CN101084524A

CN101084524A - Personal digital key and receiver/decoder circuit system and method

Info

Publication number: CN101084524A
Application number: CN 200580039571
Authority: CN
Inventors: 约翰·约瑟夫·焦比
Original assignee: Proxense LLC
Current assignee: Proxense LLC
Priority date: 2004-12-01
Filing date: 2005-11-30
Publication date: 2007-12-05

Abstract

The present invention enables automatic authentication of a personal digital key based upon proximity of the key which is associated with a person. The system enables linking of the personal digital key to an account based upon the automatic authentication. The personal digital key includes encrypted digital data unique thereto, which enables automatic authentication based upon proximity thereof to a receiver and the account linking system. The system further includes an account linking system based upon authentication of the personal digital key. The account linking system comprises a receiver/decoder circuit, which is able to automatically authenticate the personal digital key, whereby the personal digital key is able to be linked to and associated with an account.

Description

Personal digital key and receiver/decoder circuit system and method

The cross reference of related application

The application's case is the application case that continues of following application case: the series number that proposes on Dec 27th, 2000 is the application case in 09/750,487 the application that coexists; Putting forward the series numbers that proposed Dec 14 in 2001 is application case in 10/016,857 the application that coexists; The series number that proposes on May 23rd, 2002 is the application case in 10/153,979 the application that coexists; The series number that proposes on November 17th, 2003 is the application case in 10/715,035 the application that coexists; And the series number that proposes on May 17th, 2004 is 10/847, application case in 135 the application that coexists, the application's case advocates that based on the series number that proposes on Dec 1st, 2004 be 60/632, provisional application case in 067 the application that coexists and be the right of the provisional application case in 60/652,765 the application that coexists in the series number that on February 14th, 2005 proposed.

Following application case is incorporated herein by reference: the name of publishing on June 27th, 2002 is called No. 2002/0080969, the U.S. Patent Application Publication case US of " DigitalRights Management System and Method (system for numeral copyright management and method) "; The name of publishing on June 19th, 2003 is called No. 2003/0115351, the U.S. Patent Application Publication case US of " Digital ContentDistribution System and Method (digital content delivery system and method) "; The name of publishing on October 3rd, 2002 is called No. 2002/0144116, the U.S. Patent Application Publication case US of " Digital Rights Management (digital copyright management) "; The name of publishing on May 20th, 2004 is called No. 2004/0098597, the U.S. Patent Application Publication case US of " Digital Content Security System (digital content security system) "; And be called No. 2004/0255139, the U.S. Patent Application Publication case US of " Digital ContentSecurity System (digital content security system) " in the name that on Dec 16th, 2004 published.Following application case is incorporated herein by reference as one " appendix ": the name that proposes on March 8th, 2005 is called PTC patent application case PCT/US2005/007535 number of " the linked accounts system that uses personal digital key ".

Technical field

The present invention relates to start the system of the automatic checking of described personal digital key based on the degree of approach of personal digital key, wherein said personal digital key can be associated with personnel, and starts linking of described personal digital key and account based on described automatic checking.

Background technology

Summary of the invention

Description of drawings

Fig. 1 is the synoptic diagram according to the radio individual digital cipher of first kind of pattern of the present invention.

Fig. 2 is the synoptic diagram according to the radio individual digital cipher of second kind of pattern of the present invention.

Fig. 3 comprises the synoptic diagram according to the radio individual digital cipher of multiple pattern of the present invention.

Fig. 4 comprises the synoptic diagram according to the receiver/decoder circuit adapter of multiple pattern of the present invention.

Fig. 5 is the synoptic diagram according to receiver/decoder circuit chip group of the present invention.

Fig. 6 is the synoptic diagram of the receiver/decoder circuit adapter of receiver/decoder circuit chip group among the present invention and multiple pattern.

Fig. 7 is the synoptic diagram of personal digital key and receiver/decoder circuit among the present invention.

Fig. 8 is the synoptic diagram of personal digital key and linked accounts among the present invention.

Fig. 9 is personal digital key among the present invention, receiver/decoder circuit adapter and secure link account's a synoptic diagram.

Figure 10 be according to a kind of pattern of personal digital key of the present invention and can with its multiple schematic representation of apparatus that links.

Figure 11 is that personnel use the personal digital key that is associated to start the synoptic diagram of the customize services of the protected computing machine of operation by linked accounts among the present invention.

Figure 12 is that personnel use the personal digital key that is associated to activate to open the synoptic diagram of the customize services of locking door by linked accounts among the present invention.

Figure 13 is that personnel use the personal digital key that is associated to start the synoptic diagram of the customize services of online ordering camera by linked accounts among the present invention.

Figure 14 is that personnel use the synoptic diagram of personal digital key by linked accounts startup and restaurant, hotel, multiple gambling house customize services that parking is relevant that be associated among the present invention.

Figure 15 is that personnel use the personal digital key startup that is associated to follow the tracks of the synoptic diagram of relevant gambling house customize services with client and employee among the present invention.

Embodiment

Referring to each figure, system according to the present invention starts the automatic checking of described personal digital key based on the degree of approach of personal digital key, wherein said personal digital key can be associated with personnel, and starts linking of described personal digital key and account based on described automatic checking.Native system comprises the personal digital key that can be associated with personnel, and described personal digital key comprises the encrypted digital data that it is unique, and starts checking automatically based on the degree of approach of described personal digital key and account's link system.Described system also comprises the account's link system based on the automatic checking of personal digital key, described account's link system comprises the receiver/decoder circuit, described account's link system can be at described personal digital key described personal digital key of checking automatically during near described receiver/decoder circuit, thereby can make described personal digital key be linked to the account and be associated with it.

Can verify each other between described personal digital key and the described receiver/decoder circuit.Near described personal digital key is positioned at described receiver/decoder circuit and when being received the checking of device/decoder circuit, described linked accounts is unlocked; When described personal digital key is positioned at when keeping off described receiver/decoder circuit place, described linked accounts is by locking.Described personal digital key comprises internal electric source.Described personal digital key can be adjusted with the scope that starts account's link as required near described receiver/decoder circuit.The mean value of described scope is generally 6 feet to 8 feet, but may extend into about 300 feet and more than.Described personal digital key comprises permanent, safe, unique identifier, and described identifier can not be revised by any way, upgrades or handle.Described identifier is transferred to described receiver/decoder circuit by the Radio Link of a safety with described unique encrypted digital data.

Described unique encrypted digital data in the described personal digital key comprises the unique personal digital key identifier that can not change.Described receiver/decoder circuit comprises the unique identifier that can not change.Described receiver/decoder circuit can detect, verify and communicate with described personal digital key safely.Described receiver/decoder circuit can detect simultaneously, verify and with many personal digital key be communicated by letter.Described receiver/decoder circuit can also the encryption and decryption content, as data, file, Email, transaction, recreation and music.Include data in the described linked accounts, and described receiver/decoder circuit can be based on the data in the described linked accounts of the direct or indirect visit of the automatic checking of personal digital key.Described personal digital key and described receiver/decoder circuit comprise embedded enquirement-answer logic and cryptographic algorithm, with can verify safely described personal digital key and described receiver/decoder circuit be original, non-duplicate through authorization device, and make between the described demo plant and can communicate by letter safely.

Described system can provide the service of one or more customizations for described linked accounts.The customize services that provides for described linked accounts can be included as the customize services that gambling house property and/or hotel property provide.Described gambling house property customize services can comprise the quantity of tracking near the personal digital key of receiver/decoder circuit.Described gambling house property also can comprise slot machine or similar devices, and described gambling house property customize services can comprise the recreation that can be downloaded to described slot machine, wherein, described slot machine comprises described receiver/decoder circuit, described system can follow the tracks of client's recreation preference, and based on described recreation preference, the unique identifier that can not change by described receiver/decoder, the recreation that described system can be transferred to described slot machine to the game server from described system is decrypted, thereby guarantees that the download games that arrives described slot machine compares without any change with " master " version on the described Download Server.

Described system can also further protect network by described system between slot machine and its relevant reader/decoder circuit (or utilize any other device of the register/decoder circuit) and any and All Activity data that flow between each server of system.In this function, reader/decoder circuit that the utilization of described system is positioned at each communicator carries out encrypt/decrypt to transaction data.

Described system further can comprise game server, and described game server includes its recreation that can encrypt.Described receiver/decoder circuit in the described slot machine can receive the recreation from described game server, these recreation have used unique identifier of described reader/decoder circuit to encrypt as key, and described receiver/decoder circuit can be decrypted above-mentioned recreation, to play games on described slot machine.

In each diagram, can be clear that, system according to the present invention comprises the technology based on personal digital key (PDK) degree of approach, wherein, each small-sized, the unique device that comprises personal digital key (key) carries out wireless checking by servicing unit, and described servicing unit comprises reader/decoder circuit (RDC).RDC plays porter's effect to various numerals and physical item, optionally authorizes described project with effective cipher key access authority.

The Core Feature of described system comprise the visit of safe numeral, safely visit and use the physical access of digital content, device and transaction, safety, visit and use physical entity and device and key and possessory identification and checking safely.Many products all center on the above-mentioned functions design, and these products comprise key, RDC/ chipset and/or hard disk drive, access system and Account Protection system.Described system can use in recreation (as the gambling house) product and non-game products.

In native system, as shown in Figure 1 to Figure 3, shown polytype key, comprise key 10,12,14 and 16, these keys are single unit, stand-alone device, can be configured as the Intelligent key that is similar to the automobile style.That is produced whenever all has unique identifiability to key.Include in the key and used complexity, active technique, two-way, safe wireless checking and coded communication algorithm.Key can not be revised by any way after manufacturing, upgrades or change, thereby it can not be distorted and destroy basically.

Described key be a standard only near pattern, used a kind of key of standard, only need carry and get final product.No matter purposes quantity what, the individual does not need the key more than.Plastics or similar key shell (surrounding the internal part of key and the housing of electronic installation) may be molded to multiple different pattern.Described function makes it possible to customize in single property and many properties environment and can accept, is fit to the model of use, and wherein, property is all parts of same Business Entity not necessarily.This makes client and player can only use and carry a key, no matter and they expect the business, property and the system that contact quantity what.An example of described option comprises key is configured as miniature slot machine form that wherein, the formula cell of slipping into holds the small-sized label " symbol " that contains gambling house property title.Can as required single symbol be slipped into or skid off described housing, and a plurality of symbols (for example) can be attached on the key ring commonly used simultaneously together with key itself.Key provides the property owners acceptable label option, makes client and player can only use and carry a key.

As shown in Figure 2, biological secret key 12 is a kind of improved approaching and biological characteristic patterns.It utilizes a kind of improved biological secret key, for example, may need finger is put on the base of key, and any bio-identification action is perhaps taked in the scanning of operation eye, makes it carry out biometric authentication to its owner.Aspect every other, biological secret key is all identical with standard key.Particularly, biological secret key 12 is identical with the principle of work of key 10, and its difference is, key 10 can be carried identification code when being required to carry its identification code, and biological secret key 12 can not carried identification code, unless take the bio-identification action, so that personnel are verified, will carry identification code subsequently.

Described system is one based on approaching technology, and when

RDC adapter

18,20,22 and 24 (referring to Fig. 4, Fig. 6, Fig. 7 and Fig. 9) can be in key be in operating distance it is detected, verifies and communicates with, and it is known described key and when is not detected in operating distance.Concrete protected project comprises a digital document, described digital document can be associated with each key (" link ").Described systems technology utilization is with lower member and function, as key and receiver/decoder circuit unit, based on initiatively (bi-directional verification/communicate by letter) approaching technology, detect automatically, read and the ability of authentication secret (each key is unique).It also utilizes by its key-RDC radio chains near the ability of row secure communication, optionally use the ability of aided verification program (confirm or take the bio-identification action as the request password) when needed.

To shown in Figure 6, PDK reader/decoder circuit chipset 26 (RDC chipset) comprises multiple Core Feature, comprises checking, encryption and access control as Fig. 5.Reader/decoder circuit adapter (RDC) utilizes standardized chipset.RDC has multiple option, and the PDK technology can be added on almost any tradition and the modern computer, and on most other electronic installations.The standardization chipset of PDK is all RDC adapter power supplies, and directly is integrated in the OEM product, makes PDK have biddability on the comprehensive plate.Outside RDC option is connected with USB port by the PC card, provides the approach of upgrading for traditional with the computing machines modern times, describedly traditionally comprises the standard hard disk drive device with the computing machines modern times, but does not add integrated RDC.Just allow access drivers and content thereof during the key that only links, so that at described driver and contents lost thereof, stolen or it is protected when only ignoring detecting.

After being linked to an account, no matter when attempt visit, RDC receives scan chain the project (for example, file 28, classified document 30, driver 32, door 34, computing machine 36 and the slot machine 38 of Fig. 8 in Figure 10) of described key.If the project of detecting, then allow to visit-otherwise, denied access, and project keeps locking and secret.Because key can be linked to protected project as much as possible as required at any time, so the user does not need to carry the small-sized key more than, similarly, standardization RDC can simplify upgrading and integrated work.

For example, when a people at the table edge work, when its key was detected, as shown in figure 11, the working method of its computing machine 36 and any other personal computer were identical.But when he left, its key no longer was detected, and its driver will be automatically locked and be protected.Similarly, as personnel during near PDK enhancement mode ATM, he only needs with its biological secret key of its finger touch, and ATM will discern its identity (and account number) automatically, and use its fingerprint as its PIN effectively.Described enhancement mode ATM provides based on the enhancing of account transaction checking-by account holder's key chain is received his/her account, reduced the chance of credit card/bank card swindle greatly.After link, have only the key that links when detecting after, just can conclude the business to the account.In example as shown in figure 13, when someone attempted to buy a new camera, he selected, and imported its credit number.Its key is read automatically, and its order, credit card and key information are sent to the shop.

Illustrated as Figure 12, following " visit " example has shown the purposes that basic function and Core Feature are permitted.Strengthen key by use standard and/or bio-identification, imagined many similar OEM and stand-alone product and purposes.Core identification and authentication function can relatively easily be integrated in many common units.Do not need with manual manipulation, do not need password, need not contact key, do not need that key is placed into very near many technology such as position unlimited new possibility is provided when handling poor efficiency traditionally and/or inconvenient work.The key of all kinds and style provides the security function that makes described technology to be fit to the almost mode of any demand.

The RDC of described system detects, verifies and communicate by letter with secret key safety with wireless mode.RDC can comprise following function: at a certain specific region and part (for example, the part of room or property) inquiry key; Discern concrete key information (for example, the number of keys in a certain zone); Identification " focus ".RDC also can comprise the function that is used for the big zone of the magnitude of traffic flow and property client's population distribution on every side, and the function of locating concrete key.Near RDC many can detecting simultaneously key (for example, detecting particular game all personnel on every side).

The game products of described system comprises gambling house property system, as is used for the system in gambling house or gambling house/hotel, and described product comprises standard and bio-identification increase type pattern.The described technology of use makes the replaceable Current Standard player tracking card of key (PTC) or is used in combination with it in gambling house and hotel environment.Every key all is linked to the account record of (described centralized data base is safeguarded client and player account information) in the centralized data base, also replaceable when appropriate cash and/or room toll account number (EFT (Electronic Funds Transfer) or EFT) (in mechanism) or with its co-operation.The key purposes can be configured to everyone one key, every family gambling house one key, every family gambling house chain store one key, the perhaps combination of every kind of above-mentioned situation as required.RDC can be used as independently cell operation, and replace current player tracking systems (PTS) card reader and other common units, as cashing machine, POS device, door lock mechanism, touch inquire all-in-one and personal computer or with as described in common unit be used in combination.

When described system is installed on the equipment of non-electronic game machine, RDC can be installed in other devices such as touch inquire all-in-one, personal computer, cashing machine, door lock mechanism, portable reader (may use in three-dimensional parking lot or overlooking bar) by being connected to required network and centralized data base such as the device with or without the small-sized separate unit of touch-screen or indication mechanism.Above-mentioned connection can be by carrying out with the separate hardware (walking around the hardware of all local devices) that the PTS network directly links to each other, and perhaps finishes by laying the separate hardware that the separate network of (network can select to be connected other positions) links to each other with the PTS network parallel.The connection of any above-mentioned option can be wired connection, also can be wireless connections.

Arrive shown in Figure 15 as Figure 14, provide very big enhancing, more comfortable and interesting experience by guest for gambling house 40 and hotel, the feature of described system and function gambling house 40 and hotel provide the profit that increases, and have realized numerous new market and data acquisition function simultaneously.Described product can be used as a kind of player tracking card, and (that is, the plastic clip of the redeemable point of accumulative total that the player uses) substitute is introduced, and expands to the solution that a kind of potential property scope is provided in time.Automatically identification guest (and employee) and the ability of using information trace, dealing and collection data are for management with increase the gambling house and hotel business (for example, Downloadable recreation) has been created new great chance.The possibility that significantly increases system availability and strengthen Customer Experience is provided from the motion tracking player registers.Now, can gather such as the someone to watch a new game in how long but the data of selecting not play.Described system knows " who is at described place " all the time and uses described data as required.

The operating personnel of described system utilize described technology that high effect and the guest's service of individualized ground are provided, and implement powerful new employees optional function.Described system can provide a kind of passive, comprehensive fully administering of property solution, comprises the marketing option of player's research report, innovation in motion tracking, customization download, slot machine game airport, and the house property Access Options.Described system utilizes market and client to the interest of technology, uses senior player's tracking and data analysis to make an interior rate of profit maximum by physics.It also makes system and device data acquisition and analysis ability can dispose an interior rate of profit.Market is placed on accrued expenses the technical of tangible income is provided.Described system for carry out the relevant prolonged application of game on line by bio-identification expansion a solution be provided.

Described system manager (as the owner of a tame gambling house property) can determine any single key to can be used for the house property function of single gambling house/hotel property and/or a plurality of gambling house/hotel property (comprising the property from incoherent entity).The key purposes can be configured to everyone one key, every family gambling house one key, every family gambling house chain store one key, the perhaps combination of every kind of above-mentioned situation as required.Online/as to comprise that based on the function of the Internet game on line and general website reciprocation-provide identification, checking, age are confirmed and the mode of payment service.In addition, key also can be used for any other application and product based on non-recreation related system.Client can use the key of identical style with the employee, thereby has simplified the operation and the management of key.

RDC can install (for example, on floor, ceiling, the wall) individually and use in game station (as slot machine, the recreation of table board) other equipment/environment that neutralize (as cashing machine, the sales counter of checking in, personal computer, touch inquire all-in-one).In the time of in being installed in electronic game machine, desktop or similar devices, RDC can follow the tracks of hardware (replacing the card reader assembly of hardware or extra installation the card reader assembly of hardware outside) by the player and be connected to the network and the centralized data base of system by same connectivity port, perhaps is connected to the network and the centralized data base of system by the recreation motherboard (walk around the player and follow the tracks of hardware) of local device.RDC also can perhaps be connected by the separate hardware that links to each other with the separate network of PTS network parallel laying (network can select to be connected other positions) by being connected with the direct separate hardware (walking around the hardware of all local devices) that links to each other of PTS network.The connection of any above-mentioned option can be wired connection, also can be wireless connections.

The following function that described system had is made a profit the gambling house: great data capture and marketing function and chance is provided; For client provides easily, as one man visits the function that the gambling house player repays program (RP); Create and strengthen the ability of customer loyalty; A kind of ability of, simpler efficient PTC solution more with better function than current available options (as standard P TC or smart card) is provided for client; And technology such as retina scanning and fingerprint.Owing to have price variance and game machine front surface player interface extra, that untapped space (because of card reader is not installed) can provide the promotional advertisement space and more simplify between standard card reader and the RDC really, so described system also has lower game machine unit cost.

The overall arrangement function of described system can comprise customer database record, local machine hard disk drive and relevant data, and any other transaction/storage data can be linked to key/be associated with key, strengthen data security and integrality with the encryption function of utilizing PDK.RDC be positioned at one's leisure in one definable period any key in its " reading window " still (for example, with determine certain player whether wish " login " to PTS, measure the player and spend time on browsing, discern near the hotel guest the touch inquire all-in-one).After certain RDC detects key and has read its data, it will be gone up at its indication mechanism (internal mechanism of described local device) and show an information, whether the name (or nickname) and the confirmation request that show the player use key (on game device, this operation meeting makes the player sign in in the PTS network effectively) in the time that the player plays games.After someone logins, RDC will can not make him login again, even but someone login, RDC will still locate other keys.RDC will make system's (for example) can follow the tracks of the personnel that move in a tame gambling house when other keys of location.When a player (key) moves on to outside the operating distance, " the tinkle of bells " (or similar sound) will sound, and to cause described player's attention, whether inquiry confirms " logging off ".Yet after the time of one section definition, RDC will make described player log off automatically.

In native system, for defining " reading window " (required key surveyed area) better, RDC can include some options and function, comprising the directional antenna (angular regions that key can be detected) that " valid window " is narrowed down in the finite space (for example, the front region of a game device).One adjustable " read range and elasticity " function (distance at the RDC place of distance detecting key) can further limit " active window " and the reading that will look genuine is reduced to minimum, that " the strongest input " function (intensity of each detected key signal is compared to determine peak signal) can be selected more accurately is specific/correct key (many during) key when detecting, the function that " reads the duration " (RDC assert that key " is detected " or " losing " before, described key " is seen " or the time span of " not seen ") can farthest reduce the reading that looks genuine.

Described system can automatically be transferred to described personnel with information (also may be selected to be the information that retrieves from the related account of described key) during near RDC personnel's (key).But example comprises the project (default wager information, color or size text option) of customers' preferences and makes download games robotization (wherein, recreation physical store and from the retrieval of centralized server rather than local game device) provide recreation and recreation group/type of play based on the dynamic-configuration of playing in known client's hobby, the field, gambling house for client.Can or in field, a certain preset time of one gambling house, give client in the certain portions and viewer's quantity based on client and viewer's known history and preference, with a part of dynamic-configuration in the field, gambling house be used for Card Games, another part is used for slot machine game etc.

But in the download games environment, when the recreation that can change in the slot machine, by utilizing all data of collecting from described wireless key, system along circuit is interior own by configurable of rear end program, arranges thereby the function of utilizing Downloadable game function and key that described category information is reported dynamically changes in the field.For example, at special time, the player of 21 Card Games is more than the player of slot machine game, and described system can change into 21 Card Games from slot machine game with the major part in the field.But extra transport packet is drawn together: client's identification/greeting-by showing Customer Name (or nickname), the excitation of playing/do shopping is provided, provides sales publicity film or similar data to attract the attention of " viewer "; And the customer market sales promotion-provide bonus to the player who plays specific high price stake recreation in certain particular moment.

Described system can also obtain described personnel's data personnel's (key) during near RDC automatically.Example comprises any data that the PTS device by current/standard obtains, and adds up, follows the tracks of how many personnel player's data, passive viewing person (viewer) in the recreation (as canaster, 21 Card Games) of (not being directly connected to the PTS network) that do not connect and watch a new game and how many people to pass through a specific part in gambling house in how long.In addition, the data of being obtained also can comprise general client and viewer statistics, recreation/type of play/recreation database data, shopping and restaurant's preference data, general client and viewer's data-shopping and restaurant's sales transactions, and the client and the key recognition data that are used to trigger the hotel room door lock mechanism, trigger touch inquire all-in-one program and discern client from trend garage parking waiter.

In addition, described system can start recreation/game machine and back-end system configuration and management and carry out, for example, start gambling house inner management program, comprise the setting, configuration and the function of reporting that start recreation, game machine and back-end system, and do not need to visit internally the said equipment (farthest reducing the time that number of times and executive routine spent of opening game machine); For client and player, RDC can detect and have key and authorized gambling house personnel and the associated cryptographic (optional) that is used to confirm.Can select record all information (change/modification of user identity, enforcement) relevant automatically, verify tracking so that create one with transaction.

In addition, by utilizing RDC in each autonomous device or the assembly in other available apparatus, described system can carry out the operation in the gambling house scope.Described system can provide concentrated, unified domination, management efficiently to extra gambling house operation (register/check out as the hotel check out, restaurant/shop transaction, the hotel room key is changed and the garage parking management).Client and player no matter in the gambling house (or gambling house chain store) Anywhere, can both by automatically, efficiently, identification as one man, address, distribution, tracking and record keeping.In addition, the security feature of described system and function can provide safe centralized EFT system management in the scope of business of a property.

By client and player can and be kept accounts by identification automatically, efficiently and as one man, address, distribution, observation and research (oneself being determined by it according to circumstances), tracking in any position in a gambling house, described system also makes gambling house and hotel system that player and client's tracker and the experience that strengthens greatly can be provided.In addition, described system can provide concentrated, unified domination, management efficiently to extra property operation (register/check out as the hotel check out, restaurant/shop transaction, the hotel room key uses and the garage parking management).In addition, any individual PDK key can be used to any and every other function/purposes relevant with PDK of defined.

Other purposes of described technology can comprise the function that makes things convenient for customers, and comprise automatic login and withdraw from PTS, and use key (and transaction technology of safety) to carry out any cash or room transaction on given system/property (property that comprises uncorrelated entity).Other functions comprise use one single key on a property safety, maintain secrecy ground to any service pay the bill, open the hotel door, automatically the automobile in the notice garage parking that needs retrieve, make the hotel register/check out the closing procedure robotization, visit touch inquire all-in-one (obtaining account information) automatically, and be used for any standard requirement based on PTS.It also can be used for showing and/or selecting automatically the preference of particular user, as the recreation/recreation group (in Downloadable game environment) of recreation/stake option or hobby, and vina and the dish in a tame restaurant, liked.

Market acquisition function (gathering automatically during near RDC at personnel's key) comprises by the obtainable any data of Current Standard PTS device, and optionally in any other transaction based on business on the property, player's data in the recreation (as canaster, 21 Card Games) of (not being directly connected on the PTS network) that do not connect.It also can gather passive viewing person (viewer) statistical data-how many personnel of tracking watch a new game (but selecting not play) and how many people to pass through a specific part in gambling house, " focus " in the gambling house in how long.General client and viewer's statistical data be can collect, recreation/type of play and recreation database data comprised, and shopping and restaurant's preference data.

The market that utilizes previous known preference of gathering to consign to the individual automatically near a RDC based on personnel's key is paid function and is comprised and make Downloadable recreation robotization (actual storage of wherein playing is in centralized server and from described centralized server rather than the retrieval of local game device), wherein can provide recreation, recreation/type of play in groups for client based on the advertisement of the known hobby of client, the statistical data of gathering in advance and/or property and the market demand.Extra function comprises provides and is provided with customers' preferences project (default wager information automatically, color or size text option), this has strengthened client's experience and has prolonged its time of playing, automatically location and/or identification and greeting client comprise by showing the name (or nickname) of " viewer ", excitation is provided, automatically providing targetedly, market propaganda film (for example provides bonus to the individual who plays particular game or at special time, be provided at the dinner of the restaurant of hobby enjoying or at the present of the shop of hobby buying and the third-party product that provides according to known hobby) attract the attention of " viewer ".

Towards the function of administering of property comprise make client and player in any position of property by automatically, efficiently and as one man discern, call, promote, observe and study (according to circumstances by its own decision), tracking and record keeping, this provides the player and the Customer Experience of enhancing greatly.The function that increases comprises: can concentrated, unified domination is provided, manage efficiently extra property operation (register/check out as the hotel check out, restaurant/shop transaction, the utilization of hotel room key and garage parking management).

Other functions comprise: the safety to the account information relevant with client, the visit of the unified type in the system scope are provided; Can select to utilize independent pass phrases (or equivalent project) further to increase safe class, for example be used for liquid balance, EFT function, game outcome data, user preference (recreation and recreation as hobby are provided with), market preference (restaurant of hobby, beverage and program), and status information (as position and the hotel room number of automobile in the garage parking).In addition, other functions also comprise: based on client and viewer's known history and preference and give client in the certain portions and viewer's specific quantity in field, gambling house preset time, recreation in the field, gambling house arranged dynamically reconfigure (by Downloadable game technology), thereby but make part dynamic-configuration in the field, gambling house be used for Card Games, another part is used for slot machine game.

Many functions in the above-mentioned functions can not need access means internally and not use under the situation of mechanical key and finish (farthest reducing the time that number of times and executive routine spent of opening game machine), automatically detect, location and follow the tracks of near physical location/activity (when relevant system) (being applicable to client and employee) of key possessor, and control visit automatically to digital and physical entity.Extra function comprises: manage effective time and access control, and automatically write down the verification tracking of the All Activity information relevant with system with establishment (user identity, change/modification of being carried out and the transaction of being finished).

Described system provides towards safe functioning and product, is used for the transaction of safeguard and protect numeral, and it is used as a kind of E-Payment (EFT) instrument; Be used to protect digital document, can carry out safe visit system and nonsystematic data file (as a database, Word or Excel file); And be used for digital content/data on the download system safely, as Downloadable recreation or marketing promotion data.Described system also can: the data on the digital memeory device (as hard disk drive, customer data database data and each digital hard drive) are maintained secrecy and secure access to above-mentioned digital memeory device is provided, and digital document and digital transaction data can and link with specific cipher key associated; Encrypt and secure content/device; Make and be designed for hard disk drive device customization, that be exclusively used in recreation that directly is integrated in the game machine (as a slot machine) and become possibility.Described system provides the secure storage unit (being used for electronic game, the recreation/player tracking systems data of Downloadable/preloaded) of an integrated device RDC and regulator approval.

Although the particular system of detail display and announcement can reach target fully and aforesaid aspect and advantage are provided herein, but be interpreted as the illustrative that this only is current preferred embodiment of the present invention, and be not intended to the details of the construction or design outside the description that showed, appended patented claim is herein carried out any restriction.

Specification digest (appendix)

One embodiment of the present of invention comprise system, and described system comprises: personal digital key and computer-readable media, described computer-readable media can be accessed through the checking of described personal digital key the time.

Claims (appendix)

1, a kind of system, it comprises: personal digital key and computer-readable media, described medium can be accessed when described personal digital key is verified.

2, system according to claim 1, it further comprises reader/decoder circuit, and wherein said personal digital key is tangible object, can carry out radio communication with described reader/decoder circuit.

3, system according to claim 2, it further comprises the computing machine of being with computer hard disc driver, and wherein said reader/decoder circuit is positioned at described computer hard disc driver.

4, system according to claim 2, it further comprises the unit of swiping the card, and wherein said reader/decoder circuit is positioned at the described unit of swiping the card.

5, system according to claim 1, it further comprises second personal digital key, and wherein said second digital cipher is also verified the user who attempts to visit described computer-readable media.

6, system according to claim 1, wherein said personal digital key is tangible object.

7, system according to claim 3, wherein said reader/decoder circuit and described computing machine are integrated.

8, system according to claim 3, wherein said computing machine comprises the personal digital key hard disk drive.

9, system according to claim 3, wherein said computing machine further comprises reader/decoder circuit card.

10, system according to claim 3 is wherein transmitted and the reception data by the electricity of the safe wireless on described computing machine frequency ports from the data of described personal digital key.

11, system according to claim 3, wherein said computing machine connects transmission by the Internet and receives data from the supplier.

12, system according to claim 3, it further comprises database, and wherein said database comprises account identifier and personal digital key identifier.

13, system according to claim 3 wherein is transferred to the data of described computing machine by the personal digital key data verification that is stored in the described database by described personal digital key.

14, system according to claim 4, the wherein said unit of swiping the card connects transmission by the Internet and receives data from the supplier.

15, system according to claim 4 wherein is transferred to the data of described reader by the personal digital key data verification that is stored in the described database by described personal digital key.

16, a kind of computer-readable media that prevents is by the method for unauthorized access, and it comprises:

Provide tangible personal digital key to the user, wherein said personal digital key is stored the unique information of described user;

And,

If, then verified described user from described personal digital key information transmitted and the recognition data coupling that provides separately.

17, method according to claim 16, wherein said recognition data are the data from credit card.

18, method according to claim 16, wherein said personal digital key is by the described unique information of transmission of radio links.

Instructions (appendix)

Use the linked accounts system (PDK-LAS) of personal digital key

Technical field

The present invention relates to the embodiment of the linked accounts system (PDK-LAS) that uses personal digital key by and large.

Background technology

The market of online download digital content increases fast, because issue foregoing cheapness, quick and easy and quality described content itself are acceptable.Yet, take a sheet off a hedge owing to the standard, the company of competition, art unsatisfactory and the manufacturer that have competition and to digital content, so described market still keeps mix.

By with digital content from the manufacturer of physics be delivered to suitable client and guarantee to obtain paying the bill everyone obtain payment, digital copyright management (DRM) is sought to address the above problem.

DRM is by managing a plurality of steps of online issue digital content (music, video, software): watermark, encryption, trade management and copyright management seek to make everyone to obtain payment.

Some DRM company carries out all above-mentioned steps, and other DRM companies then are absorbed in one or two step of described process.

At first, use watermark on every piece of digital content, to print a figure notation, described digital content is arrived where all followed the tracks of.Digital watermarking and paper watermark are about the same, and difference is that people cannot see or can't hear digital watermarking.Read digital watermarking and need special software.

Secondly, encrypt the digital content that has watermark is carried out scrambling and it is stored in a numeric security case inside, so that transmitting on the Internet.Personnel's deciphering of the suitable software key of described digital cabinet by only allowing to have described safety cabinet also uses described digital content to come described digital content is protected.

The 3rd, the credit card techniques that trade management provides by other positions of using in ecommerce, payment is handled to physics.Processing sequence is: place an order; Win the confidence and use card number; Check Account Status; And authorized transactions.

At last, copyright management is used to manage the information of relevant described digital content itself: what described digital content is, who obtains described digital content, how described digital content pays, the access times of described digital content, copyright duration, who obtains payment, Payment Amount and how to pay the bill.Described information is called in the project of digital permission one with described digital content and sends.Described permission is positioned at the top of described digital content when sending by the Internet, make validated user use described digital content in the duration in copyright.

The main target of DRM company is configuration is used to protect described digital content when the online issue of digital content a technology.Above-mentioned technology of being advised and DRM discuss in Technology Investor (in October, 2000) 24-27 page or leaf is got the bid the article that is entitled as " Digital Rights Management May Solve the Napster Problem (digital copyright management can solve the Napster problem) " generally.Although above-mentioned technology should reduce the quantity of numeral theft, described technology is helping the content provider or helping the consumer under the situation that the content provider pays usually under the situation that the consumer pays.That is, content provider or consumer's right will suffer damage.For example, some technology ability that the person additionally duplicates digital content of seriously not curbing consumption is even described digital content is used for the individual specially.Other technologies are convenient duplicates digital content, and described digital content can be used by a plurality of consumers and every consumer can not pay to described digital content supplier.The inventor has found a kind of improved DRM system and method, and described DRM system and method is balance and the right of protecting consumer and content provider both sides effectively.In addition, the inventor has found a kind of relevant digital content security system, be used to prevent that computing machine and other memory storages are used without permission the time, and prevent to be stored in digital content on computing machine and other memory storages by unauthorized access, duplicate and/or issue.

Along with the appearance of the Internet, online shopping, Web bank etc., the Internet has made credit card, bank account information and the stolen incidence of class likelihood data sharply rise.Described expense is very big concerning the supplier of the transaction of carrying out above-mentioned stolen project, and makes client bear higher transaction fee and product price, because be responsible for the expense of stolen account information usually by the supplier.

In addition, the inconvenience suffered because of above-mentioned crime of victim, consumer and peripheral issue is normally traumatic but problem that trouble is very little.Current be used to protect based on the technology and the program of the transaction processing of account number insufficient, very little to the effect that prevents above-mentioned crime.Maximum in above-mentioned transaction increases under department and the online ambient conditions, and described problem is the most remarkable.

Summary of the invention

One embodiment of the present of invention comprise a system, and described system is by forming with the lower part: a personal digital key and a computer-readable media, and when described digital cipher passes through checking, addressable described medium.

Description of drawings

Reading above elaborates and with reference to behind the described accompanying drawing, can understand the present invention's above-mentioned and other advantage.

Fig. 1 is the process flow diagram according to the method for managing digital rights of the present invention;

Fig. 2,3 and 4 is the block schemes of part that are used to the DRM system of the method described in Fig. 1 of implementing;

Fig. 5 be used to obtain can be encoded with the core option of the digital content that produces the cryptographic key protection content and be used for the conceptual model of the core option of the described cryptographic key protection content of playback;

Fig. 6 is the block scheme that the core that is used to implement the content of downloading is obtained option;

Fig. 7 is used to implement the shop to buy the block scheme that the core of content is obtained option;

Fig. 8 is the block scheme that the core that is used to implement broadcasted content is obtained option;

Fig. 9 a and 9b are the block schemes that is used to implement the core playback option of autonomous device;

Figure 10 is the block scheme that is used to implement the core playback option of interconnection device;

Figure 11 is the block scheme of standard computer hard disk drive, and it incorporates the integrated PDK-RDC (receiver/decoder circuit) that is useful on the several different methods that starts the protection digital content into;

Figure 12 is the block scheme that is used to implement actuator layer protection and the sector layer protection relevant with described computer hard disc driver;

Figure 13 is a process flow diagram of being implemented the logic that actuator layer protection and sector layer protect by described PDK-RDC being used to of carrying out;

Figure 14 is the block scheme that is used to implement the file layers protection relevant with described computer hard disc driver; And

Figure 15 is used for by the file layers protection is expanded to the block scheme that network environment is implemented the network layer protection.

Figure 16 is the sketch of PDK cipher key system embodiment of the present invention.

The sketch of Figure 17 PDK cipher key system of the present invention embodiment.

Though the present invention admits of various modifications and alternative form, its specific embodiment with example forms be shown in described graphic in and elaborate in this article.Yet, should be appreciated that, the invention is not restricted to the concrete form that is disclosed.On the contrary, this instructions is intended to contain the spirit that belongs to back the present invention of being defined of attached claim and all modifications, equivalent and the replacement scheme in the category.

Embodiment

Definition

In this article, " PDK key or key " means the wireless key that meets PDK, and described wireless key provides the visit to the object that is subjected to the PDK protection.Acronym " PDK " means " personal digital key ".

" PDK " hard disk drive means physics or " electronics " hard disk drive that comprises integrated RDC.

" be subjected to the product/object of TDK protection " and mean hard disk drive or account or content by the PDK technical protection.

" distributing key " is the PDK key that is assigned to one or more protected objects.

" RDC " means reader/decoder circuit, and described reader/decoder circuit is installed in the subscriber computer, or is built in computer hard disc driver or the POS unit, point of sale (POS), decodes with the PDK cipher key communication and to the PDK data.

" POS RCD " means the reader/decoder circuit that is integrated in the POS unit, standard point of sale (POS).

" manufacturer " used herein means PKD key manufacturer.

" supplier " used herein means the mechanism of account that distribution links with PDK, PDK hard disk drive etc.

" client " or " user " means the personnel that have or use the PDK key.

" main key " or " master key " mean the PDK key of being given the object be subjected to the PDK protection and need showing when the configuration of transaction by original allocation.

Instructions

A system embodiment of the present invention (numbering 1000 among Figure 16) comprises personal digital key PDK 1010, point of sale reader decoder circuit (POS RDC, 1012), is connected to the PDK reader decoder circuit 1014 of the supplier 1016 with database 1018.For some embodiment, PDK reader decoder circuit and POS RDC1014 are in single unit 1020, and single unit 1020 is a standard credit card that the has RDC unit of swiping the card in certain embodiments.

For some embodiment, standard credit card 1022 can read in reader 1020.Supplier 1016 can be credit card processor, bank or other similar means.Accounts database maintenance customer's account number, PDK cipher key number and other identifiers.

In another embodiment (2000 among Figure 17), PDK 1010 and RF link 2004 interfaces of computing machine 2002 by safety.Computing machine 2002 is personal computers of standard, has integrated RDC, PDK hard disk drive or RDC adapter.Computing machine 2002 and supplier 1016 the Internet by standard is connected 2006 and communicates.Supplier 1016 communicates in the mode described in the foregoing description with database 1018.

After the user has the PDK key, can be chosen in key manufacturer place or the centralized key database and register.In the database of manufacturer, do not keep and use data, credit or bank account number, hard disk drive ID etc., only kept user authentication information.Described information comprises account customer number, and in certain embodiments, the customer files in the described account customer number indication manufacturer database comprises Customer Name, address and phone, cipher key number and key state (in the use, stolen, lose) etc.Described information is mainly used in the purpose of verifying when implementing the replacing program under the situation that key is lost.

The data segment that is stored in the PDK key comprises a user tag, and described user tag comprises the user version label that is in the not protected field.Data segment also comprises account number, and described account number is the account number of user manufacturer, is in the shielded field.Data segment also comprises cipher key number, and described cipher key number is unique key identification and is in the shielded field.

A kind of communicating in three kinds of basic embodiment of PDK key and PDK-RDC, these three kinds of basic embodiment comprise POS RDC, have the standard credit card brushing card device of integrated RDC.Second kind of embodiment is the RDC adapter, and described RDC adapter is the PC plate RDC that adds, and connects by boundaries such as USB, fire wall, PC card, expansion slot.The third embodiment is the PDK hard disk drive, and described PDK hard disk drive is the standard hard disk drive device that has integrated RDC.

POS RDC device is used for positions such as the check-out counter, buying sales counter, hand-held card reader in the shop.RDC adapter or PDK disk drive design are used for the purposes based on PC.

Being designed to use the physical card of PDK LAS technology, such as the account of credit/debit account, bank account, member account or similar type, all is traditional card.For making above-mentioned card use PDK LAS technology, do not need it is carried out any modification.From client's angle, described characteristics can be purchased at any time together with the PDK key and be divided the function that is used in a certain target, make that described technology is easy to accept.

In addition, how the PDK-LAS technology is issued, is distributed and use and have huge dirigibility aspect the PDK key.For example, but the supplier optionally make the key dynamic assignment, in the future sometime distributing key, give same account etc. encryption key distribution with many, and the user can select a PDK key is used for its all demands based on the PDK security, promptly one can be assigned to a plurality of accounts, PDK hard disk drive and other products based on PDK to the PDK key.

Hereinafter discussed the concrete exemplary purposes of a plurality of PDK linked accounts embodiment.These examples are used to show the special-purpose of PDK linked accounts, are not to be intended to limit embodiments of the invention.

In first example, the user wishes to give new PDK linked accounts with an encryption key distribution.In one embodiment, the user signs in to supplier's website by the Internet on its personal computer.Described user imports any authorization information that described supplier needs usually.At this trading time period, described supplier requires abundant data to verify described user.One RDC reads described user's PDK key data and gives described supplier with described data transmission.Described supplier confirms the request that described user receives described account with described PDK key chain.After confirming described request, the PDK key data by permanent storage in described supplier's database as a main PDK key, and only contacting directly under described supplier's the situation and could revise.

In another embodiment, the user directly phones supplier and all required information of oral answer, and the main PDK key data on the card that provides with the PDK key when being printed on buying is provided.For having access to the Internet but there is not the user of RDC, described information by manual input on supplier's website.

In second example, the user wishes auxiliary key is distributed to the PDK linked accounts.Described user signs in to supplier's website and imports any authorization information that described supplier needs usually.The main PDK key that described user guarantees to be distributed is near RDC.Described RDC reads the data of main PDK key and extra PDK key and gives described supplier with described data transmission.Described supplier confirms the request that the user receives extra PDK key chain account number or changes the PDK key or remove the PDK key.After confirming above-mentioned request, be stored in described supplier's the database together with main PDK key data through the PDK key data that upgrades.

In another embodiment, for conveniently there not being RCD but be equipped with personal computer and the user of access to the Internet, the user can directly phone supplier and all required information of oral answer, comprises the main PDK key that is printed on the card (or similar items) that when buying provide with the PDK key and extra PDK key data.For having access to the Internet but there is not the user of RDC, described information can be by manual input on supplier's website.

In the 3rd example, the user wishes to utilize the PDK linked accounts to buy commodity in the shop.The PDK key that described user guarantees to distribute is near the POS at check-out counter place RDC.Described RDC reads described user's PDK key and data is transferred to described supplier together with the described user's who utilizes current acceptable program to obtain account number and verifies.Surpass one the PDK key if described sales counter place reads, then or from the data of all PDK keys can be transferred to described supplier, perhaps user tag can be presented on the POS RDC, makes described user or salesman select suitable PDK key.Described supplier utilizes the account number that is transmitted to locate account record in its database, and PDK key data that is transmitted and the information that is stored in the described record are compared.If confirm above-mentioned Data Matching, then sales transactions will normally be finished.Do not match if confirm above-mentioned data, then described transaction can not be finished.

The 4th example is that the user wishes to utilize PDK linked accounts online purchase commodity or described user to wish the online access account information.The PDK key that described user must guarantee to distribute is near RDC.Described RDC reads described user's PDK key and data is transferred to described supplier together with the described user's who utilizes conventional art to obtain account number and verifies.Surpass one the PDK key if described RDC reads at the place, then or from the data of all PDK keys be transferred to described supplier, perhaps user tag is displayed on the computer screen, makes described user select suitable PDK key.Described supplier utilizes the account number that is transmitted to locate account record in its database, and PDK key data that is transmitted and the information that is stored in the described record are compared.If confirm above-mentioned Data Matching, then transaction/task will normally be finished.Do not match if confirm above-mentioned data, then described transaction/task can not be finished.

The 5th example is that the user has lost the PDK key.After main PDK key is carried out an initial setting up, encourage the user to distribute an extra PDK key immediately, described extra PDK key is used as one daily key, and described main PDK key is kept at the position of a safety.If described daily key is lost, then described master key can be used for distributing new daily key.After the user loses all PDK keys, as a last resort, can get in touch key manufacturer, after verifying, instruct described key manufacturer to transport one and replace the PDK key.

Get back to drawing now and, wherein shown the method for a kind of managing digital rights according to the invention at first with reference to figure 1.At first, newly the user asks physical electronic key or data cell (step 10) from the key supplier.Described key supplier can provide website, free call numbers and/or can obtain the retail shop of key on the Internet.In addition, described key supplier can written request key, preferably uses a kind of form of described key supplier design.For the key of certain model, the user can obtain key as much as possible as required, and for the key of another kind of model, every user only has the right to obtain a key.

The second, for responding the request that described user obtains physical key, the key supplier sets up new secure account (step 12) for described new user in the user account database of safety.Described new account can comprise following data segment: account number, password, software key, user tag, Customs Assigned Number (being linked to the account), address, telephone number, e-mail address and custom field.Described custom field can (for example) comprise such as personal information such as age of user, sex, marital status, income level, interest, hobbies.Described physical key can comprise following data segment: user tag, account number, software key and self-defined storage area.User tag and account number are used as first active coding (secret key code) of the physical key that is obtained.All fields (except the user tag) on the described physical key are all preferably encrypted.For making described user, be preferably described user and distribute a logon name and above-mentioned password checking his or her account in the future.

The 3rd, the key supplier by a family parcel express company (as United States postal service, United Parcel Service company or Federal Express Corporation) with as described in the physical electronic key transport to as described in new user's (step 14).In a kind of pricing model, described physical key is freely transported to the user, and in another kind of pricing model, described physical key must be bought by the user.If the user must buy physical key, then the user must provide the credit/debit card information to the key supplier in step 10, to use the credit/debit payment; Perhaps the key supplier provides an invoice with the key that transports in step 14.

Fig. 2 is the block scheme of system, is used to implement the

step

10,12 and 14 of the method for managing digital rights.Described system comprises new user 100, key supplier's website 102 and user account database 104.

Return with reference to figure 1, the user with the active coding in his/her digital cipher be transferred to the data content supplier (described digital content supplier may and the key supplier between have a kind of cooperative relationship) and the request buy digital content (music, video or software) (step 16) from described content provider.Described content provider can provide the website on the Internet, described website includes can be for the digital content tabulation of buying.For by described website described active coding being transferred to described content provider, described user can manually import described active coding on the secure page table of described website.Perhaps, can use the wireless technology described active coding of transmission automatically.Particularly, but described user's computer attaching detecting device, and described detecting device is used for detecting the active coding of described user's physical key, then described active coding is transferred to described content provider by the website.Described content provider can be described key supplier's subsidiary company, perhaps can be independently of one another with described key supplier, but have a agreement with it.

The 5th, described content provider asks described key supplier to verify the active coding (step 18) of described user's transmission.Described content provider can send to described request on described key supplier's the website.The 6th, described key supplier is user's account described in the calling party accounts database then, and determines described active coding whether actual effectively (step 20).Described key supplier can determine also whether described active coding is associated with the user who described active coding is transferred to described content provider.If described active coding is rejected because of invalid, then described content provider will obtain described notice, and described content provider will ignore any request that described user buys digital content.Yet if described active coding is because of effectively being accepted, described content provider will obtain described notice, and purchase-transaction will be proceeded.Used in this article term " key supplier " means the mechanism (or a plurality of mechanism) of manufacturing, issue and checking physical key from classification.These functions in fact can be carried out in different places by a plurality of mechanisms, are perhaps carried out at the three unities by a tame mechanism.

The 7th, after first active coding in guaranteeing described physical key is effective, described content provider is requested digital content hauling-out and use second active coding (or PUK) mark described digital content relevant with described first active coding in the described physical key from digital content data storehouse/storehouse, and the digital content through mark is encrypted (step 22).Described second active coding in the described digital content is can be simply identical with described first active coding in the described physical key, but should partly encrypt at least, to guarantee security.In one embodiment, the content file of " key is maintained secrecy " comprises following data segment: user tag, account number and digital content.User tag and account number are as second active coding of digital content.If only as sample (describing in Fig. 6), then file can comprise extra data segment to described content, as receiver/decoder circuit identifier, hour-symbols and effective hourage.All data segments (except the user tag) on the described content file are all preferably encrypted.

The 8th, described content provider will give described user (step 24) through the described digital content delivery of encrypting.Can pay in the following manner through the described digital content of encrypting:, will download on the described user's computer through the described digital content of encryption when on the website of described user described content provider when online; Described digital content is attached in the Email that sends to described user; Perhaps a disk that contains through encrypted digital content is transported to described user by parcel express company.Described user can pay the fund of described digital content in the following manner: perhaps in step 16 the credit/debit card information is offered described content provider; Perhaps provide an invoice with the digital content of paying.If the online payment of described digital content then preferably requires described user that the credit/debit card information is provided, and described information is approved as the precondition of paying described digital content.Use each key of described user to work if the user has the digital content that physical electronic key more than one and hope obtains, then all activated sign indicating number all is applied to described digital content.Described content provider wishes to make the quantity of the key that described digital content can work that described user is charged based on described user.For example, described user can collect the identical amount of money to each active coding, perhaps can collect the higher amount of money to an active coding, and other active coding is collected the less amount of money (as additional cost).

Fig. 3 is the block scheme of system, is used to implement the

step

16,18,20,22 and 24 of the method for managing digital rights.Described system comprises new user 100, content provider 106, key supplier's website 102, digital content data storehouse 108 and the digital content of obtaining 110.

The 9th, return Fig. 1, described user is with in the playing device of the model of the described digital content of the encrypted suitable broadcast of described digital content input (step 26).Described device can (for example) be MP3 player, personal computer, DVD player, a CD player, a cell phone or other mancarried devices.In one embodiment, described device comprises wireless transceiver, and described wireless transceiver is adapted as the radio frequency signals that reception is sent by the corresponding wireless transceiver in described user's the physical electronic key.Be included in the described wireless transceiver by the unique identifier that described device manufacturer is distributed, the described wireless transceiver in the described device can be selected trackedly also " to maintain secrecy ", to be used to verify purpose.

The tenth, when described user's physical electronic key near described playing device (as, several meters) time, described playing device reads: the safe wireless electricity frequency signal that (1) is sent by the described transceiver in the described physical key is transferred to first active coding of the transceiver in the described device; (2) second active coding (step 28) of mark on the described digital content of process encryption.Described device includes and is used for software or hardware that encrypted digital content is decrypted, encrypted digital content can be deciphered the necessary degree of any encryption section that reads described second active coding.

The 11, described playing device compares described first active coding and described second active coding, and determines described first active coding whether be associated with described second active coding (step 30).Step 29 and 30 can (for example) on the user presses described playing device the Play button or when described user imports described playing device with encrypted digital content first, carry out.If described first active coding is associated with described second active coding, then described device deciphering is also play described digital content.If described first active coding and described second active coding are unconnected, then described device can not play described digital content.If described second active coding is identical with described first active coding simply, whether then above-mentioned relatively more definite described first active coding and described second active coding mate.In a preferred embodiment, have only when the enough approaching described device of described physical key, even when comparing with described second active coding that described first active coding is transferred to described device and make described device also can encrypt described digital content when playing described digital content at least in part to described first active coding, described device just can continue to play described digital content.If described physical key shifts out described scope, described digital content can be deciphered and play to then described device no longer.In another embodiment, when described device can be deciphered at first and play described digital content, even being moved out of described scope, described physical key make described key no longer described first active coding can be sent to described device, described device also keeps starting always, is withdrawn from described device up to " broadcast " function stop, the paragraph of playing/song end or described digital content.

Fig. 4 is the block scheme of system, is used to implement the

step

26,28 and 30 of the method for managing digital rights.Playing device 112 that described system comprises encrypted digital content 110, started by key and described user's physical electronic key 114.

As mentioned above, described user's physical electronic key and the playing device that is started by described key include wireless transceiver respectively, so that the sign indicating number that excites in the described key is sent to described device.In preferred embodiment, described transceiver is small-sized, cheap blue teeth wireless chip, described blue teeth wireless chip need not the 2.4GHz ISM wave band operation of licensing, avoids being subjected to other signals interference by jump to a new frequency in transmission or after receiving a packet.Described wireless chip is inserted in the electronic installation, and after this described electronic installation can utilize radiowave also penetrate communication in short distance." bluetooth " is a term, be used to describe a short distance between the device that includes wireless chip (as, about 10 meters) agreement of frequency-hopping radio link.Described being installed on is to be called as " bluetooth startup " device.Described safe radio link is replaced a cable that originally is used to connect described device.More particulars of relevant " bluetooth " wireless technology can be from the website Www.bluetooth.comObtain.

Wireless technology outside " bluetooth " can be used for the active coding from described user's physical electronic key is sent to described playing device.The example of other wireless technologys is industry slang " Wi-Fi ", and described term is the abbreviation of " Wireless Fidelity ", and is another title of IEEE 802.11b.By wireless ethernet compatibility alliance (WECA) though authentication for the product of Wi-Fi from different manufacturers, it also has interoperability each other.The Wi-Fi product user can be used for the access point of any kind of the client's hardware according to any other kind of Wi-Fi standard manufacture.

In another embodiment, communicating by letter between described user's physical electronic key and the described playing device is not radio communication.In another embodiment, described user's physical electronic key sends to described playing device with active coding by transmission line (key as described in inserting as an end, the other end inserts the serial cable of described playing device).In another embodiment, described key is wherein the encode smart card or the magnetic card of active coding, and described key is configured to physics and is assemblied in the card reader slot on the described playing device.

The above-mentioned DRM method and system that is used to implement described method is duplicating and is using encrypted digital content to provide great versatility for individual aspect special-purpose for the key possessor, thereby very favourable.Simultaneously, content provider's copyright has been subjected to protection, can use encrypted digital content because only have the key possessor of key starter gear.Described key possessor can copying encrypted as far as possible repeatedly as required digital content, but can only play the encrypted digital content on the key starter gear, described key starter gear uses and is encoded to the physical electronic key startup that encrypted digital content is decrypted.Therefore, even described digital content is after being replicated, also can only be by described key possessor special use.Even other people beyond the described key possessor duplicate described encrypted digital content, can not use, because the master or the copy that no matter are described encrypted digital content are still encrypted, described individual does not hold and is encoded to the physical electronic key that described digital content is decrypted.

A notion that core component is portable physical electronic key of the present invention, described portable physical electronic key is by a certain specific user's special use.Described physical key is represented the DRM solution, and described DRM solution is comprehensively at the client of digital content and the demand of publisher.Described physical key permanently is associated with user's digital content storehouse.Obtaining in the content, described physical key promptly permanently takes place related with the up-to-date content of obtaining.Described user is that " link " is to the described content of obtaining at present.User (as individual or family) can have physical key as much as possible as required, but each part of the encrypted digital content of being bought is associated with concrete key.Described user can with the content replication of being obtained be transferred to any medium or device on playback number of times as much as possible-as long as associated physical key exists as required.Therefore, the present invention guarantees that the content of being obtained can only be play by the user of legal paying.The present invention gives the unprecedented freedom of client's content that legal use is bought and convenient, and the while is general protection content provider's copyright still.

Referring to Fig. 5, the present invention supports fully to use and has " cryptographic key protection " digital content 125 that all core contents obtain option and all core playback options.Have second active coding during cryptographic key protection digital content 125 coding, described second active coding is associated with first active coding on the physical electronic key that is stored in described user.Described core is obtained option and is comprised download content 120, shop purchase content 122 and broadcasted content 124.Described core playback option comprises autonomous device 126 and interconnection device 128.Hereinafter be described in further detail each option of described option.

Referring to Fig. 6, as described in Fig. 1 to Fig. 4, main application of the present invention is from the Internet download digital content substantially.Client does shopping on content dealer's website and selects it to want the content of buying (music, film, software, e-book etc.).So described client provides the online shopping information of standard to described website, comprises selected trade name and mode of payment, with and the physical electronic key information.Described client be it is evident that, described dealer's web site url to described key supplier's website and the information of transmitting described physical key for checking.Transport to the required information of described client (or the invalid notice of described physical key) to described dealer's website then with being provided for preparing the content safety that will be obtained described key supplier's website.The described transaction of described key supplier's website records is for Future Payments.At last, the copy of a described digital content is retrieved in described dealer's website from its storehouse, it permanently is linked to described client's physical key (described digital content being encrypted by the information of using described key) and gives described client with encrypted content transfer.Described client can freely duplicate described content now as required at every turn, and plays on the playback reproducer that any key starts.

Referring to the details among Fig. 6, the core of enforcement download digital content 120 is obtained the process of option (see figure 5) and is described hereinafter.In step 130, the receiver/decoder circuit 140 RF link by safety is from client's physical key (transponder) retrieve account number.In step 131, described client is by the data of its personal computer 144 input such as password, the free choice of goods and modes of payment.Described data are transferred to the website 146 of content through selling from described client's personal computer 144.In step 132, described account number and password transmission are given key supplier's website 148 in described content dealer's website 146.In step 133, its database 150 all data of checking of described key supplier's website 148 contrasts, if described data are true, then described website will be returned such as information such as account number, user tag, Customs Assigned Number and software key to described dealer's website 146.If described data are invalid, then described key supplier's website will send the invalid information of the described data of indication to described dealer's website 146.Be used for described key supplier and account the counter of purpose increment.In step 134; when haul out the content file of being bought described dealer's website 146 from its database 152; use its software key of in step 133, receiving that described content file is encrypted; and create a final cryptographic key protection content file, described final cryptographic key protection content file is transferred to described client's personal computer 144 subsequently.Expense is assessed based on number of users etc., and charges to described client according to mode of payment.In step 135, described key supplier's website 148 regularly produces invoice 154 and sends to the content dealer.

As option, for make the content provider provide sample content (as, in one section official hour, playback is limited on the device of the described content of initial downloaded), can produce the receiver/decoder circuit 140 of special-purpose " enhancing " version.Every kind of described " enhancing " receiver/decoder circuit (being mainly used in personal computer) all comprise unique identifier and make it carry out " dialogue " with key supplier's website thus obtain the additional functionality of secret temporal information.Sample file can comprise following information (in its encrypted title section):

The identifier of the enhancing receiver/decoder circuit that is used to download, when buying content, described identifier is sent to described key supplier's website by described receiver/decoder circuit;

Hour-symbols when content (promptly download described residing hour); And

Effectively hourage (be the hourage that content is remained valid, as permanent, 1 hour, 24 hours, 48 hours etc.).

Whether above-mentioned information is used during playback by " enhancing " receiver/decoder circuit, to determine content file " then " or attempt to go up at undelegated device (that is any device outside the device of the described content of initial downloaded) and play.

Described function makes content dealer website can issue the limited use sample that uses relevant layering pricing model.

Referring to Fig. 7, the present invention can be extended the content that the shop is bought substantially.Bring among the present invention for the content that the shop is bought, the conventional contents of in two ways shop being bought is made amendment.First kind of mode is that described content is with form (for example, the using any effective copy protection technology) issue of copy protection.The second way is, described content comprises unique content array number.Described content array number or directly be included in the described digital content is perhaps as a physical tag.Each content array number is specified and is stored in key supplier's the database at production period by the content dealer.Described database is used in the future to verify that each content array number is whether unique and can only be used the number of times of regulation.For client, download the once cryptographic key protection version of described content after the price of the free or payment regulation of a content array number representative on its content of buying in the shop recently.Advantage that described cryptographic key protection copy provides for client and degree of freedom and any other cryptographic key protection content are identical for advantage and degree of freedom that client provides.From client's angle, except that how handling the payment problems, the download of the cryptographic key protection content of downloading process and any other standard is identical." payment " is content array number.Provide all advantages of the present invention (by the mode of " content array number download ") by the client who buys content for traditional shop, this programme provides first complete DRM solution for the industry.Referring to the details among Fig. 7, the core of enforcement shop purchase digital content 122 is obtained selection scheme (referring to Fig. 5) and is described hereinafter.In step 160, the receiver/decoder circuit 170 RF link by safety is from client's physical key (transponder) retrieve account number, and described client's personal computer 174 is bought content 122 reading of content sequence numbers from the shop.The shop is bought content 122 and is included the content array number that is used for the described content of unique identification.The form of content array number can (for example) be PPPP.FFF.0123456789, and wherein, the PPPP person's of providing identifier, FFF are factory's identifiers, and the digitized representation serial number.The shop is bought content 122 and has been used a kind of copy protection scheme, as Macrovision ^TM, key2audio ^TMOr SafeAudio ^TM(stipulating in the SDMI standard) set of also disk " can being duplicated mark " is further to forbid replication work.

In step 161, described client imports such as data such as the password and the free choices of goods by its personal computer 174.The content array regulation mode of payment that reads previously is a kind of " content array credit " (that is, this is downloaded does not need to pay, because described content array number confirms that ongoing download is the content of the legal purchase of described client).Described data are transferred to content dealer's website 176 from described client's personal computer 174.In step 162, described content array number, account number and password transmission are given one key supplier's website 178 in described dealer's website 176.In step 163, website 178 its databases 180 of contrast of described key supplier and 182 all data of checking, if described data are true, then return such as account number, user tag, software key and received payment mark information such as (indicating number process checking of described content array) to described dealer's website 176.Now, described key supplier's website 178 is the set of described received payment mark, with forbid any other download and with the account number field record in described content array database to be used to verify purpose.If described data are invalid, then described key supplier's website 178 sends the information that designation data is invalid to described dealer's website 176.Be used for described key supplier and account the counter of purpose increment.Each clauses and subclauses in the described content array database 182 can comprise following data segment: CDC number, received payment mark and account number.In step 164; haul out described content file described dealer's website 176 from its database 184; use its software key of in step 163, receiving that described content file is encrypted; and create a final cryptographic key protection file, described final cryptographic key protection file is transferred to described client's personal computer 174 subsequently.Usually, be evaluated as and be free of charge, because content array is number as " payment " of downloading.In step 165, described key supplier's website 178 regularly produces invoice 186 and sends to the content dealer.

Referring to Fig. 8, the present invention can be extended to broadcasted content substantially.For broadcasted content is fully integratible among the present invention, only need traditional broadcasted content is carried out the modification of minute quantity.Described being revised as, with broadcasted content with a kind of form of copy protection (as, be called the dvd standard of content EVAC (Evacuation Network Computer Model) (CSS)) transmission.The remainder of this program is described hereinafter.The pen recorder that has the key startup of unique identifier is used to receive the broadcasted content of copy protection.If only need the described broadcasted content of playback, then decode substantially (as CSS) and the broadcasted content that passes on carries out playback.Yet if client wishes to write down described broadcasted content, described pen recorder will be carried out extra step passing on before described broadcasted content carries out playback.Described pen recorder is connected to key supplier's website, to verify described pen recorder, inner identifier and described client's physical key.If the both is effective; then described pen recorder is encoded to described broadcasted content by the active coding that uses described client and is converted into the cryptographic key protection form, then described cryptographic key protection content file (inside permanently embeds identifier) is stored for use in the future.Final result is that the broadcasted content of cryptographic key protection is that the owner of related physical key provides all degree of freedom of the present invention and advantage.Although described content is broadcasted at first, it can not be by bootlegging or issue.The present invention can be applied to the broadcast material of order program service and standard.

Referring to the details among Fig. 8, the core of enforcement broadcast figure content 124 is obtained the process of option (see figure 5) and is described hereinafter.In step 180, the digital broadcast content of receiver/converter/pen recorder 190 (as satellite, cable, the Internet or aerial) reception copy protection form from a source 192.Described broadcasted content can use copy protection technology (as the CSS scheme that strengthens) to carry out copy protection.If client wishes only to play (and not writing down) described broadcasted content, then decode substantially (as CSS decoding), and described broadcasted content passes exhibiting device 194 and carries out playback.Can skip remaining step hereinafter described.

Yet,,, should carry out following extra step passing on before described broadcasted content carries out playback if described client wishes to write down described broadcasted content.In step 181, the RF link of receiver/converter/pen recorder 190 by safety is from described client's physical key (transponder) retrieve account number.In step 182, receiver/converter/pen recorder 190 is transferred to described account number and its register sequence number key supplier's website 198.Each device 190 comprises the register sequence number of the described device of unique identification.The form of described register sequence number can be (for example) MMMM.FFF.0123456789, and wherein, MMMM is manufacturer's identifier, and FFF is factory's identifier, the digitized representation serial number.In step 183, website 198 its databases 200 of contrast and 202 pairs of data of described key supplier are verified, and are returned " agreement " or " refusal " response.Be used for described key supplier and account the counter of purpose increment.In step 184,, then can not write down described broadcasted content if receive " refusal " response.If receive " agreement " response; then receiver/converter/pen recorder 190 is the cryptographic key protection form by using described client's active coding to carry out code conversion the content of decoding, and described cryptographic key protection content (inside permanently embeds the register identifier) is recorded in the memory storage (may be selected to be external device (ED)).Now, described broadcasted content can be copied on the playback reproducer of any key startup, or playback on the playback reproducer that described key starts.In step 185, described key supplier's website 198 regularly produces invoice 199 and sends to the content dealer.Although fabulous conventional security and protection can be provided, step 182 and 183 is not enforceable for operation broadcasted content among the present invention.Because the purpose of expense may need to produce the receiver/converter/pen recorder 190 that can not communicate by letter with described key supplier's website 198.

Referring to Fig. 9 a and 9b, client promptly prepares to use described digital content now after the confession of obtaining the cryptographic key protection digital content and being produced is gone up the copy of playback at various devices (as portable CD Player, personal computer, home theater etc.) substantially.Cryptographic key protection thes contents are as follows and carries out playback.The playback reproducer that is started by key reads information from the content file that client's physical key and described client asked to play pellucidly.Then, each bar information is compared, to verify described physical key and the content that will play whether " coupling ".If each composition coupling, then described device begins to play described content.If each composition does not match, then described device can not play described content, and depends on the function of described device, may show " invalid content " information.From client's viewpoint, when described process is used for the legal content of obtaining, described process be fully transparent, be easy to and glitch-free.Client can freely use its content, unique restriction to be on the playback reproducer that any key starts, and has only when having relevant physical key, could play content.As described in the text, the present invention gives unprecedented freedom of content and the convenience that client uses legal purchase, still protects content provider's copyright simultaneously.

Referring to the details of Fig. 9 a and 9b, implement the process of the core playback option (see figure 5) of autonomous device 126 and describe hereinafter.In step 210, client is by the content file of playback reproducer 220 playback cryptographic key protections.Playback reproducer 220 can (for example) (Fig. 9 a) or stereo amplifier (Fig. 9 b) for client's the personal computer that has integrated CD reader/player.In step 211, receiver/decoder circuit 222 is searched physical key (transponder) 224.Circuit 222 can be and playing device 220 assembly (shown in Fig. 9 a) independently, perhaps is integrated in the playing device 220 (shown in Fig. 9 b).If do not find physical key, then playing device 220 shows " invalid content " information.If find physical key, then receiver/decoder circuit 222 is retrieved all available informations by the RF link of safety from physical key 224.In step 212, the user tag in the content file of physical key 224 and cryptographic key protection compares.If user tag does not match, then playback reproducer 220 shows engineering noise information.If user tag coupling, then receiver/decoder circuit 222, and begins the encryption section of cryptographic key protection file is decrypted from physical key 224 retrieval software keys by the RF link of the safety between physical key 224 and the playback reproducer 220.When account number was decrypted, it mated with the account number of retrieving from physical key 224.If account number does not match, then playback reproducer 220 shows " invalid content " information.If account number does not match, then playback reproducer 220 uses remaining data deciphering the carry out playback of software key with described cryptographic key protection file.User tag in the described physical key and account number are as first active coding, and user tag in the content file and account number are as second active coding.These active codings must mate (or having some other association of predesignating), so that continue playback.

Substantially referring to Figure 10, although independently playing device (as, CD Player, personal computer, DVD player etc.) be the standard set-up of current use, but described device and combining of the Internet will produce the environment that a centralized digital distribution system increases rapidly.The security of the content in the described environment is very crucial but challenging, does not apply very big restriction and is difficult to realize.The present invention can provide security for centralized digital distribution system, and the convenience that can greatly strengthen described system and many important improvement of availability can also be provided.Described improvement comprises physical key is integrated in the portable portable computing machine, and it doubles and as the system remote machine.Except that all networking assemblies of control, described remote machine also is used for a few thing, as from the internet purchases content, following the tracks of the action of user in whole facility so that " content is followed " (that is, content playback is followed described user one by one the room) automatically to be provided.The centrality of described digital content distribution mean the whole digital content storehouse (as music, film, software, e-book etc.) of safeguarding client and with as described in the content playing device that offers any networking only need a memory storage.

Referring to the details of Figure 10, wherein shown the centralized digital content distribution of the core playback option (referring to Fig. 5) that is used to implement interconnection device 128.Described system is used in mechanism's (as a resident or recreational facilities).Described system comprises digital content server 310, many remote clients 314 and portable remote 316.The digital content server 310 storages digital content that 318 (as satellite, cable, the Internets or aerial) obtain from the source.In addition, digital content server 310 can be stored the digital content of uploading from standard package 324.Many remote clients 314 are in the not chummery of described mechanism, and are connected to digital content server 310 by distribution hub 312 or switch.Remote client 314 is connected to hub 312 by backbone transport networks 315, backbone transport networks 315 can be wireless network or uses fiber optic cables, concentric cable or twisted wire that cable is connected, networking protocol can be adopted, communication protocol can be adopted such as TCP/IP such as Ethernet, Wi-Fi, Arcnet or ATM (asynchronous transfer mode).Every remote client 314 comprises network interface unit (NIC), is used for linking to each other with backbone transport networks 315.

Remote control 316 is adapted as with each remote client 314 and communicates by letter, and selects to be stored in the digital content in the digital content server 310.Remote control 316 comes down to personal digital assistant (being luggable computer), comprises the remote control circuit of display and interpolation.Described display can (for example) be LCD (LCD).The remote control circuit of described interpolation comprises " system remote " circuit and " universal remote control " circuit.

Described " system remote " circuit in the remote control 316 is used for setting up first wireless transmission link 320 with every remote client 314.Described first wireless transmission link 320 can be safe wireless link (RF) or infrared link (IR) as shown in the figure.When setting up described first wireless transmission link 320 with remote client 314, remote control 316 is as the system remote machine, described system remote machine can: the digital content that (1) shows, scanning and selecting provides on the digital content server 310 also downloads to the remote client that is linked with selected digital content from digital content server 310; And (2) control figure content server 310 (as satellite, cable, the Internet or aerial) obtains or download digital content from the source.The similar change of term used herein " download " or described term (as, download, downloading etc.) be intended to relate to content is transferred to receiving trap from device, no matter described content is to be stored on the described receiving trap, and still only " stream " is used for instant playback to described receiving trap.Remote control 316 preferably includes a display that is used for the display digit content.Described display can (for example) be LCD (LCD).When the user holds remote control 316 from a room activity of mechanism during to another room, remote control 316 continuously with each room in remote client 314 set up wireless transmission link 320.In this way, available digital content is followed the user and is moved to another room from a room on the digital content server 310.

In preferred embodiment, first wireless transmission link 320 is safe Radio Links, and described safe Radio Link is set up by the coupling transceiver in the remote control 316 and every remote client 314.Described coupling transceiver is preferably small-sized, cheap Bluetooth ^TMWireless chip, described Bluetooth ^TMWireless chip need not the 2.4GHz ISM wave band operation of licensing, avoids being subjected to other signals interference by jump to a new frequency in transmission or after receiving a packet.Described wireless chip is integrated in each remote control 316 and every the remote client 314, and described device can utilize radiowave in short distance and penetrate communication.Can use bluetooth wireless technology (as Wi-Fi) in addition between remote control 316 and every remote client 314, to transmit remote signal.

" universal remote control " circuit in the remote control 316 are used to set up and be connected to second wireless transmission link 322 between the standard package 324 of remote client 314.Second wireless transmission link 322 is as shown in the figure infrared link (IR) preferably.When setting up described second wireless transmission link 322 with standard package 324, remote control 316 is as universal remote control that can operation standard assembly 324.Standard package 324 can (for example) be audio receiver (stereo amplifier), audio-video receiver, video monitor (TV) etc.Standard package 324 can with relevant remote client 314 physical separation, but be linked to relevant remote client 314, but perhaps physics is integrated in the relevant remote client 314, as integrated device 324c.

The digital content that is stored on the content server 310 can be used forms such as CD (CD), digital video disk (DVD), MP3, e-book, software.When remote control 316 is linked to a remote client 314, but the user can be scanned and select and will download to remote client 314 and be converted to the digital content of the standard broadcast format (as analog format) that can play at relevant standard package 324 by remote client 314 from digital content server 310.Selected digital content downloads on the remote client 314 as original digital data packet from digital content server 310.Remote client 314 is converted to the digital content of downloading standard package output again, described standard package output and standard package 324 compatibilities that are connected to remote client 314, and standard package 324 is play described digital content.Port can (for example) comprise light tone separating video port, Long-distance Control adapter jack, serial port, USB (universal serial bus), the Internet, Wi-Fi, Firewire ^TM, bluetooth, radio frequency or other similar output.Standard package 324 contains or is connected to: audio tweeter is used to broadcast any sound signal of receiving from remote client 314; And video monitor, be used to show any vision signal of receiving from remote client 314.All the elements stored digital and is obtained option by Fig. 6 and download shown in Figure 8 or broadcasting and is obtained the back and use cryptographic key protection on digital content server 310.If described digital content is used cryptographic key protection, then many remote clients 314 comprise decrypt circuit (that is, the receiver/decoder circuit), are used for described digital content is carried out release.Be chosen as download to remote client 314 from digital content server 310 digital content before remote client 314 internal conversions are standard package output, preferably keep encrypting always.Remote client 314 conducts are from the cryptographic key protection digital content of digital content server 310 and the converter between the standard package output.For deciphering selected digital content, remote control 316 comprises according to the present invention the physical key of obtaining from the key supplier at first.Described digital content obtains from content provider 326 at first, and content provider 326 uses the active coding mark described digital content relevant with described physical key.Decrypt circuits in the remote client 314 receive active codings by wireless transmission link 320 from remote control 316, and are activated the described digital content of release and are converted into the form that can play (if the interior active coding of the active coding in the remote control 316 and described digital content is relevant).If the active coding in the remote control 316 is uncorrelated with the active coding in the described digital content, then remote client can release and the described digital content of conversion.

In another embodiment, remove remote client 314, and standard package 324 directly is linked to the standard package output of distribution hub 312 by backbone transport networks 315.In this case, distribution hub 312 is machine in return, and digital content server 310 includes the decrypt circuit that is used for the described digital content of release.When described digital content is decrypted, but its be converted into broadcast format and flow to and distribute switch 312, be used to offer suitable standard package 324.Decrypt circuit in the digital content server 310 receives the active coding from remote control 316, if and only if the interior active coding of the active coding in the remote control 316 and described digital content when being associated, carrying out release and is converted into broadcast format described digital content but just can be activated.Described digital content can its encryption format be downloaded (or " flowing through ") and be used for storage to memory storage (as medium CD writer 324a or computer hard disc driver 324b), rather than described digital content is decrypted plays.When user's ultimate demand was play the digital content of being stored on media player, described media player must include the decrypt circuit that is used for described digital content is carried out release.After described digital content is carried out release,, the digital content of described media player after with described release play but being converted to broadcast format.Decrypt circuit in the described media player receives active coding from remote control 316 or the physical key that has a same active coding.Have only when the active coding in remote control 316 or the physical key when active coding in the described digital content is associated, but described media player just is activated described digital content is carried out release and is converted into broadcast format.

Except that can be from digital content server 310 downloads to remote client 314 with selected digital content, from the data (as MP3, CD, DVD, software etc.) of assembly 324 also can be uploaded to and stored digital at digital content server 310.This content stores of being convenient to leave over is to digital content server 310.

Referring to Figure 11, the digital content security system and method prevents that computing machine from being used without permission substantially, and the digital content that prevents to store is on computers visited wrongly, duplicated and/or issues.The basic module of personal digital key digital content security system (PDK-DCSS) is: (1) standard hard disk drive apparatus 330, and other has PDK receiver/decoder circuit (PDK-RDC) 332 to be integrated in the controller 334; And (2) PDK key 336 relevant with above-mentioned PDK-RDC.Standard computer hard disk drive 330 includes integrated PDK-RDC 332, makes to be used to protect the several different methods of digital content to become possibility.Hard disk drive 330 comprises a PDK-RDC 332, is called as the PDK hard disk drive in this article.Although PDK-DCSS figure shows that PDK-RDC 332 is integrated in the controller 334 of hard disk drive, all operations system layer protection hereinafter described can use outside PDK-RDC to implement.PDK hard disk drive 330 is similar to obtainable hard disk drive any standard, current, except the PDK-RDC 332 (it is integrated in the controller circuitry 334 of described driver).PDK-RDC 332 is integrated circuit, can handle the digital content that PDK key information and encrypt/decrypt meet PDK.In addition, it is own that circuit 332 can be protected hard disk drive 330.This can be realized in the following manner by circuit 332: depend on whether there is relevant PDK key 336 (unique and permanently relevant with PDK hard disk drive 330), start or forbid the controller 334 of hard disk drive.Each PDK hard disk drive 330 all has its oneself PDK key 336 usually when paying.

Carry out safe radio frequency communication in the same manner described above between the Secure RF communications PDK key 336 relative hard disk drives 330.It should be noted that software driver optionally be designed to allow dynamic key distribute (after purchase distributing key starting key change, or will single give multiple arrangement encryption key distribution).

Use PDK key and RDC technology that the protection of two classes is provided:

1) hard disk drive access control-in this case, whole driver 330 or addressable fully (release), perhaps complete inaccessible (locking), and/or the trooping by encrypt/decrypt optionally of each data field or data field, this depends on that relevant with driver 330 (or transporting with driver 330) concrete PDK key 336 is whether in operating distance.This class protection can be finished pellucidly by the operating system of being in charge of described driver (OS).

2) independently file protection of operating system layer-in this case, the RDC 332 of driver is independent of driver 330 work, to protect each file (material that normally has copyright) by bootlegging.In this role, RDC 332 can operate the file (these files not necessarily must be stored on the hard disk drive 330 or relevant with hard disk drive 330) of any PDK key 336 (being not only the PDK key of paying simultaneously with hard disk drive 330 336) and any PDK of meeting.This type of protection requires the operating system layer software driver to move being in charge of under the operating system of described driver.By using described two classes protection by different way, make four layers of unique content protecting become possibility.Two-layer (actuator layer and sector layer) in the described protective seam do not need the external software support, and all the other two-layer (file layers and network layers) need software driver and are used for the stand-alone utility that network layer is implemented.Each layer in described four layers is defined as follows.

Referring to Figure 12 and Figure 13 of carrying out the actuator layer protection, when described actuator layer protection was implemented, PDK hard disk drive 330 only just can be worked when relevant PDK key 336 is in operating distance.No matter when, as long as PDK key 336 does not exist, the controller 334 of described driver will be under an embargo.The content that is stored in the file on the driver 330 is not encrypted.Described actuator layer defencive function is designed to; no matter when; as long as relevant PDK key 336 does not exist (promptly; when the owner of described hard disk drive described computing machine away from keyboard; if described computing machine is stolen etc.), the visit of PDK hard disk drive 330 is protected the owner of described hard disk drive by locking.

Referring to Figure 12 and Figure 13 of carrying out the protection of sector layer, when described protection was activated, each sector that reads or writes (or sector troop) used relevant PDK key 336 encrypt/decrypts of described driver by RDC 332.Because encrypting is to carry out at the sector layer rather than in file layers, so coding can be finished under the operating system that does not need to be in charge of described driver is carried out the situation of any change, participation or affirmation.Sector layer defencive function is designed to, and do not need that by the content that is stored in the file on the described driver is encrypted software (operating system, application program etc.) is carried out any modification and further protects the owner of described hard disk drive (outside the actuator layer protection).Described safety advantages is that if drive access lost efficacy in a certain mode, the content of the file on the described driver still is protected.It should be noted that if user's retrieving files and specially what his position is taken office in its transmission (by Email, memory stick etc.) from the driver, then numeral will no longer be protected.Can use actuator layer protection and the protection of sector layer respectively, also both can be used in combination.In addition, as mentioned above, should be appreciated that layer protection in sector may be used on trooping of each data field or data field.Figure 13 has shown that RDC 332 implements actuator layer protection and the performed logic of sector layer protection.Described logic guarantees that operating system layer order (preserve whole file, read whole file etc.) has been given the sufficiently long time and has finished.This makes that implementing logic under the situation that does not need to carry out operating system modification, participation or confirm becomes possibility.

Protect referring to the file layers shown in Figure 14; when being embodied as operating system layer software driver (utilization of described operating system layer software driver is integrated in the PDK-RDC 332 in the PDK hard disk drive 330), the file layers protection provides aforesaid standard P DK digital rights management service and function.Whether described driver instructs RDC332 to obtain PDK key information, authentication secret and file to mate as required, and uses the encrypted physical/deciphering of the information and executing file (do as a whole, be not at the sector layer) of described key.In illustrated example, file ABC 338 (can reside on any memory storage, internal memory medium) compares with any PDK key 336 in PDK-RDC 332 scopes.If both couplings, then PDK-RDC 332 is used to propose any playback mechanism of described request with file 338 deciphering.Can use any PDK key 336, and be not only the key 336 relevant with PDK hard disk drive 330.When using PDK-RDC 332 to carry out file layers protection (and network layer as described below protection), PDK-RDC 332 be independent of its resident hard disk drive 330 work.Although the file that meets PDK that PDK-RDC 332 encrypts or deciphers can reside on the resident hard disk drive 330 and can be associated with the PDK key 336 of described driver, and nonessential like this.PDK-RDC 332 can operate other PDK key and files that reside on other medium.When using by this way, PDK-RDC 332 can be regarded as residing in simultaneously just in the hard disk drive 330.For file layers and network layer protection, RDC 332 can be implemented as an independent circuit board (not being integrated in the hard disk drive 330), and identical functions still is provided.

The main application of file layers protection is to prevent that individual or copyright material are by bootlegging and issue.Could be accessed when having relevant PDK key because the backup of any PDK of meeting file has only, so the file layers protection makes easy and safe property give birth to backup becomes possible (only being designed to be used by the association key possessor).Except that issuing content of copyright (as music and film) as mentioned above, the software developer also can pass through its software of the Internet-distributed, and this has identical ease for operation and security.Fa Bu software makes legitimate receiver can carry out unrestricted duplicating (as backup purpose, in home computer use etc.) by this way, yet, backup only could be worked when having relevant key, to prevent that unwarranted backup is by illegal distribution and use.

The file layers defencive function is designed to protect the publisher of individual or copyright material.The user can be by being that the form that meets PDK is protected it with any file conversion; Yet the security of document files may not wished to keep the key possessor infringement of described file integrality.Because; although a Microsoft Word file (as an example) can use the protected form storage that meets PDK, when described file is opened, can with the content shearing and paste the Another application program (as; an e-mail program) in, thereby make described protection invalid.Therefore, the purposes that is used for the file layers protection of document only is applicable to the recipient's (wishing the individual of the protection content that it had) through entrusting.Yet nondocument is not subjected to above-mentioned restriction.

Referring to the protection of the network layer among Figure 15,, the file layers protection can be expanded to network environment by adopting the centralized software application/database that is called PDK document controller (DC) of operation on server 342.DC 340 can establishment group 342, and which PDK key 344 is group 342 listed and be allowed to visit file in the concrete catalogue.The All Files that is stored in the catalogue of being controlled by DC 340 uses DC keeper's PDK key to encrypt automatically, thereby becomes the file that meets PDK.The All Files that described process will be stored among the DC 340 places unified encrypted format.

The user will obtain following steps to the request that the file that resides in the catalogue listed in the DC group 342 carries out at every turn.The RDC that is positioned at described request person's workstation 346 obtain from the information of described user's PDK key 344 and with described information transmission to DC 340.Described DC makes suitable visit become possibility subsequently, as the definition in the DC group database information.Particularly, DC 340 locatees described request person's PDK key 344 in the form of suitable groups.If DC 340 determines PDK keys 344 and is listed in the group 342 and organizes 342 and also listed and comprise the catalogue that described user wishes the file of visiting that then DC 340 knows that an effective PDK key 344 is used and granted access in described file request.Requested file is use and management person's PDK secret key decryption at first, uses described request person's key 344 to add again, is downloaded to described user's workstation 346 then.When using PDK, use process as hereinbefore from the Internet downloads digital media file.

Described network layer defencive function is designed to protect the publisher of individual or copyright material.The user can be by being that the form that meets PDK is protected it with any file conversion; Yet the security of document files may not wished to keep the key possessor infringement of described file integrality.Because; although a Microsoft Word file (as an example) can use the protected form storage that meets PDK, when described file is opened, can with the content shearing and paste the Another application program (as; an e-mail program) in, thereby make described protection invalid.Therefore, the purposes that is used for the file layers protection of document only is applicable to the recipient's (wishing the individual of the protection content that it had) through entrusting.Yet nondocument is not subjected to above-mentioned restriction.Described system can be fine in being applicable to the centralized data base of setting up security document, and described security document is intended to be distributed to the recipient through entrusting, as the personnel in a tame lawyer's office or the medical institutions.

Though the present invention is illustrated with reference to one or more specific embodiments those who familiarize themselves with the technology will understand, can make various modifications to the present invention, this does not deviate from the present invention's spirit and category.Can implement/utilize many improvement and variation, this type of improvement and variation can be widened the scope and the purposes of described PDK technology effectively.Described improvement and other embodiment are summarized as follows.

RDC is integrated in other memory storages.Present embodiment relates to RDC is integrated in other storing mechanisms outside the basic hard disk drive.Described storing mechanism comprises pure storing mechanism based on RAM/ROM, described pure storing mechanism based on RAM/ROM comprises/uses in following array apparatus: PDA, cell phone, printer, duplicating machine, facsimile recorder, scanner, MP3 player, gps system, digital camera, computer motherboard and DVR player, and portable memory, as memory stick, secure digital storage card or any similar products, in this case, RDC or be directly installed on the described device perhaps is integrated in the device that wherein is inserted with storage card/memory stick.

When using RDC by this way, the security of file layers and network layer is worked with the same way as with the hard disk drive of PDK described in the preamble.The security of actuator layer and sector layer is worked in the mode identical with the logic of hard disk drive, but the physical implementation scheme changes, so that control is used for providing the bus structure of communication path between described storing mechanism and its trustship device.For the PDK hard disk drive, by interrupting described communication path, sending signal, the effectively start/forbid that the mode of described device itself starts/forbid described storing mechanism of described storing mechanism " ready " or " doing " to the trustship device.Be to save battery, by this way the RDC of Shi Yonging only regularly (rather than reading or writing program) at every turn check whether the PDK key of being correlated with exists.Similar with the PDK hard disk drive, encrypt/decrypt was by the data of bus transfer, so that the standard sector layer data encoding function of PDK to be provided after sector layer security can optionally be used for before writing and read.

Identical when in the PDK hard disk drive, using, the security function of PDK for said apparatus provide identical facility, noiseless, wireless security is machine-processed.Described security mechanism can be in being stored in described device any data just in case once stolen, put no matter or even the situation of specially " forbidding " under it is protected; to prevent to sensitive content conduct interviews (that is preventing that, the minor from visiting adult file, website etc.).When not having relevant PDK key, the locked and forbidding of described device and storing mechanism thereof.

The dynamic management of PDK key is by utilizing the dynamic management of PDK key, and the user can give the PDK encryption key distribution RDC (be integrated in PDK hard disk drive or some other trustship device, or implement separately) (and need not carry out described distribution in producing).Described function realizes (rather than using the external software driver that described function is provided) by the internal firmware that required logic is included in described RDC.

By using this function, the user optionally distributes any PDK key with the master key (distributing to the first key of described device) as described RDC.Then, by using described master key initial " possessory " of described program (prove checking), described user can distribute to auxiliary key described PDK device (or remove from described PDK device).The principal advantages of described function comprises:

Zero individual who has described key can create spare key (store so as in the future just in case described master key retrieve when losing), make other users (personnel that have auxiliary key) also can visit its RDK device.

Zero can be chosen in not any PDK key when loading and transporting PDK-RDC (in any configuration, trustship device etc.).And the described device (as the PDK hard disk drive) that comprises above-mentioned RDC is optionally worked under the situation that all or part PDK technology never is activated or utilizes.For example, the user can select not start actuator layer and sector layer security function, but still uses the function of file layers and IP Security.

Zero makes optional the selecting of user buy a relevant PDK key in the future, perhaps importantly, one gives another device based on PDK the PDK encryption key distribution with what it had used.This makes the user can use list to provide its visit based on all devices of PDK the PDK key.

Described built-in (based on firmware) PDK cipher key configuration/management function has greatly strengthened the overall flexibility of PDK and the simplicity of setting/use.

Independently RDC configuration.Have many advantages in the hard disk drive although RDC is integrated into, RDC also can be independent of hard disk drive mechanism and exist.(define as preamble) in this configuration, the RDC physical circuit can the PC card, be inserted in PC expansion board in the Standard PC expansion slot, USB plate or can exist with the form of any other similar design of trustship device interface.

When using by this way, RDC provides all aforementioned functional except that basic hard disk drive access control.

Buffer zone refreshes and notifies software driver.This improvement relates to uses the simple software device driver to discern when outrange (by " observations " information from RDC) and when detect described state " reading " impact damper (remove described system effectively and may be cached at internal storage to accelerate any data of data access) to refresh (emptying) host computer system of PDK key, and show one indicate described PDK key in operating distance/simple information of outrange.Described optional mechanism can be used on any RDC configuration and any PDK protective device.

Each embodiment in the foregoing description and tangible change thereof all are covered by in the spirit and scope of claim, and described claim is listed in following claims.

Claims

1, a kind of system, it is used for starting the automatic checking of described personal digital key and being used for starting linking of described personal digital key and account based on described automatic checking based on the degree of approach of personal digital key, wherein said personal digital key can be associated with personnel, and described system comprises:

Personal digital key, it can be associated with personnel, and described personal digital key comprises its unique encrypted digital data, and its degree of approach based on described personal digital key and account's link system starts checking automatically; And

Account's link system based on the automatic checking of described personal digital key, described account's link system comprises the receiver/decoder circuit, when described personal digital key during near described receiver/decoder circuit, described account's link system can be verified described personal digital key automatically, and described thus personal digital key can be linked to the account and is associated with described account.

2, system according to claim 1, wherein said personal digital key and described receiver/decoder circuit can be verified each other.

3, system according to claim 1, wherein said personal digital key comprises the permanent safe unique identifier that can not be modified, upgrade or handle.

4, system according to claim 1, wherein said personal digital key arrives described receiver/decoder circuit with described unique encrypted digital data by safe transmission of radio links.

5, system according to claim 1, the described unique encrypted digital data in the wherein said personal digital key comprises the unique individual's digital cipher identifier that can not change.

6, system according to claim 1, wherein said receiver/decoder circuit comprises the unique identifier that can not change.

7, system according to claim 1, wherein said receiver/decoder circuit can detect, verify described personal digital key and communicate by letter safely with described personal digital key.

8, system according to claim 1, wherein said receiver/decoder circuit further can carry out encryption and decryption to content.

9, system according to claim 1 comprises data in the wherein said linked accounts, and described receiver/decoder circuit can be based on the data in the described linked accounts of automatic authentication-access of described personal digital key.

10, system according to claim 1, wherein said personal digital key can be regulated with the scope that starts account's link as required near described receiver/decoder circuit.

11, system according to claim 1, wherein said personal digital key comprises internal electric source.

12, system according to claim 1, wherein said system can provide one or more customize services for described linked accounts.

13, system according to claim 1, wherein said linked accounts is positioned near described receiver/decoder circuit place and being unlocked when it is verified at described personal digital key, and described linked accounts is shifted when keeping off described receiver/decoder circuit place by locking at described personal digital key.

14, system according to claim 2, wherein said personal digital key and described reader/decoder circuit comprise embedded enquirement-answer logic and cryptographic algorithm, to be used to starting described personal digital key and described receiver/decoder circuit is original, non-checking through authorization device of duplicating.

15, system according to claim 6, it further comprises slot machine or similar devices, and can be downloaded to the recreation of described slot machine, described slot machine comprises described receiver/decoder circuit, described linked accounts can by described system follow the tracks of about the recreation preference, and based on described recreation preference and the unique identifier that can not change by described receiver/decoder circuit, described system can encrypt described recreation and it be downloaded on the described slot machine.

16, system according to claim 8, wherein said receiver/decoder circuit can parallel detection, checking is many manyly communicates by letter personal digital key safely personal digital key and with described.

17, system according to claim 8; wherein said system comprises network; described network comprises server and device; each device comprises reader/decoder circuit; and wherein transaction data can be by network at described server and have between the described device of its relative recording device/demoder and flow; and the reader/decoder circuit in the described device can the described transaction data of encryption and decryption, thereby protects described transaction data.

18, system according to claim 12, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the gambling house property provides.

19, system according to claim 12, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the hotel property provides.

20, system according to claim 15, wherein said receiver/decoder circuit comprises the unique identifier that can not change, described system further comprises game server, described game server comprises the recreation that described game server can be encrypted, and the recreation that the receiver/decoder circuit in the wherein said slot machine can accept to have used the unique identifier of described reader/decoder circuit to encrypt as encryption key from described game server, and wherein said receiver/decoder circuit can be decrypted to play on described slot machine described recreation.

21, system according to claim 17, described receiver/decoder circuit in the wherein said slot machine can be encrypted the transaction data that is sent to described slot machine, and can be decrypted described transaction data when the approaching described slot machine of described personal digital key.

22, system according to claim 18, wherein said gambling house property customize services comprise the quantity of following the tracks of the personal digital key that approaches the receiver/decoder circuit.

23, a kind of degree of approach based on personal digital key starts the automatic checking of described personal digital key and is used for combining with the system that comprises personal digital key and described personal digital key is linked to account's method based on described automatic checking, wherein said personal digital key can be associated with personnel, and described system comprises the personal digital key that can be associated with personnel and based on account's link system of the automatic checking of described personal digital key, described personal digital key comprises the encrypted digital data that it is unique, and it approaches account's link system and starts automatic checking based on described personal digital key, described account's link system comprises the receiver/decoder circuit, described receiver/decoder circuit can be verified described personal digital key automatically when described personal digital key approaches described receiver/decoder circuit, and described thus personal digital key can be linked to the account and be associated with described account, and wherein said method comprises:

Locate near the described personal digital key of described receiver/decoder circuit;

When described personal digital key during, verify described personal digital key automatically near described receiver/decoder circuit; And

In case after verifying described personal digital key automatically, make described personal digital key can be linked to the account and be associated with described account.

24, method according to claim 23, wherein said personal digital key and described receiver/decoder circuit can verify each other, and the automatic checking in the wherein said method further comprises by the described personal digital key of described receiver/decoder Circuit verification and verifies described receiver/decoder circuit by described personal digital key.

25, method according to claim 23, wherein said personal digital key comprise the permanent safe unique identifier that can not be modified, upgrade or handle, and wherein said method further comprises described permanent safe unique identifier is provided.

26, method according to claim 23, wherein said personal digital key is transferred to described receiver/decoder circuit by the Radio Link of safety with described unique encrypted digital data, and described unique encrypted digital data that wherein said method further comprises described personal digital key is wirelessly linked to described receiver/decoder circuit safely.

27, method according to claim 23, described unique encrypted digital data in the wherein said personal digital key comprises the unique individual's digital cipher identifier that can not change, and the automatic checking in the wherein said method further comprises based on the described unique individual's digital cipher identifier that can not change in the described personal digital key and verifying automatically.

28, method according to claim 23, wherein said receiver/decoder circuit comprises the unique identifier that can not change, and the automatic checking in the wherein said method comprises that further the unique identifier that can not change is incorporated in the described receiver/decoder circuit.

29, method according to claim 23, wherein said receiver/decoder circuit can detect, verify described personal digital key and communicate by letter safely with described personal digital key, and the automatic checking in the wherein said method further comprises by described receiver/decoder electric circuit inspection, the described personal digital key of checking and with described personal digital key and communicating by letter safely.

30, method according to claim 23, wherein said receiver/decoder circuit further can the encryption and decryption contents, and wherein said method further comprises by described receiver/decoder circuit encryption and decryption content.

31, method according to claim 23, comprise data in the wherein said linked accounts, and described receiver/decoder circuit can be based on the data in the described linked accounts of automatic authentication-access of described personal digital key, in case and wherein said method further comprise and verify automatically behind the described personal digital key by described receiver/decoder circuit and visit data in the described linked accounts.

32, method according to claim 23, wherein said personal digital key can be regulated with the scope that starts account's link as required near described receiver/decoder circuit, and wherein said method further comprises and regulates described scope as required.

33, method according to claim 23, wherein said personal digital key comprises internal electric source, and wherein said method comprises that further the described internal electric source of use is to described personal digital key power supply.

34, method according to claim 23, wherein said system can provide one or more customize services for described linked accounts, and wherein said method further is included as described linked accounts one or more customize services are provided.

35, method according to claim 23, wherein said linked accounts is positioned at described personal digital key and is unlocked when approaching described receiver/decoder circuit place, and described linked accounts is positioned at when keeping off in described receiver/decoder circuit place by locking at described personal digital key, and wherein said method further is included in described personal digital key and is positioned at the described linked accounts of release when approaching described receiver/decoder circuit place; And be positioned at the described linked accounts of locking when keeping off in described receiver/decoder circuit place at described personal digital key.

36, method according to claim 23, wherein said personal digital key and described reader/decoder circuit comprise embedded enquirement-answer logic and cryptographic algorithm, with the checking that to be used to start described personal digital key and described receiver/decoder circuit be original, the non-authorization device that duplicates, and wherein said method further comprises the described personal digital key of checking and described receiver/decoder circuit is original, the non-authorization device that duplicates.

37, method according to claim 29, it further comprises slot machine or similar devices, and the recreation that can be downloaded to described slot machine, described slot machine comprises described receiver/decoder circuit, described linked accounts can be by the preference of system keeps track about recreation, and based on described recreation preference and the unique identifier that can not change by described receiver/decoder circuit, described system can encrypt described recreation and download to described slot machine, and wherein said method further comprises and makes described system described slot machine can be encrypted and be downloaded to described recreation.

38, method according to claim 30, wherein said receiver/decoder circuit can parallel detection, checking is many manyly communicates by letter personal digital key safely personal digital key and with described, and wherein said method further comprise make described receiver/decoder circuit can parallel detection, verify and manyly many personal digital key communicated by letter safely personal digital key and with described.

39; method according to claim 35; wherein said system comprises network; described network comprises server and device; each device includes the receiver/decoder circuit; and wherein transaction data can flow between described server and the described device that has its related receiver/decoder by network; and the receiver/decoder circuit in the described device can the described transaction data of encryption and decryption protecting described transaction data, and wherein said method further comprises by described receiver/decoder circuit described transaction data to be encrypted and protects described transaction data.

40, method according to claim 35, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the gambling house property provides, and wherein said method further is included as the gambling house property one or more customize services are provided.

41, method according to claim 34, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the hotel property provides, and wherein said method further is included as the hotel property one or more customize services are provided.

42, method according to claim 36, wherein said receiver/decoder circuit comprises the unique identifier that can not change, described system further comprises game server, described game server comprises the recreation that described game server can be encrypted, and the recreation that the described receiver/decoder circuit in the wherein said slot machine can accept to have used the unique identifier of described receiver/decoder circuit to encrypt as encryption key from described game server, and wherein said receiver/decoder circuit can be decrypted playing on described slot machine described recreation, and wherein said method further comprises by described receiver/decoder circuit start the deciphering of described recreation to play on described slot machine.

43, method according to claim 34, described receiver/decoder circuit in the wherein said slot machine can be encrypted the described transaction data that is transferred to described slot machine, can described transaction data being decrypted when the described slot machine when described personal digital key, and wherein said method further comprises when the approaching described slot machine of described personal digital key described transaction data is decrypted.

44, according to the described method of claim 39, wherein said gambling house property customize services comprises follows the tracks of the quantity that is positioned at the personal digital key that approaches receiver/decoder circuit place, and wherein said method further comprises the quantity that tracking is positioned at the personal digital key that approaches receiver/decoder circuit place.

45, a kind of system, it comprises personal digital key and computer-readable media, after described personal digital key being verified by described reader/decoder circuit, can be by the described computer-readable media of described reader/decoder accesses.

46, according to the described system of claim 45, it further comprises the receiver/decoder circuit, and wherein said personal digital key is tangible object, can carry out radio communication with described receiver/decoder circuit.

47, according to the described system of claim 45, wherein said personal digital key is tangible object.

48, according to the described system of claim 46, it further comprises the computing machine that has computer hard disc driver, and wherein said receiver/decoder circuit is positioned at described computer hard disc driver.

49, according to the described system of claim 47, wherein said receiver/decoder circuit and described computing machine are integrated.

50, according to the described system of claim 47, wherein said computing machine further comprises the receiver/decoder circuit card.

51, according to the described system of claim 47, it further comprises database, and wherein said database comprises account identifier and personal digital key identifier.

52, according to the described system of claim 47, wherein the described unique identifier that is transferred to the receiver/decoder circuit of described computing machine by described personal digital key is verified by the personal digital key data that the receiver/decoder circuit utilization of described computing machine is stored in the described database.

53, a kind of method of protecting computer-readable media to exempt from unauthorized access, it comprises:

Provide tangible personal digital key to the user, wherein said personal digital key comprises can be by the unique identifying information of receiver/decoder circuit as key, make described receiver/decoder circuit described medium can be associated with described personal digital key, thus described medium of encryption and decryption as required; And,

If, then verified described user and the described personal digital key that is associated from described personal digital key information transmitted and the recognition data coupling that before provided or stored.

54, according to the described method of claim 53, wherein described recognition data is linked to credit card or other accounts, could use described account number so that have only when the described personal digital key that is associated exists.

55, according to the described method of claim 53, wherein said personal digital key is by the described unique information of transmission of radio links of safety.