Systems and methods for secure transaction management and electronic rights ...

SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION

Inventors: Karl L. Ginter, Beltsville, MD (US); Victor H. Shear, Bethesda, MD (US); Francis J . Spahn, El Cerrito, CA (US); David M. Van Wie, Eugene, OR (US) Assignee: Intertrust Technologies Corporation, Santa Clara, CA (US)

Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.

Appl. No.: 10/106,742

Filed: Mar. 25, 2002

Prior Publication Data US 2003/0088784 A1 May 8, 2003

1 EVENTS

FOREIGN PATENT DOCUMENTS

EP 0715243 A1 6/1996 G06F/1/00 EP 0715244 A1 6/1996 G06F/1/00 EP 0715245 A1 6/1996 G06F/1/00 EP 0715246 A1 6/1996 G06F/1/00 EP 0715247 A1 6/1996 ........... .. G06F/1/00 W0 WO 93/01550 1/1993 ......... .. G06F/11/34

OTHER PUBLICATIONS

Abadi, M., et al., “Authentication and Delegation with Smart—cards,” Technical Report 67, DEC Systems, Research Center, Oct. 1990, available at <http://citeseer.nj.nec.com/ article/abadi92authentication.html>, pp. 1—19.

(List continued on next page.)

Primary Examiner—Justin T. Darrow (74) Attorney, Agent, or Firm—Finnegan, Henderson, Farabow, Garrett & Dunner L.L.P.

(57) ABSTRACT

The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardwarebased processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”

COMPONENT ASSEMBLY CODE/DATA PROCESSING CQMPQTTEW

5,603,031 A 2/1997 White et al. .............. .. 395/683 5,629,980 A 5/1997 Stefik et al. .... .. 380/4 5,634,012 A 5/1997 Stefik et al. 395/239 5,638,443 A 6/1997 Stefik et al. .... .. 380/4 5,715,403 A 2/1998 Stefik ......... .. 395/244 6,016,393 A 1/2000 White et al. .............. .. 395/683

OTHER PUBLICATIONS

Blaze, M., “A Cryptographic File System for Unix,” pre— print of paper for First ACM Conference on Computer and Communications Security, Fairfax, Virginia, Nov. 3—5, 1993, pp. 1—8.

Blaze, M., “Key Management in an Encrypting File System,” Proc. Summer ’94 Usenix Tech. Conference, Boston, MA. Jun. 1994, available at <http://www.usenix.org/publicaitons/libratry/proceedings/bos94fullipapers/blaze.asp>, pp. 1—12.

Castano, S., et al., “Database Security,” Addison—Wesley & Acm Press, 1995.

Chaum, D., “Achieving Electronic Privacy,” Scientific American. Aug. 1992, pp. 96—101.

Chaum, D., et al. “Wallet databases with observers,” Ernest F. Brickell, editor, Advances in Cryptology—Crypto ’92, 12”1 Annual International Cryptology Conference, Santa Barbara, CA, Aug. 16—20, 1992, Proceedings, pp. 89—105. Chaum, D., “Security Without Identification Card Computers to Make Big Brother Obsolete,” Communications of the ACM, vol. 28., No. 10, Oct. 1985, pp. 1—24.

“List of Articles,” <www.chaum.com/articles/list—of—articles.htm>, as on Aug. 23, 2002, 4 pages.

Choudhury, A.K., et al., “Copyright Protection for Electronic Publishing Over Computer Networks,” AT &T Bell Laboratories, Murray Hill, N.J., submitted to IEEE Network Magazine, Jun. 1994, pp. 1—17.

Cox, B., “What if there is a Silver Bullet and the competition gets it first?” Journal of Object—Oriented Programming, Jun. 1992, available at <http://www.virtualschool.edu/cox/CoxWhatIfSilverBullet.html>, pp. 1—5.

Cupid Protocols and Services (Version 1): “An Architectural Overview,” Nov. 1992, available at <http//www.cni.org/ projects/CUPID>, 25 pages.

Custer, H. “Inside Windows NT,” Microsoft Press, Redmond
WA, 1993.

Denning, D. E., et al., “Data Security,” 11 Computing
Surveys, vol. 11, No. 3, Sep. 1979, pp. 227—249.
Denning, D. E., “Secure Personal Computing in an Insecure
Network,” Communications of the ACM, Aug., 1979, vol.
22, No. 8, pp. 476—482.

Ioannidis, J ., et al., “The Architecture and Implementation of
Network—Layer Security Under Unix,” Fourth USENIX
Security Symposium Proceedings (Oct.), USENIX, Berke-
ley, Calif. 1993, pp. 1—11.

Kohl, J ., et al., The Kerberos Network Authentication Service (V 5), Network Working Group Request for Comments RFC—1510, Sep. 1993, pp. 1—104.

Kohl, U, et al., “Safeguarding Digital Library Contents and Protecting Documents Rather Than Channels,” in D—lib Magazine, Sep. 1997, available at <http://www.dlib.org/ dlib/september97/ibm/09lotspiech.html>, pp. 1—9.

Lampson, B., et al., “Authentication in Distributed Systems: Theory and Practice,” ACM Trans. Computer Systems, vol. 10, No. 4 (Nov. 1992), pp. 265—310.

Mori, R. et al., “Superdistribution The Concept and the Architecture,” The Transactions of the IEICE, vol. E73, No. 7, Tokyo Japan, Jul. 1990, pp. 1133—1146.

Olivier, MS, et al., “A Taxonomy for Secure Object—oriented Databases,” ACM Transactions on Database Systems, vol. 19, No. 1, Mar. 1994, pp. 3—46.

Olivier, MS, et al., “Building A Secure Database using Self—protecting Objects,” Computers & Security, vol. 11, No. 3, pp. 259—271, 1992.

Olivier, MS, et al., “Secure Object—oriented Databases,” Ph.D. Thesis, Rand Afrikaans University, Johannesburg, Dec. 1991, pp. I to xiv and 1—183.

Olivier, MS, et al., “Disco: A Discretionary Security Model for Object—oriented Databases,” in GG Gable and WJ Caelli, Eds., IT Security: The Need for International Cooperation, pp. 345—357, Elsevier Science Publishers B.V (North Holland), 1992.

Coalition for Networked Information, Interactive Multimedia Association, John F. Kennedy School of Government, “Proceedings: Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment,” 1994, Journal of the Interactive Multimedia Association, available at <http://www.cni.org/docs/ima.ip— worshop>, 308 pages.

Siebert, O., et al. “Digibox: a Self—Protecting Container for Information Commerce,” Proceedings of the First USENIX Workshop on Electronic Commerce, New York, NY, Jul. 1995, pp. 1—13.

Stefik, M., “Letting Loose the Light: Igniting Commerce in Electronic Publication,” Xero PARC, Palo Alto, CA, 1994—1995, 35 pages.

Stefik, M., “Letting Loose the Light: Igniting Commerce in Electronic Publication, in Internet Dreams: Archetypes, Myths, and Metaphors,” Massachusetts Insitute of Technology, 1996, pp. 219—53.

Stefik, M., Chapter 7, Classification in “Introduction to Knowledge Systems,” Morgan Kaufmann Publishers, Inc., 1995, pp. 543—607.

Tygar, J.D., et al., “Cryptography: It’s Not Just for Electronic Mail Anymore,” CMU—CS—93—107, School of Computer Science Carnegie Mellon University, Pittsburgh, PA, Mar. 1, 1993, pp. 1—21.

Tygar, J.D., et al., “Dyad: A System for Using Physically Secure Coprocessors,” School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, pp. 1—41.

Tygar, J.D., et al., “Strongbox: A System for Self Securing Programs,” CMU Computer Science: 25”1 Anniversary Commemorative, R. Rashid (ed.) Addison—Wesley, 1991.

White, J .E., “Telescript Technology: The Foundation for the Electronic Marketplace,” General Magic, 1994.

Wobber, E., et al., “Authentication in the Taos Operating System,” an extended version of a paper presented at the

14”1 ACM Symposium on Operating System Principles, Dec. 1993, pp. 1—38.