US20060107326A1 - Method, system, and device for verifying authorized issuance of a rights expression - Google Patents
Method, system, and device for verifying authorized issuance of a rights expression Download PDFInfo
- Publication number
- US20060107326A1 US20060107326A1 US10/986,308 US98630804A US2006107326A1 US 20060107326 A1 US20060107326 A1 US 20060107326A1 US 98630804 A US98630804 A US 98630804A US 2006107326 A1 US2006107326 A1 US 2006107326A1
- Authority
- US
- United States
- Prior art keywords
- statement
- issuance
- expression
- trusted
- trusted issuance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000014509 gene expression Effects 0.000 title claims abstract description 271
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000007423 decrease Effects 0.000 claims description 4
- 239000003795 chemical substances by application Substances 0.000 description 61
- 238000012795 verification Methods 0.000 description 25
- 230000008569 process Effects 0.000 description 22
- 238000013475 authorization Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 8
- 238000013459 approach Methods 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 7
- 238000009795 derivation Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000015654 memory Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 241000282887 Suidae Species 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 229920001690 polydopamine Polymers 0.000 description 2
- 241000282472 Canis lupus familiaris Species 0.000 description 1
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services; Handling legal documents
- G06Q50/184—Intellectual property management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
Definitions
- the present invention generally relates to the field of processing statements and expressions, including rights expressions, and more particularly to a method, system, and device for determining authorization of rights expressions with respect to a trust root.
- the digital age has greatly increased concerns and capabilities about ownership, access, and control of copyrighted information, restricted services and valuable resources, as well as electronic communications through e-mail, by way of the internet and other means, and electronic transactions, such as electronic or automated purchase and sale of goods and services.
- Rapid evolution and wide deployment has occurred for computers, and other electronic devices, such as cellular phones, pagers, PDAs, pocket PCs, music players, and e-book readers, and these devices are interconnected through communication links, including the Internet, intranets, and other networks. These interconnected devices are especially conducive to publication of content, offering of services, and availability of resources electronically.
- One of the difficulties facing the widespread distribution of digital works e.g., documents or other content in forms readable by computers
- digital works e.g., documents or other content in forms readable by computers
- electronic means e.g., documents or other content in forms readable by computers
- the Internet in particular
- One of the difficulties facing digital commerce is the ability to securely and effectively process electronic transactions and, in particular, to do so in accordance with the requirements of the parties involved in the transaction.
- IPRM Intelligent Property Rights Management
- DPRM Digital Property Rights Management
- IPM Intelligent Property Management
- RM Remote Lights Management
- ECM Electronic Copyright Management
- DRM Digital Rights Management
- Certificate languages such as X.509 and SPKI, allow only relatively simple conditions, primarily validity time intervals, in each certificate. Accordingly, the most common certificate chain verification algorithms for these languages (e.g., Internet Engineering Task Force (IETF) RFC 2459, and RFC 2693, respectively) are relatively straight-forward to execute.
- IETF Internet Engineering Task Force
- scope e.g., limit
- each agent's certification to issue rights expressions to apply only to the assets it owns or controls. Determining the correct scope for each certificate takes some work, but is doable.
- the expression of such scoping can be accomplished using, for example, techniques described in U.S. patent application Ser. No. 10/162,701 to Xin, et al., entitled “METHOD AND APPARATUS MANAGING THE TRANSFER OF RIGHTS” and U.S. patent application Ser. No.
- the technology includes approaches (other than innate or hard-coded) for verifying the authorized issuance of a rights expression, such as 1) unscoped certificates with the issuance of rights expressions requiring knowing the content encryption key, and 2) scoped certificates.
- a person should be able to trade any rights in any territory or field for any digital work or service.
- a person should be able to trade rights to a suite of web services or to view in the United States all current and future publications of a particular publisher on a particular topic.
- requiring knowledge of the appropriate content encryption key for each trade becomes limiting, because there is not a clear mapping from a rights expression to a single asset being traded.
- the scoped certificates approach is advantageous because it does not limit the issuing of potentially overbroad rights expressions and instead limits the certificates' effect, as part of the chain verification algorithm.
- a scoped certificate might say that agent Publisher 1 may issue rights expressions pertaining to paperback Book 1.
- Publisher 1 might actually issue a rights expression to agent Consumer 1, allowing Consumer 1 to view any paperback book.
- Consumer 1 only will be able to view paperback Book 1.
- another scoped certificate is later added that says that Publisher 1 may also issue rights expressions pertaining to paperback Book 2
- Consumer 1 will be able to view both paperback Book 1 and paperback Book 2 (since Publisher 1 said Consumer 1 could view any paperback book and since Publisher 1's issuing ability is scoped to paperback Book 1 and paperback Book 2).
- the information about the number of rights expressions the reader has so far issued is stored in the rights expression that the friend receives. Assuming the friend has access to this information somehow, the friend still has to validate the “at most two rights expressions” condition using the information. However, this means that the friend has to understand what the condition means. In some situations, the friend may be using outdated software or hardware, and may not be able to support all the latest conditions being used by the author and the reader. This means that the author and reader cannot upgrade the conditions they use, unless the friend also updates the conditions it can understand.
- One solution to this is to store the information about satisfaction of conditions in a way that the friend can process that information, without having detailed knowledge of the condition (e.g., by comparing the names of satisfied conditions with the names of conditions that need to be satisfied).
- the friend has access to the information about and names of the conditions under which the reader can issue rights expressions, because in some situations it is not desirable to share the information, such as where the information is considered confidential. For example, if there is a fee associated with the reader giving his friend a rights expression as a gift, the reader may not wish his friend to know the price of the gift.
- the condition information might be encrypted so that the friend cannot discern it, but the friend's software or hardware can process it. This extra encryption, however, also complicates the system design to some degree. In situations where knowledge of the details of the conditions is more sensitive than the actual assets themselves, the cost of the encryption needed on the conditions could be disproportionate to the asset's value.
- a method, system, and device for verifying authorized issuance of a statement or expression including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
- FIG. 1 shows a rights derivation scenario with a trust root, six derived rights expressions, and two statements of trusted issuance;
- FIG. 2 shows a rights derivation scenario with a trust root, two derived rights expressions, a derived statement or expression, and a statement of trusted issuance;
- FIG. 3 shows a procedure using statements of trusted issuance for verifying the authorized issuance of a rights expression
- FIG. 4 shows an alternative configuration of rights expressions and statements of trusted issuance from that shown in FIG. 1 ;
- FIG. 5 shows alternative contents of a statement of trusted issuance from that shown in FIG. 1 ;
- FIG. 6 shows an exemplary issuance chain verification signal
- FIG. 7 shows an exemplary system for verifying authorized issuance of a rights expression.
- the exemplary embodiments include a statement of trusted issuance, which is a statement including a claim that an issuance was authorized according to some trust root or rights expression.
- a statement of trusted issuance can be issued by an agent who is able to verify a statement or expression, including rights expression, and including a statement or expression chain (or a part of a chain) and can be relied on by other agents who might be unable or less able to perform such verification.
- FIG. 1 shows a trust root 101 , and six rights expressions, 103 , 105 , 107 , 109 , 111 , and 113 .
- the rights expression 103 is derived from the trust root 101 , and is issued by agent A to agent B. No statement of trusted issuance is included in the rights expression 103 .
- the rights expression 105 is derived from the rights expression 103 , and is issued by agent B to agent C. No statement of trusted issuance is included in the rights expression 105 .
- the rights expression 107 is derived from the rights expression 105 , and is issued by agent C to agent D.
- the rights expression 107 includes a statement of trusted issuance 115 rooted with agent A.
- the statement of trusted issuance 115 can be used in conjunction with rights expression 117 to verify that rights expression 107 was issued correctly with respect to the trust root 101 , without tracing through rights expressions 105 and 103 , if agent Z is considered to be trusted.
- the exemplary embodiment of FIG. 1 as well as the other exemplary embodiments, also applies to statements or expressions, other than rights expressions.
- Agent A in statement of trusted issuance 115 , is represented in the exemplary XML representation using RSA public key information.
- the issuer field in statement of trusted issuance 115 is omitted from the exemplary XML representation, because it is to be inherited from the rights expression, which includes the statement of trusted issuance.
- the exemplary embodiments include subsequent derivative statements or expressions, including rights expressions.
- the rights expression 109 is derived from the rights expression 107 , and is issued by agent D to agent E. Because rights expression 109 has no statement of trusted issuance, when using rights expression 109 , the conditions of the derivation of rights expression 109 from rights expression 107 must be re-verified to establish the authorized issuance of rights expression 109 . Further verification of the conditions of the derivation of rights expression 107 from rights expression 105 is not needed, because rights expression 107 includes statement of trusted issuance 115 that can be utilized, as previously described, when agent Z is considered to be trusted by agent E.
- agent E can include, for example, the statement of trusted issuance 119 rooted with agent A inside rights expression 111 .
- agent F uses rights expression 111 to, for example, play a media file or derive another rights expression 113
- the statement of trusted issuance 119 can be used in conjunction with rights expression 121 to verify that rights expression 111 was issued correctly with respect to the trust root 101 , without tracing through rights expressions 109 , 107 , 105 , and 103 .
- FIG. 2 shows a rights derivation scenario similar to the one shown in FIG. 1 , except that rights expression 107 is replaced with statement or expression 207 , which is not necessarily a rights expression.
- Statement or expression 207 could be any statement or expression.
- statement or expression 207 could express that Agent C claims that pigs flew yesterday, that pigs will fly tomorrow, that contractual obligations were fulfilled, that an entity is certified for certain qualification, such as retailer for branded goods or Microsoft certified engineer, or that a purchase was made.
- Statement of trusted issuance 215 , and second rights expression 217 can be used to determine that the issuance by Agent C of statement or expression 207 was authorized, based on trust root 201 , in the same way that statement of trusted issuance 115 and second rights expression 117 were used to determine that the issuance by Agent C of rights expression 107 was authorized, based on trust root 101 .
- FIG. 3 An exemplary procedure for verifying the authorized issuance of a statement or expression, such as a rights expression, is shown in FIG. 3 .
- the process starts at step 301 , and at step 303 an attempt is made to find a statement or expression, including some desired claims, for example, when attempting to find a rights expression, such as usage rights to a media file. If no suitable statement or expression can be found (e.g., no rights are granted for that file or some conditions for the rights that have been granted are not met, such as time expired, fee not paid, too early to view) the process terminates in failure at step 305 . If, however, a suitable statement or expression is found, it is examined at step 307 .
- step 309 if the statement or expression does not include a statement of trusted issuance, the process continues at step 311 , follows a sub-process to be described in more detail, and terminates in either success at step 313 or failure at step 305 or processing returns to step 307 . Specifically, if the issuer of the statement or expression matches the trust root at step 311 , the process terminates in success at step 313 . Otherwise, if the rights expression from which the examined statement or expression was derived (and for which all conditions were satisfied at the time of derivation) can be found (possibly with the help of additional entities) in step 315 , the process returns to step 307 using that new rights expression. Otherwise, the process terminates in failure at step 305 .
- step 319 determines if the statement of trusted issuance matches the trust root. If so, step 321 determines if the statement of trusted issuance is authorized. This determination can be made by a variety of means, for example, by innate knowledge or by recursively employing the process shown in FIG. 3 . If step 321 determines the statement of trusted issuance is authorized, the process terminates in success at step 313 , advantageously, in many cases, either faster than it would have terminated in success at step 313 resulting from step 311 or more desirable than it would have terminated in failure at step 305 . If either of the determinations in steps 319 or 321 is negative, the process continues at step 311 .
- FIG. 4 shows items 407 , 415 , and 417 representing an alternate configuration of items 107 , 115 , and 117 of FIG. 1 , respectively.
- statement of trusted issuance 415 applying to rights expression 407 , does not appear inside rights expression 407 . Instead, some other means is used to link the two. While the issuers of rights expression 107 and statement of trusted issuance 115 are the same, the issuer of rights expression 407 is different from the issuer of statement of trusted issuance 415 .
- rights expression 117 authorizing the issuance of statement of trusted issuance 115
- rights expression 417 authorizing the issuance of statement of trusted issuance 415
- the exemplary embodiments include other forms of configurations and variations, wherein the exemplary process shown in FIG. 3 still applies thereto.
- statement of trusted issuance 515 includes an indication that authorized issuance has been verified through rights expression 503 .
- agent D can use rights expression 507 and included statement of trusted issuance 515 , and second rights expression 517 to determine that the authorization to issue rights expression 507 traces back to rights expression 503 .
- Agent D then can continue the chain verification process independently to determine whether the issuance of rights expression 503 was authorized, based on trust root 501 .
- DRM Digital Rights Management
- the publisher A might issue a rights expression 103 to distributor B to distribute all of the publisher's paperback books in the United States and Canada.
- Distributor B then may issue a rights expression 105 to retailer C to retail paperbacks from that publisher in the United States and Canada for a publisher price of $2 each.
- retailer C then may issue a rights expression 107 to consumer D to read a paperback Book 1.
- retailer C When retailer C issues rights expression 107 , retailer C checks the rights expression chain to verify that all conditions on all parties have been fulfilled, including that distributor B distributed paperbacks, that distributor B distributed them within the United States and Canada, and that $2 of the $5 the consumer paid went to publisher A. Because retailer C has verified the authorized issuance of rights expression 107 , based on publisher A as the trust root, retailer C inserts statement of trusted issuance 115 into rights expression 107 on issuance.
- Consumer D now is able to determine if he is permitted to play paperback Book 1, by looking at just a few rights expressions, including one that says that publisher A is the trust root for Book 1, rights expression 107 that says that retailer C says consumer D may play paperback Book 1 and includes a statement of trusted issuance rooted with publisher A, and rights expression 117 that says that retailer C can issue statements of trusted issuance rooted with publisher A.
- consumer D may know that the distribution occurred in the United States in paperback form, consumer D is not required to have access to any information about where the distribution occurred, in what form, how much of his money was paid to the publisher or the like. Moreover, consumer D does not have to know what the actual possibilities and conditions of distribution were (e.g., that the book could also have been distributed in Canada, but that hardback books could not have been distributed and that $2 must have been paid to the publisher).
- consumer D does not have to know such details, it is also possible for publisher A, distributor B, and retailer C to change their software or hardware to support additional creative conditions without impacting or having to worry about the impact on consumer D. Since consumer D does not have to have access to rights expression 103 or 105 , it is also not necessary to incur the expense of encrypting or otherwise protecting these rights expressions or making sure that consumer D has secure software or hardware to decrypt and access the rights expressions.
- the task of verifying the authorized issuance of a rights expression with respect to a trust root becomes much more straightforward for consumer D.
- the trust root may restrict the right to issue a statement of trusted issuance to certain agents or agents meeting certain criteria, including, for example, criteria of trustworthiness.
- an agent may decline to rely on a statement of trusted issuance issued by another. The decision whether to rely on a statement may be based on some criteria or the agent may decide not to rely on such statements generally.
- agents may be prohibited from relying on a statement of trusted issuance issued by certain other agents.
- agents would have the option of relying on a statement of trusted issuance or could “bypass” the statement, and verify all or part of a rights expression chain.
- agents may be required to rely on a statement of trusted issuance, wherein an agent would not be allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
- the exemplary embodiments also can be used for the authorization determination of other statements or expressions.
- a proof of purchase certificate must be presented in order to service goods manufactured by A.
- D can issue a proof of purchase.
- its authorization needs to be traced back from C to B to A.
- the proof of purchase certificate issued by D includes a statement of trusted issuance rooted with manufacturer A, as described with respect to the exemplary embodiments, the verification of the authorization for this proof of purchase certificate can be simplified and expedited.
- the exemplary embodiments can include a language for statements of trusted issuance (also called an issuance chain verification signal language), which could be compatible with the ISO MPEG REL.
- a language for statements of trusted issuance also called an issuance chain verification signal language
- terminology can be as used in the ISO MPEG REL.
- Clause 3 (Terms, definitions, symbols, and abbreviated terms) and Clause 4 (Namespaces and Conventions) from the ISO MPEG REL are incorporated by reference herein.
- l be an r:License.
- i be an sx:issuanceChainVerificationThrough that applies to l.
- the number of i/sx:h children of i shall be equal to the number of l/r:grant and l/r:grantGroup children of l, and the semantics of i is that, for each k from 1 to the number of i/sx:h children of i, the permission to include the k th l/r:grant or l/r:grantGroup in l has been verified with respect to each of the trust roots identified by an r:trustRoot child of the k th i/sx:h child of i.
- dsig:Signature shall not exclude i from the scope of the signature (note that by default i will be included in any signature over the License that uses the enveloped signature transform or license transform).
- the URI urn:standards-organization:2004:icvs (for use with sx:propertyUri) defines a property for certifying that a Principal's issuance chain verification signals are to be trusted.
- p be an r:Principal.
- l be an r:License including an l/r:otherInfo/sx:issuanceChainVerificationThrough i.
- the Principal identified by p shall verify, for each k from 1 to the number of i/sx:h children of i, for each j from 1 to the number of i/sx:h/r:trustRoot children of the k th i/sx:h child of i, that there is an authorization proof for the authorization request (p, r:issue, h, v, S, L, R) where h is the k th l/r:grant or l/r:grantGroup in l, R is the j th i/sx:h/r:trustRoot child of the k th i/sx:h child of i, and v, S, and L are chosen accurately.
- a conventional rights interpreter attempting to verify if some Principal identified by an r:Principal p was permitted to include some r:Grant or r:GrantGroup h in a License he issued could potentially encounter some difficulties: the Licenses permitting that inclusion (for instance, those including an r:issue element) or the historical circumstances of that inclusion (for instance, any fees that were paid or counts that were consumed) might not be available to the rights interpreter.
- the issuance chain verification signal interpreter can instead:
- FIG. 7 shows an exemplary system 700 for verifying authorized issuance of a rights expression in accordance with the exemplary embodiments of FIGS. 1-6 .
- the exemplary system 700 can include one or more devices 702 - 708 , a content server 710 , and content database 712 , coupled together via a communications network 714 .
- the above-described devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments of FIGS. 1-7 .
- the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices.
- One or more interface mechanisms can be used with the exemplary embodiments of FIGS. 1-7 , including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like.
- the communications network 714 can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.
- PSTNs Public Switched Telephone Network
- PDNs Packet Data Networks
- the Internet intranets, a combination thereof, and the like.
- the devices and subsystems of the exemplary embodiments of FIGS. 1-7 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s).
- the functionality of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented via one or more programmed computer systems or devices.
- a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
- two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
- principles and advantages of distributed processing such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
- the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
- One or more databases of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store the information used to implement the exemplary embodiments of the present invention.
- the databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein.
- the processes described with respect to the exemplary embodiments of FIGS. 1-7 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 in one or more databases thereof.
- All or a portion of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, microcontrollers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments of FIGS.
- the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of FIGS. 1-7 , for driving the devices and subsystems of the exemplary embodiments of FIGS. 1-7 , for enabling the devices and subsystems of the exemplary embodiments of FIGS. 1-7 to interact with a human user, and the like.
- Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like.
- Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention.
- Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like.
- interpretable programs including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like.
- CORBA Common Object Request Broker Architecture
- the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein.
- Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like.
- Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like.
- Volatile media can include dynamic memories, and the like.
- Transmission media can include coaxial cables, copper wire, fiber optics, and the like.
- Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like.
- RF radio frequency
- IR infrared
- Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave, or any other suitable medium from which a computer can read.
- an AGENT can include an entity that can act, possibly on behalf of another entity and/or according to a set of rules (examples of agents are hardware devices, integrated circuits, firmware modules, software modules, software systems, humans, organizations, services, smart cards, and seeing-eye dogs).
- An ASSET can include an entity, quality, event, state, concept, substance, or anything else referred to by a noun and possibly of some value (examples of assets are books, e-books, videos, services, web services, companies, security levels, domain names, e-mail addresses, football games, messages, and rights).
- a CERTIFICATE can include a “rights expression”.
- a CONDITION can include a limitation on some claim made in an expression or statement (examples are times of validity, territories of applicability, numbers of times the claim can be relied on, and situations in which the claim holds).
- To ISSUE can include an act of making the claims in an expression or statement and standing behind those claims.
- METARIGHTS can include rights with respect to other rights.
- RIGHTS can include actions or attributes an agent is permitted to take possibly with respect to an asset or to other rights (examples of actions are walk and shutdown; examples of actions with respect to assets are consumption actions such as play and print, modification actions such as edit and append, distribution actions, such as copy and move, and service actions such as requestService and sendMessage; examples of actions with respect to other rights are issue and revoke; examples of attributes are name, address, color, securityLevel, employee, relative, friend, domain, graduate, and certifiedRepairFacility; examples of attributes with respect to assets are author and distributor; examples of attributes with respect to other rights are issuanceChainVerifier, certificateAuthority, and trustedIssuer).
- RIGHTS DERIVATION can include issuing a statement or expression such as a rights expression whose issuance was permitted within another rights expression or a trust root (the issued statement or rights expression is called the derived statement or derived rights expression and it is said to be derived from the rights expression or trust root that permitted its issuance).
- a RIGHTS EXPRESSION can include an expression including a claim that rights are granted (examples of rights expression languages include the ISO MPEG REL, the eXtensible rights Markup Language, the Contract Expression Language from the Content Reference Forum (see http://www.crforum.org/), the Open Digital Rights Language from IPRSystems, OMA DRM 2.0 Specification Rights Expression Language, the Security Assertion Markup Language from the Organization for the Advancement of Structured Information Standards (OASIS), the eXtensible Access Control Markup Language from OASIS, X.509, SPKI, the Rights Management and Protection Information from the TV Anytime Forum, and Copy Control Information bits).
- To SIGN can include creating something that gives confidence that an expression or statement that a party issues actually is issued by said party.
- a STATEMENT OF TRUSTED ISSUANCE can include a statement including a claim that an issuance was authorized according to some trust root or rights expression.
- a TRUST ROOT can include an encapsulation of rights that are assumed to be authorized.
- the exemplary embodiments are described in terms of use of a rights expression, and distribution and use of digital works, the exemplary embodiments are not restricted to rights expressions, and digital works. Accordingly, the benefits associated with not having to process all the data in a chain of data and the other advantages of the exemplary embodiments can apply to other kinds of computing applications.
- the exemplary embodiments can be used in connection with other statements or expressions, which can benefit from an efficient method to determine authorization, such as proof of transaction, proof of purchase, proof of certification, proof of identity, proof of approval, statement of fact, business intent, business contract, rules, policies, and the like.
Abstract
A method, system, and device for verifying authorized issuance of a statement or expression, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
Description
- 1. Field of the Invention
- The present invention generally relates to the field of processing statements and expressions, including rights expressions, and more particularly to a method, system, and device for determining authorization of rights expressions with respect to a trust root.
- 2. Discussion of the Background
- The digital age has greatly increased concerns and capabilities about ownership, access, and control of copyrighted information, restricted services and valuable resources, as well as electronic communications through e-mail, by way of the internet and other means, and electronic transactions, such as electronic or automated purchase and sale of goods and services. Rapid evolution and wide deployment has occurred for computers, and other electronic devices, such as cellular phones, pagers, PDAs, pocket PCs, music players, and e-book readers, and these devices are interconnected through communication links, including the Internet, intranets, and other networks. These interconnected devices are especially conducive to publication of content, offering of services, and availability of resources electronically.
- One of the difficulties facing the widespread distribution of digital works (e.g., documents or other content in forms readable by computers), via electronic means, and the Internet in particular, is the enforceability of the intellectual property rights of content owners during the distribution and use of digital works. One of the difficulties facing digital commerce, including the distribution and use of goods and services, is the ability to securely and effectively process electronic transactions and, in particular, to do so in accordance with the requirements of the parties involved in the transaction.
- Efforts to resolve these difficulties have been termed “Intellectual Property Rights Management” (“IPRM”), “Digital Property Rights Management” (“DPRM”), “Intellectual Property Management” (“IPM”), “Rights Management” (“RM”), and “Electronic Copyright Management” (“ECM”), collectively referred to as “Digital Rights Management (DRM)” herein. There are a number of issues to be considered in effecting a DRM System, such as authentication, authorization, accounting, payment and financial clearing, rights specification, rights verification, rights enforcement, and document protection. U.S. Pat. Nos. 5,530,235, 5,634,012, 5,715,403, 5,638,443, and 5,629,980, the disclosures of which are incorporated herein by reference, address such issues.
- In a simple DRM system for managing the distribution and use of digital works, one agent issues a rights expression to another agent, which processes the rights expression, and recognizing the first agent as authorized, acts upon that rights expression. In this simple model, the recognition of the first agent by the second is innate or hard-coded. As a DRM system evolves, more and more agents wish to issue rights expressions and use the DRM system for their assets. With the addition of these new rights expression issuing agents, a solution other than innate or hard-coded recognition of agents issuing rights expressions becomes desirable.
- One such approach is the use of certificates to certify agents issuing rights expressions. Such certificates then are used by other agents to recognize the certified agents. In this approach, one certified agent issues a rights expression to another agent, which then processes the rights expression, verifies the certificates associated with the first (certified) agent, treats the first (certified) agent as authorized, if it recognizes the trust root of the certificate chain, and then acts upon that rights expression. Certificate languages, such as X.509 and SPKI, allow only relatively simple conditions, primarily validity time intervals, in each certificate. Accordingly, the most common certificate chain verification algorithms for these languages (e.g., Internet Engineering Task Force (IETF) RFC 2459, and RFC 2693, respectively) are relatively straight-forward to execute.
- As a DRM system continues to evolve and more and more agents become certified to issue rights expressions, eventually concerns may arise about one certified agent issuing rights expressions, either intentionally or accidentally, over another certified agent's assets, thus leading to the compromise of that asset. One approach that can be taken to address this concern is described in detail in the OMA DRM 2.0 Specifications issued by the Open Mobile Alliance, an industry consortium whose mission is to facilitate global user adoption of mobile data services. The OMA specifications involve requiring each certified agent to know the content encryption key for each asset for which it issues rights expressions.
- Another approach is to scope (e.g., limit) each agent's certification to issue rights expressions to apply only to the assets it owns or controls. Determining the correct scope for each certificate takes some work, but is doable. The expression of such scoping can be accomplished using, for example, techniques described in U.S. patent application Ser. No. 10/162,701 to Xin, et al., entitled “METHOD AND APPARATUS MANAGING THE TRANSFER OF RIGHTS” and U.S. patent application Ser. No. 10/298,872 to Atkinson, et al., entitled “DIGITAL LICENSES THAT INCLUDE UNIVERSALLY QUANTIFIED VARIABLES,” and a rights expression language, such as ODRL, XrML or as adopted by the Moving Picture Experts Group (MPEG) as an international standard (ISO/IEC 21000-5) known as the ISO MPEG REL. Such an approach also can involve a more sophisticated chain verification algorithm to verify the scope in each certificate, for example, as described in U.S. patent application Ser. No. 10/856,865 to Lao, et al., entitled “NETWORKED SERVICES LICENSING SYSTEM AND METHOD,” although execution of such algorithm is still relatively straightforward, as long as the conditions in each certificate remain relatively simple.
- At this stage of DRM evolution, the technology includes approaches (other than innate or hard-coded) for verifying the authorized issuance of a rights expression, such as 1) unscoped certificates with the issuance of rights expressions requiring knowing the content encryption key, and 2) scoped certificates.
- As DRM business models continue to evolve, users should become more interested in the independent trade of rights (independent from the trade of the underlying assets). A person should be able to trade any rights in any territory or field for any digital work or service. For example, a person should be able to trade rights to a suite of web services or to view in the United States all current and future publications of a particular publisher on a particular topic. In such cases, requiring knowledge of the appropriate content encryption key for each trade becomes limiting, because there is not a clear mapping from a rights expression to a single asset being traded. In this respect, the scoped certificates approach is advantageous because it does not limit the issuing of potentially overbroad rights expressions and instead limits the certificates' effect, as part of the chain verification algorithm.
- For example, a scoped certificate might say that agent Publisher 1 may issue rights expressions pertaining to paperback Book 1. Publisher 1 might actually issue a rights expression to agent Consumer 1, allowing Consumer 1 to view any paperback book. When these two rights expressions are put together and the chain verification algorithm is executed, Consumer 1 only will be able to view paperback Book 1. However, if another scoped certificate is later added that says that Publisher 1 may also issue rights expressions pertaining to paperback Book 2, then by putting all the rights expressions together, Consumer 1 will be able to view both paperback Book 1 and paperback Book 2 (since Publisher 1 said Consumer 1 could view any paperback book and since Publisher 1's issuing ability is scoped to paperback Book 1 and paperback Book 2).
- As the business of trade in rights continues to expand, publishers may wish to engage retailers and other value-add providers in the rights expression chain between the publisher and the consumers. Moreover, publishers may wish to scope the rights-issuing capabilities of various retailers or other intermediaries in various ways, such as to certain territories or by requiring the payment of particular fees or by imposing other conditions on authorization to issue rights expressions. The types of conditions in the rights expressions that form the certificate chain can become very creative and complex, and the execution of the chain verification algorithm for such a chain becomes less straight-forward. Accordingly, there is a need to make the execution of this process more straight-forward, without sacrificing business model flexibility, technical features or security.
- One of the potential difficulties in verifying a certificate chain, including creative conditions, is the information needed to execute the verification typically is not available. For example, consider a scenario including three agents, an author, a reader, and a friend. There is one rights expression that allows the author to issue rights expressions pertaining to his book. There is another rights expression from the author to the reader, allowing the reader to read the book, and issue up to two rights expressions, one each to two of his friends. There is a third rights expression from the reader to his friend, allowing his friend to view the book. When the friend wants to view the book, he will verify the certificate chain, including the rights expressions, and at some point will have to determine if the reader has satisfied the condition of issuing only up to two rights expressions. A problem thus arises if for any reason the information is not available (e.g., the reader might not have kept all required information or might have discontinued providing information in an accessible format). If, however, the reader does keep track of this information, he might not be available for contact by the friend. The reader also might have stored this information at some place that is available for contact, but that place may have a privacy policy or technology limitation, which prohibits or prevents it from sharing that information with the friend.
- One possibility is that the information about the number of rights expressions the reader has so far issued is stored in the rights expression that the friend receives. Assuming the friend has access to this information somehow, the friend still has to validate the “at most two rights expressions” condition using the information. However, this means that the friend has to understand what the condition means. In some situations, the friend may be using outdated software or hardware, and may not be able to support all the latest conditions being used by the author and the reader. This means that the author and reader cannot upgrade the conditions they use, unless the friend also updates the conditions it can understand. One solution to this, is to store the information about satisfaction of conditions in a way that the friend can process that information, without having detailed knowledge of the condition (e.g., by comparing the names of satisfied conditions with the names of conditions that need to be satisfied).
- However, there is a further issue where the friend has access to the information about and names of the conditions under which the reader can issue rights expressions, because in some situations it is not desirable to share the information, such as where the information is considered confidential. For example, if there is a fee associated with the reader giving his friend a rights expression as a gift, the reader may not wish his friend to know the price of the gift. To solve this concern, the condition information might be encrypted so that the friend cannot discern it, but the friend's software or hardware can process it. This extra encryption, however, also complicates the system design to some degree. In situations where knowledge of the details of the conditions is more sensitive than the actual assets themselves, the cost of the encryption needed on the conditions could be disproportionate to the asset's value.
- Therefore, there is a need for a method and system that addresses the above and other problems, so as to enable the more advanced DRM features that users want, while maintaining security, and not incurring disproportionate costs or burdens in a rights expression chain verification algorithm. The above and other needs are addressed by the exemplary embodiments of the present invention, which provide a method, system, and device for use in connection with the use and distribution of digital works, restricted services, and valuable resources.
- Accordingly, in exemplary aspects of the present invention, a method, system, and device for verifying authorized issuance of a statement or expression are provided, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
- Still other aspects, features, and advantages of the present invention are readily apparent from the following detailed description, simply by illustrating a number of exemplary embodiments and implementations, including the best mode contemplated for carrying out the present invention. The present invention also is capable of other and different embodiments, and its several details can be modified in various respects, all without departing from the spirit and scope of the present invention. Accordingly, the drawings and descriptions are to be regarded as illustrative in nature, and not as restrictive.
- The embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
-
FIG. 1 shows a rights derivation scenario with a trust root, six derived rights expressions, and two statements of trusted issuance; -
FIG. 2 shows a rights derivation scenario with a trust root, two derived rights expressions, a derived statement or expression, and a statement of trusted issuance; -
FIG. 3 shows a procedure using statements of trusted issuance for verifying the authorized issuance of a rights expression; -
FIG. 4 shows an alternative configuration of rights expressions and statements of trusted issuance from that shown inFIG. 1 ; -
FIG. 5 shows alternative contents of a statement of trusted issuance from that shown inFIG. 1 ; -
FIG. 6 shows an exemplary issuance chain verification signal; and -
FIG. 7 shows an exemplary system for verifying authorized issuance of a rights expression. - The exemplary embodiments include a statement of trusted issuance, which is a statement including a claim that an issuance was authorized according to some trust root or rights expression. A statement of trusted issuance can be issued by an agent who is able to verify a statement or expression, including rights expression, and including a statement or expression chain (or a part of a chain) and can be relied on by other agents who might be unable or less able to perform such verification.
-
FIG. 1 shows atrust root 101, and six rights expressions, 103, 105, 107, 109, 111, and 113. Therights expression 103 is derived from thetrust root 101, and is issued by agent A to agent B. No statement of trusted issuance is included in therights expression 103. Therights expression 105 is derived from therights expression 103, and is issued by agent B to agent C. No statement of trusted issuance is included in therights expression 105. Therights expression 107 is derived from therights expression 105, and is issued by agent C to agent D. Therights expression 107 includes a statement of trustedissuance 115 rooted with agent A. When usingrights expression 107, the statement of trustedissuance 115 can be used in conjunction withrights expression 117 to verify thatrights expression 107 was issued correctly with respect to thetrust root 101, without tracing throughrights expressions FIG. 1 , as well as the other exemplary embodiments, also applies to statements or expressions, other than rights expressions. - An exemplary XML representation of statement of trusted
issuance 115 is further described herein. Agent A, in statement of trustedissuance 115, is represented in the exemplary XML representation using RSA public key information. The issuer field in statement of trustedissuance 115 is omitted from the exemplary XML representation, because it is to be inherited from the rights expression, which includes the statement of trusted issuance. - The exemplary embodiments include subsequent derivative statements or expressions, including rights expressions. For example, the
rights expression 109 is derived from therights expression 107, and is issued by agent D to agent E. Becauserights expression 109 has no statement of trusted issuance, when usingrights expression 109, the conditions of the derivation ofrights expression 109 fromrights expression 107 must be re-verified to establish the authorized issuance ofrights expression 109. Further verification of the conditions of the derivation ofrights expression 107 fromrights expression 105 is not needed, becauserights expression 107 includes statement of trustedissuance 115 that can be utilized, as previously described, when agent Z is considered to be trusted by agent E. - If another
rights expression 111 is derived fromrights expression 109, and agent E is authorized to make statements of trusted issuance, as represented inrights expression 121, agent E can include, for example, the statement of trustedissuance 119 rooted with agent Ainside rights expression 111. When agent F usesrights expression 111 to, for example, play a media file or derive anotherrights expression 113, the statement of trustedissuance 119 can be used in conjunction withrights expression 121 to verify thatrights expression 111 was issued correctly with respect to thetrust root 101, without tracing throughrights expressions -
FIG. 2 shows a rights derivation scenario similar to the one shown inFIG. 1 , except thatrights expression 107 is replaced with statement orexpression 207, which is not necessarily a rights expression. Statement orexpression 207 could be any statement or expression. For example, statement orexpression 207 could express that Agent C claims that pigs flew yesterday, that pigs will fly tomorrow, that contractual obligations were fulfilled, that an entity is certified for certain qualification, such as retailer for branded goods or Microsoft certified engineer, or that a purchase was made. Statement of trustedissuance 215, andsecond rights expression 217 can be used to determine that the issuance by Agent C of statement orexpression 207 was authorized, based ontrust root 201, in the same way that statement of trustedissuance 115 andsecond rights expression 117 were used to determine that the issuance by Agent C ofrights expression 107 was authorized, based ontrust root 101. - An exemplary procedure for verifying the authorized issuance of a statement or expression, such as a rights expression, is shown in
FIG. 3 . The process starts atstep 301, and atstep 303 an attempt is made to find a statement or expression, including some desired claims, for example, when attempting to find a rights expression, such as usage rights to a media file. If no suitable statement or expression can be found (e.g., no rights are granted for that file or some conditions for the rights that have been granted are not met, such as time expired, fee not paid, too early to view) the process terminates in failure atstep 305. If, however, a suitable statement or expression is found, it is examined atstep 307. Atstep 309, if the statement or expression does not include a statement of trusted issuance, the process continues atstep 311, follows a sub-process to be described in more detail, and terminates in either success atstep 313 or failure atstep 305 or processing returns to step 307. Specifically, if the issuer of the statement or expression matches the trust root atstep 311, the process terminates in success atstep 313. Otherwise, if the rights expression from which the examined statement or expression was derived (and for which all conditions were satisfied at the time of derivation) can be found (possibly with the help of additional entities) instep 315, the process returns to step 307 using that new rights expression. Otherwise, the process terminates in failure atstep 305. - In the case that step 309 finds that the statement or expression includes a statement of trusted issuance,
step 319 determines if the statement of trusted issuance matches the trust root. If so,step 321 determines if the statement of trusted issuance is authorized. This determination can be made by a variety of means, for example, by innate knowledge or by recursively employing the process shown inFIG. 3 . Ifstep 321 determines the statement of trusted issuance is authorized, the process terminates in success atstep 313, advantageously, in many cases, either faster than it would have terminated in success atstep 313 resulting fromstep 311 or more desirable than it would have terminated in failure atstep 305. If either of the determinations insteps step 311. -
FIG. 4 showsitems items FIG. 1 , respectively. For example, statement of trustedissuance 415, applying torights expression 407, does not appearinside rights expression 407. Instead, some other means is used to link the two. While the issuers ofrights expression 107 and statement of trustedissuance 115 are the same, the issuer ofrights expression 407 is different from the issuer of statement of trustedissuance 415. Whilerights expression 117, authorizing the issuance of statement of trustedissuance 115, is issued by a third party,rights expression 417, authorizing the issuance of statement of trustedissuance 415, is issued by the same agent through which the statement of trusted issuance claims issuance should be trusted. The exemplary embodiments include other forms of configurations and variations, wherein the exemplary process shown inFIG. 3 still applies thereto. - While the exemplary embodiments include the trust root in the statement of trusted issuance, further exemplary embodiments include alternative contents in the statement of trusted issuance. For example, as shown in
FIG. 5 , statement of trustedissuance 515 includes an indication that authorized issuance has been verified throughrights expression 503. Assuming agent Z is trusted, agent D can userights expression 507 and included statement of trustedissuance 515, andsecond rights expression 517 to determine that the authorization to issuerights expression 507 traces back torights expression 503. Agent D then can continue the chain verification process independently to determine whether the issuance ofrights expression 503 was authorized, based ontrust root 501. - By employing the exemplary embodiments, it is possible to implement many of the desired features in Digital Rights Management (DRM), while lowering costs. For example, consider a scenario, including of four agents representing a publisher A, a distributor B, a retailer C, and a consumer D. The publisher A might issue a
rights expression 103 to distributor B to distribute all of the publisher's paperback books in the United States and Canada. Distributor B then may issue arights expression 105 to retailer C to retail paperbacks from that publisher in the United States and Canada for a publisher price of $2 each. After consumer D pays retailer C $5, retailer C then may issue arights expression 107 to consumer D to read a paperback Book 1. When retailer Cissues rights expression 107, retailer C checks the rights expression chain to verify that all conditions on all parties have been fulfilled, including that distributor B distributed paperbacks, that distributor B distributed them within the United States and Canada, and that $2 of the $5 the consumer paid went to publisher A. Because retailer C has verified the authorized issuance ofrights expression 107, based on publisher A as the trust root, retailer C inserts statement of trustedissuance 115 intorights expression 107 on issuance. Consumer D now is able to determine if he is permitted to play paperback Book 1, by looking at just a few rights expressions, including one that says that publisher A is the trust root for Book 1,rights expression 107 that says that retailer C says consumer D may play paperback Book 1 and includes a statement of trusted issuance rooted with publisher A, andrights expression 117 that says that retailer C can issue statements of trusted issuance rooted with publisher A. - Even though consumer D may know that the distribution occurred in the United States in paperback form, consumer D is not required to have access to any information about where the distribution occurred, in what form, how much of his money was paid to the publisher or the like. Moreover, consumer D does not have to know what the actual possibilities and conditions of distribution were (e.g., that the book could also have been distributed in Canada, but that hardback books could not have been distributed and that $2 must have been paid to the publisher).
- Because consumer D does not have to know such details, it is also possible for publisher A, distributor B, and retailer C to change their software or hardware to support additional creative conditions without impacting or having to worry about the impact on consumer D. Since consumer D does not have to have access to
rights expression - An issue, however, is the possibility that someone may erroneously or improperly insert a statement of trusted issuance. For example, retailer C who inserted a statement of trusted issuance was supposed to have verified the authorized issuance of
rights expression 107 based on publisher A as the trust root, but it may have failed to do so, or, for example, it may have believed distributor B's distribution was within the United States and Canada, but that was in fact not the case. In that case, there would be erroneously reliance on the statement of trusted issuance. For this reason, it could be desirable to restrict the issuance of a statement of trusted issuance. - In an exemplary embodiment, the trust root, for example, publisher A, may restrict the right to issue a statement of trusted issuance to certain agents or agents meeting certain criteria, including, for example, criteria of trustworthiness. In a further exemplary embodiment, an agent may decline to rely on a statement of trusted issuance issued by another. The decision whether to rely on a statement may be based on some criteria or the agent may decide not to rely on such statements generally. In a still further exemplary embodiment, agents may be prohibited from relying on a statement of trusted issuance issued by certain other agents. In another exemplary embodiment, agents would have the option of relying on a statement of trusted issuance or could “bypass” the statement, and verify all or part of a rights expression chain. In yet another exemplary embodiment, agents may be required to rely on a statement of trusted issuance, wherein an agent would not be allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
- In addition to rights expression, the exemplary embodiments also can be used for the authorization determination of other statements or expressions. For example, consider the scenario of A being a manufacturer of branded goods, B being one of its exclusive distributors within a country, C being one of its regional distributors within B's country, and D being a retailer within C's territory. A proof of purchase certificate must be presented in order to service goods manufactured by A. D can issue a proof of purchase. However, its authorization needs to be traced back from C to B to A. Advantageously, if the proof of purchase certificate issued by D includes a statement of trusted issuance rooted with manufacturer A, as described with respect to the exemplary embodiments, the verification of the authorization for this proof of purchase certificate can be simplified and expedited.
- The exemplary embodiments can include a language for statements of trusted issuance (also called an issuance chain verification signal language), which could be compatible with the ISO MPEG REL. Thus, terminology (such as terms, definitions, symbols, abbreviated terms, namespaces and conventions) can be as used in the ISO MPEG REL. In addition, Clause 3 (Terms, definitions, symbols, and abbreviated terms) and Clause 4 (Namespaces and Conventions) from the ISO MPEG REL are incorporated by reference herein.
- The syntax for an issuance chain verification signal language is given by the following exemplary schema:
<?xml version=“1.0” encoding=“UTF-8”?> <xsd:schema targetNamespace=“urn:mpeq:mpeg21:2003:01-REL-SX-NS” xmlns:sx=“urn:mpeg:mpeg21:2003:01-REL-SX-NS” xmlns:r=“urn:mpeg:mpeg21:2003:01-REL-R-NS” xmlns:xsd=“http://www.w3.org/2001/XMLSchema” elementFormDefault=“qualified” attributeFormDefault=“unqualified”> <xsd:import namespace=“urn:mpeg:mpeg21:2003:01-REL-R-NS” schemaLocation=“rel-r.xsd”/> <xsd:element name=“issuanceChainVerificationThrough” block=“#all” final=“#all”> <xsd:complexType> <xsd:sequence> <xsd:element name=“h” minOccurs=“0” maxOccurs=“unbounded”> <xsd:complexType> <xsd:sequence> <xsd:element ref=“r:trustRoot” minOccurs=“0” maxOccurs=“unbounded”/> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:schema> - An exemplary Issuance Chain Verification Signal, as further illustrated in
FIG. 6 , is given by:<sx:issuanceChainVerificationThrough> <sx:h> <r:trustedRootIssuers> <r:keyHolder> <r:info> <dsig:KeyValue> <dsig:RSAKeyValue> <dsig:Modulus>AliM4ccyzA==</dsig:Modulus> <dsig:Exponent>AQABAA==</dsig:Exponent> </dsig:RSAKeyValue> </dsig:KeyValue> </r:info> </r:keyHolder> </r:trustedRootIssuers> </sx:h> </sx:issuanceChainVerificationThrough> - Exemplary Semantics for the Issuance Chain Verification Signal Language are given by:
- Let l be an r:License. Let i be an sx:issuanceChainVerificationThrough that applies to l. Then the number of i/sx:h children of i shall be equal to the number of l/r:grant and l/r:grantGroup children of l, and the semantics of i is that, for each k from 1 to the number of i/sx:h children of i, the permission to include the kth l/r:grant or l/r:grantGroup in l has been verified with respect to each of the trust roots identified by an r:trustRoot child of the kth i/sx:h child of i.
- An exemplary Issuance Chain Verification Signaling ISO MPEG REL Profile is given by:
- To apply an sx:issuanceChainVerificationThrough i to an r:License l,
- 1. i shall appear as a child of l/r:otherInfo and
- 2. for each l/r:issuer where l/r:issuer/dsig:Signature is present, that dsig:Signature shall not exclude i from the scope of the signature (note that by default i will be included in any signature over the License that uses the enveloped signature transform or license transform).
- An exemplary Property for Certifying Issuance Chain Verification Signalers is given by:
- The URI urn:standards-organization:2004:icvs (for use with sx:propertyUri) defines a property for certifying that a Principal's issuance chain verification signals are to be trusted.
- An exemplary Signaler Processing Model is given by:
- Let p be an r:Principal. Let l be an r:License including an l/r:otherInfo/sx:issuanceChainVerificationThrough i. Then, before the Principal identified by p signs l, the Principal identified by p shall verify, for each k from 1 to the number of i/sx:h children of i, for each j from 1 to the number of i/sx:h/r:trustRoot children of the kth i/sx:h child of i, that there is an authorization proof for the authorization request (p, r:issue, h, v, S, L, R) where h is the kth l/r:grant or l/r:grantGroup in l, R is the jth i/sx:h/r:trustRoot child of the kth i/sx:h child of i, and v, S, and L are chosen accurately.
- An exemplary Signal Interpreter Processing Model is given by:
- A conventional rights interpreter attempting to verify if some Principal identified by an r:Principal p was permitted to include some r:Grant or r:GrantGroup h in a License he issued could potentially encounter some difficulties: the Licenses permitting that inclusion (for instance, those including an r:issue element) or the historical circumstances of that inclusion (for instance, any fees that were paid or counts that were consumed) might not be available to the rights interpreter.
- However, such information may have been available to a rights interpreter when the License was issued. If that rights interpreter adds an issuance chain verification signal to the License, a rights interpreter that has an issuance chain verification signal interpreter can later read that issuance chain verification signal in lieu of verifying the issuance chain a second time.
- For instance, instead of verifying that the inclusion of some r:Grant or r:GrantGroup h in a License was authorized with respect to some trust root R, the issuance chain verification signal interpreter can instead:
-
-
- 1. verify that the set of r:Grant elements indicated by at least one of the trust roots corresponding to h (according to the issuance chain verification signal) is some subset of the r:Grant elements indicated by R and
- 2. verify that the Principal who issued the License is permitted to possess the property defined by urn:standards-organization:2004:icvs.
-
FIG. 7 shows anexemplary system 700 for verifying authorized issuance of a rights expression in accordance with the exemplary embodiments ofFIGS. 1-6 . InFIG. 7 , theexemplary system 700 can include one or more devices 702-708, acontent server 710, andcontent database 712, coupled together via acommunications network 714. - The above-described devices and subsystems of the exemplary embodiments of
FIGS. 1-7 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments ofFIGS. 1-7 . The devices and subsystems of the exemplary embodiments ofFIGS. 1-7 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices. - One or more interface mechanisms can be used with the exemplary embodiments of
FIGS. 1-7 , including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like. For example, thecommunications network 714 can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like. - It is to be understood that the devices and subsystems of the exemplary embodiments of
FIGS. 1-7 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s). For example, the functionality of one or more of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 can be implemented via one or more programmed computer systems or devices. - To implement such variations as well as other variations, a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of
FIGS. 1-7 . On the other hand, two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 . Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 . - The devices and subsystems of the exemplary embodiments of
FIGS. 1-7 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 . One or more databases of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 can store the information used to implement the exemplary embodiments of the present invention. The databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein. The processes described with respect to the exemplary embodiments ofFIGS. 1-7 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 in one or more databases thereof. - All or a portion of the devices and subsystems of the exemplary embodiments of
FIGS. 1-7 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, microcontrollers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be appreciated by those skilled in the electrical art(s). Thus, the exemplary embodiments are not limited to any specific combination of hardware circuitry and/or software. - Stored on any one or on a combination of computer readable media, the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of
FIGS. 1-7 , for driving the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 , for enabling the devices and subsystems of the exemplary embodiments ofFIGS. 1-7 to interact with a human user, and the like. Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like. Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention. Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like. - As stated above, the devices and subsystems of the exemplary embodiments of
FIGS. 1-7 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein. Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like. Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like. Volatile media can include dynamic memories, and the like. Transmission media can include coaxial cables, copper wire, fiber optics, and the like. Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like. Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave, or any other suitable medium from which a computer can read. - In the context of the exemplary embodiments, an AGENT can include an entity that can act, possibly on behalf of another entity and/or according to a set of rules (examples of agents are hardware devices, integrated circuits, firmware modules, software modules, software systems, humans, organizations, services, smart cards, and seeing-eye dogs). An ASSET can include an entity, quality, event, state, concept, substance, or anything else referred to by a noun and possibly of some value (examples of assets are books, e-books, videos, services, web services, companies, security levels, domain names, e-mail addresses, football games, messages, and rights). A CERTIFICATE can include a “rights expression”. A CONDITION can include a limitation on some claim made in an expression or statement (examples are times of validity, territories of applicability, numbers of times the claim can be relied on, and situations in which the claim holds). To ISSUE can include an act of making the claims in an expression or statement and standing behind those claims. METARIGHTS can include rights with respect to other rights. RIGHTS can include actions or attributes an agent is permitted to take possibly with respect to an asset or to other rights (examples of actions are walk and shutdown; examples of actions with respect to assets are consumption actions such as play and print, modification actions such as edit and append, distribution actions, such as copy and move, and service actions such as requestService and sendMessage; examples of actions with respect to other rights are issue and revoke; examples of attributes are name, address, color, securityLevel, employee, relative, friend, domain, graduate, and certifiedRepairFacility; examples of attributes with respect to assets are author and distributor; examples of attributes with respect to other rights are issuanceChainVerifier, certificateAuthority, and trustedIssuer). RIGHTS DERIVATION can include issuing a statement or expression such as a rights expression whose issuance was permitted within another rights expression or a trust root (the issued statement or rights expression is called the derived statement or derived rights expression and it is said to be derived from the rights expression or trust root that permitted its issuance). A RIGHTS EXPRESSION can include an expression including a claim that rights are granted (examples of rights expression languages include the ISO MPEG REL, the eXtensible rights Markup Language, the Contract Expression Language from the Content Reference Forum (see http://www.crforum.org/), the Open Digital Rights Language from IPRSystems, OMA DRM 2.0 Specification Rights Expression Language, the Security Assertion Markup Language from the Organization for the Advancement of Structured Information Standards (OASIS), the eXtensible Access Control Markup Language from OASIS, X.509, SPKI, the Rights Management and Protection Information from the TV Anytime Forum, and Copy Control Information bits). To SIGN can include creating something that gives confidence that an expression or statement that a party issues actually is issued by said party. A STATEMENT OF TRUSTED ISSUANCE can include a statement including a claim that an issuance was authorized according to some trust root or rights expression. A TRUST ROOT can include an encapsulation of rights that are assumed to be authorized.
- Although the exemplary embodiments are described in terms of use of a rights expression, and distribution and use of digital works, the exemplary embodiments are not restricted to rights expressions, and digital works. Accordingly, the benefits associated with not having to process all the data in a chain of data and the other advantages of the exemplary embodiments can apply to other kinds of computing applications. For example, in addition to rights expressions, the exemplary embodiments can be used in connection with other statements or expressions, which can benefit from an efficient method to determine authorization, such as proof of transaction, proof of purchase, proof of certification, proof of identity, proof of approval, statement of fact, business intent, business contract, rules, policies, and the like.
- While the present invention have been described in connection with a number of exemplary embodiments, and implementations, the present invention is not so limited, but rather covers various modifications, and equivalent arrangements, which fall within the purview of the appended claims.
Claims (69)
1. A computer-implemented method for verifying authorized issuance of a statement or expression, the method comprising:
determining if a statement or expression is associated with a statement of trusted issuance;
determining if the statement of trusted issuance applies;
determining if issuance of the statement of trusted issuance is authorized; and
verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
2. The method of claim 1 , wherein the statement of trusted issuance specifies an entity associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the entity associated with the statement of trusted issuance is a trusted entity.
3. The method of claim 1 , wherein the statement of trusted issuance specifies a grant associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the grant associated with the statement of trusted issuance is a trusted grant.
4. The method of claim 1 , wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
5. The method of claim 1 , wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
6. The method of claim 1 , wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
7. The method of claim 1 , wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
8. The method of claim 7 , wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
9. The method of claim 1 , wherein the step of determining if issuance of the statement of trusted issuance is authorized includes examining a rights expression authorizing issuance of the statement of trusted issuance and determining if the issuance of the authorizing rights expression is authorized.
10. The method of claim 1 , wherein the step of determining if the statement of trusted issuance is authorized uses a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
11. The method of claim 1 , wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying step includes verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
12. The method of claim 11 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
13. The method of claim 9 , wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying step includes verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
14. The method of claim 13 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
15. The method of claim 1 , wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
16. The method of claim 1 , further comprising restricting a right to issue the statement of trusted issuance.
17. The method of claim 1 , wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
18. The method of claim 1 , wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
19. The method of claim 1 , wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
20. The method of claim 1 , wherein entities are required to rely on a statement of trusted issuance.
21. The method of claim 1 , wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
22. The method of claim 1 , wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
23. One or more computer-readable instructions stored on a computer-readable medium and configured to cause one or more computer processors to perform the steps recited in claim 1 .
24. A system for verifying authorized issuance of a statement or expression, the system comprising:
means for determining if a statement or expression is associated with a statement of trusted issuance;
means for determining if the statement of trusted issuance applies;
means for determining if issuance of the statement of trusted issuance is authorized; and
means for verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
25. The system of claim 24 , wherein the statement of trusted issuance specifies an entity associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the entity associated with the statement of trusted issuance is a trusted entity.
26. The system of claim 24 , wherein the statement of trusted issuance specifies a grant associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the grant associated with the statement of trusted issuance is a trusted grant.
27. The system of claim 24 , wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
28. The system of claim 24 , wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
29. The system of claim 24 , wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
30. The system of claim 24 , wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
31. The system of claim 30 , wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
32. The system of claim 24 , wherein the means for determining if issuance of the statement of trusted issuance is authorized includes means for examining a rights expression authorizing issuance of the statement of trusted issuance and means for determining if the issuance of the authorizing rights expression is authorized.
33. The system of claim 24 , wherein the means for determining if the statement of trusted issuance is authorized employs a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
34. The system of claim 24 , wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
35. The system of claim 34 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
36. The system of claim 32 , wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
37. The system of claim 36 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
38. The system of claim 24 , wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
39. The system of claim 24 , further comprising means for restricting a right to issue the statement of trusted issuance.
40. The system of claim 24 , wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
41. The system of claim 24 , wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
42. The system of claim 24 , wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
43. The system of claim 24 , wherein entities are required to rely on a statement of trusted issuance.
44. The system of claim 24 , wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
45. The system of claim 24 , wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
46. The system of claim 24 , wherein the means for determining if a statement or expression is associated with a statement of trusted issuance, the means for determining if the statement of trusted issuance applies, the means for determining if issuance of the statement of trusted issuance is authorized, and the means for verifying comprise one or more computer-readable instructions stored on a computer readable medium.
47. The system of claim 24 , wherein the means for determining if a statement or expression is associated with a statement of trusted issuance, the means for determining if the statement of trusted issuance applies, the means for determining if issuance of the statement of trusted issuance is authorized, and the means for verifying comprise one or more computer devices of a computer system.
48. A device for verifying authorized issuance of a statement or expression, the system comprising:
means for determining if a statement or expression is associated with a statement of trusted issuance;
means for determining if the statement of trusted issuance applies;
means for determining if issuance of the statement of trusted issuance is authorized; and
means for verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
49. The device of claim 48 , wherein the statement of trusted issuance specifies an entity associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the entity associated with the statement of trusted issuance is a trusted entity.
50. The device of claim 48 , wherein the statement of trusted issuance specifies a grant associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the grant associated with the statement of trusted issuance is a trusted grant.
51. The device of claim 48 , wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
52. The device of claim 48 , wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
53. The device of claim 48 , wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
54. The device of claim 48 , wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
55. The device of claim 54 , wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
56. The device of claim 48 , wherein the means for determining if issuance of the statement of trusted issuance is authorized includes means for examining a rights expression authorizing issuance of the statement of trusted issuance and means for determining if the issuance of the authorizing rights expression is authorized.
57. The device of claim 48 , wherein the means for determining if the statement of trusted issuance is authorized employs a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
58. The device of claim 48 , wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
59. The device of claim 58 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
60. The device of claim 56 , wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
61. The device of claim 60 , wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
62. The device of claim 48 , wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
63. The device of claim 48 , further comprising means for restricting a right to issue the statement of trusted issuance.
64. The device of claim 48 , wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
65. The device of claim 48 , wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
66. The device of claim 48 , wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
67. The device of claim 48 , wherein entities are required to rely on a statement of trusted issuance.
68. The device of claim 48 , wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
69. The device of claim 48 , wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/986,308 US20060107326A1 (en) | 2004-11-12 | 2004-11-12 | Method, system, and device for verifying authorized issuance of a rights expression |
US14/223,948 US8904545B2 (en) | 2004-11-12 | 2014-03-24 | Method, system, and device for verifying authorized issuance of a rights expression |
US14/529,085 US20150058230A1 (en) | 2004-11-12 | 2014-10-30 | Method, system, and device for verifying authorized issuance of a rights expression |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/986,308 US20060107326A1 (en) | 2004-11-12 | 2004-11-12 | Method, system, and device for verifying authorized issuance of a rights expression |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/223,948 Continuation US8904545B2 (en) | 2004-11-12 | 2014-03-24 | Method, system, and device for verifying authorized issuance of a rights expression |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060107326A1 true US20060107326A1 (en) | 2006-05-18 |
Family
ID=36388005
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/986,308 Abandoned US20060107326A1 (en) | 2004-11-12 | 2004-11-12 | Method, system, and device for verifying authorized issuance of a rights expression |
US14/223,948 Expired - Fee Related US8904545B2 (en) | 2004-11-12 | 2014-03-24 | Method, system, and device for verifying authorized issuance of a rights expression |
US14/529,085 Abandoned US20150058230A1 (en) | 2004-11-12 | 2014-10-30 | Method, system, and device for verifying authorized issuance of a rights expression |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/223,948 Expired - Fee Related US8904545B2 (en) | 2004-11-12 | 2014-03-24 | Method, system, and device for verifying authorized issuance of a rights expression |
US14/529,085 Abandoned US20150058230A1 (en) | 2004-11-12 | 2014-10-30 | Method, system, and device for verifying authorized issuance of a rights expression |
Country Status (1)
Country | Link |
---|---|
US (3) | US20060107326A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060150252A1 (en) * | 2004-12-30 | 2006-07-06 | General Instruments Corporation | Method and apparatus for providing a border guard between security domains |
US20070083934A1 (en) * | 2005-10-07 | 2007-04-12 | Mcardle James M | Control of document content having extraction permissives |
US20080282317A1 (en) * | 2007-05-11 | 2008-11-13 | Samsung Electronics Co., Ltd. | Method and apparatus for converting a license |
US20100095383A1 (en) * | 2002-08-23 | 2010-04-15 | Gidon Elazar | Protection of Digital Data Content |
US20100312711A1 (en) * | 2007-09-07 | 2010-12-09 | Ryan Steelberg | System And Method For On-Demand Delivery Of Audio Content For Use With Entertainment Creatives |
US20110004671A1 (en) * | 2007-09-07 | 2011-01-06 | Ryan Steelberg | System and Method for Secure Delivery of Creatives |
US20110047625A1 (en) * | 2007-09-07 | 2011-02-24 | Ryan Steelberg | System and method for secure sharing of creatives |
US20130227706A1 (en) * | 2012-02-29 | 2013-08-29 | Beijing Founder Apabi Technology Ltd. | Method, apparatus and system for controlling read rights of digital contents |
US20140052647A1 (en) * | 2012-08-17 | 2014-02-20 | Truth Seal Corporation | System and Method for Promoting Truth in Public Discourse |
US10657269B2 (en) | 2017-03-17 | 2020-05-19 | Fuji Xerox Co., Ltd. | Management apparatus and document management system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11108760B2 (en) * | 2018-12-05 | 2021-08-31 | Sidewalk Labs LLC | Methods, systems, and media for recovering identity information in verifiable claims-based systems |
Citations (97)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4159468A (en) * | 1977-11-17 | 1979-06-26 | Burroughs Corporation | Communications line authentication device |
US4200700A (en) * | 1977-05-13 | 1980-04-29 | Idc Chemie Ag | Method of after-foaming a mixture of a foam and a resin solution |
US4361851A (en) * | 1980-01-04 | 1982-11-30 | Asip William F | System for remote monitoring and data transmission over non-dedicated telephone lines |
US4429385A (en) * | 1981-12-31 | 1984-01-31 | American Newspaper Publishers Association | Method and apparatus for digital serial scanning with hierarchical and relational access |
US4621321A (en) * | 1984-02-16 | 1986-11-04 | Honeywell Inc. | Secure data processing system architecture |
US4736422A (en) * | 1983-06-30 | 1988-04-05 | Independent Broadcasting Authority | Encrypted broadcast television system |
US4740890A (en) * | 1983-12-22 | 1988-04-26 | Software Concepts, Inc. | Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media |
US4796220A (en) * | 1986-12-15 | 1989-01-03 | Pride Software Development Corp. | Method of controlling the copying of software |
US4816655A (en) * | 1985-12-11 | 1989-03-28 | Centre D'etude De L'energie Nucleaire, "C.E.N." | Method and apparatus for checking the authenticity of individual-linked documents and the identity of the holders thereof |
US4937863A (en) * | 1988-03-07 | 1990-06-26 | Digital Equipment Corporation | Software licensing management system |
US4953209A (en) * | 1988-10-31 | 1990-08-28 | International Business Machines Corp. | Self-verifying receipt and acceptance system for electronically delivered data objects |
US5014234A (en) * | 1986-08-25 | 1991-05-07 | Ncr Corporation | System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software |
US5129083A (en) * | 1989-06-29 | 1992-07-07 | Digital Equipment Corporation | Conditional object creating system having different object pointers for accessing a set of data structure objects |
US5138712A (en) * | 1989-10-02 | 1992-08-11 | Sun Microsystems, Inc. | Apparatus and method for licensing software on a network of computers |
US5204897A (en) * | 1991-06-28 | 1993-04-20 | Digital Equipment Corporation | Management interface for license management system |
US5247575A (en) * | 1988-08-16 | 1993-09-21 | Sprague Peter J | Information distribution system |
US5276444A (en) * | 1991-09-23 | 1994-01-04 | At&T Bell Laboratories | Centralized security control system |
US5287408A (en) * | 1992-08-31 | 1994-02-15 | Autodesk, Inc. | Apparatus and method for serializing and validating copies of computer software |
US5291596A (en) * | 1990-10-10 | 1994-03-01 | Fuji Xerox Co., Ltd. | Data management method and system with management table indicating right of use |
US5293422A (en) * | 1992-09-23 | 1994-03-08 | Dynatek, Inc. | Usage control system for computer software |
US5335275A (en) * | 1990-03-05 | 1994-08-02 | Dce Voice Processing Limited | Television scrambler |
US5337357A (en) * | 1993-06-17 | 1994-08-09 | Software Security, Inc. | Method of software distribution protection |
US5386369A (en) * | 1993-07-12 | 1995-01-31 | Globetrotter Software Inc. | License metering system for software applications |
US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
US5414852A (en) * | 1992-10-30 | 1995-05-09 | International Business Machines Corporation | Method for protecting data in a computer system |
US5453601A (en) * | 1991-11-15 | 1995-09-26 | Citibank, N.A. | Electronic-monetary system |
US5485577A (en) * | 1994-12-16 | 1996-01-16 | General Instrument Corporation Of Delaware | Method and apparatus for incremental delivery of access rights |
US5504816A (en) * | 1994-02-02 | 1996-04-02 | Gi Corporation | Method and apparatus for controlling access to digital signals |
US5530235A (en) * | 1995-02-16 | 1996-06-25 | Xerox Corporation | Interactive contents revealing storage device |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5553143A (en) * | 1994-02-04 | 1996-09-03 | Novell, Inc. | Method and apparatus for electronic licensing |
US5557678A (en) * | 1994-07-18 | 1996-09-17 | Bell Atlantic Network Services, Inc. | System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
US5564038A (en) * | 1994-05-20 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a trial period for a software license product using a date stamp and designated test period |
US5619570A (en) * | 1992-10-16 | 1997-04-08 | Sony Corporation | Information furnishing and collection system |
US5625690A (en) * | 1993-11-15 | 1997-04-29 | Lucent Technologies Inc. | Software pay per use system |
US5629980A (en) * | 1994-11-23 | 1997-05-13 | Xerox Corporation | System for controlling the distribution and use of digital works |
US5636346A (en) * | 1994-05-09 | 1997-06-03 | The Electronic Address, Inc. | Method and system for selectively targeting advertisements and programming |
US5638513A (en) * | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5638443A (en) * | 1994-11-23 | 1997-06-10 | Xerox Corporation | System for controlling the distribution and use of composite digital works |
US5708709A (en) * | 1995-12-08 | 1998-01-13 | Sun Microsystems, Inc. | System and method for managing try-and-buy usage of application programs |
US5715403A (en) * | 1994-11-23 | 1998-02-03 | Xerox Corporation | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar |
US5737494A (en) * | 1994-12-08 | 1998-04-07 | Tech-Metrics International, Inc. | Assessment methods and apparatus for an organizational process or system |
US5745879A (en) * | 1991-05-08 | 1998-04-28 | Digital Equipment Corporation | Method and system for managing execution of licensed programs |
US5764807A (en) * | 1995-09-14 | 1998-06-09 | Primacomp, Inc. | Data compression using set partitioning in hierarchical trees |
US5765152A (en) * | 1995-10-13 | 1998-06-09 | Trustees Of Dartmouth College | System and method for managing copyrighted electronic media |
US5787172A (en) * | 1994-02-24 | 1998-07-28 | The Merdan Group, Inc. | Apparatus and method for establishing a cryptographic link between elements of a system |
US5790677A (en) * | 1995-06-29 | 1998-08-04 | Microsoft Corporation | System and method for secure electronic commerce transactions |
US5812664A (en) * | 1996-09-06 | 1998-09-22 | Pitney Bowes Inc. | Key distribution system |
US5825876A (en) * | 1995-12-04 | 1998-10-20 | Northern Telecom | Time based availability to content of a storage medium |
US5825879A (en) * | 1996-09-30 | 1998-10-20 | Intel Corporation | System and method for copy-protecting distributed video content |
US5915019A (en) * | 1995-02-13 | 1999-06-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5933498A (en) * | 1996-01-11 | 1999-08-03 | Mrj, Inc. | System for controlling access and distribution of digital property |
US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
US6020882A (en) * | 1997-02-15 | 2000-02-01 | U.S. Philips Corporation | Television access control system |
US6047067A (en) * | 1994-04-28 | 2000-04-04 | Citibank, N.A. | Electronic-monetary system |
US6073234A (en) * | 1997-05-07 | 2000-06-06 | Fuji Xerox Co., Ltd. | Device for authenticating user's access rights to resources and method |
US6091777A (en) * | 1997-09-18 | 2000-07-18 | Cubic Video Technologies, Inc. | Continuously adaptive digital video compression system and method for a web streamer |
US6112239A (en) * | 1997-06-18 | 2000-08-29 | Intervu, Inc | System and method for server-side optimization of data delivery on a distributed computer network |
US6134550A (en) * | 1998-03-18 | 2000-10-17 | Entrust Technologies Limited | Method and apparatus for use in determining validity of a certificate in a communication system employing trusted paths |
US6135646A (en) * | 1993-10-22 | 2000-10-24 | Corporation For National Research Initiatives | System for uniquely and persistently identifying, managing, and tracking digital objects |
US6141754A (en) * | 1997-11-28 | 2000-10-31 | International Business Machines Corporation | Integrated method and system for controlling information access and distribution |
US6169976B1 (en) * | 1998-07-02 | 2001-01-02 | Encommerce, Inc. | Method and apparatus for regulating the use of licensed products |
US6189037B1 (en) * | 1994-09-30 | 2001-02-13 | Intel Corporation | Broadband data interface |
US6189146B1 (en) * | 1998-03-18 | 2001-02-13 | Microsoft Corporation | System and method for software licensing |
US6209092B1 (en) * | 1997-01-27 | 2001-03-27 | U.S. Philips Corporation | Method and system for transferring content information and supplemental information relating thereto |
US6216112B1 (en) * | 1998-05-27 | 2001-04-10 | William H. Fuller | Method for software distribution and compensation with replenishable advertisements |
US6219652B1 (en) * | 1998-06-01 | 2001-04-17 | Novell, Inc. | Network license authentication |
US6236971B1 (en) * | 1994-11-23 | 2001-05-22 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
US20010009026A1 (en) * | 1997-08-05 | 2001-07-19 | Fuji Xerox Co., Ltd. | Device and method for authenticating user's access rights to resources |
US20010011276A1 (en) * | 1997-05-07 | 2001-08-02 | Robert T. Durst Jr. | Scanner enhanced remote control unit and system for automatically linking to on-line resources |
US20010014206A1 (en) * | 1995-07-13 | 2001-08-16 | Max Artigalas | Method and device for recording and reading on a large-capacity medium |
US6307939B1 (en) * | 1996-08-20 | 2001-10-23 | France Telecom | Method and equipment for allocating to a television program, which is already conditionally accessed, a complementary conditional access |
US20020001387A1 (en) * | 1994-11-14 | 2002-01-03 | Dillon Douglas M. | Deferred billing, broadcast, electronic document distribution system and method |
US6353888B1 (en) * | 1997-07-07 | 2002-03-05 | Fuji Xerox Co., Ltd. | Access rights authentication apparatus |
US20020035618A1 (en) * | 2000-09-20 | 2002-03-21 | Mendez Daniel J. | System and method for transmitting workspace elements across a network |
US20020046340A1 (en) * | 2000-08-30 | 2002-04-18 | Takahiro Fujishiro | Certificate validity authentication method and apparatus |
US20020044658A1 (en) * | 1995-04-03 | 2002-04-18 | Wasilewski Anthony J. | Conditional access system |
US20020056118A1 (en) * | 1999-08-27 | 2002-05-09 | Hunter Charles Eric | Video and music distribution system |
US6397333B1 (en) * | 1998-10-07 | 2002-05-28 | Infineon Technologies Ag | Copy protection system and method |
US6401211B1 (en) * | 1999-10-19 | 2002-06-04 | Microsoft Corporation | System and method of user logon in combination with user authentication for network access |
US20020069282A1 (en) * | 1994-05-31 | 2002-06-06 | Reisman Richard R. | Method and system for distributing updates |
US6405369B1 (en) * | 1996-03-18 | 2002-06-11 | News Datacom Limited | Smart card chaining in pay television systems |
US6424947B1 (en) * | 1997-09-29 | 2002-07-23 | Nds Limited | Distributed IRD system |
US6424717B1 (en) * | 1995-04-03 | 2002-07-23 | Scientific-Atlanta, Inc. | Encryption devices for use in a conditional access system |
US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
US20020127423A1 (en) * | 1999-07-07 | 2002-09-12 | Georges Kayanakis | Contactless access ticket and method for making same |
US6516052B2 (en) * | 1997-07-04 | 2003-02-04 | British Telecommunications Public Limited Company | Method of scheduling connections |
US6516413B1 (en) * | 1998-02-05 | 2003-02-04 | Fuji Xerox Co., Ltd. | Apparatus and method for user authentication |
US6523745B1 (en) * | 1997-08-05 | 2003-02-25 | Enix Corporation | Electronic transaction system including a fingerprint identification encoding |
US20030097567A1 (en) * | 1997-08-05 | 2003-05-22 | Taro Terao | Device and method for authenticating user's access rights to resources |
US20040003251A1 (en) * | 2002-06-28 | 2004-01-01 | Attilla Narin | Domain-based trust models for rights management of content |
US20040039916A1 (en) * | 2002-05-10 | 2004-02-26 | David Aldis | System and method for multi-tiered license management and distribution using networked clearinghouses |
US20040052370A1 (en) * | 1992-01-08 | 2004-03-18 | Katznelson Ron D. | Multichannel quadrature modulation |
US20040172552A1 (en) * | 1999-12-15 | 2004-09-02 | Boyles Stephen L. | Smart card controlled internet access |
US6796555B1 (en) * | 1999-07-19 | 2004-09-28 | Lucent Technologies Inc. | Centralized video controller for controlling distribution of video signals |
US6801900B1 (en) * | 1999-12-22 | 2004-10-05 | Samuel H. Lloyd | System and method for online dispute resolution |
US20050081037A1 (en) * | 2003-10-10 | 2005-04-14 | Yoko Kumagai | Method and apparatus for accelerating public-key certificate validation |
-
2004
- 2004-11-12 US US10/986,308 patent/US20060107326A1/en not_active Abandoned
-
2014
- 2014-03-24 US US14/223,948 patent/US8904545B2/en not_active Expired - Fee Related
- 2014-10-30 US US14/529,085 patent/US20150058230A1/en not_active Abandoned
Patent Citations (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4200700A (en) * | 1977-05-13 | 1980-04-29 | Idc Chemie Ag | Method of after-foaming a mixture of a foam and a resin solution |
US4159468A (en) * | 1977-11-17 | 1979-06-26 | Burroughs Corporation | Communications line authentication device |
US4361851A (en) * | 1980-01-04 | 1982-11-30 | Asip William F | System for remote monitoring and data transmission over non-dedicated telephone lines |
US4429385A (en) * | 1981-12-31 | 1984-01-31 | American Newspaper Publishers Association | Method and apparatus for digital serial scanning with hierarchical and relational access |
US4736422A (en) * | 1983-06-30 | 1988-04-05 | Independent Broadcasting Authority | Encrypted broadcast television system |
US4740890A (en) * | 1983-12-22 | 1988-04-26 | Software Concepts, Inc. | Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media |
US4621321A (en) * | 1984-02-16 | 1986-11-04 | Honeywell Inc. | Secure data processing system architecture |
US4816655A (en) * | 1985-12-11 | 1989-03-28 | Centre D'etude De L'energie Nucleaire, "C.E.N." | Method and apparatus for checking the authenticity of individual-linked documents and the identity of the holders thereof |
US5014234A (en) * | 1986-08-25 | 1991-05-07 | Ncr Corporation | System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software |
US4796220A (en) * | 1986-12-15 | 1989-01-03 | Pride Software Development Corp. | Method of controlling the copying of software |
US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
US4937863A (en) * | 1988-03-07 | 1990-06-26 | Digital Equipment Corporation | Software licensing management system |
US5247575A (en) * | 1988-08-16 | 1993-09-21 | Sprague Peter J | Information distribution system |
US4953209A (en) * | 1988-10-31 | 1990-08-28 | International Business Machines Corp. | Self-verifying receipt and acceptance system for electronically delivered data objects |
US5129083A (en) * | 1989-06-29 | 1992-07-07 | Digital Equipment Corporation | Conditional object creating system having different object pointers for accessing a set of data structure objects |
US5138712A (en) * | 1989-10-02 | 1992-08-11 | Sun Microsystems, Inc. | Apparatus and method for licensing software on a network of computers |
US5335275A (en) * | 1990-03-05 | 1994-08-02 | Dce Voice Processing Limited | Television scrambler |
US5291596A (en) * | 1990-10-10 | 1994-03-01 | Fuji Xerox Co., Ltd. | Data management method and system with management table indicating right of use |
US5745879A (en) * | 1991-05-08 | 1998-04-28 | Digital Equipment Corporation | Method and system for managing execution of licensed programs |
US5204897A (en) * | 1991-06-28 | 1993-04-20 | Digital Equipment Corporation | Management interface for license management system |
US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
US5276444A (en) * | 1991-09-23 | 1994-01-04 | At&T Bell Laboratories | Centralized security control system |
US5453601A (en) * | 1991-11-15 | 1995-09-26 | Citibank, N.A. | Electronic-monetary system |
US20040052370A1 (en) * | 1992-01-08 | 2004-03-18 | Katznelson Ron D. | Multichannel quadrature modulation |
US5287408A (en) * | 1992-08-31 | 1994-02-15 | Autodesk, Inc. | Apparatus and method for serializing and validating copies of computer software |
US5293422A (en) * | 1992-09-23 | 1994-03-08 | Dynatek, Inc. | Usage control system for computer software |
US5619570A (en) * | 1992-10-16 | 1997-04-08 | Sony Corporation | Information furnishing and collection system |
US5414852A (en) * | 1992-10-30 | 1995-05-09 | International Business Machines Corporation | Method for protecting data in a computer system |
US5337357A (en) * | 1993-06-17 | 1994-08-09 | Software Security, Inc. | Method of software distribution protection |
US5386369A (en) * | 1993-07-12 | 1995-01-31 | Globetrotter Software Inc. | License metering system for software applications |
US6135646A (en) * | 1993-10-22 | 2000-10-24 | Corporation For National Research Initiatives | System for uniquely and persistently identifying, managing, and tracking digital objects |
US5625690A (en) * | 1993-11-15 | 1997-04-29 | Lucent Technologies Inc. | Software pay per use system |
US5638513A (en) * | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5504816A (en) * | 1994-02-02 | 1996-04-02 | Gi Corporation | Method and apparatus for controlling access to digital signals |
US5553143A (en) * | 1994-02-04 | 1996-09-03 | Novell, Inc. | Method and apparatus for electronic licensing |
US5787172A (en) * | 1994-02-24 | 1998-07-28 | The Merdan Group, Inc. | Apparatus and method for establishing a cryptographic link between elements of a system |
US6047067A (en) * | 1994-04-28 | 2000-04-04 | Citibank, N.A. | Electronic-monetary system |
US5636346A (en) * | 1994-05-09 | 1997-06-03 | The Electronic Address, Inc. | Method and system for selectively targeting advertisements and programming |
US5564038A (en) * | 1994-05-20 | 1996-10-08 | International Business Machines Corporation | Method and apparatus for providing a trial period for a software license product using a date stamp and designated test period |
US20020069282A1 (en) * | 1994-05-31 | 2002-06-06 | Reisman Richard R. | Method and system for distributing updates |
US5557678A (en) * | 1994-07-18 | 1996-09-17 | Bell Atlantic Network Services, Inc. | System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
US6189037B1 (en) * | 1994-09-30 | 2001-02-13 | Intel Corporation | Broadband data interface |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US20020001387A1 (en) * | 1994-11-14 | 2002-01-03 | Dillon Douglas M. | Deferred billing, broadcast, electronic document distribution system and method |
US5715403A (en) * | 1994-11-23 | 1998-02-03 | Xerox Corporation | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar |
US5638443A (en) * | 1994-11-23 | 1997-06-10 | Xerox Corporation | System for controlling the distribution and use of composite digital works |
US6236971B1 (en) * | 1994-11-23 | 2001-05-22 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
US5629980A (en) * | 1994-11-23 | 1997-05-13 | Xerox Corporation | System for controlling the distribution and use of digital works |
US5737494A (en) * | 1994-12-08 | 1998-04-07 | Tech-Metrics International, Inc. | Assessment methods and apparatus for an organizational process or system |
US5485577A (en) * | 1994-12-16 | 1996-01-16 | General Instrument Corporation Of Delaware | Method and apparatus for incremental delivery of access rights |
US5917912A (en) * | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US6185683B1 (en) * | 1995-02-13 | 2001-02-06 | Intertrust Technologies Corp. | Trusted and secure techniques, systems and methods for item delivery and execution |
US5915019A (en) * | 1995-02-13 | 1999-06-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5530235A (en) * | 1995-02-16 | 1996-06-25 | Xerox Corporation | Interactive contents revealing storage device |
US6424717B1 (en) * | 1995-04-03 | 2002-07-23 | Scientific-Atlanta, Inc. | Encryption devices for use in a conditional access system |
US20020044658A1 (en) * | 1995-04-03 | 2002-04-18 | Wasilewski Anthony J. | Conditional access system |
US5790677A (en) * | 1995-06-29 | 1998-08-04 | Microsoft Corporation | System and method for secure electronic commerce transactions |
US20010014206A1 (en) * | 1995-07-13 | 2001-08-16 | Max Artigalas | Method and device for recording and reading on a large-capacity medium |
US5764807A (en) * | 1995-09-14 | 1998-06-09 | Primacomp, Inc. | Data compression using set partitioning in hierarchical trees |
US5765152A (en) * | 1995-10-13 | 1998-06-09 | Trustees Of Dartmouth College | System and method for managing copyrighted electronic media |
US5825876A (en) * | 1995-12-04 | 1998-10-20 | Northern Telecom | Time based availability to content of a storage medium |
US5708709A (en) * | 1995-12-08 | 1998-01-13 | Sun Microsystems, Inc. | System and method for managing try-and-buy usage of application programs |
US5933498A (en) * | 1996-01-11 | 1999-08-03 | Mrj, Inc. | System for controlling access and distribution of digital property |
US6405369B1 (en) * | 1996-03-18 | 2002-06-11 | News Datacom Limited | Smart card chaining in pay television systems |
US6307939B1 (en) * | 1996-08-20 | 2001-10-23 | France Telecom | Method and equipment for allocating to a television program, which is already conditionally accessed, a complementary conditional access |
US5812664A (en) * | 1996-09-06 | 1998-09-22 | Pitney Bowes Inc. | Key distribution system |
US5825879A (en) * | 1996-09-30 | 1998-10-20 | Intel Corporation | System and method for copy-protecting distributed video content |
US6209092B1 (en) * | 1997-01-27 | 2001-03-27 | U.S. Philips Corporation | Method and system for transferring content information and supplemental information relating thereto |
US6020882A (en) * | 1997-02-15 | 2000-02-01 | U.S. Philips Corporation | Television access control system |
US6073234A (en) * | 1997-05-07 | 2000-06-06 | Fuji Xerox Co., Ltd. | Device for authenticating user's access rights to resources and method |
US20010011276A1 (en) * | 1997-05-07 | 2001-08-02 | Robert T. Durst Jr. | Scanner enhanced remote control unit and system for automatically linking to on-line resources |
US6112239A (en) * | 1997-06-18 | 2000-08-29 | Intervu, Inc | System and method for server-side optimization of data delivery on a distributed computer network |
US6516052B2 (en) * | 1997-07-04 | 2003-02-04 | British Telecommunications Public Limited Company | Method of scheduling connections |
US6353888B1 (en) * | 1997-07-07 | 2002-03-05 | Fuji Xerox Co., Ltd. | Access rights authentication apparatus |
US6523745B1 (en) * | 1997-08-05 | 2003-02-25 | Enix Corporation | Electronic transaction system including a fingerprint identification encoding |
US20010009026A1 (en) * | 1997-08-05 | 2001-07-19 | Fuji Xerox Co., Ltd. | Device and method for authenticating user's access rights to resources |
US20030097567A1 (en) * | 1997-08-05 | 2003-05-22 | Taro Terao | Device and method for authenticating user's access rights to resources |
US6091777A (en) * | 1997-09-18 | 2000-07-18 | Cubic Video Technologies, Inc. | Continuously adaptive digital video compression system and method for a web streamer |
US6424947B1 (en) * | 1997-09-29 | 2002-07-23 | Nds Limited | Distributed IRD system |
US6141754A (en) * | 1997-11-28 | 2000-10-31 | International Business Machines Corporation | Integrated method and system for controlling information access and distribution |
US6516413B1 (en) * | 1998-02-05 | 2003-02-04 | Fuji Xerox Co., Ltd. | Apparatus and method for user authentication |
US6134550A (en) * | 1998-03-18 | 2000-10-17 | Entrust Technologies Limited | Method and apparatus for use in determining validity of a certificate in a communication system employing trusted paths |
US6189146B1 (en) * | 1998-03-18 | 2001-02-13 | Microsoft Corporation | System and method for software licensing |
US6216112B1 (en) * | 1998-05-27 | 2001-04-10 | William H. Fuller | Method for software distribution and compensation with replenishable advertisements |
US6219652B1 (en) * | 1998-06-01 | 2001-04-17 | Novell, Inc. | Network license authentication |
US6169976B1 (en) * | 1998-07-02 | 2001-01-02 | Encommerce, Inc. | Method and apparatus for regulating the use of licensed products |
US6397333B1 (en) * | 1998-10-07 | 2002-05-28 | Infineon Technologies Ag | Copy protection system and method |
US20020127423A1 (en) * | 1999-07-07 | 2002-09-12 | Georges Kayanakis | Contactless access ticket and method for making same |
US6796555B1 (en) * | 1999-07-19 | 2004-09-28 | Lucent Technologies Inc. | Centralized video controller for controlling distribution of video signals |
US20020056118A1 (en) * | 1999-08-27 | 2002-05-09 | Hunter Charles Eric | Video and music distribution system |
US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
US6401211B1 (en) * | 1999-10-19 | 2002-06-04 | Microsoft Corporation | System and method of user logon in combination with user authentication for network access |
US20040172552A1 (en) * | 1999-12-15 | 2004-09-02 | Boyles Stephen L. | Smart card controlled internet access |
US6801900B1 (en) * | 1999-12-22 | 2004-10-05 | Samuel H. Lloyd | System and method for online dispute resolution |
US20020046340A1 (en) * | 2000-08-30 | 2002-04-18 | Takahiro Fujishiro | Certificate validity authentication method and apparatus |
US20020035618A1 (en) * | 2000-09-20 | 2002-03-21 | Mendez Daniel J. | System and method for transmitting workspace elements across a network |
US20040039916A1 (en) * | 2002-05-10 | 2004-02-26 | David Aldis | System and method for multi-tiered license management and distribution using networked clearinghouses |
US20040003251A1 (en) * | 2002-06-28 | 2004-01-01 | Attilla Narin | Domain-based trust models for rights management of content |
US20050081037A1 (en) * | 2003-10-10 | 2005-04-14 | Yoko Kumagai | Method and apparatus for accelerating public-key certificate validation |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9177116B2 (en) * | 2002-08-23 | 2015-11-03 | Sandisk Technologies Inc. | Protection of digital data content |
US20100095383A1 (en) * | 2002-08-23 | 2010-04-15 | Gidon Elazar | Protection of Digital Data Content |
US8156560B2 (en) * | 2004-12-30 | 2012-04-10 | General Instrument Corporation | Method and apparatus for providing a border guard between security domains |
US20060150252A1 (en) * | 2004-12-30 | 2006-07-06 | General Instruments Corporation | Method and apparatus for providing a border guard between security domains |
US20070083934A1 (en) * | 2005-10-07 | 2007-04-12 | Mcardle James M | Control of document content having extraction permissives |
US7818810B2 (en) * | 2005-10-07 | 2010-10-19 | International Business Machines Corporation | Control of document content having extraction permissives |
WO2008140170A1 (en) * | 2007-05-11 | 2008-11-20 | Samsung Electronics Co., Ltd. | Method and apparatus for converting a license |
US20080282317A1 (en) * | 2007-05-11 | 2008-11-13 | Samsung Electronics Co., Ltd. | Method and apparatus for converting a license |
US20110004671A1 (en) * | 2007-09-07 | 2011-01-06 | Ryan Steelberg | System and Method for Secure Delivery of Creatives |
US20110047625A1 (en) * | 2007-09-07 | 2011-02-24 | Ryan Steelberg | System and method for secure sharing of creatives |
US20100312711A1 (en) * | 2007-09-07 | 2010-12-09 | Ryan Steelberg | System And Method For On-Demand Delivery Of Audio Content For Use With Entertainment Creatives |
US9886814B2 (en) * | 2007-09-07 | 2018-02-06 | Veritone, Inc. | System and method for secure sharing of creatives |
US20130227706A1 (en) * | 2012-02-29 | 2013-08-29 | Beijing Founder Apabi Technology Ltd. | Method, apparatus and system for controlling read rights of digital contents |
US20140052647A1 (en) * | 2012-08-17 | 2014-02-20 | Truth Seal Corporation | System and Method for Promoting Truth in Public Discourse |
US10657269B2 (en) | 2017-03-17 | 2020-05-19 | Fuji Xerox Co., Ltd. | Management apparatus and document management system |
Also Published As
Publication number | Publication date |
---|---|
US20140289871A1 (en) | 2014-09-25 |
US8904545B2 (en) | 2014-12-02 |
US20150058230A1 (en) | 2015-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8904545B2 (en) | Method, system, and device for verifying authorized issuance of a rights expression | |
US8719171B2 (en) | Issuing a publisher use license off-line in a digital rights management (DRM) system | |
KR101143228B1 (en) | Enrolling/sub-enrolling a digital rights management drm server into a dram architecture | |
JP5357292B2 (en) | System and method for digital rights management engine | |
US7162633B2 (en) | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights | |
Michiels et al. | Towards a software architecture for DRM | |
KR101197665B1 (en) | Method, system, and device for verifying authorized issuance of a rights expression | |
JP5296120B2 (en) | Method and apparatus for determining rights expression chain | |
KR20070086059A (en) | Method, system, and device for verifying authorized issuance of a rights expression | |
Arnab et al. | Specifications for a Componetised Digital Rights Management (DRM) Framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CONTENTGUARD HOLDINGS, INC., DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DEMARTINI, THOMAS;GILLIAM, CHARLES P.;CHEN, EDDIE J.;REEL/FRAME:016398/0478;SIGNING DATES FROM 20050228 TO 20050301 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |