such as MMS and Hypertext Transfer Protocol/Multipurpose Internet Mail Extensions (HTTP/MIME).
The Mobile Rights Voucher is a “light-weight” DRM that can benefit a mobile environment. Additionally, the Mobile Rights Voucher can express usage rights for “low value” content such as cellular telephone ringing tones, operator logos, and additional levels for cellular telephone games.
In one embodiment, the Mobile Rights Voucher is sent over the air and can allow devices that implement this specification to interoperate. Due to constraints of implementation and industry-wide adoption, this specification does not attempt to deliver on all of the promise of DRM in a single step. Thus, the Mobile Rights Voucher full baseline specification is split three subsets. Subset A of the baseline s