US20060107326A1 - Method, system, and device for verifying authorized issuance of a rights expression - Google Patents

Method, system, and device for verifying authorized issuance of a rights expression Download PDF

Info

Publication number
US20060107326A1
US20060107326A1 US10/986,308 US98630804A US2006107326A1 US 20060107326 A1 US20060107326 A1 US 20060107326A1 US 98630804 A US98630804 A US 98630804A US 2006107326 A1 US2006107326 A1 US 2006107326A1
Authority
US
United States
Prior art keywords
statement
issuance
expression
trusted
trusted issuance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/986,308
Inventor
Thomas DeMartini
Charles Gilliam
Eddie Chen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Contentguard Holdings Inc
Original Assignee
Contentguard Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Contentguard Holdings Inc filed Critical Contentguard Holdings Inc
Priority to US10/986,308 priority Critical patent/US20060107326A1/en
Assigned to CONTENTGUARD HOLDINGS, INC. reassignment CONTENTGUARD HOLDINGS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GILLIAM, CHARLES P., CHEN, EDDIE J., DEMARTINI, THOMAS
Publication of US20060107326A1 publication Critical patent/US20060107326A1/en
Priority to US14/223,948 priority patent/US8904545B2/en
Priority to US14/529,085 priority patent/US20150058230A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • G06Q50/184Intellectual property management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key

Definitions

  • the present invention generally relates to the field of processing statements and expressions, including rights expressions, and more particularly to a method, system, and device for determining authorization of rights expressions with respect to a trust root.
  • the digital age has greatly increased concerns and capabilities about ownership, access, and control of copyrighted information, restricted services and valuable resources, as well as electronic communications through e-mail, by way of the internet and other means, and electronic transactions, such as electronic or automated purchase and sale of goods and services.
  • Rapid evolution and wide deployment has occurred for computers, and other electronic devices, such as cellular phones, pagers, PDAs, pocket PCs, music players, and e-book readers, and these devices are interconnected through communication links, including the Internet, intranets, and other networks. These interconnected devices are especially conducive to publication of content, offering of services, and availability of resources electronically.
  • One of the difficulties facing the widespread distribution of digital works e.g., documents or other content in forms readable by computers
  • digital works e.g., documents or other content in forms readable by computers
  • electronic means e.g., documents or other content in forms readable by computers
  • the Internet in particular
  • One of the difficulties facing digital commerce is the ability to securely and effectively process electronic transactions and, in particular, to do so in accordance with the requirements of the parties involved in the transaction.
  • IPRM Intelligent Property Rights Management
  • DPRM Digital Property Rights Management
  • IPM Intelligent Property Management
  • RM Remote Lights Management
  • ECM Electronic Copyright Management
  • DRM Digital Rights Management
  • Certificate languages such as X.509 and SPKI, allow only relatively simple conditions, primarily validity time intervals, in each certificate. Accordingly, the most common certificate chain verification algorithms for these languages (e.g., Internet Engineering Task Force (IETF) RFC 2459, and RFC 2693, respectively) are relatively straight-forward to execute.
  • IETF Internet Engineering Task Force
  • scope e.g., limit
  • each agent's certification to issue rights expressions to apply only to the assets it owns or controls. Determining the correct scope for each certificate takes some work, but is doable.
  • the expression of such scoping can be accomplished using, for example, techniques described in U.S. patent application Ser. No. 10/162,701 to Xin, et al., entitled “METHOD AND APPARATUS MANAGING THE TRANSFER OF RIGHTS” and U.S. patent application Ser. No.
  • the technology includes approaches (other than innate or hard-coded) for verifying the authorized issuance of a rights expression, such as 1) unscoped certificates with the issuance of rights expressions requiring knowing the content encryption key, and 2) scoped certificates.
  • a person should be able to trade any rights in any territory or field for any digital work or service.
  • a person should be able to trade rights to a suite of web services or to view in the United States all current and future publications of a particular publisher on a particular topic.
  • requiring knowledge of the appropriate content encryption key for each trade becomes limiting, because there is not a clear mapping from a rights expression to a single asset being traded.
  • the scoped certificates approach is advantageous because it does not limit the issuing of potentially overbroad rights expressions and instead limits the certificates' effect, as part of the chain verification algorithm.
  • a scoped certificate might say that agent Publisher 1 may issue rights expressions pertaining to paperback Book 1.
  • Publisher 1 might actually issue a rights expression to agent Consumer 1, allowing Consumer 1 to view any paperback book.
  • Consumer 1 only will be able to view paperback Book 1.
  • another scoped certificate is later added that says that Publisher 1 may also issue rights expressions pertaining to paperback Book 2
  • Consumer 1 will be able to view both paperback Book 1 and paperback Book 2 (since Publisher 1 said Consumer 1 could view any paperback book and since Publisher 1's issuing ability is scoped to paperback Book 1 and paperback Book 2).
  • the information about the number of rights expressions the reader has so far issued is stored in the rights expression that the friend receives. Assuming the friend has access to this information somehow, the friend still has to validate the “at most two rights expressions” condition using the information. However, this means that the friend has to understand what the condition means. In some situations, the friend may be using outdated software or hardware, and may not be able to support all the latest conditions being used by the author and the reader. This means that the author and reader cannot upgrade the conditions they use, unless the friend also updates the conditions it can understand.
  • One solution to this is to store the information about satisfaction of conditions in a way that the friend can process that information, without having detailed knowledge of the condition (e.g., by comparing the names of satisfied conditions with the names of conditions that need to be satisfied).
  • the friend has access to the information about and names of the conditions under which the reader can issue rights expressions, because in some situations it is not desirable to share the information, such as where the information is considered confidential. For example, if there is a fee associated with the reader giving his friend a rights expression as a gift, the reader may not wish his friend to know the price of the gift.
  • the condition information might be encrypted so that the friend cannot discern it, but the friend's software or hardware can process it. This extra encryption, however, also complicates the system design to some degree. In situations where knowledge of the details of the conditions is more sensitive than the actual assets themselves, the cost of the encryption needed on the conditions could be disproportionate to the asset's value.
  • a method, system, and device for verifying authorized issuance of a statement or expression including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
  • FIG. 1 shows a rights derivation scenario with a trust root, six derived rights expressions, and two statements of trusted issuance;
  • FIG. 2 shows a rights derivation scenario with a trust root, two derived rights expressions, a derived statement or expression, and a statement of trusted issuance;
  • FIG. 3 shows a procedure using statements of trusted issuance for verifying the authorized issuance of a rights expression
  • FIG. 4 shows an alternative configuration of rights expressions and statements of trusted issuance from that shown in FIG. 1 ;
  • FIG. 5 shows alternative contents of a statement of trusted issuance from that shown in FIG. 1 ;
  • FIG. 6 shows an exemplary issuance chain verification signal
  • FIG. 7 shows an exemplary system for verifying authorized issuance of a rights expression.
  • the exemplary embodiments include a statement of trusted issuance, which is a statement including a claim that an issuance was authorized according to some trust root or rights expression.
  • a statement of trusted issuance can be issued by an agent who is able to verify a statement or expression, including rights expression, and including a statement or expression chain (or a part of a chain) and can be relied on by other agents who might be unable or less able to perform such verification.
  • FIG. 1 shows a trust root 101 , and six rights expressions, 103 , 105 , 107 , 109 , 111 , and 113 .
  • the rights expression 103 is derived from the trust root 101 , and is issued by agent A to agent B. No statement of trusted issuance is included in the rights expression 103 .
  • the rights expression 105 is derived from the rights expression 103 , and is issued by agent B to agent C. No statement of trusted issuance is included in the rights expression 105 .
  • the rights expression 107 is derived from the rights expression 105 , and is issued by agent C to agent D.
  • the rights expression 107 includes a statement of trusted issuance 115 rooted with agent A.
  • the statement of trusted issuance 115 can be used in conjunction with rights expression 117 to verify that rights expression 107 was issued correctly with respect to the trust root 101 , without tracing through rights expressions 105 and 103 , if agent Z is considered to be trusted.
  • the exemplary embodiment of FIG. 1 as well as the other exemplary embodiments, also applies to statements or expressions, other than rights expressions.
  • Agent A in statement of trusted issuance 115 , is represented in the exemplary XML representation using RSA public key information.
  • the issuer field in statement of trusted issuance 115 is omitted from the exemplary XML representation, because it is to be inherited from the rights expression, which includes the statement of trusted issuance.
  • the exemplary embodiments include subsequent derivative statements or expressions, including rights expressions.
  • the rights expression 109 is derived from the rights expression 107 , and is issued by agent D to agent E. Because rights expression 109 has no statement of trusted issuance, when using rights expression 109 , the conditions of the derivation of rights expression 109 from rights expression 107 must be re-verified to establish the authorized issuance of rights expression 109 . Further verification of the conditions of the derivation of rights expression 107 from rights expression 105 is not needed, because rights expression 107 includes statement of trusted issuance 115 that can be utilized, as previously described, when agent Z is considered to be trusted by agent E.
  • agent E can include, for example, the statement of trusted issuance 119 rooted with agent A inside rights expression 111 .
  • agent F uses rights expression 111 to, for example, play a media file or derive another rights expression 113
  • the statement of trusted issuance 119 can be used in conjunction with rights expression 121 to verify that rights expression 111 was issued correctly with respect to the trust root 101 , without tracing through rights expressions 109 , 107 , 105 , and 103 .
  • FIG. 2 shows a rights derivation scenario similar to the one shown in FIG. 1 , except that rights expression 107 is replaced with statement or expression 207 , which is not necessarily a rights expression.
  • Statement or expression 207 could be any statement or expression.
  • statement or expression 207 could express that Agent C claims that pigs flew yesterday, that pigs will fly tomorrow, that contractual obligations were fulfilled, that an entity is certified for certain qualification, such as retailer for branded goods or Microsoft certified engineer, or that a purchase was made.
  • Statement of trusted issuance 215 , and second rights expression 217 can be used to determine that the issuance by Agent C of statement or expression 207 was authorized, based on trust root 201 , in the same way that statement of trusted issuance 115 and second rights expression 117 were used to determine that the issuance by Agent C of rights expression 107 was authorized, based on trust root 101 .
  • FIG. 3 An exemplary procedure for verifying the authorized issuance of a statement or expression, such as a rights expression, is shown in FIG. 3 .
  • the process starts at step 301 , and at step 303 an attempt is made to find a statement or expression, including some desired claims, for example, when attempting to find a rights expression, such as usage rights to a media file. If no suitable statement or expression can be found (e.g., no rights are granted for that file or some conditions for the rights that have been granted are not met, such as time expired, fee not paid, too early to view) the process terminates in failure at step 305 . If, however, a suitable statement or expression is found, it is examined at step 307 .
  • step 309 if the statement or expression does not include a statement of trusted issuance, the process continues at step 311 , follows a sub-process to be described in more detail, and terminates in either success at step 313 or failure at step 305 or processing returns to step 307 . Specifically, if the issuer of the statement or expression matches the trust root at step 311 , the process terminates in success at step 313 . Otherwise, if the rights expression from which the examined statement or expression was derived (and for which all conditions were satisfied at the time of derivation) can be found (possibly with the help of additional entities) in step 315 , the process returns to step 307 using that new rights expression. Otherwise, the process terminates in failure at step 305 .
  • step 319 determines if the statement of trusted issuance matches the trust root. If so, step 321 determines if the statement of trusted issuance is authorized. This determination can be made by a variety of means, for example, by innate knowledge or by recursively employing the process shown in FIG. 3 . If step 321 determines the statement of trusted issuance is authorized, the process terminates in success at step 313 , advantageously, in many cases, either faster than it would have terminated in success at step 313 resulting from step 311 or more desirable than it would have terminated in failure at step 305 . If either of the determinations in steps 319 or 321 is negative, the process continues at step 311 .
  • FIG. 4 shows items 407 , 415 , and 417 representing an alternate configuration of items 107 , 115 , and 117 of FIG. 1 , respectively.
  • statement of trusted issuance 415 applying to rights expression 407 , does not appear inside rights expression 407 . Instead, some other means is used to link the two. While the issuers of rights expression 107 and statement of trusted issuance 115 are the same, the issuer of rights expression 407 is different from the issuer of statement of trusted issuance 415 .
  • rights expression 117 authorizing the issuance of statement of trusted issuance 115
  • rights expression 417 authorizing the issuance of statement of trusted issuance 415
  • the exemplary embodiments include other forms of configurations and variations, wherein the exemplary process shown in FIG. 3 still applies thereto.
  • statement of trusted issuance 515 includes an indication that authorized issuance has been verified through rights expression 503 .
  • agent D can use rights expression 507 and included statement of trusted issuance 515 , and second rights expression 517 to determine that the authorization to issue rights expression 507 traces back to rights expression 503 .
  • Agent D then can continue the chain verification process independently to determine whether the issuance of rights expression 503 was authorized, based on trust root 501 .
  • DRM Digital Rights Management
  • the publisher A might issue a rights expression 103 to distributor B to distribute all of the publisher's paperback books in the United States and Canada.
  • Distributor B then may issue a rights expression 105 to retailer C to retail paperbacks from that publisher in the United States and Canada for a publisher price of $2 each.
  • retailer C then may issue a rights expression 107 to consumer D to read a paperback Book 1.
  • retailer C When retailer C issues rights expression 107 , retailer C checks the rights expression chain to verify that all conditions on all parties have been fulfilled, including that distributor B distributed paperbacks, that distributor B distributed them within the United States and Canada, and that $2 of the $5 the consumer paid went to publisher A. Because retailer C has verified the authorized issuance of rights expression 107 , based on publisher A as the trust root, retailer C inserts statement of trusted issuance 115 into rights expression 107 on issuance.
  • Consumer D now is able to determine if he is permitted to play paperback Book 1, by looking at just a few rights expressions, including one that says that publisher A is the trust root for Book 1, rights expression 107 that says that retailer C says consumer D may play paperback Book 1 and includes a statement of trusted issuance rooted with publisher A, and rights expression 117 that says that retailer C can issue statements of trusted issuance rooted with publisher A.
  • consumer D may know that the distribution occurred in the United States in paperback form, consumer D is not required to have access to any information about where the distribution occurred, in what form, how much of his money was paid to the publisher or the like. Moreover, consumer D does not have to know what the actual possibilities and conditions of distribution were (e.g., that the book could also have been distributed in Canada, but that hardback books could not have been distributed and that $2 must have been paid to the publisher).
  • consumer D does not have to know such details, it is also possible for publisher A, distributor B, and retailer C to change their software or hardware to support additional creative conditions without impacting or having to worry about the impact on consumer D. Since consumer D does not have to have access to rights expression 103 or 105 , it is also not necessary to incur the expense of encrypting or otherwise protecting these rights expressions or making sure that consumer D has secure software or hardware to decrypt and access the rights expressions.
  • the task of verifying the authorized issuance of a rights expression with respect to a trust root becomes much more straightforward for consumer D.
  • the trust root may restrict the right to issue a statement of trusted issuance to certain agents or agents meeting certain criteria, including, for example, criteria of trustworthiness.
  • an agent may decline to rely on a statement of trusted issuance issued by another. The decision whether to rely on a statement may be based on some criteria or the agent may decide not to rely on such statements generally.
  • agents may be prohibited from relying on a statement of trusted issuance issued by certain other agents.
  • agents would have the option of relying on a statement of trusted issuance or could “bypass” the statement, and verify all or part of a rights expression chain.
  • agents may be required to rely on a statement of trusted issuance, wherein an agent would not be allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
  • the exemplary embodiments also can be used for the authorization determination of other statements or expressions.
  • a proof of purchase certificate must be presented in order to service goods manufactured by A.
  • D can issue a proof of purchase.
  • its authorization needs to be traced back from C to B to A.
  • the proof of purchase certificate issued by D includes a statement of trusted issuance rooted with manufacturer A, as described with respect to the exemplary embodiments, the verification of the authorization for this proof of purchase certificate can be simplified and expedited.
  • the exemplary embodiments can include a language for statements of trusted issuance (also called an issuance chain verification signal language), which could be compatible with the ISO MPEG REL.
  • a language for statements of trusted issuance also called an issuance chain verification signal language
  • terminology can be as used in the ISO MPEG REL.
  • Clause 3 (Terms, definitions, symbols, and abbreviated terms) and Clause 4 (Namespaces and Conventions) from the ISO MPEG REL are incorporated by reference herein.
  • l be an r:License.
  • i be an sx:issuanceChainVerificationThrough that applies to l.
  • the number of i/sx:h children of i shall be equal to the number of l/r:grant and l/r:grantGroup children of l, and the semantics of i is that, for each k from 1 to the number of i/sx:h children of i, the permission to include the k th l/r:grant or l/r:grantGroup in l has been verified with respect to each of the trust roots identified by an r:trustRoot child of the k th i/sx:h child of i.
  • dsig:Signature shall not exclude i from the scope of the signature (note that by default i will be included in any signature over the License that uses the enveloped signature transform or license transform).
  • the URI urn:standards-organization:2004:icvs (for use with sx:propertyUri) defines a property for certifying that a Principal's issuance chain verification signals are to be trusted.
  • p be an r:Principal.
  • l be an r:License including an l/r:otherInfo/sx:issuanceChainVerificationThrough i.
  • the Principal identified by p shall verify, for each k from 1 to the number of i/sx:h children of i, for each j from 1 to the number of i/sx:h/r:trustRoot children of the k th i/sx:h child of i, that there is an authorization proof for the authorization request (p, r:issue, h, v, S, L, R) where h is the k th l/r:grant or l/r:grantGroup in l, R is the j th i/sx:h/r:trustRoot child of the k th i/sx:h child of i, and v, S, and L are chosen accurately.
  • a conventional rights interpreter attempting to verify if some Principal identified by an r:Principal p was permitted to include some r:Grant or r:GrantGroup h in a License he issued could potentially encounter some difficulties: the Licenses permitting that inclusion (for instance, those including an r:issue element) or the historical circumstances of that inclusion (for instance, any fees that were paid or counts that were consumed) might not be available to the rights interpreter.
  • the issuance chain verification signal interpreter can instead:
  • FIG. 7 shows an exemplary system 700 for verifying authorized issuance of a rights expression in accordance with the exemplary embodiments of FIGS. 1-6 .
  • the exemplary system 700 can include one or more devices 702 - 708 , a content server 710 , and content database 712 , coupled together via a communications network 714 .
  • the above-described devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments of FIGS. 1-7 .
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices.
  • One or more interface mechanisms can be used with the exemplary embodiments of FIGS. 1-7 , including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like.
  • the communications network 714 can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.
  • PSTNs Public Switched Telephone Network
  • PDNs Packet Data Networks
  • the Internet intranets, a combination thereof, and the like.
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-7 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s).
  • the functionality of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented via one or more programmed computer systems or devices.
  • a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
  • two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
  • principles and advantages of distributed processing such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 .
  • One or more databases of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store the information used to implement the exemplary embodiments of the present invention.
  • the databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein.
  • the processes described with respect to the exemplary embodiments of FIGS. 1-7 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 in one or more databases thereof.
  • All or a portion of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, microcontrollers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments of FIGS.
  • the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of FIGS. 1-7 , for driving the devices and subsystems of the exemplary embodiments of FIGS. 1-7 , for enabling the devices and subsystems of the exemplary embodiments of FIGS. 1-7 to interact with a human user, and the like.
  • Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like.
  • Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention.
  • Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like.
  • interpretable programs including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like.
  • CORBA Common Object Request Broker Architecture
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein.
  • Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like.
  • Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like.
  • Volatile media can include dynamic memories, and the like.
  • Transmission media can include coaxial cables, copper wire, fiber optics, and the like.
  • Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like.
  • RF radio frequency
  • IR infrared
  • Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave, or any other suitable medium from which a computer can read.
  • an AGENT can include an entity that can act, possibly on behalf of another entity and/or according to a set of rules (examples of agents are hardware devices, integrated circuits, firmware modules, software modules, software systems, humans, organizations, services, smart cards, and seeing-eye dogs).
  • An ASSET can include an entity, quality, event, state, concept, substance, or anything else referred to by a noun and possibly of some value (examples of assets are books, e-books, videos, services, web services, companies, security levels, domain names, e-mail addresses, football games, messages, and rights).
  • a CERTIFICATE can include a “rights expression”.
  • a CONDITION can include a limitation on some claim made in an expression or statement (examples are times of validity, territories of applicability, numbers of times the claim can be relied on, and situations in which the claim holds).
  • To ISSUE can include an act of making the claims in an expression or statement and standing behind those claims.
  • METARIGHTS can include rights with respect to other rights.
  • RIGHTS can include actions or attributes an agent is permitted to take possibly with respect to an asset or to other rights (examples of actions are walk and shutdown; examples of actions with respect to assets are consumption actions such as play and print, modification actions such as edit and append, distribution actions, such as copy and move, and service actions such as requestService and sendMessage; examples of actions with respect to other rights are issue and revoke; examples of attributes are name, address, color, securityLevel, employee, relative, friend, domain, graduate, and certifiedRepairFacility; examples of attributes with respect to assets are author and distributor; examples of attributes with respect to other rights are issuanceChainVerifier, certificateAuthority, and trustedIssuer).
  • RIGHTS DERIVATION can include issuing a statement or expression such as a rights expression whose issuance was permitted within another rights expression or a trust root (the issued statement or rights expression is called the derived statement or derived rights expression and it is said to be derived from the rights expression or trust root that permitted its issuance).
  • a RIGHTS EXPRESSION can include an expression including a claim that rights are granted (examples of rights expression languages include the ISO MPEG REL, the eXtensible rights Markup Language, the Contract Expression Language from the Content Reference Forum (see http://www.crforum.org/), the Open Digital Rights Language from IPRSystems, OMA DRM 2.0 Specification Rights Expression Language, the Security Assertion Markup Language from the Organization for the Advancement of Structured Information Standards (OASIS), the eXtensible Access Control Markup Language from OASIS, X.509, SPKI, the Rights Management and Protection Information from the TV Anytime Forum, and Copy Control Information bits).
  • To SIGN can include creating something that gives confidence that an expression or statement that a party issues actually is issued by said party.
  • a STATEMENT OF TRUSTED ISSUANCE can include a statement including a claim that an issuance was authorized according to some trust root or rights expression.
  • a TRUST ROOT can include an encapsulation of rights that are assumed to be authorized.
  • the exemplary embodiments are described in terms of use of a rights expression, and distribution and use of digital works, the exemplary embodiments are not restricted to rights expressions, and digital works. Accordingly, the benefits associated with not having to process all the data in a chain of data and the other advantages of the exemplary embodiments can apply to other kinds of computing applications.
  • the exemplary embodiments can be used in connection with other statements or expressions, which can benefit from an efficient method to determine authorization, such as proof of transaction, proof of purchase, proof of certification, proof of identity, proof of approval, statement of fact, business intent, business contract, rules, policies, and the like.

Abstract

A method, system, and device for verifying authorized issuance of a statement or expression, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention generally relates to the field of processing statements and expressions, including rights expressions, and more particularly to a method, system, and device for determining authorization of rights expressions with respect to a trust root.
  • 2. Discussion of the Background
  • The digital age has greatly increased concerns and capabilities about ownership, access, and control of copyrighted information, restricted services and valuable resources, as well as electronic communications through e-mail, by way of the internet and other means, and electronic transactions, such as electronic or automated purchase and sale of goods and services. Rapid evolution and wide deployment has occurred for computers, and other electronic devices, such as cellular phones, pagers, PDAs, pocket PCs, music players, and e-book readers, and these devices are interconnected through communication links, including the Internet, intranets, and other networks. These interconnected devices are especially conducive to publication of content, offering of services, and availability of resources electronically.
  • One of the difficulties facing the widespread distribution of digital works (e.g., documents or other content in forms readable by computers), via electronic means, and the Internet in particular, is the enforceability of the intellectual property rights of content owners during the distribution and use of digital works. One of the difficulties facing digital commerce, including the distribution and use of goods and services, is the ability to securely and effectively process electronic transactions and, in particular, to do so in accordance with the requirements of the parties involved in the transaction.
  • Efforts to resolve these difficulties have been termed “Intellectual Property Rights Management” (“IPRM”), “Digital Property Rights Management” (“DPRM”), “Intellectual Property Management” (“IPM”), “Rights Management” (“RM”), and “Electronic Copyright Management” (“ECM”), collectively referred to as “Digital Rights Management (DRM)” herein. There are a number of issues to be considered in effecting a DRM System, such as authentication, authorization, accounting, payment and financial clearing, rights specification, rights verification, rights enforcement, and document protection. U.S. Pat. Nos. 5,530,235, 5,634,012, 5,715,403, 5,638,443, and 5,629,980, the disclosures of which are incorporated herein by reference, address such issues.
  • In a simple DRM system for managing the distribution and use of digital works, one agent issues a rights expression to another agent, which processes the rights expression, and recognizing the first agent as authorized, acts upon that rights expression. In this simple model, the recognition of the first agent by the second is innate or hard-coded. As a DRM system evolves, more and more agents wish to issue rights expressions and use the DRM system for their assets. With the addition of these new rights expression issuing agents, a solution other than innate or hard-coded recognition of agents issuing rights expressions becomes desirable.
  • One such approach is the use of certificates to certify agents issuing rights expressions. Such certificates then are used by other agents to recognize the certified agents. In this approach, one certified agent issues a rights expression to another agent, which then processes the rights expression, verifies the certificates associated with the first (certified) agent, treats the first (certified) agent as authorized, if it recognizes the trust root of the certificate chain, and then acts upon that rights expression. Certificate languages, such as X.509 and SPKI, allow only relatively simple conditions, primarily validity time intervals, in each certificate. Accordingly, the most common certificate chain verification algorithms for these languages (e.g., Internet Engineering Task Force (IETF) RFC 2459, and RFC 2693, respectively) are relatively straight-forward to execute.
  • As a DRM system continues to evolve and more and more agents become certified to issue rights expressions, eventually concerns may arise about one certified agent issuing rights expressions, either intentionally or accidentally, over another certified agent's assets, thus leading to the compromise of that asset. One approach that can be taken to address this concern is described in detail in the OMA DRM 2.0 Specifications issued by the Open Mobile Alliance, an industry consortium whose mission is to facilitate global user adoption of mobile data services. The OMA specifications involve requiring each certified agent to know the content encryption key for each asset for which it issues rights expressions.
  • Another approach is to scope (e.g., limit) each agent's certification to issue rights expressions to apply only to the assets it owns or controls. Determining the correct scope for each certificate takes some work, but is doable. The expression of such scoping can be accomplished using, for example, techniques described in U.S. patent application Ser. No. 10/162,701 to Xin, et al., entitled “METHOD AND APPARATUS MANAGING THE TRANSFER OF RIGHTS” and U.S. patent application Ser. No. 10/298,872 to Atkinson, et al., entitled “DIGITAL LICENSES THAT INCLUDE UNIVERSALLY QUANTIFIED VARIABLES,” and a rights expression language, such as ODRL, XrML or as adopted by the Moving Picture Experts Group (MPEG) as an international standard (ISO/IEC 21000-5) known as the ISO MPEG REL. Such an approach also can involve a more sophisticated chain verification algorithm to verify the scope in each certificate, for example, as described in U.S. patent application Ser. No. 10/856,865 to Lao, et al., entitled “NETWORKED SERVICES LICENSING SYSTEM AND METHOD,” although execution of such algorithm is still relatively straightforward, as long as the conditions in each certificate remain relatively simple.
  • At this stage of DRM evolution, the technology includes approaches (other than innate or hard-coded) for verifying the authorized issuance of a rights expression, such as 1) unscoped certificates with the issuance of rights expressions requiring knowing the content encryption key, and 2) scoped certificates.
  • As DRM business models continue to evolve, users should become more interested in the independent trade of rights (independent from the trade of the underlying assets). A person should be able to trade any rights in any territory or field for any digital work or service. For example, a person should be able to trade rights to a suite of web services or to view in the United States all current and future publications of a particular publisher on a particular topic. In such cases, requiring knowledge of the appropriate content encryption key for each trade becomes limiting, because there is not a clear mapping from a rights expression to a single asset being traded. In this respect, the scoped certificates approach is advantageous because it does not limit the issuing of potentially overbroad rights expressions and instead limits the certificates' effect, as part of the chain verification algorithm.
  • For example, a scoped certificate might say that agent Publisher 1 may issue rights expressions pertaining to paperback Book 1. Publisher 1 might actually issue a rights expression to agent Consumer 1, allowing Consumer 1 to view any paperback book. When these two rights expressions are put together and the chain verification algorithm is executed, Consumer 1 only will be able to view paperback Book 1. However, if another scoped certificate is later added that says that Publisher 1 may also issue rights expressions pertaining to paperback Book 2, then by putting all the rights expressions together, Consumer 1 will be able to view both paperback Book 1 and paperback Book 2 (since Publisher 1 said Consumer 1 could view any paperback book and since Publisher 1's issuing ability is scoped to paperback Book 1 and paperback Book 2).
  • As the business of trade in rights continues to expand, publishers may wish to engage retailers and other value-add providers in the rights expression chain between the publisher and the consumers. Moreover, publishers may wish to scope the rights-issuing capabilities of various retailers or other intermediaries in various ways, such as to certain territories or by requiring the payment of particular fees or by imposing other conditions on authorization to issue rights expressions. The types of conditions in the rights expressions that form the certificate chain can become very creative and complex, and the execution of the chain verification algorithm for such a chain becomes less straight-forward. Accordingly, there is a need to make the execution of this process more straight-forward, without sacrificing business model flexibility, technical features or security.
  • One of the potential difficulties in verifying a certificate chain, including creative conditions, is the information needed to execute the verification typically is not available. For example, consider a scenario including three agents, an author, a reader, and a friend. There is one rights expression that allows the author to issue rights expressions pertaining to his book. There is another rights expression from the author to the reader, allowing the reader to read the book, and issue up to two rights expressions, one each to two of his friends. There is a third rights expression from the reader to his friend, allowing his friend to view the book. When the friend wants to view the book, he will verify the certificate chain, including the rights expressions, and at some point will have to determine if the reader has satisfied the condition of issuing only up to two rights expressions. A problem thus arises if for any reason the information is not available (e.g., the reader might not have kept all required information or might have discontinued providing information in an accessible format). If, however, the reader does keep track of this information, he might not be available for contact by the friend. The reader also might have stored this information at some place that is available for contact, but that place may have a privacy policy or technology limitation, which prohibits or prevents it from sharing that information with the friend.
  • One possibility is that the information about the number of rights expressions the reader has so far issued is stored in the rights expression that the friend receives. Assuming the friend has access to this information somehow, the friend still has to validate the “at most two rights expressions” condition using the information. However, this means that the friend has to understand what the condition means. In some situations, the friend may be using outdated software or hardware, and may not be able to support all the latest conditions being used by the author and the reader. This means that the author and reader cannot upgrade the conditions they use, unless the friend also updates the conditions it can understand. One solution to this, is to store the information about satisfaction of conditions in a way that the friend can process that information, without having detailed knowledge of the condition (e.g., by comparing the names of satisfied conditions with the names of conditions that need to be satisfied).
  • However, there is a further issue where the friend has access to the information about and names of the conditions under which the reader can issue rights expressions, because in some situations it is not desirable to share the information, such as where the information is considered confidential. For example, if there is a fee associated with the reader giving his friend a rights expression as a gift, the reader may not wish his friend to know the price of the gift. To solve this concern, the condition information might be encrypted so that the friend cannot discern it, but the friend's software or hardware can process it. This extra encryption, however, also complicates the system design to some degree. In situations where knowledge of the details of the conditions is more sensitive than the actual assets themselves, the cost of the encryption needed on the conditions could be disproportionate to the asset's value.
  • SUMMARY OF THE INVENTION
  • Therefore, there is a need for a method and system that addresses the above and other problems, so as to enable the more advanced DRM features that users want, while maintaining security, and not incurring disproportionate costs or burdens in a rights expression chain verification algorithm. The above and other needs are addressed by the exemplary embodiments of the present invention, which provide a method, system, and device for use in connection with the use and distribution of digital works, restricted services, and valuable resources.
  • Accordingly, in exemplary aspects of the present invention, a method, system, and device for verifying authorized issuance of a statement or expression are provided, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
  • Still other aspects, features, and advantages of the present invention are readily apparent from the following detailed description, simply by illustrating a number of exemplary embodiments and implementations, including the best mode contemplated for carrying out the present invention. The present invention also is capable of other and different embodiments, and its several details can be modified in various respects, all without departing from the spirit and scope of the present invention. Accordingly, the drawings and descriptions are to be regarded as illustrative in nature, and not as restrictive.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
  • FIG. 1 shows a rights derivation scenario with a trust root, six derived rights expressions, and two statements of trusted issuance;
  • FIG. 2 shows a rights derivation scenario with a trust root, two derived rights expressions, a derived statement or expression, and a statement of trusted issuance;
  • FIG. 3 shows a procedure using statements of trusted issuance for verifying the authorized issuance of a rights expression;
  • FIG. 4 shows an alternative configuration of rights expressions and statements of trusted issuance from that shown in FIG. 1;
  • FIG. 5 shows alternative contents of a statement of trusted issuance from that shown in FIG. 1;
  • FIG. 6 shows an exemplary issuance chain verification signal; and
  • FIG. 7 shows an exemplary system for verifying authorized issuance of a rights expression.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The exemplary embodiments include a statement of trusted issuance, which is a statement including a claim that an issuance was authorized according to some trust root or rights expression. A statement of trusted issuance can be issued by an agent who is able to verify a statement or expression, including rights expression, and including a statement or expression chain (or a part of a chain) and can be relied on by other agents who might be unable or less able to perform such verification.
  • FIG. 1 shows a trust root 101, and six rights expressions, 103, 105, 107, 109, 111, and 113. The rights expression 103 is derived from the trust root 101, and is issued by agent A to agent B. No statement of trusted issuance is included in the rights expression 103. The rights expression 105 is derived from the rights expression 103, and is issued by agent B to agent C. No statement of trusted issuance is included in the rights expression 105. The rights expression 107 is derived from the rights expression 105, and is issued by agent C to agent D. The rights expression 107 includes a statement of trusted issuance 115 rooted with agent A. When using rights expression 107, the statement of trusted issuance 115 can be used in conjunction with rights expression 117 to verify that rights expression 107 was issued correctly with respect to the trust root 101, without tracing through rights expressions 105 and 103, if agent Z is considered to be trusted. The exemplary embodiment of FIG. 1, as well as the other exemplary embodiments, also applies to statements or expressions, other than rights expressions.
  • An exemplary XML representation of statement of trusted issuance 115 is further described herein. Agent A, in statement of trusted issuance 115, is represented in the exemplary XML representation using RSA public key information. The issuer field in statement of trusted issuance 115 is omitted from the exemplary XML representation, because it is to be inherited from the rights expression, which includes the statement of trusted issuance.
  • The exemplary embodiments include subsequent derivative statements or expressions, including rights expressions. For example, the rights expression 109 is derived from the rights expression 107, and is issued by agent D to agent E. Because rights expression 109 has no statement of trusted issuance, when using rights expression 109, the conditions of the derivation of rights expression 109 from rights expression 107 must be re-verified to establish the authorized issuance of rights expression 109. Further verification of the conditions of the derivation of rights expression 107 from rights expression 105 is not needed, because rights expression 107 includes statement of trusted issuance 115 that can be utilized, as previously described, when agent Z is considered to be trusted by agent E.
  • If another rights expression 111 is derived from rights expression 109, and agent E is authorized to make statements of trusted issuance, as represented in rights expression 121, agent E can include, for example, the statement of trusted issuance 119 rooted with agent A inside rights expression 111. When agent F uses rights expression 111 to, for example, play a media file or derive another rights expression 113, the statement of trusted issuance 119 can be used in conjunction with rights expression 121 to verify that rights expression 111 was issued correctly with respect to the trust root 101, without tracing through rights expressions 109, 107, 105, and 103.
  • FIG. 2 shows a rights derivation scenario similar to the one shown in FIG. 1, except that rights expression 107 is replaced with statement or expression 207, which is not necessarily a rights expression. Statement or expression 207 could be any statement or expression. For example, statement or expression 207 could express that Agent C claims that pigs flew yesterday, that pigs will fly tomorrow, that contractual obligations were fulfilled, that an entity is certified for certain qualification, such as retailer for branded goods or Microsoft certified engineer, or that a purchase was made. Statement of trusted issuance 215, and second rights expression 217 can be used to determine that the issuance by Agent C of statement or expression 207 was authorized, based on trust root 201, in the same way that statement of trusted issuance 115 and second rights expression 117 were used to determine that the issuance by Agent C of rights expression 107 was authorized, based on trust root 101.
  • An exemplary procedure for verifying the authorized issuance of a statement or expression, such as a rights expression, is shown in FIG. 3. The process starts at step 301, and at step 303 an attempt is made to find a statement or expression, including some desired claims, for example, when attempting to find a rights expression, such as usage rights to a media file. If no suitable statement or expression can be found (e.g., no rights are granted for that file or some conditions for the rights that have been granted are not met, such as time expired, fee not paid, too early to view) the process terminates in failure at step 305. If, however, a suitable statement or expression is found, it is examined at step 307. At step 309, if the statement or expression does not include a statement of trusted issuance, the process continues at step 311, follows a sub-process to be described in more detail, and terminates in either success at step 313 or failure at step 305 or processing returns to step 307. Specifically, if the issuer of the statement or expression matches the trust root at step 311, the process terminates in success at step 313. Otherwise, if the rights expression from which the examined statement or expression was derived (and for which all conditions were satisfied at the time of derivation) can be found (possibly with the help of additional entities) in step 315, the process returns to step 307 using that new rights expression. Otherwise, the process terminates in failure at step 305.
  • In the case that step 309 finds that the statement or expression includes a statement of trusted issuance, step 319 determines if the statement of trusted issuance matches the trust root. If so, step 321 determines if the statement of trusted issuance is authorized. This determination can be made by a variety of means, for example, by innate knowledge or by recursively employing the process shown in FIG. 3. If step 321 determines the statement of trusted issuance is authorized, the process terminates in success at step 313, advantageously, in many cases, either faster than it would have terminated in success at step 313 resulting from step 311 or more desirable than it would have terminated in failure at step 305. If either of the determinations in steps 319 or 321 is negative, the process continues at step 311.
  • FIG. 4 shows items 407, 415, and 417 representing an alternate configuration of items 107, 115, and 117 of FIG. 1, respectively. For example, statement of trusted issuance 415, applying to rights expression 407, does not appear inside rights expression 407. Instead, some other means is used to link the two. While the issuers of rights expression 107 and statement of trusted issuance 115 are the same, the issuer of rights expression 407 is different from the issuer of statement of trusted issuance 415. While rights expression 117, authorizing the issuance of statement of trusted issuance 115, is issued by a third party, rights expression 417, authorizing the issuance of statement of trusted issuance 415, is issued by the same agent through which the statement of trusted issuance claims issuance should be trusted. The exemplary embodiments include other forms of configurations and variations, wherein the exemplary process shown in FIG. 3 still applies thereto.
  • While the exemplary embodiments include the trust root in the statement of trusted issuance, further exemplary embodiments include alternative contents in the statement of trusted issuance. For example, as shown in FIG. 5, statement of trusted issuance 515 includes an indication that authorized issuance has been verified through rights expression 503. Assuming agent Z is trusted, agent D can use rights expression 507 and included statement of trusted issuance 515, and second rights expression 517 to determine that the authorization to issue rights expression 507 traces back to rights expression 503. Agent D then can continue the chain verification process independently to determine whether the issuance of rights expression 503 was authorized, based on trust root 501.
  • By employing the exemplary embodiments, it is possible to implement many of the desired features in Digital Rights Management (DRM), while lowering costs. For example, consider a scenario, including of four agents representing a publisher A, a distributor B, a retailer C, and a consumer D. The publisher A might issue a rights expression 103 to distributor B to distribute all of the publisher's paperback books in the United States and Canada. Distributor B then may issue a rights expression 105 to retailer C to retail paperbacks from that publisher in the United States and Canada for a publisher price of $2 each. After consumer D pays retailer C $5, retailer C then may issue a rights expression 107 to consumer D to read a paperback Book 1. When retailer C issues rights expression 107, retailer C checks the rights expression chain to verify that all conditions on all parties have been fulfilled, including that distributor B distributed paperbacks, that distributor B distributed them within the United States and Canada, and that $2 of the $5 the consumer paid went to publisher A. Because retailer C has verified the authorized issuance of rights expression 107, based on publisher A as the trust root, retailer C inserts statement of trusted issuance 115 into rights expression 107 on issuance. Consumer D now is able to determine if he is permitted to play paperback Book 1, by looking at just a few rights expressions, including one that says that publisher A is the trust root for Book 1, rights expression 107 that says that retailer C says consumer D may play paperback Book 1 and includes a statement of trusted issuance rooted with publisher A, and rights expression 117 that says that retailer C can issue statements of trusted issuance rooted with publisher A.
  • Even though consumer D may know that the distribution occurred in the United States in paperback form, consumer D is not required to have access to any information about where the distribution occurred, in what form, how much of his money was paid to the publisher or the like. Moreover, consumer D does not have to know what the actual possibilities and conditions of distribution were (e.g., that the book could also have been distributed in Canada, but that hardback books could not have been distributed and that $2 must have been paid to the publisher).
  • Because consumer D does not have to know such details, it is also possible for publisher A, distributor B, and retailer C to change their software or hardware to support additional creative conditions without impacting or having to worry about the impact on consumer D. Since consumer D does not have to have access to rights expression 103 or 105, it is also not necessary to incur the expense of encrypting or otherwise protecting these rights expressions or making sure that consumer D has secure software or hardware to decrypt and access the rights expressions. Advantageously, by using the statement of trusted issuance, the task of verifying the authorized issuance of a rights expression with respect to a trust root becomes much more straightforward for consumer D.
  • An issue, however, is the possibility that someone may erroneously or improperly insert a statement of trusted issuance. For example, retailer C who inserted a statement of trusted issuance was supposed to have verified the authorized issuance of rights expression 107 based on publisher A as the trust root, but it may have failed to do so, or, for example, it may have believed distributor B's distribution was within the United States and Canada, but that was in fact not the case. In that case, there would be erroneously reliance on the statement of trusted issuance. For this reason, it could be desirable to restrict the issuance of a statement of trusted issuance.
  • In an exemplary embodiment, the trust root, for example, publisher A, may restrict the right to issue a statement of trusted issuance to certain agents or agents meeting certain criteria, including, for example, criteria of trustworthiness. In a further exemplary embodiment, an agent may decline to rely on a statement of trusted issuance issued by another. The decision whether to rely on a statement may be based on some criteria or the agent may decide not to rely on such statements generally. In a still further exemplary embodiment, agents may be prohibited from relying on a statement of trusted issuance issued by certain other agents. In another exemplary embodiment, agents would have the option of relying on a statement of trusted issuance or could “bypass” the statement, and verify all or part of a rights expression chain. In yet another exemplary embodiment, agents may be required to rely on a statement of trusted issuance, wherein an agent would not be allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
  • In addition to rights expression, the exemplary embodiments also can be used for the authorization determination of other statements or expressions. For example, consider the scenario of A being a manufacturer of branded goods, B being one of its exclusive distributors within a country, C being one of its regional distributors within B's country, and D being a retailer within C's territory. A proof of purchase certificate must be presented in order to service goods manufactured by A. D can issue a proof of purchase. However, its authorization needs to be traced back from C to B to A. Advantageously, if the proof of purchase certificate issued by D includes a statement of trusted issuance rooted with manufacturer A, as described with respect to the exemplary embodiments, the verification of the authorization for this proof of purchase certificate can be simplified and expedited.
  • The exemplary embodiments can include a language for statements of trusted issuance (also called an issuance chain verification signal language), which could be compatible with the ISO MPEG REL. Thus, terminology (such as terms, definitions, symbols, abbreviated terms, namespaces and conventions) can be as used in the ISO MPEG REL. In addition, Clause 3 (Terms, definitions, symbols, and abbreviated terms) and Clause 4 (Namespaces and Conventions) from the ISO MPEG REL are incorporated by reference herein.
  • The syntax for an issuance chain verification signal language is given by the following exemplary schema:
    <?xml version=“1.0” encoding=“UTF-8”?>
    <xsd:schema targetNamespace=“urn:mpeq:mpeg21:2003:01-REL-SX-NS”
    xmlns:sx=“urn:mpeg:mpeg21:2003:01-REL-SX-NS”
    xmlns:r=“urn:mpeg:mpeg21:2003:01-REL-R-NS”
    xmlns:xsd=“http://www.w3.org/2001/XMLSchema”
    elementFormDefault=“qualified” attributeFormDefault=“unqualified”>
     <xsd:import namespace=“urn:mpeg:mpeg21:2003:01-REL-R-NS”
    schemaLocation=“rel-r.xsd”/>
     <xsd:element name=“issuanceChainVerificationThrough”
    block=“#all” final=“#all”>
      <xsd:complexType>
       <xsd:sequence>
        <xsd:element name=“h” minOccurs=“0”
    maxOccurs=“unbounded”>
         <xsd:complexType>
          <xsd:sequence>
           <xsd:element ref=“r:trustRoot” minOccurs=“0”
    maxOccurs=“unbounded”/>
          </xsd:sequence>
         </xsd:complexType>
        </xsd:element>
       </xsd:sequence>
      </xsd:complexType>
     </xsd:element>
    </xsd:schema>
  • An exemplary Issuance Chain Verification Signal, as further illustrated in FIG. 6, is given by:
    <sx:issuanceChainVerificationThrough>
     <sx:h>
      <r:trustedRootIssuers>
       <r:keyHolder>
        <r:info>
         <dsig:KeyValue>
          <dsig:RSAKeyValue>
           <dsig:Modulus>AliM4ccyzA==</dsig:Modulus>
           <dsig:Exponent>AQABAA==</dsig:Exponent>
          </dsig:RSAKeyValue>
         </dsig:KeyValue>
        </r:info>
       </r:keyHolder>
      </r:trustedRootIssuers>
     </sx:h>
    </sx:issuanceChainVerificationThrough>
  • Exemplary Semantics for the Issuance Chain Verification Signal Language are given by:
  • Let l be an r:License. Let i be an sx:issuanceChainVerificationThrough that applies to l. Then the number of i/sx:h children of i shall be equal to the number of l/r:grant and l/r:grantGroup children of l, and the semantics of i is that, for each k from 1 to the number of i/sx:h children of i, the permission to include the kth l/r:grant or l/r:grantGroup in l has been verified with respect to each of the trust roots identified by an r:trustRoot child of the kth i/sx:h child of i.
  • An exemplary Issuance Chain Verification Signaling ISO MPEG REL Profile is given by:
  • To apply an sx:issuanceChainVerificationThrough i to an r:License l,
  • 1. i shall appear as a child of l/r:otherInfo and
  • 2. for each l/r:issuer where l/r:issuer/dsig:Signature is present, that dsig:Signature shall not exclude i from the scope of the signature (note that by default i will be included in any signature over the License that uses the enveloped signature transform or license transform).
  • An exemplary Property for Certifying Issuance Chain Verification Signalers is given by:
  • The URI urn:standards-organization:2004:icvs (for use with sx:propertyUri) defines a property for certifying that a Principal's issuance chain verification signals are to be trusted.
  • An exemplary Signaler Processing Model is given by:
  • Let p be an r:Principal. Let l be an r:License including an l/r:otherInfo/sx:issuanceChainVerificationThrough i. Then, before the Principal identified by p signs l, the Principal identified by p shall verify, for each k from 1 to the number of i/sx:h children of i, for each j from 1 to the number of i/sx:h/r:trustRoot children of the kth i/sx:h child of i, that there is an authorization proof for the authorization request (p, r:issue, h, v, S, L, R) where h is the kth l/r:grant or l/r:grantGroup in l, R is the jth i/sx:h/r:trustRoot child of the kth i/sx:h child of i, and v, S, and L are chosen accurately.
  • An exemplary Signal Interpreter Processing Model is given by:
  • A conventional rights interpreter attempting to verify if some Principal identified by an r:Principal p was permitted to include some r:Grant or r:GrantGroup h in a License he issued could potentially encounter some difficulties: the Licenses permitting that inclusion (for instance, those including an r:issue element) or the historical circumstances of that inclusion (for instance, any fees that were paid or counts that were consumed) might not be available to the rights interpreter.
  • However, such information may have been available to a rights interpreter when the License was issued. If that rights interpreter adds an issuance chain verification signal to the License, a rights interpreter that has an issuance chain verification signal interpreter can later read that issuance chain verification signal in lieu of verifying the issuance chain a second time.
  • For instance, instead of verifying that the inclusion of some r:Grant or r:GrantGroup h in a License was authorized with respect to some trust root R, the issuance chain verification signal interpreter can instead:
      • 1. verify that the set of r:Grant elements indicated by at least one of the trust roots corresponding to h (according to the issuance chain verification signal) is some subset of the r:Grant elements indicated by R and
      • 2. verify that the Principal who issued the License is permitted to possess the property defined by urn:standards-organization:2004:icvs.
  • FIG. 7 shows an exemplary system 700 for verifying authorized issuance of a rights expression in accordance with the exemplary embodiments of FIGS. 1-6. In FIG. 7, the exemplary system 700 can include one or more devices 702-708, a content server 710, and content database 712, coupled together via a communications network 714.
  • The above-described devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments of FIGS. 1-7. The devices and subsystems of the exemplary embodiments of FIGS. 1-7 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices.
  • One or more interface mechanisms can be used with the exemplary embodiments of FIGS. 1-7, including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like. For example, the communications network 714 can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.
  • It is to be understood that the devices and subsystems of the exemplary embodiments of FIGS. 1-7 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s). For example, the functionality of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented via one or more programmed computer systems or devices.
  • To implement such variations as well as other variations, a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-7. On the other hand, two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments of FIGS. 1-7. Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments of FIGS. 1-7.
  • The devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments of FIGS. 1-7. One or more databases of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can store the information used to implement the exemplary embodiments of the present invention. The databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein. The processes described with respect to the exemplary embodiments of FIGS. 1-7 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 in one or more databases thereof.
  • All or a portion of the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, microcontrollers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be appreciated by those skilled in the electrical art(s). Thus, the exemplary embodiments are not limited to any specific combination of hardware circuitry and/or software.
  • Stored on any one or on a combination of computer readable media, the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of FIGS. 1-7, for driving the devices and subsystems of the exemplary embodiments of FIGS. 1-7, for enabling the devices and subsystems of the exemplary embodiments of FIGS. 1-7 to interact with a human user, and the like. Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like. Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention. Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like.
  • As stated above, the devices and subsystems of the exemplary embodiments of FIGS. 1-7 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein. Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like. Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like. Volatile media can include dynamic memories, and the like. Transmission media can include coaxial cables, copper wire, fiber optics, and the like. Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like. Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave, or any other suitable medium from which a computer can read.
  • In the context of the exemplary embodiments, an AGENT can include an entity that can act, possibly on behalf of another entity and/or according to a set of rules (examples of agents are hardware devices, integrated circuits, firmware modules, software modules, software systems, humans, organizations, services, smart cards, and seeing-eye dogs). An ASSET can include an entity, quality, event, state, concept, substance, or anything else referred to by a noun and possibly of some value (examples of assets are books, e-books, videos, services, web services, companies, security levels, domain names, e-mail addresses, football games, messages, and rights). A CERTIFICATE can include a “rights expression”. A CONDITION can include a limitation on some claim made in an expression or statement (examples are times of validity, territories of applicability, numbers of times the claim can be relied on, and situations in which the claim holds). To ISSUE can include an act of making the claims in an expression or statement and standing behind those claims. METARIGHTS can include rights with respect to other rights. RIGHTS can include actions or attributes an agent is permitted to take possibly with respect to an asset or to other rights (examples of actions are walk and shutdown; examples of actions with respect to assets are consumption actions such as play and print, modification actions such as edit and append, distribution actions, such as copy and move, and service actions such as requestService and sendMessage; examples of actions with respect to other rights are issue and revoke; examples of attributes are name, address, color, securityLevel, employee, relative, friend, domain, graduate, and certifiedRepairFacility; examples of attributes with respect to assets are author and distributor; examples of attributes with respect to other rights are issuanceChainVerifier, certificateAuthority, and trustedIssuer). RIGHTS DERIVATION can include issuing a statement or expression such as a rights expression whose issuance was permitted within another rights expression or a trust root (the issued statement or rights expression is called the derived statement or derived rights expression and it is said to be derived from the rights expression or trust root that permitted its issuance). A RIGHTS EXPRESSION can include an expression including a claim that rights are granted (examples of rights expression languages include the ISO MPEG REL, the eXtensible rights Markup Language, the Contract Expression Language from the Content Reference Forum (see http://www.crforum.org/), the Open Digital Rights Language from IPRSystems, OMA DRM 2.0 Specification Rights Expression Language, the Security Assertion Markup Language from the Organization for the Advancement of Structured Information Standards (OASIS), the eXtensible Access Control Markup Language from OASIS, X.509, SPKI, the Rights Management and Protection Information from the TV Anytime Forum, and Copy Control Information bits). To SIGN can include creating something that gives confidence that an expression or statement that a party issues actually is issued by said party. A STATEMENT OF TRUSTED ISSUANCE can include a statement including a claim that an issuance was authorized according to some trust root or rights expression. A TRUST ROOT can include an encapsulation of rights that are assumed to be authorized.
  • Although the exemplary embodiments are described in terms of use of a rights expression, and distribution and use of digital works, the exemplary embodiments are not restricted to rights expressions, and digital works. Accordingly, the benefits associated with not having to process all the data in a chain of data and the other advantages of the exemplary embodiments can apply to other kinds of computing applications. For example, in addition to rights expressions, the exemplary embodiments can be used in connection with other statements or expressions, which can benefit from an efficient method to determine authorization, such as proof of transaction, proof of purchase, proof of certification, proof of identity, proof of approval, statement of fact, business intent, business contract, rules, policies, and the like.
  • While the present invention have been described in connection with a number of exemplary embodiments, and implementations, the present invention is not so limited, but rather covers various modifications, and equivalent arrangements, which fall within the purview of the appended claims.

Claims (69)

1. A computer-implemented method for verifying authorized issuance of a statement or expression, the method comprising:
determining if a statement or expression is associated with a statement of trusted issuance;
determining if the statement of trusted issuance applies;
determining if issuance of the statement of trusted issuance is authorized; and
verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
2. The method of claim 1, wherein the statement of trusted issuance specifies an entity associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the entity associated with the statement of trusted issuance is a trusted entity.
3. The method of claim 1, wherein the statement of trusted issuance specifies a grant associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the grant associated with the statement of trusted issuance is a trusted grant.
4. The method of claim 1, wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the step of determining if the statement of trusted issuance applies includes determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
5. The method of claim 1, wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
6. The method of claim 1, wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
7. The method of claim 1, wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
8. The method of claim 7, wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
9. The method of claim 1, wherein the step of determining if issuance of the statement of trusted issuance is authorized includes examining a rights expression authorizing issuance of the statement of trusted issuance and determining if the issuance of the authorizing rights expression is authorized.
10. The method of claim 1, wherein the step of determining if the statement of trusted issuance is authorized uses a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
11. The method of claim 1, wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying step includes verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
12. The method of claim 11, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
13. The method of claim 9, wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying step includes verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
14. The method of claim 13, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
15. The method of claim 1, wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
16. The method of claim 1, further comprising restricting a right to issue the statement of trusted issuance.
17. The method of claim 1, wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
18. The method of claim 1, wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
19. The method of claim 1, wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
20. The method of claim 1, wherein entities are required to rely on a statement of trusted issuance.
21. The method of claim 1, wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
22. The method of claim 1, wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
23. One or more computer-readable instructions stored on a computer-readable medium and configured to cause one or more computer processors to perform the steps recited in claim 1.
24. A system for verifying authorized issuance of a statement or expression, the system comprising:
means for determining if a statement or expression is associated with a statement of trusted issuance;
means for determining if the statement of trusted issuance applies;
means for determining if issuance of the statement of trusted issuance is authorized; and
means for verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
25. The system of claim 24, wherein the statement of trusted issuance specifies an entity associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the entity associated with the statement of trusted issuance is a trusted entity.
26. The system of claim 24, wherein the statement of trusted issuance specifies a grant associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the grant associated with the statement of trusted issuance is a trusted grant.
27. The system of claim 24, wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
28. The system of claim 24, wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
29. The system of claim 24, wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
30. The system of claim 24, wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
31. The system of claim 30, wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
32. The system of claim 24, wherein the means for determining if issuance of the statement of trusted issuance is authorized includes means for examining a rights expression authorizing issuance of the statement of trusted issuance and means for determining if the issuance of the authorizing rights expression is authorized.
33. The system of claim 24, wherein the means for determining if the statement of trusted issuance is authorized employs a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
34. The system of claim 24, wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
35. The system of claim 34, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
36. The system of claim 32, wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
37. The system of claim 36, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
38. The system of claim 24, wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
39. The system of claim 24, further comprising means for restricting a right to issue the statement of trusted issuance.
40. The system of claim 24, wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
41. The system of claim 24, wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
42. The system of claim 24, wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
43. The system of claim 24, wherein entities are required to rely on a statement of trusted issuance.
44. The system of claim 24, wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
45. The system of claim 24, wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
46. The system of claim 24, wherein the means for determining if a statement or expression is associated with a statement of trusted issuance, the means for determining if the statement of trusted issuance applies, the means for determining if issuance of the statement of trusted issuance is authorized, and the means for verifying comprise one or more computer-readable instructions stored on a computer readable medium.
47. The system of claim 24, wherein the means for determining if a statement or expression is associated with a statement of trusted issuance, the means for determining if the statement of trusted issuance applies, the means for determining if issuance of the statement of trusted issuance is authorized, and the means for verifying comprise one or more computer devices of a computer system.
48. A device for verifying authorized issuance of a statement or expression, the system comprising:
means for determining if a statement or expression is associated with a statement of trusted issuance;
means for determining if the statement of trusted issuance applies;
means for determining if issuance of the statement of trusted issuance is authorized; and
means for verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.
49. The device of claim 48, wherein the statement of trusted issuance specifies an entity associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the entity associated with the statement of trusted issuance is a trusted entity.
50. The device of claim 48, wherein the statement of trusted issuance specifies a grant associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the grant associated with the statement of trusted issuance is a trusted grant.
51. The device of claim 48, wherein the statement of trusted issuance specifies a chain-ancestor rights expression associated therewith, and the means for determining if the statement of trusted issuance applies includes means for determining if the issuance of the chain-ancestor rights expression associated with the statement of trusted issuance is authorized.
52. The device of claim 48, wherein the statement or expression associated with the statement of trusted issuance comprises a rights expression.
53. The device of claim 48, wherein the statement of trusted issuance is a part of the statement or expression associated with the statement of trusted issuance.
54. The device of claim 48, wherein the statement of trusted issuance is issued by a same entity that issued the statement or expression associated with the statement of trusted issuance.
55. The device of claim 54, wherein the statement of trusted issuance and the statement or expression associated with the statement of trusted issuance are signed by a same entity using one signature.
56. The device of claim 48, wherein the means for determining if issuance of the statement of trusted issuance is authorized includes means for examining a rights expression authorizing issuance of the statement of trusted issuance and means for determining if the issuance of the authorizing rights expression is authorized.
57. The device of claim 48, wherein the means for determining if the statement of trusted issuance is authorized employs a same root of trust for which it is verified that the statement or expression associated with the statement of trusted issuance is authorized.
58. The device of claim 48, wherein if a statement or expression is not associated with a statement of trusted issuance, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
59. The device of claim 58, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
60. The device of claim 56, wherein if the authorized issuance of the statement of trusted issuance cannot be verified, the verifying means includes means for verifying that the issuance of the statement or expression was authorized using information associated with the statement or expression.
61. The device of claim 60, wherein the information associated with the statement or expression includes one or more rights expressions associated with the statement or expression.
62. The device of claim 48, wherein the statement of trusted issuance is signed by an entity that issues the statement of trusted issuance.
63. The device of claim 48, further comprising means for restricting a right to issue the statement of trusted issuance.
64. The device of claim 48, wherein an entity can decline to rely on a statement of trusted issuance issued by another entity.
65. The device of claim 48, wherein entities are prohibited from relying on a statement of trusted issuance issued by an entity.
66. The device of claim 48, wherein entities can rely on a statement of trusted issuance or not rely on a statement of trusted issuance by verifying all or part of a rights expression chain associated with the statement or expression.
67. The device of claim 48, wherein entities are required to rely on a statement of trusted issuance.
68. The device of claim 48, wherein an entity is not allowed to verify all or part of a rights expression chain or otherwise access or inspect the rights expression chain.
69. The device of claim 48, wherein the statement or expression associated with the statement of trusted issuance comprises at least one of a proof of entitlement to a digital work, a proof of entitlement to a service, a proof of entitlement to a resource, a proof of purchase, a proof of transaction, a proof of purchase, a proof of certification, a proof of identity, a proof of approval, a statement of fact, a statement or expression of business intent, a statement or expression of a business contract, or a statement or expression of rules or policies.
US10/986,308 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression Abandoned US20060107326A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10/986,308 US20060107326A1 (en) 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression
US14/223,948 US8904545B2 (en) 2004-11-12 2014-03-24 Method, system, and device for verifying authorized issuance of a rights expression
US14/529,085 US20150058230A1 (en) 2004-11-12 2014-10-30 Method, system, and device for verifying authorized issuance of a rights expression

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/986,308 US20060107326A1 (en) 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/223,948 Continuation US8904545B2 (en) 2004-11-12 2014-03-24 Method, system, and device for verifying authorized issuance of a rights expression

Publications (1)

Publication Number Publication Date
US20060107326A1 true US20060107326A1 (en) 2006-05-18

Family

ID=36388005

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/986,308 Abandoned US20060107326A1 (en) 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression
US14/223,948 Expired - Fee Related US8904545B2 (en) 2004-11-12 2014-03-24 Method, system, and device for verifying authorized issuance of a rights expression
US14/529,085 Abandoned US20150058230A1 (en) 2004-11-12 2014-10-30 Method, system, and device for verifying authorized issuance of a rights expression

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/223,948 Expired - Fee Related US8904545B2 (en) 2004-11-12 2014-03-24 Method, system, and device for verifying authorized issuance of a rights expression
US14/529,085 Abandoned US20150058230A1 (en) 2004-11-12 2014-10-30 Method, system, and device for verifying authorized issuance of a rights expression

Country Status (1)

Country Link
US (3) US20060107326A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060150252A1 (en) * 2004-12-30 2006-07-06 General Instruments Corporation Method and apparatus for providing a border guard between security domains
US20070083934A1 (en) * 2005-10-07 2007-04-12 Mcardle James M Control of document content having extraction permissives
US20080282317A1 (en) * 2007-05-11 2008-11-13 Samsung Electronics Co., Ltd. Method and apparatus for converting a license
US20100095383A1 (en) * 2002-08-23 2010-04-15 Gidon Elazar Protection of Digital Data Content
US20100312711A1 (en) * 2007-09-07 2010-12-09 Ryan Steelberg System And Method For On-Demand Delivery Of Audio Content For Use With Entertainment Creatives
US20110004671A1 (en) * 2007-09-07 2011-01-06 Ryan Steelberg System and Method for Secure Delivery of Creatives
US20110047625A1 (en) * 2007-09-07 2011-02-24 Ryan Steelberg System and method for secure sharing of creatives
US20130227706A1 (en) * 2012-02-29 2013-08-29 Beijing Founder Apabi Technology Ltd. Method, apparatus and system for controlling read rights of digital contents
US20140052647A1 (en) * 2012-08-17 2014-02-20 Truth Seal Corporation System and Method for Promoting Truth in Public Discourse
US10657269B2 (en) 2017-03-17 2020-05-19 Fuji Xerox Co., Ltd. Management apparatus and document management system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11108760B2 (en) * 2018-12-05 2021-08-31 Sidewalk Labs LLC Methods, systems, and media for recovering identity information in verifiable claims-based systems

Citations (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4200700A (en) * 1977-05-13 1980-04-29 Idc Chemie Ag Method of after-foaming a mixture of a foam and a resin solution
US4361851A (en) * 1980-01-04 1982-11-30 Asip William F System for remote monitoring and data transmission over non-dedicated telephone lines
US4429385A (en) * 1981-12-31 1984-01-31 American Newspaper Publishers Association Method and apparatus for digital serial scanning with hierarchical and relational access
US4621321A (en) * 1984-02-16 1986-11-04 Honeywell Inc. Secure data processing system architecture
US4736422A (en) * 1983-06-30 1988-04-05 Independent Broadcasting Authority Encrypted broadcast television system
US4740890A (en) * 1983-12-22 1988-04-26 Software Concepts, Inc. Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4816655A (en) * 1985-12-11 1989-03-28 Centre D'etude De L'energie Nucleaire, "C.E.N." Method and apparatus for checking the authenticity of individual-linked documents and the identity of the holders thereof
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US5129083A (en) * 1989-06-29 1992-07-07 Digital Equipment Corporation Conditional object creating system having different object pointers for accessing a set of data structure objects
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5247575A (en) * 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5287408A (en) * 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5293422A (en) * 1992-09-23 1994-03-08 Dynatek, Inc. Usage control system for computer software
US5335275A (en) * 1990-03-05 1994-08-02 Dce Voice Processing Limited Television scrambler
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5386369A (en) * 1993-07-12 1995-01-31 Globetrotter Software Inc. License metering system for software applications
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system
US5453601A (en) * 1991-11-15 1995-09-26 Citibank, N.A. Electronic-monetary system
US5485577A (en) * 1994-12-16 1996-01-16 General Instrument Corporation Of Delaware Method and apparatus for incremental delivery of access rights
US5504816A (en) * 1994-02-02 1996-04-02 Gi Corporation Method and apparatus for controlling access to digital signals
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US5535276A (en) * 1994-11-09 1996-07-09 Bell Atlantic Network Services, Inc. Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography
US5553143A (en) * 1994-02-04 1996-09-03 Novell, Inc. Method and apparatus for electronic licensing
US5557678A (en) * 1994-07-18 1996-09-17 Bell Atlantic Network Services, Inc. System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US5564038A (en) * 1994-05-20 1996-10-08 International Business Machines Corporation Method and apparatus for providing a trial period for a software license product using a date stamp and designated test period
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5625690A (en) * 1993-11-15 1997-04-29 Lucent Technologies Inc. Software pay per use system
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5636346A (en) * 1994-05-09 1997-06-03 The Electronic Address, Inc. Method and system for selectively targeting advertisements and programming
US5638513A (en) * 1993-12-22 1997-06-10 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5708709A (en) * 1995-12-08 1998-01-13 Sun Microsystems, Inc. System and method for managing try-and-buy usage of application programs
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US5737494A (en) * 1994-12-08 1998-04-07 Tech-Metrics International, Inc. Assessment methods and apparatus for an organizational process or system
US5745879A (en) * 1991-05-08 1998-04-28 Digital Equipment Corporation Method and system for managing execution of licensed programs
US5764807A (en) * 1995-09-14 1998-06-09 Primacomp, Inc. Data compression using set partitioning in hierarchical trees
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5787172A (en) * 1994-02-24 1998-07-28 The Merdan Group, Inc. Apparatus and method for establishing a cryptographic link between elements of a system
US5790677A (en) * 1995-06-29 1998-08-04 Microsoft Corporation System and method for secure electronic commerce transactions
US5812664A (en) * 1996-09-06 1998-09-22 Pitney Bowes Inc. Key distribution system
US5825876A (en) * 1995-12-04 1998-10-20 Northern Telecom Time based availability to content of a storage medium
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US5915019A (en) * 1995-02-13 1999-06-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5933498A (en) * 1996-01-11 1999-08-03 Mrj, Inc. System for controlling access and distribution of digital property
US5940504A (en) * 1991-07-01 1999-08-17 Infologic Software, Inc. Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site
US6020882A (en) * 1997-02-15 2000-02-01 U.S. Philips Corporation Television access control system
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US6073234A (en) * 1997-05-07 2000-06-06 Fuji Xerox Co., Ltd. Device for authenticating user's access rights to resources and method
US6091777A (en) * 1997-09-18 2000-07-18 Cubic Video Technologies, Inc. Continuously adaptive digital video compression system and method for a web streamer
US6112239A (en) * 1997-06-18 2000-08-29 Intervu, Inc System and method for server-side optimization of data delivery on a distributed computer network
US6134550A (en) * 1998-03-18 2000-10-17 Entrust Technologies Limited Method and apparatus for use in determining validity of a certificate in a communication system employing trusted paths
US6135646A (en) * 1993-10-22 2000-10-24 Corporation For National Research Initiatives System for uniquely and persistently identifying, managing, and tracking digital objects
US6141754A (en) * 1997-11-28 2000-10-31 International Business Machines Corporation Integrated method and system for controlling information access and distribution
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
US6189037B1 (en) * 1994-09-30 2001-02-13 Intel Corporation Broadband data interface
US6189146B1 (en) * 1998-03-18 2001-02-13 Microsoft Corporation System and method for software licensing
US6209092B1 (en) * 1997-01-27 2001-03-27 U.S. Philips Corporation Method and system for transferring content information and supplemental information relating thereto
US6216112B1 (en) * 1998-05-27 2001-04-10 William H. Fuller Method for software distribution and compensation with replenishable advertisements
US6219652B1 (en) * 1998-06-01 2001-04-17 Novell, Inc. Network license authentication
US6236971B1 (en) * 1994-11-23 2001-05-22 Contentguard Holdings, Inc. System for controlling the distribution and use of digital works using digital tickets
US20010009026A1 (en) * 1997-08-05 2001-07-19 Fuji Xerox Co., Ltd. Device and method for authenticating user's access rights to resources
US20010011276A1 (en) * 1997-05-07 2001-08-02 Robert T. Durst Jr. Scanner enhanced remote control unit and system for automatically linking to on-line resources
US20010014206A1 (en) * 1995-07-13 2001-08-16 Max Artigalas Method and device for recording and reading on a large-capacity medium
US6307939B1 (en) * 1996-08-20 2001-10-23 France Telecom Method and equipment for allocating to a television program, which is already conditionally accessed, a complementary conditional access
US20020001387A1 (en) * 1994-11-14 2002-01-03 Dillon Douglas M. Deferred billing, broadcast, electronic document distribution system and method
US6353888B1 (en) * 1997-07-07 2002-03-05 Fuji Xerox Co., Ltd. Access rights authentication apparatus
US20020035618A1 (en) * 2000-09-20 2002-03-21 Mendez Daniel J. System and method for transmitting workspace elements across a network
US20020046340A1 (en) * 2000-08-30 2002-04-18 Takahiro Fujishiro Certificate validity authentication method and apparatus
US20020044658A1 (en) * 1995-04-03 2002-04-18 Wasilewski Anthony J. Conditional access system
US20020056118A1 (en) * 1999-08-27 2002-05-09 Hunter Charles Eric Video and music distribution system
US6397333B1 (en) * 1998-10-07 2002-05-28 Infineon Technologies Ag Copy protection system and method
US6401211B1 (en) * 1999-10-19 2002-06-04 Microsoft Corporation System and method of user logon in combination with user authentication for network access
US20020069282A1 (en) * 1994-05-31 2002-06-06 Reisman Richard R. Method and system for distributing updates
US6405369B1 (en) * 1996-03-18 2002-06-11 News Datacom Limited Smart card chaining in pay television systems
US6424947B1 (en) * 1997-09-29 2002-07-23 Nds Limited Distributed IRD system
US6424717B1 (en) * 1995-04-03 2002-07-23 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US20020099948A1 (en) * 1999-09-02 2002-07-25 Cryptography Research, Inc. Digital Content Protection Method and Apparatus
US20020127423A1 (en) * 1999-07-07 2002-09-12 Georges Kayanakis Contactless access ticket and method for making same
US6516052B2 (en) * 1997-07-04 2003-02-04 British Telecommunications Public Limited Company Method of scheduling connections
US6516413B1 (en) * 1998-02-05 2003-02-04 Fuji Xerox Co., Ltd. Apparatus and method for user authentication
US6523745B1 (en) * 1997-08-05 2003-02-25 Enix Corporation Electronic transaction system including a fingerprint identification encoding
US20030097567A1 (en) * 1997-08-05 2003-05-22 Taro Terao Device and method for authenticating user's access rights to resources
US20040003251A1 (en) * 2002-06-28 2004-01-01 Attilla Narin Domain-based trust models for rights management of content
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040052370A1 (en) * 1992-01-08 2004-03-18 Katznelson Ron D. Multichannel quadrature modulation
US20040172552A1 (en) * 1999-12-15 2004-09-02 Boyles Stephen L. Smart card controlled internet access
US6796555B1 (en) * 1999-07-19 2004-09-28 Lucent Technologies Inc. Centralized video controller for controlling distribution of video signals
US6801900B1 (en) * 1999-12-22 2004-10-05 Samuel H. Lloyd System and method for online dispute resolution
US20050081037A1 (en) * 2003-10-10 2005-04-14 Yoko Kumagai Method and apparatus for accelerating public-key certificate validation

Patent Citations (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200700A (en) * 1977-05-13 1980-04-29 Idc Chemie Ag Method of after-foaming a mixture of a foam and a resin solution
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4361851A (en) * 1980-01-04 1982-11-30 Asip William F System for remote monitoring and data transmission over non-dedicated telephone lines
US4429385A (en) * 1981-12-31 1984-01-31 American Newspaper Publishers Association Method and apparatus for digital serial scanning with hierarchical and relational access
US4736422A (en) * 1983-06-30 1988-04-05 Independent Broadcasting Authority Encrypted broadcast television system
US4740890A (en) * 1983-12-22 1988-04-26 Software Concepts, Inc. Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media
US4621321A (en) * 1984-02-16 1986-11-04 Honeywell Inc. Secure data processing system architecture
US4816655A (en) * 1985-12-11 1989-03-28 Centre D'etude De L'energie Nucleaire, "C.E.N." Method and apparatus for checking the authenticity of individual-linked documents and the identity of the holders thereof
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US5247575A (en) * 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US5129083A (en) * 1989-06-29 1992-07-07 Digital Equipment Corporation Conditional object creating system having different object pointers for accessing a set of data structure objects
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5335275A (en) * 1990-03-05 1994-08-02 Dce Voice Processing Limited Television scrambler
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5745879A (en) * 1991-05-08 1998-04-28 Digital Equipment Corporation Method and system for managing execution of licensed programs
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5940504A (en) * 1991-07-01 1999-08-17 Infologic Software, Inc. Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5453601A (en) * 1991-11-15 1995-09-26 Citibank, N.A. Electronic-monetary system
US20040052370A1 (en) * 1992-01-08 2004-03-18 Katznelson Ron D. Multichannel quadrature modulation
US5287408A (en) * 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software
US5293422A (en) * 1992-09-23 1994-03-08 Dynatek, Inc. Usage control system for computer software
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5386369A (en) * 1993-07-12 1995-01-31 Globetrotter Software Inc. License metering system for software applications
US6135646A (en) * 1993-10-22 2000-10-24 Corporation For National Research Initiatives System for uniquely and persistently identifying, managing, and tracking digital objects
US5625690A (en) * 1993-11-15 1997-04-29 Lucent Technologies Inc. Software pay per use system
US5638513A (en) * 1993-12-22 1997-06-10 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5504816A (en) * 1994-02-02 1996-04-02 Gi Corporation Method and apparatus for controlling access to digital signals
US5553143A (en) * 1994-02-04 1996-09-03 Novell, Inc. Method and apparatus for electronic licensing
US5787172A (en) * 1994-02-24 1998-07-28 The Merdan Group, Inc. Apparatus and method for establishing a cryptographic link between elements of a system
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US5636346A (en) * 1994-05-09 1997-06-03 The Electronic Address, Inc. Method and system for selectively targeting advertisements and programming
US5564038A (en) * 1994-05-20 1996-10-08 International Business Machines Corporation Method and apparatus for providing a trial period for a software license product using a date stamp and designated test period
US20020069282A1 (en) * 1994-05-31 2002-06-06 Reisman Richard R. Method and system for distributing updates
US5557678A (en) * 1994-07-18 1996-09-17 Bell Atlantic Network Services, Inc. System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US6189037B1 (en) * 1994-09-30 2001-02-13 Intel Corporation Broadband data interface
US5535276A (en) * 1994-11-09 1996-07-09 Bell Atlantic Network Services, Inc. Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography
US20020001387A1 (en) * 1994-11-14 2002-01-03 Dillon Douglas M. Deferred billing, broadcast, electronic document distribution system and method
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US6236971B1 (en) * 1994-11-23 2001-05-22 Contentguard Holdings, Inc. System for controlling the distribution and use of digital works using digital tickets
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5737494A (en) * 1994-12-08 1998-04-07 Tech-Metrics International, Inc. Assessment methods and apparatus for an organizational process or system
US5485577A (en) * 1994-12-16 1996-01-16 General Instrument Corporation Of Delaware Method and apparatus for incremental delivery of access rights
US5917912A (en) * 1995-02-13 1999-06-29 Intertrust Technologies Corporation System and methods for secure transaction management and electronic rights protection
US6185683B1 (en) * 1995-02-13 2001-02-06 Intertrust Technologies Corp. Trusted and secure techniques, systems and methods for item delivery and execution
US5915019A (en) * 1995-02-13 1999-06-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US6424717B1 (en) * 1995-04-03 2002-07-23 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US20020044658A1 (en) * 1995-04-03 2002-04-18 Wasilewski Anthony J. Conditional access system
US5790677A (en) * 1995-06-29 1998-08-04 Microsoft Corporation System and method for secure electronic commerce transactions
US20010014206A1 (en) * 1995-07-13 2001-08-16 Max Artigalas Method and device for recording and reading on a large-capacity medium
US5764807A (en) * 1995-09-14 1998-06-09 Primacomp, Inc. Data compression using set partitioning in hierarchical trees
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5825876A (en) * 1995-12-04 1998-10-20 Northern Telecom Time based availability to content of a storage medium
US5708709A (en) * 1995-12-08 1998-01-13 Sun Microsystems, Inc. System and method for managing try-and-buy usage of application programs
US5933498A (en) * 1996-01-11 1999-08-03 Mrj, Inc. System for controlling access and distribution of digital property
US6405369B1 (en) * 1996-03-18 2002-06-11 News Datacom Limited Smart card chaining in pay television systems
US6307939B1 (en) * 1996-08-20 2001-10-23 France Telecom Method and equipment for allocating to a television program, which is already conditionally accessed, a complementary conditional access
US5812664A (en) * 1996-09-06 1998-09-22 Pitney Bowes Inc. Key distribution system
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US6209092B1 (en) * 1997-01-27 2001-03-27 U.S. Philips Corporation Method and system for transferring content information and supplemental information relating thereto
US6020882A (en) * 1997-02-15 2000-02-01 U.S. Philips Corporation Television access control system
US6073234A (en) * 1997-05-07 2000-06-06 Fuji Xerox Co., Ltd. Device for authenticating user's access rights to resources and method
US20010011276A1 (en) * 1997-05-07 2001-08-02 Robert T. Durst Jr. Scanner enhanced remote control unit and system for automatically linking to on-line resources
US6112239A (en) * 1997-06-18 2000-08-29 Intervu, Inc System and method for server-side optimization of data delivery on a distributed computer network
US6516052B2 (en) * 1997-07-04 2003-02-04 British Telecommunications Public Limited Company Method of scheduling connections
US6353888B1 (en) * 1997-07-07 2002-03-05 Fuji Xerox Co., Ltd. Access rights authentication apparatus
US6523745B1 (en) * 1997-08-05 2003-02-25 Enix Corporation Electronic transaction system including a fingerprint identification encoding
US20010009026A1 (en) * 1997-08-05 2001-07-19 Fuji Xerox Co., Ltd. Device and method for authenticating user's access rights to resources
US20030097567A1 (en) * 1997-08-05 2003-05-22 Taro Terao Device and method for authenticating user's access rights to resources
US6091777A (en) * 1997-09-18 2000-07-18 Cubic Video Technologies, Inc. Continuously adaptive digital video compression system and method for a web streamer
US6424947B1 (en) * 1997-09-29 2002-07-23 Nds Limited Distributed IRD system
US6141754A (en) * 1997-11-28 2000-10-31 International Business Machines Corporation Integrated method and system for controlling information access and distribution
US6516413B1 (en) * 1998-02-05 2003-02-04 Fuji Xerox Co., Ltd. Apparatus and method for user authentication
US6134550A (en) * 1998-03-18 2000-10-17 Entrust Technologies Limited Method and apparatus for use in determining validity of a certificate in a communication system employing trusted paths
US6189146B1 (en) * 1998-03-18 2001-02-13 Microsoft Corporation System and method for software licensing
US6216112B1 (en) * 1998-05-27 2001-04-10 William H. Fuller Method for software distribution and compensation with replenishable advertisements
US6219652B1 (en) * 1998-06-01 2001-04-17 Novell, Inc. Network license authentication
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
US6397333B1 (en) * 1998-10-07 2002-05-28 Infineon Technologies Ag Copy protection system and method
US20020127423A1 (en) * 1999-07-07 2002-09-12 Georges Kayanakis Contactless access ticket and method for making same
US6796555B1 (en) * 1999-07-19 2004-09-28 Lucent Technologies Inc. Centralized video controller for controlling distribution of video signals
US20020056118A1 (en) * 1999-08-27 2002-05-09 Hunter Charles Eric Video and music distribution system
US20020099948A1 (en) * 1999-09-02 2002-07-25 Cryptography Research, Inc. Digital Content Protection Method and Apparatus
US6401211B1 (en) * 1999-10-19 2002-06-04 Microsoft Corporation System and method of user logon in combination with user authentication for network access
US20040172552A1 (en) * 1999-12-15 2004-09-02 Boyles Stephen L. Smart card controlled internet access
US6801900B1 (en) * 1999-12-22 2004-10-05 Samuel H. Lloyd System and method for online dispute resolution
US20020046340A1 (en) * 2000-08-30 2002-04-18 Takahiro Fujishiro Certificate validity authentication method and apparatus
US20020035618A1 (en) * 2000-09-20 2002-03-21 Mendez Daniel J. System and method for transmitting workspace elements across a network
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040003251A1 (en) * 2002-06-28 2004-01-01 Attilla Narin Domain-based trust models for rights management of content
US20050081037A1 (en) * 2003-10-10 2005-04-14 Yoko Kumagai Method and apparatus for accelerating public-key certificate validation

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9177116B2 (en) * 2002-08-23 2015-11-03 Sandisk Technologies Inc. Protection of digital data content
US20100095383A1 (en) * 2002-08-23 2010-04-15 Gidon Elazar Protection of Digital Data Content
US8156560B2 (en) * 2004-12-30 2012-04-10 General Instrument Corporation Method and apparatus for providing a border guard between security domains
US20060150252A1 (en) * 2004-12-30 2006-07-06 General Instruments Corporation Method and apparatus for providing a border guard between security domains
US20070083934A1 (en) * 2005-10-07 2007-04-12 Mcardle James M Control of document content having extraction permissives
US7818810B2 (en) * 2005-10-07 2010-10-19 International Business Machines Corporation Control of document content having extraction permissives
WO2008140170A1 (en) * 2007-05-11 2008-11-20 Samsung Electronics Co., Ltd. Method and apparatus for converting a license
US20080282317A1 (en) * 2007-05-11 2008-11-13 Samsung Electronics Co., Ltd. Method and apparatus for converting a license
US20110004671A1 (en) * 2007-09-07 2011-01-06 Ryan Steelberg System and Method for Secure Delivery of Creatives
US20110047625A1 (en) * 2007-09-07 2011-02-24 Ryan Steelberg System and method for secure sharing of creatives
US20100312711A1 (en) * 2007-09-07 2010-12-09 Ryan Steelberg System And Method For On-Demand Delivery Of Audio Content For Use With Entertainment Creatives
US9886814B2 (en) * 2007-09-07 2018-02-06 Veritone, Inc. System and method for secure sharing of creatives
US20130227706A1 (en) * 2012-02-29 2013-08-29 Beijing Founder Apabi Technology Ltd. Method, apparatus and system for controlling read rights of digital contents
US20140052647A1 (en) * 2012-08-17 2014-02-20 Truth Seal Corporation System and Method for Promoting Truth in Public Discourse
US10657269B2 (en) 2017-03-17 2020-05-19 Fuji Xerox Co., Ltd. Management apparatus and document management system

Also Published As

Publication number Publication date
US20140289871A1 (en) 2014-09-25
US8904545B2 (en) 2014-12-02
US20150058230A1 (en) 2015-02-26

Similar Documents

Publication Publication Date Title
US8904545B2 (en) Method, system, and device for verifying authorized issuance of a rights expression
US8719171B2 (en) Issuing a publisher use license off-line in a digital rights management (DRM) system
KR101143228B1 (en) Enrolling/sub-enrolling a digital rights management drm server into a dram architecture
JP5357292B2 (en) System and method for digital rights management engine
US7162633B2 (en) Method and apparatus for hierarchical assignment of rights to documents and documents having such rights
Michiels et al. Towards a software architecture for DRM
KR101197665B1 (en) Method, system, and device for verifying authorized issuance of a rights expression
JP5296120B2 (en) Method and apparatus for determining rights expression chain
KR20070086059A (en) Method, system, and device for verifying authorized issuance of a rights expression
Arnab et al. Specifications for a Componetised Digital Rights Management (DRM) Framework

Legal Events

Date Code Title Description
AS Assignment

Owner name: CONTENTGUARD HOLDINGS, INC., DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DEMARTINI, THOMAS;GILLIAM, CHARLES P.;CHEN, EDDIE J.;REEL/FRAME:016398/0478;SIGNING DATES FROM 20050228 TO 20050301

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION