JP2003524264A - Method and apparatus for storing, distributing and accessing intellectual property in digital form - Google Patents

Abstract

(57) Summary One embodiment of the present invention is an apparatus for acquiring an IP text, and includes a storage device for storing a plurality of IP texts, and a processor connected to the storage device. Text includes printed text works, movies, films, video representations, television programming, music, audio works, audio representations, radio programs, graphic materials, works of art, plays, opera, novels, documents, photos, paintings , Images (including all forms of electronic images, including virtual images), advertising copies, software, and electronically stored representations of at least one member of a group including portions and combinations thereof. The processor is operable by a program stored in the storage device to receive the IP selection request, receive the user ID associated with the IP selection request, and determine the determined level of IP encryption when the user ID and IP selection are valid. And output the encrypted text of the selected IP.

Description

Detailed Description of the Invention

CROSS REFERENCE TO RELATED APPLICATIONS [0001] This application is related to US patent application serial number 0, filed October 20, 1998.
9/175559, a continuation-in-part application of US patent application serial number 09/049321, filed March 27, 1998, which was filed on July 25, 1996. Filed US Patent Application Serial Number 08/68
7292 continuation application (currently US Pat. No. 5,734,823 issued March 31, 1998), which is a continuation of US patent application serial number 08/367056 filed December 30, 1994. Filing (currently abandoned), which is US patent application serial number 0 filed August 25, 1994.
This is a continuation-in-part application of 8/296120 (currently abandoned), which is 1
US Patent Application Serial No. 07/7878536 filed Nov. 4, 991
Is a continuation-in-progress application (now abandoned), all of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION The present invention relates to methods and apparatus for secure and electronic storage and distribution of intellectual property in digital form, and more particularly to information in a consolidated form. Central storage facility and method and apparatus for user electronic storage and transmission.

Intellectual Property (IP), as used herein, refers to books, text, paintings, photographs, videos, movies, films, audio, music, software, computer games, video games, and non-electronic forms. It refers to another type of representation of an idea or concept that can be stored and distributed in digital form. The IP also includes all materials protected by copyright and other materials. In some embodiments, an IP includes a compilation and / or portion of one or more works of the type described above and the work itself.

Current networks for the spread of IP lack a unified distribution system. For example, there are several different encryption techniques that provide digital security (ie, protection against IP theft and piracy) for different media such as books, videos, software, multimedia, and so on. Also, there are different competing network distribution systems for providing IP, but little or no compatibility between the systems from the perspective of the user, publisher (ie, content provider), or IP itself. . Each entity has its own website, data center, and encryption algorithm. The lack of homogeneity is because many different publishers, studios, and intellectual property owners have their own information retrieval services. Current methods and systems available for electronically distributing IP provide a sufficient level of security against unauthorized use or copying as an acceptable means for commercial distribution of IP. Think not to. This scattered state makes the distribution of intellectual property inefficient. Currently, there is no guarantee of IP protection for issuers, and operators of global distribution networks that are easy to use, efficient, inexpensive and universally disseminate. At present, to establish standards for the development and operation of infrastructure, networking, and systems for commercial electronic distribution of IP, with desirable security levels for most commercial suppliers of IP. There are no standards available.

Traditionally, each type of IP has its own unique way of serving a customer. Intellectual property (hereinafter referred to as IP) has been printed on paper or books, for example, and music has been "burned" onto CDs. Search methods for obtaining IP through digital readers, MP3 music hardware players, and other hardware currently apply to those readers, players, or other hardware It is a specialization of a particular form of IP. This specialized form further splits the IP market into specialized content data centers, reduces distribution efficiency, and, in addition, favors the redistribution and copying desirable for most commercial providers of IP. All security levels. Moreover, the proliferation of websites and market access locations makes it even more difficult and confusing for customers to have meaningful access to what is available. In addition, certain digitally formatted I
The lack of uniformity in the method for identifying P makes it even more difficult to track the IP usage flow. The reason is that it is necessary to use multiple tracking methods in order to deal with multiple identification methods. However,
The information provided in each case can eventually be reduced to binary information. Therefore, a distribution network designed to distribute a wide variety of different types of IP, and a distribution method capable of securely sending each of a wide variety of types of IP to a customer, and protecting the types of IP being sent from unauthorized reproduction. It is desirable to provide.

Current methods for distributing IP rely on simple data transfer, which does not build the inherent security of the data files being transferred. These methods are
Provided adequate protection before the proliferation of public networks and the Internet. However, if one "cracks" the security code, then any or all of the IPs distributed in the file will be owned and used by everyone, regardless of permission and ownership. As a result, it can be used for non-encrypted transfer. Therefore, it would be desirable to provide a method and device that protects a data file being transferred such that the IP is not available for unencrypted transfer after the code has been cracked. In addition, previous encryption and decryption algorithms,
Encryption and decryption algorithms applicable to each electronically distributed IP, keys, and / or keys, and / or to restore security features to any IP whose expression has been broken or leaked It would be beneficial to provide a distribution system and mechanism that regularly and automatically updates and / or modifies expressions, thereby suppressing cracking or leakage of IP encryption and decryption mechanisms.

Furthermore, due to the proliferation of websites and the Internet,
It makes it even more difficult for users to find and access a particular IP. Current,
The method of identifying a particular IP in digital form lacks uniformity. This lack of uniformity makes tracking IP flow and usage even more difficult. This is because it requires multiple tracking methods to be compatible with multiple identification methods. Also, the lack of uniformity in electronic storage and distribution of IP makes IP distribution and delivery more expensive and less efficient. Moreover, IP users are inconvenient as they have to obtain numerous devices and software programs to read many different IP data formats.

Therefore, it is desirable to provide a method and apparatus for consolidating all forms of digitally distributable IP. Further, it is desirable to provide a method and apparatus that provides a solid interface between an IP's organization and content owners on one side and IP customers on the other side.

SUMMARY OF THE INVENTION The present invention is, in one embodiment, an apparatus that facilitates the acquisition of IP text, the apparatus storing (storing) a plurality of IP texts. Devices, including text, printed text works, movies, films, video expressions, television programming, music, audio works, audio expressions, radio programs, graphic materials, works of art, plays, operas, novels,
Includes electronically stored representations of documents, photographs, paintings, images, advertising copies, computer games, video games, or software, or parts and combinations thereof, and wherein the device is connected to a storage device And a storage device further storing a program for controlling the processor,
The processor receives the IP selection request, receives the user identification associated with the IP selection request, and uses the determined level of IP encryption if the user identification and IP selection are valid. And is controlled to output the encrypted text of the selected IP.

As explained below, the terms “text” and “IP” as used herein are broadly interpreted. For example, the music record “IP” includes audio, more specifically music, “text”. Other types of "IP" may include more than one type of "text."

This embodiment of the present invention consolidates various forms of digitally distributable IP and provides a solid view between the organization and content owners of one side of the IP and the consumers of the other side of the IP. Provides a simple interface.

DETAILED DESCRIPTION OF THE INVENTION As used herein, the term “network” refers to any electronic interconnection for transferring data between two or more electronic devices, including the Internet, intranets, and land. Wire or traditional telephone network, cellular or wireless
Mobile networks, wireless microwave networks, television or radio transmissions, cable networks, wireless connections (eg infrared or microwave connections), satellites, localized terrestrial network systems, inductive connections using electrical lines, Wireless networks using lasers as the transmission medium, any combination of any of the above, and any other system for transmitting data between two or more units, including but not limited to It is not limited. "Secure network" refers to unauthorized access to data transmitted over the network or to data stored in memory storage areas of devices connected to the trusted network. It is a network that uses security measures.

The term “IP bank” as used herein refers to the interface between the network and the user. Such an interface may be physically, in close physical proximity to the central information storage facility, or at a location remote from the central information storage facility (eg, a physical housing such as a kiosk located at a retail facility), or the user. Can be placed in close proximity to and directly connected to the computer. In one embodiment of the present invention, the IP bank is a virtual device, in whole or in part, which comprises a software program stored on the user's computer,
Generated from interaction with software located in another IP bank or central information storage facility. In embodiments that include virtual devices, some of the hardware needed to operate the IP bank is located near or within the user's computer, or near or within the IP bank or central information storage facility. However, this will vary depending on where the user makes contact. For example, in one embodiment, an "IP bank" is a record that stores downloaded data such as memory storage, processing units, keyboards, slots for credit cards, electronic versions of printed IP text, and the like. Slots for media,
And a printer (for bills and receipts). A virtual “IP bank” comprises, for example, only memory and a processor (eg, located in a retail facility, data storage center, or security encryption compression module). The keyboard, slots for credit cards, recording media, etc. are provided by the user's device and the user's software in this embodiment. Although the terms “IP bank” and “text” may be reminiscent of the form of a book or the material in which it was written, based on the reader's earlier concepts of what these terms refer to, this document does not The term is not intended to be so limited. "I
When the terms "Pbank" and "text" are used, unless otherwise specified or clear from the context, other forms of material, such as movies, music, sounds, videos, graphic images, natural language And other text, audio, computer games, video game computer software materials, and any other form of intellectual property that can be converted and stored in digital form. (For example, "natural language text" does not refer to video or music.) IP Bank is a self-service, user-interactive information-selling device, and in one embodiment, a separate stand-alone device. . In another embodiment, the IP bank includes hardware and software located in the central information storage facility and hardware and software located in or near the user's computer, both suitable networks. And electronically communicate through the component to provide coordinated operation so that the component functions similarly to a stand-alone IP bank. In yet another embodiment, the IP bank is a device located near the user's computer,
Or a computer board located in the user's computer, which is electronically connected to the user's computer through a suitable network connection,
It can also be connected to the central information storage facility using an appropriate network. In another embodiment of the present invention, for example, each IP bank has a high capacity local memory storage with a customized portfolio of most required information products for the particular site where the IP bank is located. Including equipment. In another embodiment,
Each IP bank is configured to insert a processor, a monitor, a network connection, and a portable memory storage medium and / or a connection means to a user's device, eg a portable digital assistant (PDA). With one or more slots.

As used herein, the term “IP” includes all different types of intellectual property that can be stored electronically in digital form. The term "IP" refers to conventional printed text works, movies, films, video presentations, television programming,
Music, audio works or expressions, radio programming, graphic materials, works of art, plays, operas, novels, documents, photographs, paintings, images, advertising copies, computer games, video games, computer software, and the above. Including any part of a combination of things, and / or other types of intellectual property.

The term “IP file” as used herein refers to a digital version of IP. The description here does not depend on the format of the stored digitized material, but the digitized material may be HTML, XML, Adobe PDF (Portable Document Format), SHOCKWAVE (R) format (Macromedia Corp. Macromedia, Inc.), San Francisco, California)
Alternatively, it is equally applicable whether stored using any other format. Where the context thus indicates, the term "IP selection request" refers to a request by a user to obtain a copy of a given IP file. As used herein, the term "selected IP" refers to the particular IP file that the user requested to copy. As used herein, the term "text", when used in connection with a selected IP or IP file, refers to the content of the digitally stored IP file in question. As used herein, the term "IP" refers not only to traditional printed text work,
The term "text" as used herein, as it includes other types of intellectual property that can be stored electronically in digital form, is either conventional printed text or
Or, the generic term “IP” is intended to be interpreted with the same generality as to encompass “IP” content regardless of whether it is another type of IP content as applied herein. The general applicability of the various embodiments of the invention disclosed herein is, for example, that the television program "IP" is used for television programming (
It will be understood if it is understood to include "text" which is a program. As another example, a recording of music "IP" includes "text" that is audio, more specifically music. A further extension of the analogy is that one can "read" a music recording, "IP", "text", by playing the music through a system that converts digitally encoded audio into sound. It is easy to see that. Some types of "IP" may include more than one type of "text", such as printed text, music, and digital representations of paintings.
All uses of "IP" and "text" herein are intended to be similarly generalized, but it is expressly stated that such use refers only to printed text or natural language text. Except in the context where the word "text" is clearly limited to it.

The term “user's computer” or “user's device” as used herein refers to a conventional desktop computer (IBM PC, MacIntosh).
Desktop computers, laptop computers, PDA devices, wireless connectivity devices, the Internet, including, but not limited to (registered trademark) (Apple Computer, Inc., Cupertino, CA), or any clone, etc.). Connection device (eg WEBTV
(Registered trademark) (WebTV Networks, Inc., Palo Alto, Calif.), Digital telephone, video game device, electronic book, or other electronic device that is electronically connectable to a network. Refers to any electronic device that performs some or all of the following. The terms "user's computer" and "user's device" do not necessarily refer to different types of units.

As used herein, the term “nonvolatile memory” generally refers to a type of memory that does not rely on the continuous application of power for the retention of information. For example, static RAM, separate hard drive, floppy disk, CD-R
W, magneto-optical disk, flash memory, electronically erasable programmable read only memory (EEPROM), and WORM (write once, read many time) memory are non-volatile The type of memory. ROM (Read Only Memory) and field programmable gate arrays are also types of non-volatile memory that are sometimes mask programmed. Circuit designers need to know voltage, current, data access rate,
Data transfer rates, desired device physical size, and memory density requirements, and whether non-volatile memory must be field programmable, erasable, and / or reprogrammable for the application. With consideration, a type of non-volatile memory suitable for use in the circuit can be selected.

The term “encryption algorithm” as used herein includes an encryption method, a key used for encryption, and a formula used for encryption, unless otherwise specified. The term "decryption algorithm" includes the decryption method, the description (key) used for decryption, and the formula used for decryption, unless otherwise specified. However, keys and / or expressions are sometimes used in the description to emphasize,
It is specified together with the algorithm.

In one embodiment, a user may select a portion or all of one or more IP content. The selected information is then combined and downloaded to the user's storage device, eg, "cartridge." As used herein, "cartridge,""memorymodule," or "recording medium" is any device that can electronically store digitized data and provide access to it in a controlled manner. Device. The terms "cartridge", "memory module", and "recording medium" are interchangeable unless context dictates. This term refers to, for example, a compact
Disc (CD), DVD (DVD-R, DVD-RAM, and DVD-RW
), Flash memory cards, and removable storage devices (including floppy disks, memory chips, ZIP disks, and other units). "Adapted" means, for example, recording instructions or data for controlling access by an access device to data recorded therein. Also included is a protected, segregated portion of the data storage portion of the hard disk, and any other device that electronically stores data in digital form and provides controlled access thereto. In one embodiment, the cartridge comprises a unique identification number and a predetermined amount of memory for storing the selected information. In another embodiment, the cartridge is also dedicated software (cartridge control software) stored in non-volatile memory either in a separate memory chip of the cartridge or in a separate and protected space within the cartridge's general memory storage space. , Or “CCS”). The CCS is electronically linked to the cartridge in which the CCS is stored and controls and regulates the reading and use of encrypted and tagged data information files stored in the universal memory of the cartridge. As long as any part of the encrypted data stored in the cartridge is accessed, the CCS remains functional and the user is authorized to perform the encrypted data. Regulate and control. For example, in most cases, if the encrypted data file is being accessed for reading, the CCS
Operates to limit the user's ability to copy the decrypted form of the data or print the data to a hard copy. The CCS also restricts the user from copying any part of the decrypted data to any data file in the RAM other than the temporary file, and the RAM allows the CCS to operate on authorized devices. When the operation of the read-only encrypted file is stopped using the existing CCS, it is automatically deleted. If the user stops accessing the encrypted data file and the CCS stops working, just before the stop, the CCS has all the records of any decrypted data and any temporary data that may have stored such data. Permanently erase the file. When the CCS stops working, the user can no longer access any temporary files created during the previous operation. This is because all the records of such files that once existed and the content contained therein have been permanently deleted from the user's system. Therefore, along with the associated application software stored in the user's device, the CCS uses dynamic encryption to regulate and control any use that the user makes to the encrypted files and the data stored therein. And utilizes one or more of decryption capabilities, unique serial or registration numbers, and various data registration headers. Without the operation of CCS, the user cannot get access to the encrypted data. In one embodiment of the present invention, the CCS is responsible for any attempt to change its behavior.
It includes a monitoring function to prevent the operation of CSS. In one embodiment, if the CCS becomes inoperable for any reason, the user of the device will need to take the affected cartridge to an authorized agent for repair or replacement.

In one exemplary embodiment of CCS, the CCS finds the information needed to decrypt the ciphertext. While the user device on which the CCS resides is operating, CC
S limits what the user device can do. For example, the user device is restricted from writing information to the external storage device while the internal storage device having the encrypted text is being used. When the cartridge is removed and disconnected from the user device, the CCS shuts down the user device, for example by shutting down its program or operating an electronic switch to remove power from the user device.・ Go down.
The CCS also removes all temporary files associated with that program from the user device. In addition, CCS provides reliable real-time
The clock is read to determine if the user device is currently authorized to access the data on the cartridge. The CCS also registers when tampering occurs, such as changes in real-time clock data due to attempts to delay the apparent date.

In one embodiment of the present invention, the user may dial any data information file acquired by the user to the IP bank or central data storage facility using a dial-up network, or to the web using the Internet. Any network by accessing the IP bank or central data storage facility through the appropriate link through the site or using a wireless network (eg digital satellite, cellular, wireless mobile, microwave, infrared, etc.) Alternatively, the IP bank or central data storage facility can be accessed and updated through the connection. In one embodiment, a trusted universal resource locator (SURL) is used that includes both trusted phone numbers as well as internet-based URLs. The same restrictions as for obtaining the updated data information file apply to obtaining the update.

The following sections provide an overview of one embodiment and a detailed description of its architecture. A detailed description of the architecture is followed by a detailed description of the configuration of an embodiment of POS (Point of Sale) delivery. To provide.

A. Overview According to one embodiment of the present invention, information is distributed from a central information bank to a user's personal recording medium. The information so delivered by the system may be electronic through various communication networks (eg, telephone lines, cable systems, cellular systems, wireless mobile systems, or other similar commercial communication networks). Physically or from various recording media (eg magnetic or electronic discs, cartridges or tape reels or compact discs, laser discs, tape cassettes, etc.) or from an external source in hard copy format. To be done. If the information is received in hard copy format, it may first be scanned or directly transcribed into a standard digital format (eg ASCII text, DOS text, or other similar standard commercial Available text format). If the information is received on videotape, NTSC or PAL format video, the information may be a ".avi" file, a Quicktime file, or other format, including a suitable MPEG-X compression application, if desired. Is digitally encoded. Content providers that provide information, i.e., external sources, may permanently link to the master data file for the information when the information provided is stored or accessed electronically,
It is possible to identify instructions regarding the authorized use, access, and costs of that information. In one embodiment, when the information is received electronically,
Instructions are generated electronically. These instructions will include a description of the permitted uses (eg copy generation, print restrictions and / or permits, rental options, purchase options, if any), unauthorized copying or use. The desired security level (from level zero (virtually no security) to maximum level (the most robust security available)) and, optionally, cost to the user as a function of the access rights they choose. Including. Whenever a request is made to obtain a copy of the information file (ie IP file), the instructions for use are used in connection with the selection made by the user within the allowed options and the requested IP. User-specific electronic instructions are created to limit the use of the copy of the file. The information is then digitized, formatted, compressed, and first encrypted to form an electronic master copy, which is stored in a central information bank. The master copy is duplicated electronically and is transferred to the PO through a communication network such as a telephone network or a satellite network.
Electronically shipped to the S distribution system. The IP bank forms part of such a distribution system and electronic copies are kept in the IP bank for download to the user's personal recording medium. First, the user selects the information to download and a tracking entry is made to the transaction database to record the transfer. Before and during downloading the copy to the user's recording medium, the information is dynamically encrypted utilizing various variables, for example variable levels of encryption depending on the economic value of the information. By utilizing a "dynamic" encryption process, only the electronic reader associated with the user card used to access the information from the IP bank and download the information to the user's storage cartridge understands the information. Allows display in a possible text format.
In one embodiment, the "dynamic" encryption process is a real-time
The file is created, encrypted, and sent over the network to one or more different user devices or recording media located at one or more different physical locations. For example, in one embodiment, the instructor's lecture notes are electronically encrypted and transmitted in a secure fashion, in real time, to the devices and / or recording media of students participating in the lecture. Notes are stored on these devices and / or recording media for use at that time or for later use.

As will be described in more detail below, in one embodiment, the dynamic encryption process includes a unique serial number (or other serial number) associated with a particular user's recording medium from which encrypted data is downloaded. An encryption, such as an alphanumeric or binary identification), a unique registration number given to the user during registration, and a unique file number associated with the downloaded file. Secretly generating an encryption and decryption algorithm and expression to uniquely encrypt the copy of the data file when the copy of the data file is downloaded to the user's recording medium; and So that he can later decrypt the data for reading. Copies of the algorithms and formulas are stored secretly in a portion of the central data storage facility's memory storage with restricted access. Copies of the algorithms and formulas required to decrypt each of the obtained encrypted data files are stored in read-only form on the user's recording medium. The storage space for this read-only copy is such that any attempt to access the data stored therein, other than using an unmodified CSS program, renders the data stored therein unreadable. Designed to do. In another embodiment, instead of utilizing a unique registration number permanently tied to the recording medium used to create the unique encryption and decryption algorithms and formulas, a unique electronic An electronically generated electronic number is assigned to the recording medium during initial registration of the system, and the assigned number is used to create applicable encryption and decryption formulas and algorithms. In this embodiment, the unique electronically generated number is a number randomly generated by the system and checked for uniqueness. In another embodiment, the unique electronically generated number is generated by a system program, which searches for characteristics of the user data storage medium to find a unique representation of the device, Create a unique electronic registration number from here. In another embodiment, other methods, including combinations of these methods, are used for unique number generation.

In another embodiment, software programming periodically modifies the applicable encryption and decryption algorithms and formulas associated with a particular encrypted IP file to provide enhanced security. To do. In this embodiment, the applicable encryption and decryption algorithms and formula changes are made when the user logs on and connects to the system through an IP bank connected to the central information storage facility. Changes can be made after a certain time period has passed since the date the particular encrypted IP file was first created, or for a given time period since the date the applicable encryption and decryption algorithms and formulas were last changed. Is performed after, or whichever occurs last, whichever occurs first. Periodic changes in applicable encryption and decryption algorithms and formulas make it more difficult to break encryption, and if the previous encryption was broken, transfer the IP file to the encryption system. It becomes possible to take in again. The frequency of such cryptographic changes depends on the I
The time value of P and the user of the target IP file specify the specific encrypted IP
It depends on how long the file is allowed to be accessed.

In one embodiment, security is enhanced through the use of an external authorization device and associated identifier attached or linked to the reading device. Examples of suitable currently available authenticators include a parallel port software lock, i
Buttons (registered trademark) (Dallas Semiconductor C
orp. (Dallas Semiconductor Inc.), Dallas, Texas), and "Smart Cards" that are plugged in via PC Cards.

In another embodiment of the present invention, where one or more IP banks operate with one or more retail establishments, each retail establishment has a respective user device, user recording medium, and / or A unique identification number is provided that is used to tag the encrypted IP files obtained at the retail facility or through an IP bank linked to the retail facility. A predetermined share of the system revenue generated for the tagged user device, recording medium, and / or IP file using the tag information, the particular user device, recording medium, and / or IP file is: It will be allocated and distributed to the targeted retail facilities. In another embodiment, the tagging is further detailed to allow revenue to be shared with the user device and / or recording medium manufacturer and distributor.

IP digital data transmission can occur between two or more mobile wireless or cellular devices. The device may be versatile and may have, for example, a combination of PDAs, cell phones, visual displays, and / or audio capabilities. The device can be an IP regardless of whether the IP is digital audio, video, text, software, or multimedia.
To transmit safely. Mobile devices can also obtain music, video, text, and other IP asynchronously through various databases through the Wireless Access Portal (WAP). For example, if a user wants to access their favorite song, they can use a mobile wireless browser to browse the music database, access music titles by artist, CD title, or some other style, You can customize the desired transfer. Then, after requesting whether the user wishes to rent (and thus automatically erase) the requested copy of the song or wants to own the requested copy of the song, the actual ordering and payment are made. In one embodiment, similar mechanisms are used for ordering natural language text (eg, "electronic books"), software games, videos and movies. Asynchronous transfer refers to the downloading of IP from one or more databases using a wireless mobile device. Data is actually transferred and stored in the customer's SEC (security encryption compression) device. The user is free to use the IP as opposed to using it in real time with data stream transfer.

In one embodiment, multiple databases and portals and transparent links can be used to access mobile wireless devices. For the implementation of this embodiment of the invention, it does not matter whether the access is mobile wireless or cable, fiber optic, telephone access to an internet portal or database. The same end-to-end security as described in the present invention for IP is consistent with the present invention. The same dynamic encryption and mechanical and / or technical means exist throughout the data transfer delivery cycle. User (ie customer) SEC after transfer is done
The unit contains data and rules linked to the data controlled by the "smart" storage device. The smart storage device determines the time of automatic erasure, watermark, security level from top layer to open system, and other rules that are directly linked to that data or part of the IP data. Rules can even be applied to small things such as notes, words, or bits.

Synchronous data transfer refers to a continuous stream of IP data for mobile cellular devices. Here, the same rules for IP exist in real time and the wireless connection must be maintained through its transfer. A combination of synchronous and asynchronous transfers can exist within databases and multipurpose consumer devices. Single purpose devices, such as those without other functional capabilities that provide mobile wireless access to Internet music data portals, are also
It is within the scope of the present invention.

In one embodiment, a wireless device can also link to other devices synchronously or asynchronously. For example, the data transferred to the mobile wireless device after downloading the music IP can be transferred to the car or home stereo system each time the music (audio) is played. Various transfer mechanisms can be used to transfer music or other IP. One embodiment of the present invention is the transfer of IP to a car or home stereo over radio frequency, and movies and television programs (television programs) to television sets and / or computers over radio frequency transmission. Including transfer of. In the case of mobile wireless devices such as car stereos, the mobile wireless device is equipped with radio circuitry that can interface with the AM or FM frequencies of the car stereo. The transfer to this circuit may be either synchronous or asynchronous. Similarly, mobile wireless devices access other forms of IP such as video, movies, software, text, and multimedia, and are digitally secure, as defined by the rules for the content owner's IP, The IP can be transferred in an encrypted manner.

Digital content security is real-time “on the fly”
Can be generated and delivered at. Professors, musicians, writers, mentors, filmmakers, and any individual, organization, or company should not be redistributed when producing content in a live setting, and also on the web or business-to-business ( It is possible to secure "personal" content so that it is not distributed by other means of BtoB) or business-to-consumer (BtoC) digital distribution. The range and amount of content can be word, note, DOI (digital
It can be a picture frame based on an object identifier) or a whole or part of a work of art or content. Course pack
) Presents a classic example, which is a collection of bits and pieces of information. Range also means “on the fly content”.

In one embodiment, the rules created by the content provider are consistent with technical performance. The rules that apply to a particular piece of content are constantly adjusted according to market demand, functionality, and use of the content, as well as technological advances. D
Rules for OI, text, audio, visual, or content morphology are tied to content in a secure fashion.

Digital content rules include any form (text, music, video,
Digital security is assigned to all content (software, multimedia). Such rules are established by content owners and providers and cannot be modified or manipulated by digital content users.

Functionality is defined as a method of authorizing the use of content. For example, content (or "text") can be automatically erased, printed or allowed (or not allowed) to be transferred to another user, watermarked, and many rules governing the activity, use, and operation of content. Can be applied. Content may include natural language text, music, videos, software, or multimedia. Rules for digital content and security also include transaction tracking, accounting, and verification.

The content provider's intellectual property consolidation may reside in one master database or several databases or subsystems. In one embodiment of the present invention, a transparent link to an external database that holds intellectual property in order to provide more content to the customer while giving the content provider a sense of database control and management. Is used. Security,
Unity and integrity are maintained across the network distribution chain of systems. The customer does not need to know the location where the content will eventually be accessed. This seamless transfer greatly enhances content-driven access and continuity.

Since intellectual property content is subdivided into thousands of providers, content continuity and access are important to help mediate sourcing and availability of content. Indeed, smart browsing and retrieval systems are built on standardized platforms that help consumers in accessing information by title, subject, author, artist, studio, publisher, etc. Embodiments of the present invention develop a system integration and active digital distribution database that applies security access rules if necessary to redistribute information to business, home, and / or organizational users. To do.

Customizations, business users, home consumers, etc. can customize their content if the content provider allows through rules that apply to the content. This content customization can be extended to any form of digital intellectual property and polarity. In one embodiment, customers or content providers and integrators can add music to text material, animations, software, paintings, videos, or multimedia. The cumulative print or playback release-music, video, etc.-is determined by the percentage of all content owned by the content owner. For example, a certain percentage of songs can be excluded from security.

Advertising and promotions can be used to supplement supplier revenues from IP and / or to reduce costs to consumers. Content owners decide how much advertising to embed or link into their content, and thus how much income to replenish and / or reduce costs, as do customers.

Content security and usage restrictions enable digital content return. In one embodiment, automatic erasure is provided based on a secure, unalterable (user or customer) calendar clock. The clock can be reset when the customer retrieves information via wireless, internet, or other means. The auto-clear rule is the title (ie file) at the end of the time
-Including deletion of access. The customer can then reactivate the affected title access for an additional period of time. If the customer does not choose to update the rental IP, the IP content is completely removed from the system.

B. System Architecture FIG. 1 shows an embodiment of this information distribution system. The system is shown as being implemented worldwide for illustrative purposes only. Referring to FIGS. 1 and 2, one of the facilities provided is one or more “central data centers” or “central information banks” 100. Each central data center 100 operates in conjunction with others present in the network to control IP storage and distribution. A further data center 100 is provided, each comprising one or more computers operating in association with each other. Central information bank 100 is a central "library" or store of information. Peripheral information banks 102A-F coupled to central information bank 100 are libraries or storage locations for community-oriented information. For example, the San Francisco Bay Area Area Information Bank 10
The information stored in the central information bank 100 that is most frequently accessed by 2A is:
It may not be much accessed from the peripheral information bank 102E in Rome, Italy. At any event, central information bank 100 is coupled to each peripheral information bank 102A-E to enable information sharing. Each peripheral information bank 102A-F is coupled to one or more point-of-sale (POS) sites, as described in more detail below in connection with peripheral information bank 102F.

Central transaction database 104, coupled to central information bank 100 and peripheral information banks 102A-F, provides a central record keeping function for central information bank 100 and peripheral information banks 102A-F. Central Information Bank 10
0 and the central transaction database 104 are preferably commercially available mainframe computers, such as the IBM mainframe computer. The particular mainframe type selected depends on the amount of information stored centrally in the network, the degree of record keeping functions performed, and the speed at which information is transferred and processed. Importantly, the present invention is not limited to any particular computer to serve as a central information bank and / or central transaction database.

FIG. 1 shows a central information bank 100 and a transaction database 104.
, Peripheral information bank 102F, and various POS distribution sites, especially POP (Point
of Purchase site 108A-C, POR (Point of Rental, point of rental) sites 110A-D, promotion (sales promotion) site 112A
~ D, and exploded views of various couplings between IP bank subsystem sites 114A-C. Each point of purchase (POP) site 108 includes a POP transaction database represented by a box and a user interface represented by a circle. As mentioned above, the user interface is sometimes referred to herein as an "IP bank." Especially, POP site 108A
Includes an IP bank 116A and a transaction database 118A, site 108B includes an IP bank 116B and a transaction database 118B, and site 108C includes an IP bank 116C and a transaction database 118C. Central information bank 100 and peripheral information bank 1
02F, specifically the peripheral information bank and memory storage unit 106A, can also serve as an IP bank, such a unit being indicated by a circle. I
Details about the P Bank and Transaction Database are provided in Section C below.

As shown in FIG. 1, each POS distribution system, such as systems 112A, 108A-B, 110A, and 114A-B, may be networked directly to peripheral information bank 102F, and also systems 108C, 110B. ~ D, 112B,
112D, 114B-C, etc. POS distribution system, peripheral information bank 10
You may network to the POP site 108B networked to 2F. The configuration of the POS distribution system is described in detail in section C below. However, at the level shown in FIG. 1, the promotion POR system as shown at 110B and 112B, or the promotion POP system shown at 108B and 112C, or the promotion as shown at 108C, 110D, and 112D,
It is important to understand that the delivery system can be integrated into various combinations such as a combination of POP and POR systems.

The communication network link between the central information bank 100 and the central transaction database 104, the peripheral information banks 102A-F, and the POS site may be telephone network, satellite network, cable network, or digitized format information. Can be carried out using one or a combination of many commercially available networks, such as any other medium suitable for transmitting data. Many well-known protocols can be used in connection with the system. For example, the well-known TCP / IP when the Internet is used as a "backbone" network.
Protocols can be used.

FIG. 2 illustrates the flow of information according to the embodiment of the system architecture shown in FIG. Peripheral memory storage unit 106A is integrated with central information bank 100 and peripheral transaction database 106B is integrated with central transaction database 104, for ease of illustration only. Of course, it should be understood that a communication link is provided between peripheral information bank 102F, central information bank 100, and central transaction database 104.

The issuer receives the inventory report from the central information bank 100 and the sales data from the central transaction database 104, as indicated by the inputs provided in block 202. Based on this and other information, the issuer can decide whether to place additional information on the network. For ease of reference, such information is referred to herein as block 204.
It is also called "information title" as shown in. If the information is not presented in electronic form, the information is digitized (206), placed in electronic format 208, and subject to electronic authoring 210. The digitized information is then sent to the data converter 212, which converts the digitized information into a uniform format. For example, if central information bank 104 and central transaction database 104 are DOS or UNIX (R) based systems, the data converter will convert the information to the DOS or UNIX (R) format accordingly. If the information title is in a digitized format, the information title is sent directly to the data converter 212 for direct conversion to a uniform format, as indicated by line 214.

Once the data is in a uniform, digitized form, it reduces the amount of storage space required to store the data and is transmitted with less risk of tampering during transmission over the communications network. As it prepares the data, it undergoes initial encryption and compression. Compression is achieved using one of the commercially available compression protocols. Initial encryption is done using one of the available standard encryption protocols described below in Section D.

Once in a uniform encrypted and digitized form, information titles are stored in the central information bank 100. An electronic index is provided that lists all titles available and accessible by author, title, subject, or ISBN and / or ISSN code. When a new information title is added, the electronic index is updated to include the new title. The information title may then be downloaded to IP Bank 116A. The information title and corresponding electronic index information may be located on the laser disc master, as shown at block 216, in addition to or instead of being stored in the central information bank 100. Laser disc master 21
6 can then be installed directly in IP bank 116A.

In one embodiment, when the desired information data title is downloaded from the IP bank 116A to the user's recording medium 218, each file limits access to the information and the users to whom the information is transferred. In addition, it is dynamically encrypted and encoded with authorization and user identification data. The encryption process consists of a unique serial number of the recording medium from which the encrypted file is downloaded, a unique registration number given to the user requesting the download at registration, and a unique copy given to the file to be downloaded. Using algorithms and formulas that are generated using a combination of unique hidden numbers. In this way, the data downloaded will be
It is linked to the recording medium in which the encrypted data is stored. The unique serial number of the recording medium may be a number permanently associated with the recording medium at the time of manufacture or initial formatting and stored on the recording medium, or the recording medium is first registered with the system. It may be a number that is electronically generated and assigned when In both cases, the number is electronically readable and stored in a non-volatile part of the memory storage space associated with the user recording medium. In one embodiment, the current time and date is included with the data title downloaded from IP Bank 116A so that user recording medium 218 or an associated user record is recorded.
Checks the clock associated with the device to prevent the clock from being rewound in the end user's device.

Before downloading the desired information title, the user must
You can access an electronic index containing all information titles available for download from. Through the electronic index, the user gets a list of available information titles by author's name, specific title of the work, ISBN code, or subject. Once edited, the selected index
The video screen displays a list of available information titles contained in the category and other information needed to allow the user to purchase or rent any information title contained in the listed index categories. It Using the video listing, the user selects any title listed there and obtains a print of the relevant information through printer slot 342. Upon proper access by the user, the information title can be downloaded from the IP bank 116A to the user's recording medium 218.

After downloading the information from the central information bank 100 and the corresponding electronic index information to the IP bank 116 A, or after installing the laser master 216, an inventory report is generated by the IP bank 116 A and sent to the central information bank 100. Sent. These inventory reports reflect the information titles currently stored in IP Bank 116A. Next, these reports are issued by the publisher 20.
2 is sent. Also, a download completion report from IP Bank 116A
Sent to a transaction database 118A, also referred to herein as a host file server, which in turn generates a sales status report. The sales report is sent to the central transaction database 104. The transaction database 104 returns the necessary action instructions to the host file server 118A and transaction reports to the issuer 202 for use in accounting, auditing, etc.

The cartridge regulates access to and use of encrypted data files,
Decrypts encrypted files when you choose to open them, controls the behavior of your computer when you are accessing the decrypted version of an encrypted file, and when closed,
It also includes programming (CCS) to remove all traces of decrypted versions of encrypted files from the user's hard drive or RAM (RAM is DRAM, S
DRAM and / or VRAM may be included or may be).

In one embodiment, the content provider (provider) may authorize the provided information to be permanently linked to a master data file of information when stored or accessed electronically. Instructions (usage instructions) associated with the received use, access, and cost can be identified. The instructions are electronically generated when the information is electronically received. These instructions can be used to authorize authorized use (eg, copy generation, printing restrictions and / or permissions, rental options, purchase options, if any), and the desired security level for unauthorized copying or use ( Includes level zero (virtually no security) to maximum level (most robust security available), and optionally cost to the user as a function of the user's selected access rights. Whenever a request to obtain a copy of an information file (ie an IP file) is made, a usage statement is used, within the allowed options, together with the selection made by the user, of the requested IP file. User-specific electronic instructions for limiting the use of the copy are generated. For example, a content provider who wants to allow users to generate hard copies of printed information files for learning purposes may have special needs when the information files are being downloaded to a master file. You can choose to include the authorization code in the master data file. Once established, the instruction (usage instructions) code thus generated accompanies the information file on the user's recording medium or cartridge and regulates the use of the information file by the user. The cartridge holds information about such printing and limits further printing when the limit is reached. Text (natural language text or other IP) that the user produces as a hard copy by making a selection within the defined limits or within the permitted purpose using the highlighting features of reader programming. Determine the part of. In one embodiment, if no special code is selected, the default code that employs the most restrictive instructional selection is applied. In another embodiment, the content provider may allow the user to select applicable usage and access usage instructions from various allowed selections, which selections are made at the time of acquisition. The acquisition cost to be paid by the user will vary based on the user's choice of desired use. In one embodiment, rules can be updated or adjusted by the content provider.

In another embodiment of the present invention, where one or more IP banks operate with one or more retail establishments, each retail establishment has a respective user device, user recording medium, and / or Or it is given a unique identification number used to tag encrypted IP files obtained at a retail facility or through an IP bank linked to the retail facility. Using tagged information, specific user devices, recording media, and / or IP files,
A predetermined portion of the system revenue generated for such tagged user devices, recording media, and / or IP files is allocated and distributed to the target retail facility. In another embodiment, tagging is further detailed to allow revenue sharing with the manufacturers and sellers of user devices and / or recording media.

C. Configuration of POS Distribution System (Point-of-Sale Delivery System) The POS distribution system is classified according to the function as described above. The functionality includes one or more of the following: (1) POP distribution system, (2) POR distribution system, (3) IP bank subsystem, and (4) promotional distribution system. The configuration of each of these functions will be described separately in detail below.

POP Distribution System The POP system is shown in block form in FIG. The POP system is described herein as an IP purchasable system, for exemplary purposes only. However, as noted above, the system is not limited to a particular type of IP, and other media that can be represented in electronic form, such as computer software, music, and video, can be purchased using the system. It is possible. Further, while the system described herein is a POP distribution system, in other embodiments, synchronous or asynchronous IP network protection that enables real-time IP transmission,
Or adopt both of them.

The POP system shown in FIG. 3 includes an IP bank 302 coupled to a host file server 304. The server 304 is coupled to a customer service terminal (terminal) 306 (of course, there may be more than one terminal) and a cashier station 308A, the cashier station being another cashier station 308B-. Further interconnected to D. Server 30
4 is also coupled to engine network 310, which is connected to engine terminals 312A-E. The service terminal 306, the cashier stations 304A-D, and the agency network 310 are Compu
Commercially available computer networking systems such as Serve, public networks such as the Internet, intranets, or virtual
It is connected to the server 304 via a computer communication link such as a private network (VPN). IP bank 302 and server 304 are connected to central information bank 100 and central transaction database 104, as described above with reference to FIGS. 1 and 2.

The cashier stations 308A-D are serial, linear networking connections that allow the addition and removal of any number of cashier stations at any time. This configuration accommodates the occasional cashier stations needed during busy seasons or rush hours, and the desire to remove cashier stations to better utilize space after the rush season. Customer Service Terminal 306 provides personal identification, change of personal identification number, free I
It has local processing capability to provide customer services such as P processing, IP refund, customer information input and update. Customer service terminal 306 may also provide internal operations and management functions to retail outlets, such as IP inventory card management, IP list management, IP requests, IP reports, financial reports, email and bulletin board management. .

Referring now to FIG. 4, the POP file server 304 is shown in more detail. In particular, the server 304 includes one or more central processing units (CPUs) 316, a main power supply 318, an uninterruptible power supply 320 to ensure continuous operation during a power failure, and all of the servers 304 are required to operate. A high density storage device 322 for holding programs and databases is provided.

The server 304 has four interfaces: a network interface 324, a maintenance interface 326, a customer service station interface 328, and a cashier station interface 330. CPU 316 sends instructions to IP Bank 302, creates transaction databases and reports, and processes orders from cashier stations 308A-D and customer service terminals 306A-D.

From the network interface 324, the server 304 communicates with the central transaction database 104 for electronic filing of transaction reports, and also communicates with the IP bank 302 to provide download ordering orders to the IP bank 302, Receive status and inventory reports from 302. The server 304 is also coupled to the IP Bank subsystem via the network interface 324 to receive subsystem reports to give orders and orders whenever needed, as described below. External network systems, such as organizational or corporate network systems with local retailer terminals, regional bulletin board services, and others may also be coupled to network interface 324. Network interface 32
4 can also be bidirectionally connected with an interbank network such as Cirrus, Plus, or other similar data transfer network. Coupled to the retailer's terminal, the promotion system provides local retailers and local companies with direct access to their promotions and coupon updates. Maintenance interface 326 enables remote or on-site diagnostics and repair of server 304.

Customer service station interface 328 includes server 304
And customer service terminals 306A-D for handling customer service transactions. Customer service terminals 306A-D are shown coupled to printer 334 through data switch 332. The cashier station interface 330 enables communication between the cashier stations 308A-D and the server 304.

FIG. 5 shows an embodiment of the IP bank 302. IP Bank 302 is a high resolution color touch screen device used to display, for example, commands, messages, status reports to the user, index information, and to receive the user's touch screen input selections. Provide a graphic display 336. The IP bank 302 also comprises a keypad 338 for the user to enter personal information as well as other inputs. A reader 341 of a magnetic code or other generally accepted card, shown as an insertion slot, for transactions with the customer's bank card, credit card, or some other form of debit card. It is provided. The bar code reader 340, shown as an insertion slot, allows the user to read the IP bank
It is provided so that a card containing the ISBN and / or ISSN code of the desired information title can be inserted. The ISBN and / or ISSN code can also be manually inserted, for example, by typing the associated number key on the keypad 338 or using a joystick type device (not shown). The printer slot 342 also allows the user to access the output of the IP bank 302, printer (not shown in FIG. 5), receipts, transaction reports, and ISBN access vouchers, as described below. It is provided so that it can be taken out. The IP bank 302 also includes a base member 344 having a cutout 346 to allow a user to comfortably stand in front of the keypad 338. Other configurations are possible for users with special physical needs. Importantly, IP bank 302 also includes a cartridge slot 348 for the user to enter a read cartridge to obtain a copy of the selected information upon download, as described in more detail below.

In another embodiment, as shown in FIG. 5A, the physical embodiment of IP bank 302 can vary. More specifically, in one embodiment, the IP bank 302 is a personal computer 349, such as IBM or De.
It is placed on desk 339 using a personal computer available from the ll company. The user operates IP bank 302 as described above with reference to FIG. 5, except that the user can, for example, sit on a chair (not shown). Such an arrangement may be used, for example, in a business, dormitory, library, or other similar environment, where a user may access information for extended periods of time or in a professional environment. In other embodiments, readers 340 and 341 and cartridge slot 348 may each be located in computer 349 or in a separate device electrically coupled to computer 349.

In yet another embodiment of the present invention, as shown in FIG. 5B, IP bank 302
Different physical embodiments of are provided. More specifically, the IP bank 302 is
The central information data storage facility 10 is arranged near the central information data storage facility 100.
0 electronically via any suitable means (eg, cable, wireless, etc.).
In this embodiment, the IP bank 302 is contained within the housing 500 and the central enclosure 100 and IP bank 302 are combined. User access to the IP bank 302 is via dial-up modems 502, 51
Via the Internet, through the Internet, through websites 504, 506 maintained for that purpose, via radio links (narrow band wireless, broadband wireless, infrared, electromagnetic wave, radio wave, or other similar). Connection) or any other network capable of electronically transmitting data in digital form, such as a cable modem, ADSL-X, or broadband wireless network. W on the IP bank and on the recording medium 218 of the user
Accessing the IP bank 302 using dedicated software contained in an ORM (write once, read many times) memory or other non-volatile memory will cause the virtual IP bank to be viewed and accessed using the user's computer. Is generated. The virtual IP bank is then the IP bank 302 in another embodiment.
Performs all the same functions as. However, the memory of the central information storage facility 100 is used as a storage device for information titles and transaction information, and the appropriate hardware connected to the user's computer acts as an access port to the IP bank 302 and the IP The dedicated software program stored in the user's recording medium together with the dedicated software program stored in the WORM (write once, read many times) memory of the bank operate as a software program for driving the IP bank. That is different.

In yet another embodiment of the present invention, the IP bank 302 is in the user's computer or on a cable, telephone line, wireless connection (infrared, electromagnetic, etc.),
Or a special board configuration that is placed in a separate device electronically linked to the user's computer by any other suitable means. In this embodiment, the IP bank 302 is configured such that any attempt to read the data contained therein, other than authorized, renders the data completely unreadable. The IP bank 302 is in this embodiment connected to the central information storage facility 100 or another IP bank 302 using a secure (reliable) network. In one embodiment, IP bank 302 also functions as a controller for user computers when used to access encrypted files or trusted networks. In this embodiment, the IP bank 302 also includes operating software stored in WORM (Write Once, Read Many Times) memory within the IP bank 302.

FIG. 6 is a block diagram of the IP bank 302 circuit. In particular, IP bank 302
Includes a central processing unit (CPU) 350, which includes a display 336, a keypad 338, a magnetic strip reader 341, and a bar code reader 34.
It is tied to zero. CPU 350 is shown as a single unit, but CPU
It is contemplated that 350 may be a parallel processor or distributed processor arrangement. The choice of CPU 350 type depends on the amount of information to process, the desired processing speed, and cost. CPU 350 is also coupled to an automated teller machine (ATM) module 352 to enable transactions with ATM cards. The CPU 350 is coupled to a media driver 354, which allows the user to insert personal media for approval or other function, as described below. The IP bank 302 also comprises a main local storage 356 provided to store all information masters and associated index information selected when loaded into the IP bank 302. Secondary storage 358 is provided to hold other programs, instructions, and transaction related information. The buffer memory 360 is utilized to speed up the download and accommodate a large number of users during peak seasons.
Printer 362 is provided to print the requested coupons, receipts, and various reports to the user. The power supply device 364 supplies electric power to the printer 362 and the CP.
U350, secondary storage 358, and local storage 356. The uninterruptible power supply 366 is coupled to the main power supply 364 to ensure continuous operation during a power failure.

CPU 350 is coupled to network interface 368 and provides communication to central information bank 100, host file server 304, or IP bank subsystem, as described below. CPU 350 is also coupled to wireless communication port 370, which is in turn coupled to antenna 372. The wireless communication port 370 may be used in the event that an alternative communication medium is required.
Be compatible with such media.

FIG. 7 shows, in block diagram form, the structure of the user's personal recording media cartridge 374. As described below, the user may insert cartridge 374 into cartridge slot 34 to download the selected information from IP bank 302.
Insert in 8. The downloaded information is the IP bank 2 at the time of initial download.
02 stored in cartridge 374 in encrypted format, along with associated basic index information copied from the electronic index contained in 02. The cartridge 374 is compatible with the reader and allows the user to browse the information stored on the cartridge. Cartridge 374 includes read-out software 376 that provides continuous encryption and decryption of information, as described in more detail below. A registry-enabled segment 378 is also provided. Cartridge 374
An IP file registry 380 is created when downloading information to the. The encrypted IP file 382, along with the associated electronic index information,
A serial number 384 that is not erasable and is permanently marked is also stored in the cartridge 374. The cartridge 374 also includes a commercial operating system environment 386 and free disk space.
Also includes 388.

In another embodiment of IP bank 304, slot 348 is part of a device connected to a user computer used to access encrypted files. FIG. 8 shows a user generated when the user uses the POP system described above.
Shows process and component processing. In particular, if the user entered site 390 and the user was a first time user (392), the user fills out a user application form (394). Next, the user brings the completed application form and photo ID to the customer service station 306A, where the user selects and inputs the personal identification number (PIN) and password (39).
6). Customer service staff opens customer account (398)
. The password selected by the user is automatically matched with the customer account number created in sequence in the central data bank. An employee types in the user's name, address, and social security number using the keypad provided with the cashier station. The written application is then inserted into the printer slot on the cashier station. While loading the customer's information, the central data bank reviews the information to determine if there were any previous problems or other glitches with the customer. Upon completion of the verification process, the customer account number specified for the user is printed on the user's application form. Next, a plastic containing a user identification card (eg, standard credit card dimensions, and a magnetic strip on the back of which staff can place magnetically encoded information in the card slot.・ Insert a card. The card is then stamped with the user's name and account number and the magnetic strip is encoded with the appropriate user code (account number, card number, and specified password information). The written application is then sent to the central data storage center for storage. The user can now use the issued card to purchase or rent the use of the information title. The machines used for card embossing and encoding are standard, commercially available machines of the type currently used for issuing bank cards, credit cards or debit cards. A unique user identification number is electronically generated using the password and application registration number provided by the user. This identification number is then magnetically stored in the magnetic strip on the back of the user card and in the data file of the machine that produces the embossed card. This information is stored in an encrypted file that is later sent to the central information storage facility 100 using a suitable secure network. The unique number thus generated is used to represent the user's personal signature (system registration number) regarding access to the system and encrypted files.

The user can also obtain the personal identification card by accessing the system through the network and supplying the information necessary for generating the user identification file. Upon completion of the registration process, the user electronically receives the digital identification file and the identification number (or password). Upon registration, the user is assigned a unique account number associated with the user's data file in the system for accounting and tracking purposes. The digital file containing the assigned account number, user identification number, and applicable selected password information represents the identification file. After the identification file is stored, the user can obtain a printed copy of the relevant information contained in the file. Simultaneously with the generation of the identification file, the system program uses a combination of the user's account number and a number equivalent to the user password to generate a unique number. The electronic version of this unique number represents the user's electronic personal signature (registration number). Unique number digital
The copy is stored with the user's identification file using a special encryption method. Only the public (non-hidden) portion of the data is available for printing on hard copy. The digital identification file can be used for tagging and encryption of the data file, providing access to the network and the encrypted data file. A copy of the registration file, including a copy of the identification file, is stored in the central information storage facility 100.

In addition to obtaining a personal identification card, new subscribers
Purchase a reader / computer or other acceptable reading device (special computerized interface, audio or video playback device). Each such device is assigned a unique serial number and a special code number. In one embodiment, the serial number is contained in a read-only memory chip contained within the device. Many of the cartridges associated with each such read device are encoded so that the information stored on the cartridge can only be read by the associated read device. In one embodiment of the invention, this is accomplished by a simple program contained within the persistent storage of the device. In another embodiment, if the special code on the device is not the same as the number the cartridge is looking for, then the cartridge causes the reading device to display "This device cannot read the cartridge" and display that particular reading device. Do not allow any access by the user to any information contained in the cartridge. If the numbers match, further access is allowed. Once the readout device is purchased, the employee enters the device's serial number into the central data bank through the cashier station. The central data bank maintains a list of all authorized read device serial numbers and corresponding special code numbers. The customer's personal identification card that purchases the readout device is
A staff member inserts the magnetic strip on the identification card into the appropriate slot of the cashier station and encodes it with the applicable serial number of the reading device purchased. Thereafter, whenever the user wishes to obtain additional cartridges for reading with their reading device, the user must present his personal identification card and a properly coded cartridge to the staff. Simply insert the cartridge into the cartridge slot and the identification card into the card slot and press the designated button on the cashier station to allow the new cartridge to be read by the user. Encoded correctly for device readability.

In another embodiment of the invention, the personal identification number given to the user at registration, the unique serial number of the user's recording medium used to store the downloaded file, and the download Unique hidden numbers given to the content to be copied are used to generate unique encryption and decryption algorithms and expressions. Copies of the algorithms and formulas thus generated are stored in the central information storage facility. Using the encryption formula thus generated, the data file is encrypted as it is downloaded and stored on the user's recording medium. The decryption formulas and algorithms are stored in a non-volatile memory associated with the user's recording medium and are available for decryption when access to the encrypted file is requested. The memory unit and its housing that is stored when the decryption formulas and algorithms are downloaded to the user's recording medium are dependent on the use of CCS software and associated operating programs for the information so stored. It is configured so that the data cannot be read for any read attempt other than the above. In one embodiment of the memory unit, WORM memory is used.

The requirement that the read device code and cartridge code match before access is allowed means that the issued cartridge cannot be easily read by multiple read devices. For reading with multiple devices,
It requires a special program and special permit or authorized purpose. In one embodiment, purpose-encoding the information allows the publisher to extend or limit access to users with appropriate permissions or defined purposes. For example, the issuer can purpose-encode, or arbitrarily-encode, a portion of the selected IP so that it can be read by any user. This type of destination encoding can be used, for example, for promotional IPs or certain government publications. Other information is also for a single user, that is,
It may be purpose-encoded to limit access so that only the classified material is viewed. The requirements reduce the likelihood of unauthorized use of information titles. Special permissions can include various security code levels, which allows publishers, studios and content owners to have their IP content available to only one individual from a fully open level. Allows you to choose from a wide range of security up to the highest level. Security codes and special authorization rules for content owners can be determined, for example, by the market value of the content. New versions of music, movie releases, and new computer games have different security than content that has been on the market for a long time because the life cycle of the content can also be considered. Among the tiered security related to time value, market value, control level, type of intellectual property, and even legality, the highest level of security is, in one embodiment, a hardware smart chip or smart storage. The use of the highest security encryption algorithms with the device controller chip or processor.

In another embodiment, where the IP bank 302 is located either near the central information storage facility 100 or near the user computer, the user's recording medium is
It is encoded with the applicable registration code and number using the appropriate slot of the user computer or IP bank 302, which is the case when a separate external unit is used as such. is there. Launch the appropriate software, insert the user applicable recording medium into the appropriate slot, and use the appropriate software menu to select the appropriate instruction. The software program then creates the appropriate registration information and encodes it in the appropriate format on the recording medium. As part of the initial process, the software program checks the recording medium to make sure it already contains the appropriate CCS. User recording media that do not yet have a unique serial number or identification number will be given, rejecting user recording media that do not allow them to be electronically tagged with the serial number in the proper format. And marked as such. Only user storage media containing the appropriate software programs and registration information can be used to store data information files.

In operation, the customer brings the customer identification card to the IP display area for shopping (400). If the customer has previously opened an account, the customer does not have to go through the above process and can go directly to the shopping area where the customer selects an IP inventory card that matches his IP selection ( 400). The IP inventory card has printed on it the ISBN and / or ISSN number of the IP, a bar code, and specific information title, author, publisher, and edition date. The customer brings the selected IP inventory card to cashier station 308A. The cashier magnetically reads the code on the customer ID and scans or manually enters the bar code on the IP inventory card (402). The customer then makes the appropriate payments and the customer code and the information title bar code are sent to the host file server 304. The server 304 searches the existing customer account file for identification (ie, PIN and password) matching and downloads from an IP inventory card or based on a manually loaded bar code. A generated IP list file. The server 304 sends the file to the IP bank 30.
2, the IP bank 302 electronically generates a portfolio of information titles ready to be downloaded on demand. The user then goes to IP bank 302 at any later time, inserts the identification card into slot 340 of IP bank 302, and places the encoded POP cartridge 374 into IP bank cartridge slot 348. Insert and identify using a personal identification number, as shown in step 404. The user also enters the password into the keypad 338 (406).
). When IP Bank CPU 350 matches the personal identification number with the downloaded list portfolio, IP Bank CPU 3
50 sends the requested information from local storage 356 to buffer memory 360.
Start downloading to the media driver 354 through
The driver 354 copies the information to the cartridge 374. As part of the download process, the data is dynamically encrypted, making it uniquely readable only by authorized read devices. Dynamic encryption is the following D
Section. After downloading, the user removes the cartridge 374, inserts the cartridge 374 into a personal reader / computer, and accesses the acquired information. The reader / computer is configured for long-term read applications. The read application software is stored on the cartridge with the ability to read the applicable software on the cartridge that is permanently stored in the memory of the reader / computer or other authorized read device.

The user may select portions of the selected information, combine them, and download them. In one embodiment, the user can select at least one IP and select at least a portion of each selected IP. If more than one part is selected, and each part contains at most the entire selected IP, then the parts are combined and downloaded to the user's cartridge 374. For example, for a particular college program, a student may be asked to download a particular chapter from 10 different 1Ps. After selecting 10 IPs and 10 specific chapters of the selected IPs, the selected information is combined, encrypted using the determined protection level and downloaded to the student cartridge 374. Similarly, the user can select and combine individual tracks from the music information and download the selected tracks to one cartridge 374 for later playback.

The IP bank 302 includes hardware and software in the user computer, and hardware and software arranged outside the vicinity of the user computer (eg, the IP bank near the central information storage facility 100, or the user's computer). In another embodiment, including a standalone IP bank remote from the central information storage facility 100, the user may use suitable browser software after connecting to the IP bank unit 100 to allow the user to access the central storage facility 100. Access the index of available titles and select the desired title or portion of the title that the user desires to purchase. From this information (from which a work representing some of several different works is created), IP Bank 302 is made to generate a unique identification number for the newly created work. It This unique identification number is generated in addition to any hidden code that is generated and serves as an index reference for the work. The IP bank 302 also uses the user's request to generate a shopping list with appropriate price information, and the user accepts or modifies the as-produced shopping list. If the list is accepted by the user, the menu requests payment information. Generally, at the IP bank level, payments are made via pre-generated credit vouchers, credit cards, or debit cards. After the payment is approved, the IP bank 302 creates a copy of the requested title, encrypts it, and downloads it to the user's recording medium. While connected to the user's computer and recording medium, the IP bank 30
2 examines the appropriate log files to determine if there has been any misuse or fraudulent activity. If it is determined that such has happened, the account will be flagged for further inspection.

POR Delivery (Point of Rental Delivery) System If the user is not interested in obtaining a permanent copy of a particular work, but only needs a copy for a period of time, for example one semester, the user may P than to visit
You would prefer to visit the OR site. The POR system is shown in FIG.
The rental system is the same as the POP described above in this specification, except for the differences noted below.
It is the same as the system (including the host file server, for example). Often, one site or IP bank acts as a POP system site, a POR system site, and a POD system for promotional or commercial information sites, or any combination thereof. As shown in FIG. 9, the POR system includes an IP bank user terminal coupled to terminals 412A-E.
Includes hubs 410A-B and customer service station 414. User terminals 412A-E allow a customer to perform an index search and information title search of the IP bank memory and to transfer other information between the IP bank 302 and the user. Customer service station 414 combines the functionality of customer service as well as cashier stations. For example, at customer service station 414,
Sell on a debit card from a trusted customer and, if necessary, AT
Override (disable) ATM operations via M-Module 416
It is possible to Information is sent to customer service via printer 418.
Printing can be done from station 414.

The POR recording medium 420 is used in the rental system. POR media 420 is similar to POP media 374, except that media 420 includes an auto-erase mechanism that erases downloaded information after the expiration of a preset time period. More specifically, when information is downloaded from IP Bank 302 to Media 420, IP Bank 302 will have a "time stamp" equal to the amount of time the user has paid to retain a copy of the information. Also downloaded (using inoperable non-volatile time-encoded chip). The time stamp may take the form of a value loaded into a memory location on media 420, which value corresponds to the rental period. During use, the actual elapsed usage time is deducted from the electronically stamped period. The information title is self-destructed when the user consumes all authorized usage time or other time units. That is, the medium 420
Deleted from. This can be accomplished by simply calling a stored program to erase the information associated with the memory location where the time value is stored. For example, if the value of the memory location where the authorized usage time is stored is 0, the stored erase program is called to erase the information associated with the authorized usage time "zero". In one embodiment, a pre-warning feature is provided to give the user time to make a payment for additional authorization before the information is erased.

Another method of self-erasing is to include a real-time clock and an independent rechargeable power supply in each rental or library cartridge. The real-time clock mechanism is activated when the cartridge is first encoded for use. When the rented information title is downloaded, the expiration date is logged into the index information for each title. Real time cartridge
Access to the associated information title is denied after the clock reaches the specified deadline date. If the title is not deferred and the cartridge is used after a further number of days, the information title will be permanently erased from the cartridge memory. With this method, if the real-time clock is not running, the cartridge becomes unreadable without repair. To repair a defective cartridge, the user only needs to take the cartridge with his or her personal identification card to the nearest service center, where a real-time clock is provided. Is repaired or the relevant information title is loaded into the replacement cartridge. The user gets credit for any time lost while the cartridge was unreadable. Service centers can be located, for example, near each separate POD site.

In one embodiment, the user has his or her device and is in a time zone.
GMT clock verification is added to the user device to provide additional IP security when traveling through the network. In another embodiment, an encrypted GMT code is added to compare and verify the erase date and time with the actual GMT.

The auto-erase program can be used as an operating system module or as a “terminate and stay resid.
ent, resident program) ”(TSR). Modules that are integrated with the operating system are preferred. This is because such a structure ensures that the auto-erase module is viable when the operating system is viable.

If the user still needs time to use any particular information title, P
You can return to the OR site and rent the information again. Alternatively, the user is also intended to be able to update the rental via a modem coupled to the reader.

Regarding the user process for renting information, when a POR customer enters a POR site, the user uses a valid ATM card, bank card, credit card, or other debit card, and the user Proceed directly to terminals 412A-E. Using such a terminal, the user can perform an information title search and download the order entry to the IP bank 302. Upon completion of the downloaded entry, the user will go to IP Bank 302 to rent the media, identification card, for transaction approval.
And credit, bank or debit cards in IP Bank 3
Insert in 02. If the transaction is not cleared, or if the ATM system is not working properly, the customer can go to a customer service center and have staff manually override the ATM process if appropriate. If the user does not have a valid ATM credit or debit card, the user will go to a customer service center to pay service personnel and receive credit to the IP Bank debit card. The customer then goes to the user terminal, where the order entry is downloaded.

Once the transaction approval is cleared, the customer inserts the POR media 420 into the IP bank media driver 354, scans the personal identification card and enters the password. The information is dynamically encrypted and downloaded from the IP bank 302 to the media 420 along with an electronic stamp of the number of hours used or expiration date allowed for each information title. After downloading, the user applies this medium to a personal reader / computer to access the information on the medium.

Typical examples of POR sites are libraries (commercial, educational or public access) and IP rental shops. If the information downloaded by the user is free of charge to the user in the case of a library, or if a specific rental fee is incurred at a predetermined rate in the case of a rental shop or library that charges a fee per used page There is. For any given POR site,
It may act as a classic library, which allows library members free use for a limited period of time, or it may act as a rental shop that collects fees from users according to the permitted usage period.

IP Bank Subsystem The IP Bank Subsystem is coupled to the IP Bank and Host File Servers, as described in more detail below. The central element of the subsystem is the PO
This is an IP bank that is a modification of the PIP bank 302. The subsystem is
In particular, it is adapted for collective use by members or staff of a commercial or business entity or company. It provides the ability to distribute and recall information titles among authorized users within a business or corporate entity and limit the number of copies of a given work that can be distributed to other authorized users. If all licensed copies of any information title have been lent to the organization's staff, one or more licensed copies of the specific information may be uploaded or recalled to the subsystem, or additional Until the copy is purchased, other users will not have access to the same information title within that particular subsystem. In one embodiment, the information limits the purpose of which access to the information is granted to the user,
Purpose encoded. For example, the central corporate library may authorize selected users, namely R & D staff, to have selected information, ie pending patent applications. All non-R & D personnel users without a proper purpose or authorization code are blocked from accessing that information.

Instead of purchasing an unlimited copy number unlimited use, a commercial or business entity leases an unlimited copy number limited use, or a specific portion of a given information title. can do. Under such circumstances, the commercial or business entity may access the subsystem from participating workstations for the portion of the identified information title accessed and for the period of time the access occurs. Fees are charged each time. Due to the constraints encoded in the interface between participating workstations and subsystems,
While accessing information from the subsystem, the workstation's ability to perform certain operations is limited. The restricted operation is the operation associated with the duplication or transmission of data associated with the information title being accessed through the subsystem.

More specifically, and with reference to FIG. 10, IP bank subsystem 422.
Includes a high resolution color graphic display 424 coupled to the CPU 426 and displaying a usage description or status of the subsystem 422. The subsystem 422 also includes a keyboard 428, which limits access to the system for key selections for the operation of certain given functions, such as product displays. (In one embodiment, a voice recognition system is used for input in place of keyboard 428 or to provide additional input capabilities.) Subsystem 422 is a medium for downloading information. A local store 4 holding a driver 430 and a portfolio of information ordered by the business entity for use
32 and. Secondary storage 434 is also provided to hold all software programs that control and execute the functions of subsystem 422. Subsystem 422 further includes a power supply 436 and an uninterruptible power supply 438 for ensuring continuous operation during a power failure. The printer 440 is provided to print various reports.

The IP bank subsystem 422 replaces the subsystem 422 with the IP bank 302.
And a network interface 442 that connects to the host file server 304. The network interface 442 may also be coupled to a corporate or business entity network system 444. In such a structure, enterprise entities can transmit or download information that their enterprises own through IP bank subsystem 422.

The media port extension interface 446 provides access by the appropriate number of media drivers to the desired corporate terminals of the corporate network station. The media driver 430 is connected to the terminal or station by the owner driver card. The enterprise management department can utilize the dynamic encryption and dynamic download functions of the IP bank subsystem 422 to incorporate and apply the information that the enterprise owns. Information that the company owns is sent to the IP Bank subsystem 422 using an encryption process and can be selectively downloaded to the destination port and properly identified authorized personnel. . IP Bank Subsystem 4
22 is not only a customized corporate library of copyrighted and proprietary information, but also a corporate document security device that encrypts and distributes corporate documents and confidential information owned by the company in a corporate network system. A separate unit, such as a memory storage unit, allows workstations to encrypt from subsystems as part of a network interface connection that links each participating workstation to the subsystem and access encrypted information. As long as you can access the information, it limits the specific actions that can be performed from the workstation. The restrictions limit or prevent operations associated with copying or transmitting data.

Promotional Delivery (Promotional Delivery) System A sales promotion system is a POD (Point of Point) for sales promotion and commercial information.
Delivery: At the time of delivery). It delivers promotional and commercial information in electronic format, and users can view the digitized promotional and commercial information either on-site or at their own expense for later viewing. It can be downloaded to the target media. The user's call is a discount available advertisement, commercial, special promotional event, software demo,
And access promotional and commercial information, including electronic and dynamic browsing of product catalogs. Users can even shop electronically by manipulating promotional and commercial information, placing orders from personal readers / computers via email, or by placing orders directly from the Interactive Promotions IP Bank. It is possible. The promotion IP bank has the same structure as the IP bank 302 of the POP system.

The sales promotion system according to the present invention is shown in a block diagram in FIG. Like other POS systems, the IP bank 302 is networked to a host file server 304. The promotion system further includes a number of promotion units 448A-D that electronically display and promote the product. Unit 4
48A includes central transaction database 104 and central information bank 1
Unit 448B-D directly coupled to host file server 304
Be combined with. Unit 448A receives information from retailer terminals 450A-D and host file server 304 and receives information via retailer terminals 450E-G. More specifically, the host file server 304 receives updates of advertisements and special offers from local companies, international or local advertisers, corporate sponsors through retailer terminals (MT) 450E-G. host·
File server 304 is also networked to a central transaction database, which provides reports to publishers, advertisers, accounting, audit firms, product vendors, and others.

Promotional IP Banks selectively promote promotional and commercial information to their POR media for their personal review and personal shopping at their convenience. It is possible to download (see description in section B, System Architecture for instructions on such downloading). The downloaded promotional and commercial information self-destructs (ie, is automatically erased) upon expiration of the predetermined period, as described above for the POR distribution system. Promotional IP Banks also provide user interactive self-service sales capabilities. Users can order products or information electronically over the network. Some promotional features include on-demand coupons, virtual shopping, catalog sales, demos, subscriptions, credit cards, and telephone / phone calls.
An electronic application for a card, or other type of service. Local events,
Some public information delivered, such as ticket sales, institutional events, and even gazettes, can be delivered along with promotional information as a free or low cost service to the area.

The promotional and commercial information flow is very similar to that of POS distribution systems. However, the source is not the publisher or copyright owner, but rather a local company, an international or local advertiser, and a suitable sponsor through an advertising agent or other entity.

Information Tracking In one embodiment, for each exchange or download of information, a tracking entry has an appropriate transaction to record the movement or transfer of the information from the first location to the second location. -Sent to or stored in a database, such as central transaction database 104. By reviewing these tracking entries, the information owner can monitor the movement of information and take appropriate action. For example, a trace entry may be copied every time any information is copied to, removed from, or copied from IP bank 302.
Recorded in the transaction database 104. Based on the tracking entry,
The information owner may charge the receiving or forwarding party a fee defined by the information owner. The fees charged may be based on a variety of factors including, but not limited to, the economic value of the information, the use or purpose of the information, the number of users, and availability from other sources. Tracking entries can also include additional data so that the information owner can determine who transferred the information, the amount of information transferred, the type of transfer, ie the rental for a specified period of time, and the transfer time. To be able to. Tracking entries are recorded for all transfers, in one embodiment, from IP bank 302 to cartridge 374, and from central information bank 100 to IP bank 302. These entries can also be used by the information owner to determine the type of information being transferred, the number of transfers, and the identification of the information recipient. For example, the information may be used to determine whether the targeted user has received a particular promotional material, or if the targeted user has received the promotional material, or how to react to different information pricing strategies. obtain.

D. Encryption The POS distribution system described above has the ability to dynamically encrypt data when it is downloaded to the user's recording medium. Dynamic encryption refers to the process by which an IP bank works with a recording medium to perform proprietary encryption of downloaded data. In one embodiment, different levels of encryption are utilized based on a set of factors or variables. These variables include the economic life of information, market value,
Variables include, but are not limited to, general availability, replacement costs, time sensitivity, and number of potential users. For example, current TV listings have low level or low complexity encryption as a result of low market value and low replacement costs, and general availability from many sources. Conversely, multi-volume legal papers have high or high levels of complexity of encryption, for example, as a result of the limited availability of information, replacement costs, and long economic life. Based on the above factors, the source of information, ie, the issuer, can determine the appropriate encryption level for each piece of information from the initial transmission from the central information bank 100 to the user cartridge 374. The level of information encryption at any location, bank 100, may be higher or lower than another location, cartridge 374. More specifically, each time information is downloaded or transmitted,
The level of encryption can be changed or determined independently. For example, the encryption level in the central information bank 100 may be higher or lower than the encryption level of the IP downloaded to the user cartridge 374.

In addition to dynamic encryption, other encryption may be performed as shown in FIG. 12
Indicates a three-level encryption process. For example, the data may be encrypted before transmitting the information over the network. This helps prevent unauthorized users from accessing information sent over the network. In addition to encryption before transmission, the data can be encrypted before being placed in the IP bank. The issuer or other owner of the information has the authorization to approve this level of encryption, providing such information owner with the satisfaction that the data is properly protected.

Once the data is stored in the IP bank, dynamic encryption technology can be used when downloading the data to the recording medium. The recording medium (FIG. 7) includes an owner environment for construction, reading, viewing and processing. The medium also has a commercial operating system environment for processing information files. The registry of information file directories forms part of the owner application and
The directory pointer is included in the operating system application.

The dynamic encryption process, in one form, is a permanent serial number, a user's personal identification number, a personal signature, which is stored on the recording medium when the data is downloaded to the user's recording medium. The code number and password are used to further encrypt the data stored in the IP bank. The personalized variables and code are combined with the variables in the various personalized information files to form a personalized data structure for the data downloaded to the user's personalized media.
As a result, these information files are personalized in terms of media, software version, information files themselves, and other variables.

Dynamic encryption allows all information downloaded through a POS distribution system to be read and accessed by a selected number of users' readers / computers, without ownership or other permission. Can help reduce the likelihood of being used. In particular, a data recording medium that can be accessed by one reader / computer can be used by another reader / computer unless it is configured to be accessible in advance by providing the same user identification number and password to another reader / computer. It cannot be accessed using a reader / computer.

An example of a well-known encryption algorithm that can be used to implement the above three-level encryption includes the Z8068 Data Cryptographic Processor (DCP). The DCP contains structures for encrypting and decrypting data using the National Bureau of Standards encryption algorithms. It can be used in a variety of environments including dedicated controllers, communication concentrators, terminals in general purpose processor systems and peripheral task processors. DCP uses cryptographic feedback, electronic code IP, or cipher block chain modes of operation to provide high throughput rates. Security is enhanced by providing separate ports for keystrokes, clear data and encrypted data. The host system uses the command entered on the master port or through the auxiliary control line
Communicate with CP. When set up, data can flow through the DCP at high speed. This is because input, output and encryption activities can be performed simultaneously.

In an alternative embodiment, encryption and decryption is dedicated hardware and / or
Or it can be executed by a software function. For example, each reader and cartridge 374 may be equipped with a dedicated encryption integrated circuit (IC) and a dedicated decryption IC to maximize the transfer rate of information. The level of encryption and decryption can be changed by adding additional features and by enabling or disabling the additional levels.

Regarding dynamic encryption, one of the many dynamic encryption methods that can be used is described below.
In particular, each commonly used alphabetic or numerical symbol is assigned a corresponding number shown in Table 1.

[0107]

[Table 1]

The serial number stored in the cartridge is used to determine how many slots the code should shift to the left at the start of encryption. For example, before the start of encryption, if the serial number ends with a 6, the code is shifted left by 6 positions.
Table 2 shows the code table after the shift.

[0109]

[Table 2]

Next, the selected user password is used to determine how many symbols after which the code will be shifted left again. As an example, if the password was ROSE and using the code from Table 2, the numeric statement for rose would be 2
4212511. When the corresponding numbers are added together until a number between 1 and 10 is reached, the number reached in this example is 9 (18.9). Therefore, 9
For each th character, the code shifts left another 6 spaces. After encrypting 9 characters, the code is set as shown in Table 3.

[0111]

[Table 3]

Since the encryption table is constantly shifting, under this simple method, "My
brown dog has flaes. (My brown dog has fleas.)
The phrase "" is encrypted as follows.

[0113]

[Table 4]

Decoding using Table 1 alone, this coded phrase reads as follows:

[0115]

[Table 5]

Without knowing other information, it is very difficult to find a pattern that decrypts a symbol. Knowing the placement of the code relative to the symbols at the beginning of the encryption process and the number of symbols between shifts, decrypting the encrypted phrase is nothing more than reversing the process applied to each table. Absent.

There are any number of other dynamic encryption methods that use different methods to make the encryption code variable as the data to be encrypted is processed. Of course, the purpose is to make cryptanalysis difficult by avoiding the obvious patterns associated with the use of traditional languages and numbers, and thus simply choose a properly cryptic dynamic encryption method. Only.

In another embodiment, the unique dynamic encryption and decryption algorithms and formulas are the user's personal signature (identification number), the serial of the recording medium, and commercially. Generated using a unique combination with the registration number associated with the master data file that was copied and encrypted using the available encryption programs or services. An electronic copy of the encryption and decryption formula thus generated is then stored in a central information storage facility for later use. Using this embodiment of the invention, a unique set of encryption and decryption algorithms or expressions is thus generated for each distinct copy of the IP file requested. A copy of the unique decryption algorithm and formula is stored in the non-volatile memory of the cartridge (user recording medium) for later use. The non-volatile memory of the cartridge (user recording medium) is a box that allows the memory to become completely unreadable and unusable if any attempt is made to read the stored data in an unauthorized manner. Composed and encased. Selected using a unique encryption algorithm and formula thus generated when the file is copied for storage and later use and downloaded to a user cartridge (user recording medium) Dynamically encrypt IP files.

At the same time, a unique electronic header file is generated to associate with the encrypted copy of the requested IP file. The header file is applicable to the user registration information, the rules and restrictions on the requested use of the encrypted IP file, the appropriate decryption algorithms and expressions, and the decryption and use of the data in the encrypted IP file. And an electronic address for locating the location of the CCS. After generation, the header file may be wrapped within the encrypted IP file when the dynamic encrypted file is generated, attached to a digital copy of the encrypted file as a separate part, or encrypted IP file. Written as a separate and distinct data file that is electronically linked to the file. The manner in which the special header file is tied to the encrypted IP file depends on the desired security level and hardware configuration.

E. Tampering Protection In one embodiment of the invention, access to information is monitored or recorded to determine unauthorized access attempts to the information. If the unauthorized access was recorded or stored on the user's media, such as cartridge 374, then the unauthorized access message will be sent to the appropriate organization the next time the user attempts to download additional information to cartridge 374. , For example, the cashier can be notified. As a result of the unauthorized access message, the cashier invalidates the user's cartridge 374 and either calls the appropriate authority or records an entry in the user's account for future action. More specifically, in one embodiment, unauthorized access is determined by first reading or recording certain identification data from the requester or recipient of the information. If it is determined that the data provided by the information recipient does not match or is not equal to the predefined value, an unauthorized access message will be recorded and the information exchange will be hindered. The data determination can be completed using known comparison hardware and / or software features.

Further, an unauthorized access message may be generated when a user with an incorrect purpose or authorization code attempts to access unauthorized information. For example, in a corporate environment, if a user attempts to access information that does not have the proper authorization code, an unauthorized access message may be generated and sent to, for example, a system administrator or security personnel. Different levels of unauthorized access messages can also be generated. For example, a high level message may be generated when a user attempts to decrypt information stored at various locations within the system, eg, IP bank 302, using an unauthorized device. A lower level message may be generated when a remote user attempts to access data at a level one level above that user's authorized level.

G. Other Embodiments In another embodiment, the IP bank 302 may be configured to capture and exchange real-time information. For example, when a professor presents material to students in the classroom, he takes in the professor's presentation and converts it into copyrighted text,
Can be exchanged with a user in a remote location. This conversion can be completed using a known speech / text conversion system using a known computer system. The professor's presentation may be supplemented with written text prepared in advance or prepared at the same time. The text can be digitized and properly integrated into the text using known methods. Users at remote locations can receive information in real time from the professor's lecture as the material is presented, and may receive information later. Remote users
Only the information that the user is permitted to receive is received from the IP bank 302 as described above.

In yet another embodiment, IP bank 302 is configured to receive audio, video, and / or computer software code.
For example, in one embodiment shown in FIG. 13, IP bank 302 includes video cassette recorder (VCR) 600, cassette recorder / player 620, compact disc (CD) or DVD-X player and / or recorder 630. Coupled to a stereo system 610 including a television, a television 640, and a computer 650. As mentioned above, the authorized information is received from the IP bank 302 and, in one embodiment, stored in a storage device, eg, memory device 660. The memory device 660 includes a plurality of memory cells, such as read access Ram (RAM), read only memory (ROM), rotary storage unit,
Hard disk, magnetic recording medium, or magnetic tape, or other recording medium,
It can be, for example, an optical recording medium. After the remote user has selected the appropriate information for reception from IP bank 302, the information is stored on device 660. Device 66
0 is the playback device selected for the stored information, ie, video cassette recorder (VCR) 600, stereo system 610, cassette recorder / player 620, CD or DVD-X player / recorder 630, television 6
40, or configured to transfer to computer 650. For example, in one embodiment, a remote user downloads, or receives, the entire content of a Top 10 Music Album. The album content is stored on the device 660. As mentioned above, the information can be stored permanently or for a fixed period or number of uses. After downloading the information to device 660,
A remote user can transfer information to stereo system 610 for listening. In another embodiment, the information is transferred to device 660 or device 6
Through 60, other components, that is, cassette recorder 620, VCR 61
0, a CD or DVD-X recorder 630, or one of the computers 650. To limit unauthorized copying or playback, this information is provided only for those components, namely cassette recorder 620, VCR 610, CD recorder 630, or computer 6 coupled to device 660.
Only 50 can be played. For example, a remote user can download a feature film by saving it to tape using the VCR 610. The remote user can then play the movie as authorized as long as the tape is played on the VCR 610 coupled to the device 660. Similarly, a remote user can download a software program such that the information is stored on a storage medium within device 660 or computer 650. Computer 6 depending on the authorization code of the software
When 50 is coupled to device 660, the program can be configured to run only from computer 650.

The system described above facilitates controlled and monitored exchange of information between many types of information owners, distributors, and users. Using the system described above, the user can obtain many types of authorized information. The user can purchase, rent, or get the authorized information for free, as determined by the information owner. The information, in one embodiment, is encrypted using various levels or complexity of encryption to prevent unauthorized access. The level of encryption depends on various factors and variables, such as the economic life of the information. For example, IP
Bank 302 may include reference dictionaries and information representing top 10 music albums. Information from reference dictionaries and albums may have the same or different levels of encryption. In addition, students from the determined class will be able to access the reference dictionary information at no cost by the school purchasing an unlimited use copy of that information, but the same student will not be able to access any information downloaded from the album. Need to buy. Moreover, the type of access can be different for individual pieces of information. For example, the first track of album information can be coded so that anyone can download the information at no charge, and the remaining tracks of the album information can be coded to be paid to download.

In yet another embodiment, referring to FIGS. 14 and 15, the present invention relates to a vendor, product, and IP independent storage and retrieval system. This embodiment provides an object-based system that packages any type of data on the network. The type of data in the package is not important to this embodiment. However, the equipment provided by this embodiment of the invention ensures accurate, timely and secure delivery. Each individual IP is stored in digital form and a solid interface is used for its distribution. It is possible to utilize various levels of standardized encryption. The IP thus encrypted is delivered and read in a uniform manner.

One of the facilities provided is one or more central data centers or central data storage facilities 100. Each central data center 100 operates in conjunction with others present in the network to store IP from IP content providers 707 and to control distribution. In some embodiments, an additional data center 70
2 are provided, each comprising one or more computers operating in conjunction with each other. Computer 704 need not be co-located. Each data
The center 702 serves one or more local clients 706 or acts as part of the central data center 100.

A local public device, or kiosk 708, is networked and controlled by the data center. Kiosk 708 is an example of an interface or access port for consumers to access central data center 100 and for consumers to obtain the desired IP. In addition to kiosks, other examples of access ports include computers (mainframes, desktops and laptops), personal digital assistants (PDAs), e-books or e-books,
There are modems and other devices designed to access electronic networks such as telephones, Lansat, the Internet, intranets, and cable networks for electronic transfer of digital data.

A security encryption compression (SEC) module 710 is provided in each consumer product or user device 712 to control access to and use of IP. To get the IP, the consumer must have an authentication password recognized by the registered SEC module 710 and kiosk 708. Furthermore, the consumer must have a data recording medium 714 to hold the requested IP after the download. The SEC module 710 securely stores the IP for use in the proper fashion. The SEC module 710, in one embodiment, provides its own user interface (eg, screen and / or speaker, etc.). In another embodiment, the SEC module 710 includes one or more external adapters 716A, 716B and one or more other user adapters 716A, 716B.
Provides signals for display by devices 712A, 712B, 712C, 712D. External devices 712A, 712B, 712C, 712D communicate with SEC module 710 through, for example, an infrared port, RCA plug, headphone jack.

The SEC module 710 provides security through an “onion” approach, consisting of multiple layers of protection surrounding the IP. The first such layer is the hardware layer. The SEC 710, in one embodiment, includes a chipset with a unique serial number and a non-volatile random access memory (N).
V-RAM) 718, read only memory (ROM) 720, and programmable logic controller / processor 722 having electronically erasable programmable read only memory (EEPROM) 724. The unique serial number provides the public / private encryption key portion, along with the user's access code and the IP being accessed, stored in NV-RAM 718. Each IP is specifically encoded to work only with the identified piece of registered hardware accessed by the security code of the particular user. In some IP products, and in some embodiments transfer from one SEC module 710 to another is possible, but only through an authentication interface such as a kiosk. The hardware protection provided by the SEC module 710 is also the first authentication required by the network before allowing the IP exchange. If the SEC module 710 is bypassed to gain direct access to the recording medium 714, the physical interrupt is saved and sent to the network during a subsequent communication, eg the next communication.

The second layer of security is provided by the SEC710 firmware. This layer is provided by a programmed EEPROM 724 that decrypts the stored IP flowing to the output device. Public / private key encryption for each IP
It is controlled dynamically by. In one embodiment, this control is monitored and
It is changed every time the SEC module 710 communicates with the network.

The third layer of security is the IP itself. This is the SEC module 7
It is encrypted and compressed during download to recording medium 714 at 10. Information obtained in digital form from a particular issuer 707 is wrapped with a uniform digital signature that uniquely marks the version, creating a master copy for distribution. The signed master copy is then encrypted using a custom encryption algorithm and stored in central data storage facility 100 (s) (depending on the size of the distribution network) for later retrieval. . Each of the stored works has a title, which is added to the master table of contents or index 726.

The central storage facility 100 is electronically accessed by the user via the access port using a secure encrypted application layer protocol. Since these protocols are independent of network transport and physical layer protocols, they can be used in any transport network. Utilizing these application layer protocols, a user communicates with the central storage facility 100 to receive instructions and obtain an electronic version of one or more selected IPs. In preparation for downloading the selected IP, central storage facility 100 further encrypts the selected IP for distribution according to the encryption level selected by the issuer of the IP (728).

Encryption is provided in several different forms. For example, public / private encryption keys are used to store data. Watermarks are used when transmitting data to insecure devices such as headphones, television sets, or word processors. The watermark code is injected into the analog output signal by, for example, a digital-to-analog (D / A) converter, which, when analyzed, identifies the source of the IP and its purchaser or licensee. . The D / A converter code uniquely identifies a user, device, and IP combination because it is determined by the personal ID and serial number in NV-RAM 718 and from the encoding in the IP itself. The secure transfer of IP from the network is done, for example, via the RSA encoding detailed in US Pat. No. 4,405,829. This secure transfer ensures that each packet is uniquely encrypted and monitors for possible hijacking and other data stream tampering.

In this embodiment, compression is provided both to maximize storage capacity and to provide IP with another layer of security. The SEC 710 is, in one embodiment, an integrated storage device, at least of a hard disk, a RAM disk, an NV-RAM card (eg, compact flash memory card) or other recording medium such as medium 714. Equipped with one. One or more interfaces 716A, 716B, 7
16C, 716D are provided between the integrated storage device 714 and one or more output devices 712A, 712B, 712C, 712D. The SEC 710 is designed so that the storage device manufacturer can integrate the chipset into the storage device, which allows the storage device to accept IP from the network.

In one embodiment, the SEC 710 has a USB (Universal Serial Bus) port 730 for interfacing with a recording medium 714, a SEC chipset 718, 720, 722, 724, and a kiosk 708 for IP transfer. And an A / D converter 716A and a headphone jack 712A.
Another embodiment provides both USB and USB2 connections. In yet another embodiment, the SEC 710 comprises an infrared (IR) port and an RCA jack.
In yet another embodiment, the SEC 710 is embedded in a device such as a personal digital assistant (PDA) or a single function reader that functions as a device for reading digital IP or electronic books. In yet another embodiment, the SEC 710 is
Built into a user device such as a laptop or desktop computer. For example, half of a computer's hard drive is set aside for conventional operating systems and the other half is dedicated to storing IP, such as user videos, books, and audio. Yet other embodiments include, for example, other wireless couplings, iLinks, Firewires, and / or IEEE 1394 connections.

Encryption makes the downloaded IP readable only by a specific SEC 710 and only by a user who knows a specific password.
Guarantee protection against IP. This limitation can be found, for example, in Verisign, Inc.
) Etc. are used by utilizing the decryption formula provided by the key generation company 732. The key generation company creates a formula that allows the decryption key to reverse the encryption 728 provided to the network. This formula is sent during registration of the SEC module 710 and, in one embodiment, burned into NVRAM 718 or other restricted access memory. In another embodiment, the formula is pre-programmed in the SEC module 710. In one embodiment, the formula is stored in encrypted form and is only used during SEC.
Decrypted by 710 hardware. In one embodiment, the same equation is used by the network to encrypt the IP at the central data center and the SEC 710
The encrypted IP is decrypted using a different key determined by the key generation company 732.

In one embodiment of the invention, a modem algorithm and appropriate key length is used to protect the IP when the IP file is first created, during its delivery, and throughout its existence. In addition, the system program periodically and automatically updates and modifies the encryption and decryption codes, algorithms, keys, and formulas to regain such compromised or compromised IP. And to prevent the IP protection from being cracked or damaged. The frequency and / or number of times the algorithm, key, and / or formula is changed is, in one embodiment, the length of time that the user has rights to IP,
Depends on one or more factors such as the level of security assigned to the IP, and a pre-assigned schedule based on the level of security assigned to the IP.

A key generation company 73 independent of the network operator to generate the key.
Adoption of 2 is not necessary, but may be preferable for IP owners who believe that such companies provide additional security and accountability. However, it is not always necessary to employ the services of the key generation company. Therefore, in one embodiment of the invention, the key generation facility is provided within the network itself.

In one embodiment, operation of the network proceeds as follows. Digital IPs of various types and from various sources 708 are obtained and stored in the central data center 100. The digital IP user (or potential user) has acquired the SEC module 710, which has a unique serial number (USN) permanently "burned" into the module's electronics. Each user also selects a personal password (PP) to identify themselves for registration. The user-selected PP is, in some embodiments, limited within the limits selected by the network operator for security and practicality. For example, in one embodiment, P
P is limited to 6 characters or more and 12 characters or less.

The user with the SEC module 710 and the selected password then connects the SEC module 710 to the kiosk 708 or other access port. The SEC 710 sends the USN and user-selected PP to the network for registration, where the USN and PP are combined into a unique code (UC) (eg, by combining or by mathematical or logical operations). In at least one embodiment, the UC is sent to a key generation company 732, eg VeriSign. The network itself is also a hidden private key (HPK).
Is generated and transmitted to the key generation company 732. Next, the key generation company 732 makes H
Calculate the private encryption key (PEK) from PK and UC,
The PEK is sent to the network, where it is used for IP encryption when sent to the user of the SEC 710. The user then enters the PP into the SEC 710, where it is combined with the USN (as combined by the network) to decrypt the IP for the user.

In one embodiment, the server 7 in the central storage facility (s) 100
34 determines the most cost-effective path to deliver IP, including but not limited to books, music, videos, computer software, and multimedia, and automatically tracks and tampers end users. Confirm,
Freeze access for that end user and regulate delivery method requirements. The regulation is
Different for each accounting and industry. For example, retail facilities are
Use different rule sets that require delivery constraints, search methods, browsing methods, security specifications, and encryption specifications that are different than those that an institution or individual might require. Also, electronic delivery methods and security requirements vary depending on the type of IP delivered. For example, digital music transfer and retrieval is performed differently from electronic IP digital retrieval and retrieval and video transfer, retrieval and browsing. A part of the verification program is dedicated to checking and verifying the readability of the IP file after being encrypted and downloaded to the user's recording medium. The verification program also attempts to automatically correct the correctable error and indicates a detectable but uncorrectable error. If an uncorrectable error is found during verification, the download and encryption process is repeated a predetermined number of times or until no uncorrectable error is detected within a predetermined number of attempts. If an uncorrectable error remains after a predetermined number of attempts, the user is directed to the supporting service personnel. In one embodiment, the CCS is also programmed or configured during read access to automatically verify the readability of the encrypted IP and automatically correct any errors found not related to the functionality of the security mechanism. Try. For example, the CCS is programmed to detect and correct errors due to media deterioration. Such errors may occur over time or due to repeated access or use.

In one embodiment, the present invention consolidates the delivery of all forms of IP into one network that is transparent to end consumers. The network includes transparent links that provide the requested information to various IP websites 736. When an end user orders an IP work via the website 736, the central repository 100, which stores the requested data, links the request and adds another layer of security to the secondary repository. Send the IP to the user's computer 738 (or other device) using a secure dynamic encryption code that Participating IP retailer websites, kiosks, or other terminals are transparently linked to a central repository, depending on the needs of the particular retailer. Thus, retail customers can continue to purchase IP content from their favorite retail websites or stores, while retail stores are linked "behind the scenes" to a central IP data repository.

Depending on the most efficient and cost-effective delivery method, the one or more central repositories 100 are local-based, local-based, or central-based. Each central repository tracks IP data and credits retail sites (740, 742). The key is that individual retailers have access to their sales tracking information in the central depository, regardless of whether the sales transfer was made over the internet, microwave, infrared, satellite, cable, telephone, or other medium. Provided, as possible.

One embodiment of the present invention links to various web sites 736 in a customer transparent manner. If the purchase is made through various websites, stores, or organizations, companies, etc., the marked transaction fee will be the universal tracking system 7
Tracked, described and distributed through 40, 742. In this embodiment, the central information storage facility is a group of individual servers or storage facilities at one or more physical locations, which are physically operated by one or more people, and Linked together by the appropriate software and via a network configuration to appear to the user as a single working storage facility. Accordingly, the retailer may receive its customer's downloaded IP products from a conventional store high-bandwidth kiosk 708 via the retailer's website 736, or by the retailer at the retail facility. Income is provided regardless of whether it is recorded on the medium according to demand. Using this embodiment of the invention, a retail store
Providing useful and useful services by distributing P through in-store kiosks or to customers without a high speed internet connection on a medium recorded by the retail store on demand. You can The provision of this service can be a decisive advantage for some retailers. The additional flexibility provided to retailers by the present invention also helps retailers avoid market-based erosion due to the continued increase in Internet bandwidth to homes.

In one embodiment, the IP and / or a link to the IP (ie, a pointer to another location where the IP is stored, such as on the server of the IP content provider 707) is from the content provider 707. can get. Referring to FIG. 16, when the IP is stored (stored) (800), the format conversion 1001 is performed. The format conversion 1001 includes "system encryption", which makes the IP unreadable by other systems. When the request is received, personalized encryption 1002 is applied, followed by dynamic encryption 1003 as the IP is transmitted over network 804. (Encryption 1002 and 100
3 is configured such that the temporary storage device 802 is shown between them, but can run essentially simultaneously. ) For IP link, format conversion 1001
Is triggered by a user request. The result is temporary storage device 8
02 (rather than a permanent storage device at the central data center 100, as would be the case if the IP were stored rather than linked). Network 1
Personalized encryption 1002 and dynamic encryption 1 before sending through 003
003 is applied next. (The temporary storage device 814 is the temporary storage device 80.
It need not be different from 2. ) When the user downloads the IP, it is stored in the user storage device 714, where the encryption algorithm 1003
, 1002 and 1001 are decrypted in the reverse order in which the encryptions 1001, 1002 and 1003 are applied. Decryption 1002 is SEC71
0 from the temporary storage device 806 to the secure RAM 808. After the code 1001 is decrypted, the contents of the secure RAM 808 are displayed (81
0). Storage devices 806 and 808 are erased when the IP is no longer needed. The user storage device 714 is also, for example, when tampering is detected,
Cleared in some situations.

The registration, security, tagging (or watermarking), verification, and usage analysis programs generate a data trail that logs the creation and use of a particular IP file by the user, thereby associating with the IP file. Evidence of accountability is provided when there is or is an attempt to actually break the security features that Registration, security, tagging verification and usage analysis programs are IP
Creates a permanent link of a given copy of a file to the user requesting the creation of that copy and to the user device used to create the copy. A permanent log of the use of the IP file in digital form is stored in a separate memory storage area associated with the CCS program, and a copy of the log is periodically sent to a central information data storage facility for storage and subsequent analysis. Transferred to.

In one embodiment of the present invention, as shown in FIG.
It is enhanced by the use of an external authentication device (302A) and associated identifier fixed or connected to the device. Examples of suitable currently available external authentication devices include a parallel port software lock, iButtons® (Dallas Semiconductor Cor, Dallas, Tex.).
p.)) and "smart cards" that are plugged in via PC cards. In such an embodiment, upon registration, the user may receive an identification / encoding that is encoded using the user identification information.
A code disc, card or button is physically provided which is electronically readable when the code disc, card or button is inserted into the appropriate slot associated with the external authentication device. If the externally inserted electronic identification code matches the code required for access, access to the encrypted file is granted. If the externally inserted electronic identification code does not match the code required for access, access is denied.

In yet another embodiment of the present invention, user device 712 is a cellular or other wireless mobile phone or wireless communication unit, eg, a cell phone using a wireless browser. With this type of user device, the IP text can be downloaded directly to the wireless communication unit via a suitable cellular or other type of wireless mobile network. In one embodiment, for example, the IP text is written text, a picture, or other visual content displayed in a browser window. In another embodiment, the IP text is music downloaded directly to a cellular or other wireless mobile phone. (One embodiment of a wireless telephone useful in the present invention includes stereo headphones or has a jack for such headphones.) IP text is dynamically encrypted as in other embodiments of the present invention. Encrypted and decrypted, but not stored on the phone or other medium. Upon receiving the call, an audible or other type of indication is provided to the wireless telephone user device 712 and the music is discontinued when the call is answered. In yet another embodiment, the music is selectively streamed to headphones or speakers, stored on the recording medium of the wireless telephone user device 712, or both. The telephone 712 will call when the call interrupts the music being streamed for listening.
It is configured so that music can be downloaded to a recording medium and selectively saved.

Thus, one or more embodiments of the present invention provide for global “mother machine” IP encryption, open web selection and browser access, user screening I
It will be appreciated that it provides one or more IP consolidation features such as D and control, transfer validation, transaction purchase, safety rule attachment, functionality and user authorization, auditing, and feedback and updates. Although the present invention has been described with respect to particular embodiments, many modifications, variations, substitutions and equivalents will be apparent to those skilled in the art. Accordingly, the invention is intended to be limited only by the spirit and scope of the appended claims.

[Brief description of drawings]

[Figure 1]   FIG. 1 illustrates one embodiment of an information distribution system structure.

[Fig. 2]   FIG. 2 shows the flow of information in the system structure shown in FIG.

[Figure 3]   FIG. 3 is a block diagram of a point-of-purchase delivery system.

[Figure 4]   FIG. 4 is a more detailed block diagram of the host file server shown in FIG.

[Figure 5]   FIG. 5 is a perspective view of an embodiment of an IP bank.   FIG. 5A is a compatible embodiment of an IP bank.   FIG. 5B is yet another compatible embodiment of an IP bank.

[Figure 6]   FIG. 6 is a block diagram of the circuit of the IP bank.

[Figure 7]   FIG. 7 is a block diagram of an end user recording medium.

[Figure 8]   FIG. 8 shows the flow of information for the point-in-time configuration.

FIG. 9 is a block diagram of certain elements of a point-of-rent delivery system.

FIG. 10 is a block diagram of certain elements of the IP Bank subsystem.

FIG. 11 is a block diagram of certain elements of a promotion delivery system.

FIG. 12 is a flow chart showing an encryption process implemented in accordance with the present invention.

[Fig. 13]   FIG. 13 is another embodiment of the IP bank.

FIG. 14 illustrates a network and illustrates, in one embodiment of the invention, how IP from a content supplier is provided to a user device through a central data center.

FIG. 15   FIG. 15 is a more detailed block diagram of the user device shown in FIG.

16 is a block diagram of the user device shown in FIG. 15 with an external authentication device attached.

─────────────────────────────────────────────────── ─── Continued front page    (81) Designated countries EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, I T, LU, MC, NL, PT, SE, TR), OA (BF , BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, G M, KE, LS, MW, MZ, SD, SL, SZ, TZ , UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, B Z, CA, CH, CN, CR, CU, CZ, DE, DK , DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, J P, KE, KG, KP, KR, KZ, LC, LK, LR , LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NO, NZ, PL, PT, R O, RU, SD, SE, SG, SI, SK, SL, TJ , TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW F-term (reference) 5B017 AA06 BA07 BB10 CA15

Claims (92)

[Claims] 1. An apparatus for facilitating obtaining IP text, comprising a storage device for storing a plurality of IP texts, said texts being printed texts, movies, films, Video expression, television
Groups including programming, music, audio works, audio expressions, radio programs, graphic materials, works of art, plays, operas, novels, documents, photographs, paintings, images, advertising copies, software, and parts and combinations thereof. A storage device comprising an electronically stored representation of at least one member of the storage device, and a processor connected to the storage device, the storage device further storing a program for controlling the processor; Programmatically, receiving an IP selection request, receiving a user identification associated with the IP selection request, and determining a level of IP encryption if the user identification and IP selection are valid. Selected using A processor operative to output the encrypted text of the IP. 2. The apparatus according to claim 1, wherein the processor selects the text of the IP because of a purpose restriction on which access by the user to the text is authorized. A device further operable by the program to encode for the purpose. 3. The apparatus of claim 1, further operable by the program to encrypt the text of the selected IP with an identifier associated with the user. 4. A device according to claim 1, provided by an IP supplier, the usage instructions relating to authorized use, access and price of the IP supplied by said supplier. A device configured to electronically associate a document with the IP provided by the supplier. 5. The apparatus of claim 4, further comprising receiving a usage and access selection from the user associated with the IP selection request, the IP
Use of the output text linked to the output text of the selected IP using the instructions provided by the supplier of the IP and associated with the text of the selected IP, and Electronic I to regulate access to
A device that is configured to generate a P instruction file. 6. The apparatus of claim 1, further comprising the selected IP
Configured to receive a determined security level including a determined encryption level from a supplier of the security level, the determined security level being selected from a range of security levels, apparatus. 7. The apparatus according to claim 1, wherein the determined encryption level of the IP is based at least on the economic value of the selected IP. 8. The apparatus of claim 1, wherein the processor is a user device and a user data storage medium used to download or store the encrypted text of the selected IP. An apparatus further operable by the program to encrypt the selected text of the IP using a unique identification number associated with at least one of: 9. The apparatus of claim 1, wherein the processor works with a user device that is used to download and retrieve text of a selected IP to limit and regulate operation of the user device. And further operable by the program to restrict reading and copying of selected IP text. 10. The apparatus according to claim 9, wherein the processor determines whether the text of the IP downloaded to the user device is used in an unauthorized manner, and disapproves. Is further operable by the program and with the user device to restrict and / or deny access to such IP text when it determines that the use of the There is a device. 11. The apparatus according to claim 10, wherein the processor, when the processor determines that such unauthorized use is performed, transfers the IP from the memory of the user device to the user device. An apparatus further operable by the program and with the user device to cause text to be permanently erased. 12. The apparatus of claim 9, wherein the processor performs at least one of temporarily restricting or denying access to IP text in memory of the user device. Thus, the apparatus is further operable by the program and with the user device. 13. The apparatus of claim 1, further comprising at least one local unit communicatively coupled to the processor.
The unit includes a memory that stores information sent from the processor to the local unit in electronic form, and a local unit that controls transfer of information stored in the local unit to an electronic recording medium of a user of the system. A unit processor, the local unit being configured to encrypt the information when the information is transferred to the electronic recording medium, the local unit having a determined information encryption level. An apparatus configured to encrypt the information using. 14. The apparatus according to claim 13, wherein the information stored on the user's recording medium includes a personal signature code number and a serial number. 15. The apparatus of claim 13, further configured to receive a determined security level, including a determined encryption level, from a selected IP supplier. The device wherein the determined security level is selected from a range of security levels. 16. The apparatus according to claim 15, wherein the determined information encryption level and security level are based at least on the economic value of the selected IP. 17. The apparatus of claim 16, wherein the information encryption level is not equal to the IP encryption level. 18. The apparatus of claim 13, wherein the memory of the local unit is encrypted as long as there is an electronic connection between the local unit and a user's data storage medium. Permanently store selected files from the memory of the local unit to regulate the use of information stored therein in encrypted or decrypted form and when the electronic connection is inactive. A device configured to be selectively erased. 19. The apparatus according to claim 1, wherein the processor is an IP.
An apparatus further operable by the program to determine an attempted unauthorized access to an output copy of the text of. 20. The apparatus according to claim 1, further comprising: receiving information identifying a facility that is a source of the IP selection request, and adding the identification of the facility to the encrypted text of the selected IP. A device configured to be tagged with a certification. 21. The apparatus of claim 20, wherein the processor is further operable by the program to trace IP text for a facility using the tag. 22. The apparatus of claim 1, wherein the processor determines and stores information related to use of encrypted text by a user,
The information of use is encrypted and stored in a separate section of the memory associated with the user's recording medium or the local unit, the local unit and / or the user's data storage unit being central. An apparatus further operable by the program to cause information of the use in encrypted form to be sent to the central data storage facility when subsequently electronically connected to the data storage facility. 23. A method of operating a computer to obtain the text of an IP, the step of inputting an IP selection request to the computer, and the user identification associated with the IP selection request to the computer. And at least one of a user device or a user recording medium used to download or store at least one of an encrypted copy of the selected IP corresponding to the IP selection request. Entering an associated unique identification number; said user identification number; and (a) a digital identification number associated with at least one of said user's device or user data storage medium. and b) using at least one member of a group comprising digital identification associated with the selected IP,
Generating a unique encryption algorithm and a corresponding decryption algorithm, said selected I using said unique encryption algorithm for encryption
Communicating the P's encrypted text to the user's device for recording on the user's recording medium, wherein the selected IP text is a printed text work, movie, Film, video expression, television
Groups including programming, music, audio works, audio expressions, radio programs, graphic materials, works of art, plays, operas, novels, documents, photographs, paintings, images, advertising copies, software, and parts and combinations thereof. A user device, a user device or user data storage medium on which the user identification, the encrypted digital copy of the selected IP, is stored. A header associated with the encrypted text of the selected IP file that includes in digital form at least one identification, a user authorization indication, and an electronic address of the corresponding decryption algorithm. Step and before Confirming the user identification, authorization indication, and IP selection after a unique encryption algorithm and a corresponding decryption algorithm are generated; and if the confirmation is made, the corresponding Decrypting the digitally encrypted text of the selected IP using a decryption algorithm. 24. The method of claim 23, wherein the computer
The method of inputting a P selection comprises the steps of selecting at least one of the IPs in the memory store and selecting at least a portion of the text of each selected IP. 25. The method of claim 24, wherein the computer
The step of inputting a P selection comprises: determining if more than one part of the IP has been selected, and combining the selected parts if more than one part of the IP has been selected. And, further comprising: 26. The method of claim 23, further comprising generating tracking information corresponding to the selected portion and the selected IP. 27. The method of claim 23, wherein the encrypted text of the IP is selected due to a purpose restriction on which access by the user to the text is allowed. The method further comprising the step of: 28. The method of claim 23, further comprising the step of determining an IP encryption level. 29. The method of claim 28, wherein the step of determining an IP encryption level comprises selecting at least one of a plurality of encryption code levels. 30. The method of claim 29, wherein the step of generating a unique encryption algorithm and a corresponding decryption algorithm comprises: A method comprising the step of obtaining a corresponding decryption algorithm. 31. The method of claim 30, further comprising storing the obtained copy of the encryption algorithm and the decryption algorithm in a memory of a central information storage facility for later use. How to prepare. 32. The method of claim 30, wherein at least one of the user device or the user recording medium has a write once, read many times (WORM) memory unit therein. And the WORM memory is configured to be inoperable when an unauthorized access is attempted, and the WORM memory stores a digital representation of the unique encryption algorithm and a corresponding digital representation of the decryption algorithm. Storing the WORM memory upon use. 33. IP text, printed text work, movie,
Film, video expression, television programming, music, audio work, audio expression, radio program, graphic material, artwork, drama, opera, novel, document, photograph, painting, image, advertising copy, computer game, video IP text to a network coupled to a memory storage means storing a plurality of IP texts, including electronic representations of games, software, and at least one member of a group including parts and combinations thereof. A method of operating a communicatively coupled processor for obtaining, comprising: determining an IP selection request; inputting an IP selection request to the processor; User identity And a unique identification number associated with at least one of the user device or user data storage medium on which the encrypted electronic copy of the text of the selected IP is stored. Inputting, and outputting the encrypted text of the selected IP using the determined encryption level if the user identification and the IP selection request are valid. How to prepare. 34. The method of claim 33, wherein the step of determining an IP selection request comprises re-examining the IP of the memory storage means, and at least one of the IPs of the memory storage means. Selecting at least a portion of the text of the. 35. The method of claim 33, wherein the step of determining an IP selection request comprises selecting at least one IP of the memory storage means, and selecting each of the memory storage means. Selecting text of at least a portion of the IP, and combining selected portions of the selected IP. 36. The method of claim 35, wherein the step of selecting the text of at least a portion of each selected IP of each of the memory storage means comprises selecting the entire IP. Method. 37. The method of claim 35, wherein the step of selecting at least a portion of the text of each selected IP of the memory storage means comprises at least one of each selected IP. A method comprising the step of selecting one word. 38. The method of claim 35, wherein the step of selecting at least a portion of the text of each selected IP of the memory storage means comprises at least one of each selected IP. A method comprising the step of selecting two sections. 39. The method of claim 35, further comprising the step of generating tracking information corresponding to the selected IP in the memory storage means. 40. The method of claim 39, further comprising generating tracking information corresponding to a selected portion of the selected IP. 41. The method of claim 39, further comprising the step of generating tracking information related to the use of the selected IP for the location of the retail establishment. 42. The method of claim 33, wherein encryption of the IP selected to define a purpose of use for which access to the text by the user is allowed. The method further comprising the step of target encoding the rendered text. 43. The method of claim 33, further comprising the step of determining unauthorized access to the encrypted text. 44. The method of claim 33, wherein the step of outputting the encrypted text of the IP includes the user identification and (a) the user device or user. At least one data recording medium
A unique encryption algorithm and a corresponding digital identification number and (b) at least one member of the group containing the selected IP and the associated digital identification. A method comprising the step of generating a decryption algorithm. 45. The method of claim 44, wherein the step of generating a unique encryption algorithm and a corresponding decryption algorithm is performed by an independent key supplier. A method comprising: obtaining a decryption algorithm to perform. 46. The method of claim 45, further comprising the step of storing the obtained copies of the encryption algorithm and the decryption algorithm in a memory of a central information storage facility for later use. How to prepare. 47. The method of claim 46, wherein at least one of the user device or the user storage medium has non-volatile memory therein, the non-volatile memory being unlicensed. Of the unique cryptographic algorithm and the corresponding digital representation of the decryption algorithm are stored in the non-volatile memory for later use. The method further comprising the step of: 48. The method of claim 45, wherein the step of outputting the encrypted text of the selected IP comprises creating a digital copy of the selected IP to obtain user data. A method comprising: using the unique encryption algorithm to encrypt the copy once downloaded to a recording medium. 49. The method of claim 33, in connection with the selected encrypted copy of the IP, (a) an access authorization code, (b) a usage authorization code, and (c). The method further comprising outputting information capable of determining at least one member of a group that includes a decryption algorithm for decrypting the IP encrypted text. 50. Text is a printed text work, movie, film, video presentation, television programming, music, audio work, audio presentation, radio program, graphic material, artwork, drama, opera,
The text of the IP including an electronic representation of at least one member of a group including novels, documents, photographs, paintings, images, advertising copies, computer games, video games, software, and parts and combinations thereof. A storage device storing a plurality of IP texts, and a processor connected to the storage device, the storage device further comprising a program for controlling the processor. Stored by the program, receiving an IP selection request, receiving a user identification associated with the IP selection request, and using an encryption algorithm when the text is output from the device, Dynamically encrypt the text of the selected IP Operate an apparatus comprising a processor and a. 51. The device of claim 50, wherein the electronic cable connection, wire connection, commercial telephone connection, commercial cable network connection, cellular and other wireless mobile network connection, infrared connection, microwave connection. , Radio wave and other wireless connections, television wave connections, infrared signal connections generated by local devices, laser connections, and connections that allow the transfer of data in digital form from one point to another, and these A device configured to communicate over a network connection selected from a group including a combination of. 52. The apparatus of claim 50, wherein the processor selects the text of the IP because of a purpose restriction on which access by the user to the text is authorized. A device further operable by the program to encode for the purpose. 53. The apparatus of claim 50, wherein the processor access-encodes text of the selected IP to restrict access to the encrypted selected IP. Thus, the device is further operable by the program. 54. The apparatus of claim 50, wherein the processor is an I
P receives an instruction from the IP supplier relating to the permissible use and access of the text of the IP supplied by the supplier, and an IP corresponding to the instruction.
An electronic instruction data file with the requested IP using the user instructions associated with the text, receiving usage and access choices from the user in connection with the IP request. To generate
The instruction manual data file is further operable by the program, the user manual for controlling the use and access of the IP after the selected IP has been downloaded and stored in the user device or recording medium. -A device having a device-readable instruction manual. 55. The apparatus of claim 50, further comprising at least one local unit communicatively coupled to the processor, the local unit transmitting from the processor to the local unit. A local unit processor for controlling the transfer of information stored in the local unit to an electronic recording medium of a user of the system, the local unit comprising: The local unit is configured to encrypt the information when the information is transferred to the electronic recording medium,
An apparatus configured to encrypt the information using a determined encryption level. 56. The apparatus of claim 50, further comprising (a) a digital indication number associated with at least one of a user device or a user's data storage medium and (b) the selected IP. Information associated with at least one member of the group, including a digital identification associated with, is communicated to a key generation service via a communication network, and selected from the key generation service via the communication network. An apparatus configured to receive an encryption algorithm corresponding to the encryption level. 57. The apparatus of claim 50, wherein the processor is associated with at least one of a user device or a user data storage medium used to download or store encrypted text. An apparatus further operable by the program to encrypt the selected text of the IP using a unique identification. 58. The apparatus of claim 50, wherein the processor comprises:
at least one operation selected from a list comprising: a) printing the IP, (b) copying the IP, and (c) permanently storing the decrypted text of the IP on another recording medium. Limiting and restricting the operation of the user device receiving the IP encrypted text and the user's data storage medium by limiting the ability of the user device to perform, and the user device and cipher So that the selected information is permanently erased from the memory associated with the user device when the connection between the user's data storage medium on which the encrypted data file is stored is broken. An apparatus further operable by the program. 59. The apparatus of claim 58, wherein the processor provides encryption and decryption algorithms and expressions associated with selected text copies of IP over time and selected. An apparatus further operable by the program to periodically change as a function of at least one of the use of IP text. 60. The apparatus of claim 50, wherein the processor receives a user-supplied access code and generates a system access code, and supplied by the user. The selected IP using the access code and the generated system access code.
Restricting and controlling access to the encrypted text of the IP, by requiring both codes to decrypt the text of the selected IP by encrypting the text of An apparatus further operable by the program, as described above. 61. The apparatus of claim 50, wherein the processor is further responsive to the user device for reading electronic text of an IP when the user device is in communication with the apparatus. A device configured to receive relevant usage and access information in encrypted form. 62. A method of distributing intellectual property (IP) in digital form, comprising: selecting information selected from a group including: IP, links to IPs, and combinations of IPs and links to IPs. Obtaining from a plurality of issuers, encrypting the IP obtained from the issuer, storing the encrypted IP in a storage facility, and storing the encrypted IP and IP Creating an index for the links in the network, sending at least a selected portion of the index to a customer over the network, and sending an electronic selection request for IP from the customer over the network. Receiving, and sending the requested IP to the customer in response to the customer's electronic request, said IP Dynamically comprising encrypting the steps, the method comprising the steps of recording a transaction fee for the transmission. 63. The method of claim 62, wherein the electronic signature personalized to the requesting customer is the IP sent to the requesting customer in response to the requesting customer's request. The method further comprising the step of associating. 64. The method of claim 62, wherein the electronic signature is used to maintain accounting of sent IPs, the method comprising: providing a customer with respect to an IP sent in response to a customer request. Billing the same and crediting the issuer with the issuer's IP sent to the customer. 65. The method of claim 62, wherein the IP comprises a compilation of portions of IP. 66. The method of claim 62, wherein the selected electronic request to the IP includes a request for information available as an IP link to dynamically encrypt the IP. Sending the requested IP to the customer including: retrieving a copy of the IP corresponding to the IP link; and making the copy of the IP readable by the device of the requesting customer. Processing, and dynamically encrypting the processed copy of the IP. 67. The method of claim 62, wherein the requested IP
The method comprises the step of sending to the corresponding requesting customer instructions for obtaining the requested IP. 68. The method of claim 67, wherein the step of sending instructions for obtaining the requested IP comprises the requesting I
How to buy P, how to rent the requested IP, the requested I
A method, comprising: sending one or more instructions selected from a set including a method of payment to P and a method of reading the requested IP. 69. The method of claim 67, wherein the step of sending instructions for obtaining the requested IP includes the requesting I
A method comprising sending a hardware request and a software request to read P. 70. The method of claim 62, further comprising encrypting at least one of the requested IPs using a customer-specific algorithm. A method that enables the IP to be read on one or more user devices that have electronic identifications associated with the customer. 71. The method of claim 62, wherein the encrypted IP
The method comprising: further transmitting the selected encrypted IP according to an encryption level selected by the issuer of the IP. 72. The method of claim 62, wherein the step of receiving a selective electronic request for the IP from the customer over the network includes the selective electronic request over the public network for the IP. Receiving from an end user of the. 73. The method of claim 72, wherein the public network comprises the Internet. 74. The method of claim 62, wherein the step of receiving a selective electronic request for the IP from the customer via the network is sent from a network terminal located at a retail facility. A method comprising: receiving a selected electronic request selected. 75. The method of claim 74, wherein the step of receiving select electronic requests sent from a network terminal located at a retail facility comprises the employees, managers, and those of the retail facility. A method comprising: receiving an electronic request sent by at least one member of a group that includes a combination of. 76. The method of claim 75, wherein accounting for a transmitted IP is maintained using a digital signature personalized to the requesting customer, said selling the IP. Crediting the retail facility. 77. Homogeneous storage, encryption of digitized intellectual property (IP),
And a method of electronic distribution, the method comprising: creating an electronic index of accumulated digitally stored intellectual property, the method being unique to the user when accessing the central digital IP storage facility. Generating authorization information; restricting access to digitized IP at the central storage facility for authorized users; transmitting digitized IP from authorized digital storage facilities to authorized users A step of dynamically encrypting the digitized IP.
Generating a unique registration number for each transmitted digitized IP that associates the authorized user downloading the digitized IP with a user storage device receiving the transmitted IP. And a step of performing. 78. The method of claim 77, wherein information identifying a user requesting transmission of a digitized IP and associating the user with the requested digitized IP is stored in a central data storage file. The method further comprising the steps of recording and storing as a data file that is stored. 79. The method of claim 78, wherein only selected individuals are provided access to the information that identifies the user and associates the user with the transmitted digitized IP. The method further comprising the step of: 80. The method of claim 78, wherein the user is identified and sent according to one member of a group including date, user, and digitized IP identification. The method further comprising the step of creating an index for said information associated with a digitized IP. 81. The method of claim 78, wherein the step of dynamically encrypting the transmitted IP comprises (a) a length of time that access to the transmitted IP is granted. And (b) generating and adding a time code tag indicating at least one of the time periods during which access to the transmitted IP is allowed. 82. The method of claim 78, wherein the step of dynamically encrypting the IP is assigned to a transmitted IP stored on a user device or recording medium. A method of modifying an encryption algorithm and a decryption algorithm according to claim 1, wherein the modification is in accordance with at least one function of use and time of the stored IP transmitted. 83. A wireless telecommunications device for communicating over a wireless network, receiving, decrypting, playing a stream of interruptible encrypted music, receiving and responding to a call. A wireless telecommunications device configured to interrupt the stream of music when performed. 84. The device of claim 83, further comprising storage means for recording the stream of music. 85. The device of claim 84, further configured to selectively record music in storage means when the stream of music is interrupted. 86. The device of claim 83, wherein the device is configured to play the stream of music in stereo. 87. A method of sending an IP to a mobile station, wherein information selected from a group including IP, a link to the IP, and a combination of the IP and the link to the IP is obtained from multiple issuers. Receiving a selected electronic request for IP from a customer via a mobile wireless network, and requesting the requested IP to the customer in response to the customer request via the mobile wireless network. A method comprising the steps of: transmitting, comprising dynamically encrypting the IP, and recording a transaction fee for the transmission. 88. The method of claim 87, wherein the IP is a movie, film, video presentation, television programming, music, audio work,
A method comprising at least one member of a set including an audio representation and a radio program, said step of transmitting a requested IP to a customer comprises the step of synchronously transmitting a requested IP to the customer. 89. The method of claim 87, wherein the IP is a movie, film, video presentation, television programming, music, audio work,
A method comprising at least one member of a set comprising an audio representation and a radio program, said step of transmitting a requested IP to a customer comprises the step of asynchronously transmitting a requested IP to a customer. 90. The method of claim 87, wherein the wireless network is a cellular network. 91. The method of claim 87, further comprising the step of sending an instruction with a requested IP that includes restrictions on customer usage of the requested IP. 92. The method of claim 91, wherein the instructions for use include instructions for automatic deletion of the requested IP.