CN101223549A - Digital application operating according to aggregation of plurality of licenses - Google Patents

Digital application operating according to aggregation of plurality of licenses Download PDF

Info

Publication number
CN101223549A
CN101223549A CNA2006800255396A CN200680025539A CN101223549A CN 101223549 A CN101223549 A CN 101223549A CN A2006800255396 A CNA2006800255396 A CN A2006800255396A CN 200680025539 A CN200680025539 A CN 200680025539A CN 101223549 A CN101223549 A CN 101223549A
Authority
CN
China
Prior art keywords
license
licence
additional
attribute
father
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006800255396A
Other languages
Chinese (zh)
Inventor
N·张
R·S·艾泽霍夫
W-P·S·苏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101223549A publication Critical patent/CN101223549A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A plurality of digital licenses correspond to a piece of content, including a base license and at least one add-on license. Each add-on license includes a reference to the base license, and each of the base license and each add-on license sets forth rules specifying how the content may be employed. Each add-on license is identified by way of the reference therein to the base license, and the rules in the base license and in each identified add-on license are aggregated into an aggregated set of rules that is evaluated to determine if such aggregated set of rules allows employing the content in a particular manner.

Description

The digital application of operating according to the gathering of a plurality of licences
The cross reference of related application
The application requires the U.S. Provisional Patent Application the 60/699th that is entitled as " HIERARCHY AND EVALUATIONOF ADD-ON LICENSES " (hierarchy of additional license and assessment) of submission on July 14th, 2005, No. 143 right of priority, this application are quoted by integral body and are incorporated into this.
Technical field
The present invention relates to according to the digital application of the authority of statement in the digital license etc. and condition operation on computing equipment etc. etc.More specifically, the present invention relates to be assembled so that in fact form a plurality of such licence of application program according to the superset of its rule of operating and authority.
Background of invention
Rights management and enforcement are for being highly to need for digital contents such as digital application, and wherein this digital application will be distributed to one or more users.Typically distribution mode comprises such as magnetic (soft) dish, tape, light (compacting) dish tangible equipment such as (CD), and such as invisible media such as BBBS (Bulletin Board System)BS, electric network, the Internets.After being received on its computing equipment by the user, this user can activate this application program under the help of the proper handling system on the computing equipment.
Usually, the author of application program and/or publisher wish this application program is distributed to a plurality of users or recipient each with the cross license expense or certain other consider item.Therefore, in this case, application program can be word-processing application, spreadsheet applications, browser application, game application, media player application program, its combination or the like.This author/publisher or other similar entity (hereinafter referred to as " publisher ") may wish to limit the action that each user can do the application program of this issue after having a chance or opportunity.For example, the publisher may wish limited subscriber at least with deny the publisher from the mode of second user's licence fee with this application copy be distributed to this second user again.
Yet, after issue has taken place,, also have only few any true control even this publisher's application programs has.This especially is a problem in view of the following fact: in fact everyone computing machine all comprise the precise figures copy of making this application program and with this precise figures copy download to can write disk or CD or with this precise figures copy by send to the required software and hardware in any destination such as networks such as the Internets.
Certainly, as the part of the transaction of distribution applications, the publisher may require user/recipient of application program to promise to undertake can not distribute this application program again in any unwelcome mode.Yet this promise is made easily and is easy to and runs counter to.The publisher may attempt to stop this distribution again by in the some known safe equipment that are usually directed to encryption and decryption any.Yet this few user who stops appropriateness to be determined deciphers the encrypted applications program, this application program is preserved with the unencryption form and then distributes this application program.
Before provided rights management (RM) and enforcement architecture and method to allow the controlled operation to the digital application of arbitrary form, wherein this control is flexibly, and can be defined by the publisher of this application program.Usually, provide a digital license to come operating application program, wherein application program can not start with meaningful ways under the situation of this licence not having.For example, situation can be that at least a portion of application program is encrypted, and licence comprises the decruption key that is used to decipher this encryption section.In addition, situation can be that licence is bound to user or its computing equipment, and this computing equipment comprises the security feature of guaranteeing in accordance with the clause of licence.
This digital license generally includes one a group of authority and a condition that fits on the computing equipment the use of corresponding application programs.Thus, each licence has been stated the strategy of authorizing the specified permission of appointed function.Therefore, adopt digital license, the publisher can come to provide different rights about application program to the user by different licences corresponding to different rights are provided.For example, the publisher may wish to provide with higher price the full feature version of application program, and provides basic version with lower price.Equally, the publisher may be desirable to provide version with first specific feature and not this feature version, have the version of the second specific feature and not this feature version, have the version of the 3rd specific feature and the version or the like of this feature not.
Yet, note, in the prior art, because every kind of variation of the authority in the application program all needs fully independently licence, therefore because the number of the combination in any of these authorities is easy to be tens, hundreds of and several thousand, and each authority combination arbitrarily all needs independent a kind of licence, is a difficult problem so provide the combination in any of authority to the user.For example, the publisher who is desirable to provide and has five two-state authorities the application program of (for example, the authority that exists or lack) must prepare 5 powers of 2, i.e. 32 kinds of dissimilar licences.Equally, the publisher who is desirable to provide and has four two-state authorities and two three condition authorities the application program of (for example exist, the limited or authority that lacks) must prepare 4 powers of 2 multiply by 2 powers of 3, i.e. 144 kinds of dissimilar licences.
Therefore, should be appreciated that the complexity of variation of application program is big more, the number of the dissimilar licence that is caused is also big more.Yet, importantly, for the publisher of this application program, provide, even may be that the licence of about ten or 30 the order of magnitude can not be unusual difficulty yet than finite population polymorphic type more.In brief, provide every type licence will require the publisher to safeguard each type, be included in case of necessity renewal and modification, and this maintenance is easy to become too a large amount of tasks along with the increase of number of types.
Therefore, existing the publisher of application programs etc. to wait can come to wait the method that any authority combination is provided and the demand of mechanism to user by the digital permission scheme, wherein minimize the number of the dissimilar licences of representing these authorities.Particularly, existence represented by the independent digital license that is used for this application program specified permission or bundle of permissions about application program, and the user obtains one or more in these licences and correspondingly obtains authority or this method of bundle of permissions and the demand of mechanism represented by its collective.As a result, minimized the number of the dissimilar licence that is used for application program.
Summary of the invention
The demand is satisfied by the present invention at least in part, in the present invention, provides a kind of method that adopts a piece of digital content with ad hoc fashion on computing equipment.In the method, obtain a plurality of digital licenses corresponding to this content, wherein these a plurality of licences comprise a base license and at least one additional license.Comprise in each additional license the quoting of this base license, and in base license and each additional license each has been stated and has been specified the rule that how can adopt content.
Sign base license, and by wherein quoting of base license being identified each additional license, and the rule in the additional license of base license and each sign is converged into one and assembles rule set.Assess this gathering rule set then determining whether this gatherings rule set allows with ad hoc fashion employing content, and if this gathering rule set allow then adopt this content.
The accompanying drawing summary
When read in conjunction with the accompanying drawings, can understand the detailed description of above general introduction and following various embodiments of the present invention better.For diagram purpose of the present invention, currently preferred embodiments have been shown in the accompanying drawing.Yet, should be appreciated that accurate arrangement and the means shown in the invention is not restricted to.In the accompanying drawing:
Fig. 1 is a block diagram of representing wherein can realize exemplary unrestricted computing environment of the present invention;
Fig. 2 is that expression has the block diagram that wherein can realize the example network environment of various computing equipments of the present invention;
Fig. 3 illustrates the block diagram based on the enforcement architecture of an example of the system that trusts that comprises digital license according to an embodiment of the invention;
Fig. 4 is the block diagram that the licence hierarchies such as licence such as Fig. 3 according to an embodiment of the invention are shown, and wherein this hierarchy comprises base license and additional license; And
Fig. 5 is the process flow diagram of the committed step carried out when state in each licence of the hierarchy of assembling Fig. 4 regular according to an embodiment of the invention is shown.
Detailed Description Of The Invention
Computer environment
Fig. 1 and following discussion aim to provide wherein realizing the brief, general description of suitable computing environment of the present invention.Yet, should be appreciated that the hand-held of having conceived all kinds, portable and other computing equipment use in conjunction with the present invention.Although below described multi-purpose computer, this only is an example, and the present invention only need have network server interoperability and mutual thin client.Thus, the present invention can have been contained the environment of hosted service of the networking of few or minimum client resource therein, and for example wherein client devices is only realized as browser or in the networked environment of the interface of WWW.
Although it is and non-required, but the present invention can use via the developer, and/or the application programming interface (API) that is included in the Web-browsing software realizes that this Web-browsing software will be described in such as general contexts by the computer executable instructions of one or more computing machines execution such as client workstation, server or miscellaneous equipment etc. such as program modules.Generally speaking, program module comprises the routine carrying out specific task or realize specific abstract data type, program, object, assembly, data structure or the like.Usually, the function of program module can be as make up among each embodiment or distribute requiredly.In addition, those skilled in the art will appreciate that the present invention can implement with other computer system configurations.Be applicable to that other well-known computing system of the present invention, environment and/or configuration include but not limited to personal computer (PC), Automatic Teller Machine, server computer, hand-held or laptop devices, multicomputer system, the system based on microprocessor, programmable consumer electronics, network PC, minicomputer, mainframe computer or the like.The present invention also therein task by implementing in the distributed computing environment of carrying out by the teleprocessing equipment of communication network or other data transmission media link.In distributed computing environment, program module can be arranged in the local and remote computer-readable storage medium that comprises memory storage device.
Therefore, Fig. 1 shows an example that wherein can realize suitable computingasystem environment 100 of the present invention, although as mentioned above, computingasystem environment 100 only is an example of suitable computing environment, is not that usable range of the present invention or function are proposed any limitation.Computing environment 100 should be interpreted as the arbitrary assembly shown in the exemplary operation environment 100 or its combination are had any dependence or demand yet.
With reference to figure 1, be used to realize that example system of the present invention comprises the universal computing device of computing machine 110 forms.The assembly of computing machine 110 can include but not limited to, processing unit 120, system storage 130 and will comprise that the sorts of systems assembly of system storage is coupled to the system bus 121 of processing unit 120.System bus 121 can be some kinds bus-structured any, any the local bus that comprises memory bus or Memory Controller, peripheral bus and use all kinds of bus architectures.As example but not limitation, this class architecture comprises ISA(Industry Standard Architecture) bus, MCA (MCA) bus, strengthens ISA (EISA) bus, Video Electronics Standards Association's (VESA) local bus and peripheral component interconnect (pci) bus (being also referred to as backboard (Mezzanine) bus).
Computing machine 110 generally includes various computer-readable mediums.Computer-readable medium can be can be by arbitrary usable medium of computing machine 110 visit, comprises volatibility and non-volatile media, removable and removable medium not.As example but not the limitation, computer-readable medium comprises computer-readable storage medium and communication media.Computer-readable storage medium comprises the volatibility that realizes with arbitrary method or the technology that is used to store such as information such as computer-readable instruction, data structure, program module or other data and non-volatile, removable and removable medium not.Computer-readable storage medium includes but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic holder, tape, disk storage or other magnetic storage apparatus, maybe can be used for storing desired information and can be by arbitrary other medium of computing machine 110 visits.Communication media is embodied as usually such as computer-readable instruction, data structure, program module or other data in the modulated message signal such as carrier wave or other transmission mechanism, and comprises arbitrary information-delivery media.Term " modulated message signal " refers to be provided with or change in the mode that the information in the signal is encoded the signal of its one or more features.As example but not limitation, communication media comprises wire medium, as cable network or directly line connect, and wireless medium is as acoustics, RF, infrared and other wireless medium.Above-mentioned arbitrary combination also should be included within the scope of computer-readable medium.
System storage 130 comprises the computer-readable storage medium of volatibility and/or nonvolatile memory form, as ROM (read-only memory) (ROM) 131 and random-access memory (ram) 132.Basic input/output 133 (BIOS) comprises that it is stored among the ROM 131 usually as help the basic routine of transmission information between the element in computing machine 110 when starting.RAM 132 comprises addressable immediately and/or current data of operating of processing unit 120 and/or program module usually.As example but not the limitation, Fig. 1 shows operating system 134, application program 135, other program module 136 and routine data 137.
Computing machine 110 also can comprise other removable/not removable, volatile/nonvolatile computer storage media.Only make example, Fig. 1 shows the hard disk drive 141 that not removable, non-volatile magnetic medium is read and write, to the disc driver 151 removable, that non-volatile magnetic disk 152 is read and write, and to removable, non-volatile CD 156, the CD drive of reading and writing as CD ROM or other light medium 155.Other that can use in the exemplary operation environment be removable/and not removable, volatile/nonvolatile computer storage media includes but not limited to tape cassete, flash card, digital versatile disc, digital recording band, solid-state RAM, solid-state ROM or the like.Hard disk drive 141 passes through not removable memory interface usually, is connected to system bus 121 as interface 140, and disc driver 151 and CD drive 155 are connected to system bus 121 usually by the removable memory interfaces as interface 150.
Driver also shown in Figure 1 and related computer-readable storage medium thereof above are discussed provides the storage of computer-readable instruction, data structure, program module and other data for computing machine 110.For example, in Fig. 1, hard disk drive 141 store operation systems 144, application program 145, other program module 146 and routine data 147 are shown.Notice that these assemblies can be identical with routine data 137 with operating system 134, application program 135, other program module 136, also can be different with them.Here give different labels to operating system 144, application program 145, other program module 146 and routine data 147 and illustrate that they are different copies at least.The user can pass through input equipment, as keyboard 162 and pointing device 161 (being often referred to mouse, tracking ball or touch pads) to computing machine 110 input commands and information.Other input equipment (not shown) can comprise microphone, operating rod, game mat, satellite dish, scanner or the like.These and other input equipment is connected to processing unit 120 by the user's input interface 160 that is coupled to system bus 121 usually, but also can be connected with bus structure by other interface, as parallel port, game port or USB (universal serial bus) (USB).
The display device of monitor 191 or other type also by interface, is connected to system bus 121 as video interface 190.Also can be connected to system bus 121 such as north bridge (Northbridge) figures interface 182.North bridge is the chipset of communicating by letter with CPU or host process unit 120, and has born the responsibility of Accelerated Graphics Port (AGP) communication.One or more Graphics Processing Unit (GPU) 184 can be communicated by letter with graphic interface 182.In this, GPU 184 generally comprises such as on-chip memory storage such as register-stored, and GPU 184 communicates by letter with video memory 186.Yet GPU 184 only is an example of coprocessor, and therefore can comprise various associations treatment facility in the computing machine 110.The display device of monitor 191 or other type also by interface, be connected to system bus 121 as video interface 190, and video interface 190 is communicated by letter with video memory 186.Except that monitor 191, computing machine also can comprise other peripheral output device, and as loudspeaker 197 and printer 196, they connect by output peripheral interface 195.
Computing machine 110 can use one or more remote computers, is connected in the networked environment as the logic of remote computer 180 and operates.Remote computer 180 can be personal computer, server, router, network PC, peer device or other common network node, and generally include many or all are with respect to computing machine 110 described elements, although only show memory storage device 181 in Fig. 1.The logic that Fig. 1 describes connects and comprises Local Area Network 171 and wide area network (WAN) 173, but also can comprise other network.This class network environment is common in office, enterprise-wide. computer networks, Intranet and the Internet.
When using in the lan network environment, computing machine 110 is connected to LAN 171 by network interface or adapter 170.When using in the WAN network environment, computing machine 110 generally includes modulator-demodular unit 172 or is used for by WAN 173, sets up other device of communication as the Internet.Modulator-demodular unit 172 can be internal or external, and it is connected to system bus 121 by user's input interface 160 or other suitable mechanism.In networked environment, can be stored in the remote memory storage device with respect to computing machine 110 described program modules or its part.As example but not the limitation, Fig. 1 illustrates remote application 185 and resides on the memory devices 181.Be appreciated that it is exemplary that the network that illustrates connects, and also can use other means of setting up communication link between computing machine.
Persons of ordinary skill in the art may appreciate that the part that computing machine 110 or other client devices can be used as computer network disposes.In this, the present invention relates to have the storer of any amount or storage unit and the application program of any amount that on the storage unit of any amount or volume, takes place and any computer system of process.The present invention can be applicable to have the server computer that is deployed in the network environment with long-range or local storage and the environment of client computers.The present invention also can be applicable to have the independent computing equipment of programming language function, explanation and executive capability.
Distributed Calculation is convenient to share computer resource and service by the direct exchange between computing equipment and the system.These resources and service comprise the disk storage of message exchange, cache stores and file.Distributed Calculation has been utilized the network connection, is of value to whole enterprise thereby allow client computer to make full use of its collective ability.In this, various device can have application program, object or the resource to contain the authentication techniques of the present invention that are used for the trusted graphical streamline alternately.
Fig. 2 provides the synoptic diagram of exemplary networked or distributed computing environment.Distributed computing environment comprises calculating object 10a, 10b etc., and calculating object or equipment 110a, 110b, 110c etc.These objects can comprise program, method, data storage, FPGA (Field Programmable Gate Array) or the like.These objects can comprise the each several part such as the identical or different equipment of PDA, televisor, MP3 player, televisor, personal computer etc.Each object can be by communication network 14 and another object communication.This network itself can comprise that the system to Fig. 2 provides other calculating object and the computing equipment of service.According to an aspect of the present invention, each object 10 or 110 can comprise the application program of the authentication techniques of the present invention that can ask to be used for the trusted graphical streamline.
Be appreciated that such as objects such as 110c can main memory on another computing equipment 10 or 110.Thus, although described physical environment can be shown computing machine with the equipment that connects, yet this explanation only is exemplary, and this physical environment is replacedly described or is described as to be comprised such as various digital devices such as PDA, televisor, MP3 players, such as the software object of interface, com object etc.
System, assembly and network configuration that various support distributed computing environment are arranged.For example, computing system can link together by wired or wireless system, LAN (Local Area Network) or the network that extensively distributes.Current, many network coupled are to the Internet, and the latter is provide the foundation structure and comprise many different networks of the calculating that extensively distributes.
In home network environment, at least four complete different Network Transmission medium are arranged, its each can support a kind of unique agreement, these medium such as line of electric force, data (wireless and wired), voice (as, phone) and entertainment medium.But be connected with most of families opertaing device electrification lines such as electric equipments such as light switch.Data, services can pass through the broadband (as, DSL or cable modem) enter family, and can use within the family wireless (as, HomeRF or 802.11B) or wired (as, the PNA of family, Cat 5 or even line of electric force) connect and to visit.Voice telephone traffic can by wired (as, Cat 3) or wireless (as, cell phone) enter family, and can use Cat 3 lines to distribute in the family.Entertainment medium can be via satellite or cable enter family, and use concentric cable to distribute usually in the family.IEEE 1394 and DVI also appear in one's mind as be used for that media device troops digital interconnected.Can be used as all these network environments and other environment that consensus standard appears in one's mind can be by the interconnected Intranet that can be connected to the external world by the Internet that forms.In brief, exist various complete different sources to be used for the storage and the transmission of data, and therefore advance, computing equipment need be walked the mode in all part place protection contents of data processing streamline.
The Internet is often referred to the network of use ICP/IP protocol external member and the set of gateway, and this agreement is known in the computer networking field.TCP/IP is the abbreviation of " transmission control protocol/Internet protocol ".The Internet can be described to by the system that carries out the remote computer network that distributes on the geography of permission user by the computer interconnection of the networking protocol of network interaction and shared information.Because the information sharing that this class extensively distributes develops into a kind of open system so far such as telecommunication networks such as the Internets, the developer can be designed for the application program of carrying out dedicated operations or service to this open system, in itself without limits.
Thus, network infrastructure has been enabled such as a large amount of network topology such as client/server, equity or hybrid architecture." client computer " be to use it incoherent another kind of or the class of service of group or the member of group.Thus, when calculating, client computer is a process, that is, and and the instruction or the task of the service that to be one group of request roughly provided by another program.Client process is used institute's requested service, and need not " knowing " any operational detail about other program or service itself.In client/server architecture, especially in the networked system, client computer is normally visited by another computing machine, the computing machine of the shared network resource that provides as server.In the example of Fig. 2, computing machine 110a, 110b etc. can be considered to client computer, and computing machine 10a, 10b etc. can be considered to server, wherein maintenances such as server 10a, the 10b data of duplicating in client computers 110a, 110b etc. subsequently.
Server normally can pass through telecommunication network, as the remote computer system of access to the Internet.Client process can be movable in first computer system, and server processes can be movable in second computer system, they communicate with one another by communication media, distributed function is provided thus and has allowed a plurality of client computer to utilize the information gathering ability of server.
Client-server can use the function that is provided by protocol layer to communicate with one another.For example, HTTP(Hypertext Transport Protocol) is a kind of common agreement in conjunction with the world wide web (www) use.Usually, the computer network address as URL(uniform resource locator) (URL) or Internet protocol (IP) address, can be used for identification server or client computers each other.The network address can be called as the URL(uniform resource locator) address.For example, communication can provide on communication media.Particularly, client-server can connect coupled to each other to carry out high performance communication via TCP/IP.
Thus, Fig. 2 shows and wherein can adopt exemplary networked or the distributed environment that has by network/bus and client computers server in communication of the present invention.In more detail, according to the present invention, a plurality of server 10a, 10b etc. are via communications network/bus 14 interconnection, communications network/bus 14 can be LAN, WAN, Intranet, the Internet etc., it has a plurality of client computer or remote computing device 110a, 110b, 110c, 110d, 110e etc., as portable computer, handheld computer, thin client, networked devices or miscellaneous equipment, as VCR, TV, baking box, lamp, well heater or the like.Thus, conception the present invention can be applicable to any computing equipment, and expectation is handled, stored in conjunction with these equipment or presents Security Object from trusted sources.
For example, communications network/bus 14 is in the Internet environment therein, and server 10 can be client computer 110a, 110b, 110c, 110d, 110e etc. by such as any the web server that communicates with in the multiple known protocols such as HTTP.Server 10 also can be used as client computer 110, and this can be the feature of distributed computing environment.Communication can be wired or wireless in due course.Client devices 110 can pass through or not communicate by letter by communications network/bus 14, and can have the independent communication that is associated with it.For example, under the situation of TV or VCR, can be with or without the networked aspect of its control.Each client computers 110 and server computer 10 can possess various application program modules or object 135, and have connection or a visit to various types of memory elements or object, but store files on these memory elements or object perhaps can be to the each several part of its download or migrated file.Thus, the present invention can be used to have addressable computer network/bus 14 or client computer 110a, the 110b etc. mutual with it, and can with mutual server computer 10a, 10b etc. such as client computers 110a, 110b, and in the computer network environment of other similar equipment 111 and database 20.
Rights management (RM) summary
As is known, and with reference now to Fig. 3, rights management (RM) and to implement be needs highly for the digital application 32 that will be distributed to the user or other content 32 for.After the user received, this user is instantiation application program 32 under the help of suitable computing equipment 34 grades.
Usually, distribute the action that the application author of this digital application 32 or publisher (hereinafter referred to as " publisher ") 44 wish that limited subscriber can be done the application program 32 of this distribution.For example, publisher 44 may wish that limited subscriber duplicates this application program 32 and be distributed to second user again, maybe may wish to allow the application program 32 of being distributed only to be activated limited number of times or only start specific T.T., only on the machine of particular type, start, only start in presenting on the platform of particular type, only the user by particular type starts or the like.
Yet, after distribution has taken place,, also have only minimum control even these publisher's 44 application programs 32 have.Therefore, RM system 40 allows the controlled starting of application programs 32, and wherein this control is flexibly, and can be by publisher's 44 definition of this application program 32.Usually, application program 32 is distributed to the user to wrap 33 form by any suitable distribution channel.The bag of being distributed 33 can comprise with symmetric encryption/decryption key (KD) encrypted applications program 32 or its part (that is, (KD (AP))), and identification application 32, how to obtain the out of Memory of the licence that is used for this application program 32 etc.
Allow the publisher of application program 32 or Another Application program to specify in the rule that allows this application program 32 before starting on user's the computing equipment 34, must satisfy based on the RM system 30 that trusts.This license rules for example can comprise above-mentioned time requirement and/or number of times requirement or the like, and can state the authority that the user is had for application program 32, such as the ability of printing or duplicating and/or use the ability or the like of the special characteristic of application program 32.In any case, these rules can be comprised in user/user's computing equipment 34 (these terms are used interchangeably, and removing non-ambient has other requirement) and must act on behalf of the digital license or use document (hereinafter referred to as " licence ") 36 that obtains from publisher or its.This licence 36 also comprises the decruption key (KD) of the encryption section that is used for decryption application 32, and this part may be according to being encrypted by the key that user's computing equipment 34 is deciphered.As seeing from Fig. 3, this encryption key can be the PKI (PU-BB) of user's computing equipment 34, and can suppose that user's computing equipment 34 has the respective private keys (PR-BB) that can be used for deciphering (PU-BB (KD)).
The publisher 44 trusted users' of application program 32 computing equipment 34 will be in accordance with the rule by this publisher 44 appointment in licence 36, promptly, unless satisfied the rule in the licence 36, otherwise application program 32 can not be activated, and only permit the user and adopt the authority described in the rule.Therefore, preferably, provide a trusted component or mechanism 38 to user's computing equipment 34, it can not start application program 32 except according to the license rules that is comprised in the licence 36 that be associated with application program 32 and that obtained by the user.
Trusted component 38 has license evaluation device 40 usually, it determines whether licence 36 is effective, check the license rules in this valid license 36, and determine to make requesting users based on the license rules of being checked and whether have authority that starts corresponding application 32 in the mode of looking for etc.Be to be understood that, license evaluation device 40 is believable in RM system 30, realizing the publisher's 44 of application program 32 hope according to the rule in the licence 36, no matter and the user should be able to be for being not that malice or other any purpose are changed these trusted element easily.
Be to be understood that, rule in the licence 36 can come designated user whether to have the authority that starts application program 32 based in some factors any, these factors comprise whom the user is, the user wherein, the user uses the computing equipment 34 of what type, what operating system calling RM system 30, date, time etc.In addition, the rule of licence 36 can be limited to licence 36 for example the startup or the predetermined running time of pre-determined number.Thus, trusted component 38 may need the clock 42 on the reference calculation equipment 34.
Rule can be specified in licence 36 according to any suitable language and sentence structure.For example, the attribute and the value (for example, DATE (date) must be later than X) that must satisfy can be specified simply in language, or must rooting carry out (for example, IF DATE is greater than X, THEN DO...) according to the function of specifying script.
Determine that at license evaluation device 40 licences 36 effectively and after the user satisfies wherein rule, can start application program 32 or its relevant portion.Particularly, for starting application program 32, obtain decruption keys (KD) from licence 36, and be applied to from (KD (AP)) of bag 33 obtaining real-life program 32, and in fact start real-life program 32 then in the mode described in the licence 36.
As mentioned above, in fact licence 36 with (PU-BB (KD)) authorizes the entities access (KD) that has (PR-BB), and visit thus according to this (KD) encrypted applications program 32, will suppose that certainly this entity is in accordance with all conditions described in the licence 36.Yet, should be appreciated that the licence 36 that in RM system 30, can have other type.
For example, be appreciated that in a kind of situation that the publisher 44 of application program 32 can authorize one or more specific licenc e issuer 46 to provide the licence 36 that is used for application program 32 by the license issuance person 46 with issue licence 36p is provided.Be appreciated that this issue licence 36p is similar to licence 36, this shows that this issue licence 36p comprises the decruption key (KD) that is used to decipher herein according to PKI (PU-BB) the encrypted applications program 32 of licence 46 equally.Equally, issue licence 36p comprises the rule that is used for rendering content 32 equally.Yet herein, these rules will be inserted in the licence of being provided by license issuance person 46 36, and are not to be specially adapted to this license issuance person 46.
Yet, notice that in fact the 36p that issues license can comprise the actual license issuance person's of being adapted to 46 Else Rule.Therefore, license issuance person 46 should comprise a trusted component 38 with license evaluation device 40 in the mode of the computing equipment 34 that is similar to the user.Importantly, (hereinafter referred to as " licences 36 ") such as every type the licence 36 that is provided, 36p generally includes the digital signature that is used for the authentication/validation purpose, and each digital signature was confirmed by trusted component 38 before cashing licence 36.Certainly, if any affirmation failure, then this process finishes and dishonour licence 36.
In the licence 36 of independent type, assemble authority
As mentioned above, publisher 44 may wish to provide the dirigibility of independent purchase about the different rights collection of application-specific 32 grades to the user, and the user can accumulate and assemble different authority sets as required to come operating application program with the mode of looking for thus.For example, publisher 44 may wish with second type licence 36 in the authority of duplicating in first type licence 36, provide print right discretely, and may wish equally in the licence 36 of the third type, to be provided at play sound on the loudspeaker and on monitor these two kinds of authorities of displaying video, and may wish in the 4th type licence 36, to provide a least privilege collection.Thus, to will obtain the 4th type licence 36 with the user of minimum mode operating application program 32, and if any required, when needs or when expecting corresponding authority, will obtain and " add " about in the licence of first, second and the third type any or all.
Therefore, be to be understood that, in the present invention, application program 32 is operated according to the authority described in one or more licences 36 at any one time, and wherein in fact authority in the licence 36 and Else Rule are assembled to form about the rule of application program 32 and the superset of authority.The rule of this gathering and the superset of authority are different with prior art, in the prior art, application program 32 at any one time based on one and only a licence 36 operate.
As an example more specifically, consider such example: application program 32 is installed on the computing equipment 34, this computing equipment 34 comprises basic a startup or " basis " licence 36, this licence provides basic authority to the user of the application program 32 at computing equipment 34 places, such as the authority of the basic function of the authority of instantiation application program 32, operating application program 32 and the authority of printing from application program 32, but do not provide other authority, such as the authority that data is copied to other places from application program 32.In addition, base license 36 can be intended to provide its preview to the user under the situation of purchase applications 32 not, but but time limit of 15 days of preview only.In this case, licence 36 can conceptively at least seem as follows:
<base license 〉
...
<authority 〉
<instantiation〉be</instantiation 〉
<condition 〉
...
</condition 〉
<basic function〉be</basic function 〉
<condition 〉
</condition 〉
<print be</print
<condition 〉
...
</condition 〉
<authority 〉
...
<the date of expiry 〉
<fate after using first〉15</fate after using first 〉
</the date of expiry 〉
...
<hierarchy 〉
The id of<family〉basis</id of family 〉
<father〉[sky]</father 〉
</hierarchy 〉
...
</base license 〉
Notice that above base license 36 has only been stated authority in sure mode, therefore do not have the authority that does not provide is provided, such as the authority of copy data.Yet these authorities can change into to be stated in the mode of affirmation and negation and not to break away from the spirit and scope of the present invention.
The more important thing is, notice that except authority information and date of expiry information, above base license 36 has also been stated hierarchy information, comprise the id of the family attribute that is made as " basis " and be made as empty father's attribute.In one embodiment of the invention, adopt this family and primary attribute to define the position of above base license 36 in the hierarchy of a licence 36, in fact these licences collectively can be combined to assemble rule wherein.Particularly, " basis 1 is designated " basis " with above base license 36, and empty father's attribute illustrates " basis " and do not have the father and be base license 36 therefore to adopt the id of family attribute.
Therefore, adopt above base license 36, as an example, if certain after 15 days of the preview of application program 32 is place a bit, the user wishes to obtain to use the authority in 32 one years of application program, then this user can obtain to comprise the suitable licence 36 of conduct to the additional authority of base license 36, and wherein this " adds " authority described in the licence 36 and in fact will be affixed to the authority described in the base license 36:
<additional A licence 〉
<authority 〉
[sky]
<authority 〉
...
<the date of expiry 〉
<fate after using first〉365</fate after using first 〉
</the date of expiry 〉
...
<hierarchy 〉
The id of<family〉additional A</id of family 〉
<father〉basis</father 〉
</hierarchy 〉
...
</additional A licence 〉
Notice that more than additional A licence 36 is not stated any additional authority, but only stated that the date of expiry of application program 32 is to 365 days after the use first of this additional A licence 36 now, promptly 1 year.Be also noted that additional A licence 36 has been stated hierarchy information, this information comprises the id of family attribute that is made as " additional A " and the father's attribute that is made as the basis.Thus, adopt the id of family attribute " additional A " will add A licence 36 and be designated " additional A ", and father's attribute " basis " illustrates the father that the base license 36 that is identified as " basis " is additional A licences 36.
In a similar fashion, wish to obtain the aforementioned copy authority if a bit locate the user at certain, then this user can obtain to comprise this authority as another the additional suitable licence 36 to base license 36, and wherein this " adds " authority set described in the licence 36 and in fact will be affixed to the authority set described in the base license 36:
<additional B licence 〉
...
<authority 〉
<duplicate be</duplicate
<condition 〉
...
</condition 〉
<authority 〉
<the date of expiry 〉
[sky]
</the date of expiry 〉
...
<hierarchy 〉
The id of<family〉additional B</id of family 〉
<father〉basis</father 〉
</hierarchy 〉
...
</additional B licence 〉
Notice that more than additional B licence 36 has only been stated and duplicated authority and the date of expiry is not made any change.Be also noted that additional B licence 36 has been stated hierarchy information, this information comprises the id of the family attribute that is set as " additional B ", and the father's attribute that is set as the basis.Thus, adopt the id of family attribute " additional B " will add B licence 36 and be designated " additional B ", and father's attribute " basis " illustrates the father that the base license 36 that is identified as " basis " is additional B licences 36.
Equally, in a similar fashion, wish to obtain to use the authority in 320 years of application program if a bit locate the user at certain, then this user obtains to comprise this authority as the additional suitable licence 36 to additional A licence 36, and wherein this " adds " authority described in the licence 36 and in fact will be affixed to the authority described in base license 36 and the additional A licence 36:
<additional C licence 〉
...
<authority 〉
[sky]
<authority 〉
...
<the date of expiry 〉
<year number after using first〉10</year number after using first 〉
</the date of expiry 〉
...
<hierarchy 〉
The id of<family〉[sky]</id of family 〉
<father〉additional A</father 〉
</hierarchy 〉
</additional C licence 〉
Notice that more than additional C licence 36 is the additional authority of statement not, but the date of expiry of only having stated application program 32 is 10 years after the using first of this additional C licence 36 now.Be also noted that additional A licence 36 has been stated hierarchy information, this information comprises the id of sky family attribute and is made as father's attribute of additional A.Thus, the empty id of family attribute prevents that additional C licence 36 from being identified in this hierarchy, consequently do not have other licence 36 can be, and father's attribute " additional A " illustrate the father that the base license 36 that is identified as " basis " is additional C licences 36 used as the father.
Be appreciated that based on the hierarchy information in all above-mentioned licences 36, can form the tree of the overall hierarchy of these licences 36 of expression, as shown in Figure 4.This tree and provide at least two features by the separation structure of its expression.At first, each licence 36 in this hierarchy can only be used when licence 36 exists for the set membership of father and this licence 36, the one tunnel gets back to base license 36 thus.Thus, as an example, if the user has obtained base license 36 and additional C licence 36 and additional A licence 36, then should can not operate by additional C licence 36, because it is not linked to base license 36 by additional A licence 36.
Secondly, the position of licence 36 in this hierarchy can be used for consulting rule in these licences 36 and the conflict between the authority.For example, situation can be that a licence 36 in the hierarchy provides a specified permission especially, and another licence 36 in this hierarchy has been refused this specified permission especially.In this case, the conflict between the licence 36 can be according to depending on that at least in part licence 36 separately predetermined conflict rule of position in this hierarchy solves.For example, these rules can stipulate that sub-licence 36 replaces father's licence 36, or younger fraternal licence 36 replaces older fraternal licence 36.As will be appreciated, this conflict rule can be any suitable conflict rule and can not break away from the spirit and scope of the present invention.This conflict rule is known to relevant public generally, and therefore need not in this detailed description.
As understandable now, by use base license 36 and additional license 36 in aforesaid mode, rule and authority additional or change in available one or more additional license 36 such as publisher 44 or licence issuer 46 are revised rule and the authority that specific base license 36 is authorized.Be noted that this modification herein and cancel, limit, remove, delete and otherwise influence authority except adding and otherwise change the existing authority, can comprising.Therefore, adopt additional license 36 can distribute separately/sell in the time after a while/the new function of application program 32 or other content 32 is provided, and do not have again the plenty of time and the cost of distribution applications 32 or licence 36.
Generally speaking, additional license 36 can be revised any rule of any previous generation (father, grandfather etc.) licence 6, comprises wherein said any authority and condition, and can not break away from the spirit and scope of the present invention.For example, situation can be base license 36 authorized only adopt minimum cost and the basic relatively authority in relatively short service time, and only allow to use limited amount storer on the computing equipment 34.In these cases, the one or more available additional license 36 of base license 36 can expand to the authority of authorizing the scope of relative broad, the one or more available additional license 36 of base license 36 can be expanded usage time interval, and the one or more available additional license 36 of base license 36 can be expanded the amount of memory that will use.Certainly, other additional license 36 can provide the combination of these authorities.
Notice that in any hierarchy of all licences 36 as shown in Figure 4, having an above base license 36 can use.Therefore, situation can be that additional license 36 is specified an above father.In this case, situation can be only base license 36 and the additional license 36 selected application programs 32 that are used for thereof in the hierarchy.Perhaps, situation can be to select more than one or all base licenses 36 and additional license 36 thereof in this hierarchy to be used for application program 32.
Be also noted that; fulfillment rights in the application program 32 of decruption key (KD) protection that additional license 36 can comprise in being subjected to this additional license 36, fulfillment rights in the application program 32 of the decruption key (KD) that perhaps can in being subjected to the previous generation licence 36 of this additional license 36, comprise protection.Especially, under one situation of back, be appreciated that exist malicious entities its self-designed " swindle " additional license 36 is inserted in the hierarchy of licence 36 may, wherein swindle additional license 36 and will be used to expand the authority described in this previous generation licence 36.
Therefore, in one embodiment of the invention, each licence 36 in the hierarchy is digitally signed according to the PKI of leading back to the root authorized organization that can not visit under this malicious entities normal condition.Thus, malicious entities can not obtain digital certificate with the certificate chain that begins to extend from this root authorized organization, and can not sign swindle additional license 36 based on this digital certificate.Step when therefore, confirming each licence 36 in all hierarchies as shown in Figure 4 is that the signature of this licence 36 of checking obtains based on the certificate chain that begins to extend from this root authorized organization confirming.
In one embodiment of the invention, each licence in this hierarchy is digitally signed according to the PKI of leading back to single authorized organization, and in fact each such licence 36 of providing to have corresponding PKI-private key right.Therefore, in this embodiment, adopt the private key of father's licence 36 digitally to sign its each sub-licence 36, and the digital signature of each so sub-licence 36 obtain confirming thus according to the PKI of his father's licence 36.Therefore, this PKI should be included in this father's licence 36.Correspondingly, confirm that each licence 36 in all hierarchies as shown in Figure 4 comprises the PKI of the father's licence 36 that obtains this licence 36, and adopt the PKI that is obtained to confirm the digital signature of this licence 36.
Turn to Fig. 5 now, show according to one embodiment of present invention and be used to adopt such as from the base license 36 of the hierarchy of Fig. 4 and from a kind of possible method of the additional license 36 of its expansion.At first, at computing equipment 34 places by receive to will be on this computing equipment 34 instantiation or otherwise present or the selection of the application program 32 that adopts etc. and simulate this method (step 501) at computing equipment 34 places.Computing equipment 34 will notice that application program 32 grades are subjected to RM protection, and therefore will adopt the trusted component 38 of Fig. 3 to wait to get the Green Light and assist in fact to start selected application program 32.
Thus, based on selected application program 32, trusted component 38 will identify wherein corresponding to each licence (step 503) of this selected application program 32 from the (not shown) such as licence storage that are associated, and the licence 36 that is wherein identified may comprise at least one base license 36 and one or more additional license 36.Notice that the available any suitable mode of this sign is carried out and can not be broken away from the spirit and scope of the present invention.For example, application program 32 can be come mark with specific reference ID, and each corresponding licence 36 also comprises this with reference to ID.
In any case, adopt the licence 36 of all signs, trusted component 38 to assemble tree such as Fig. 4 then to set up the hierarchical relational between the licence 36 that is identified.Particularly, trusted component 38 identifies each base license 36 (step 505) from the licence 36 that is identified, and one of base license 36 that selection is identified (step 507) is confirmed selected base license (step 509) then.As will be appreciated, as the base license 36 of step 507 place from a plurality of, selecting base license 36 to carry out and can not break away from the spirit and scope of the present invention with any suitable mode.For example, this selection can be based on a certain order of the base license 36 that is identified, such as based on comprising the granting data, comprising licence ID, comprising priority value etc.Similarly, as confirming that at step 509 place the also available any suitable mode of selected base license 36 carries out and can not break away from the spirit and scope of the present invention.For example, any condition that this affirmation can comprise checking whether its digital signature is confirmed, whether licence 36 is expired and whether satisfy occupancy permit 36.
If selected base license 36 does not obtain at step 509 place confirming that then control turns back to step 507, selects the base license 36 of one other identification.Yet, suppose that selected base license 36 obtains at step 509 place confirming really, the rule described in the selected base license 36 and authority are gathered into an expression (step 511) of assembling licence 36.As will be appreciated, this expression will comprise from the authority and the rule that are found to be all licences 36 in the hierarchical tree of being assembled.
Afterwards, this method continues by the value (step 513) of sign family attribute (if there is) in the base license of being confirmed 36.Therefore, based on the family's property value that is identified, trusted component 38 sign is corresponding to selected application program 32 and have family's property value of being identified each additional license 36 (step 515) as father's property value.As will be appreciated, each additional license that identifies like this obtains confirming (step 517) at step 509 place, and supposes and confirm successfully, and rule described in the additional license 36 and authority are gathered into the expression (step 519) of assembling licence 36.As mentioned above, in the process of so assembling, according to depending on that at least in part licence 36 separately predetermined conflict rule of position in this hierarchy consults rule in a plurality of licences 36 and the conflict between the authority.
Should be appreciated that now this method repeats for the additional license of each affirmation where necessary.Particularly, to each additional license of so confirming, this method continues by the value that is in sign family attribute (if there is) in the additional license of being confirmed 36 as step 513.Then, based on the family's property value that is identified, trusted component 38 identifies corresponding to selected application program once more as step 515 place and has family's property value of being identified each additional license 36 as father's property value, as step 509 and 517 places, confirm each so additional license of sign, and supposition is confirmed successfully, as step 519 place rule described in the additional license 36 and authority is gathered into the expression of assembling licence 36.Thus, should be appreciated that the additional license 36 iteration required number of times of this method to each affirmation, and the level of required hierarchical tree, up to being completed into hierarchical tree and being completed into the expression of assembling licence 36.In case be completed into, then whether the expression by license evaluation device 40 these gathering licences 36 of assessment is allowed (step 521) with each action of determining to look for about application program 32.
Note, in the process of the hierarchical tree that forms licence 36 according to the method for Fig. 5, if can't obtain confirming at step 509 and 517 father of place licences 36, then the sub-licence 36 of all of this father's licence 36 and in fact all of this father's licence 36 do not generate and be not considered.Thus, if licence A has sub-licence B and sub-licence B and then has sub-licence C, then in fact the affirmation of A failure makes B and C also invalid.Equally, B does not obtain confirming if A obtains confirming, then in fact the affirmation of B failure makes C also invalid, but A is still effective.
Be also noted that in one embodiment of the invention, licence 36 can be specified above father's licence 36.If like this, then situation can be that a father obtains confirming, and other father does not obtain confirming, consequently licence 36 by the father that confirms but not invalid father arrive.Equally, situation can be that all father's licences all must obtain confirming perhaps can adopting more complicated logic rules to arrive licence 36.Under one situation of back, these logic rules can be stated in the suitable part of licence 36.As an example of these logic rules, licence can be specified must be by the combination of father's licence of following affirmation:
(licence A or licence B) and (licence C and (licence D or licence E))
In this case, suitable father candidate licence must be confirmed so that evaluated according to the logical expression of licence 36 when providing.
Conclusion
Realization is flat-footed relatively in conjunction with the required program design of process that the present invention carries out, and should be the relative program design public and understand.Therefore, this program design is not affixed to this.Therefore, can adopt any specific program design to realize the present invention and can not break away from its spirit and scope.
In the present invention, should be appreciated that and to make change and not break away from its inventive concept the foregoing description.Even more noteworthy, although the present invention states according to the licence 36 that is used for digital application 32, but this licence 36 also can be used for the digital content 32 of any other form, includes but not limited to audio content, video content, content of text, stream content, content of multimedia etc.Therefore, should be appreciated that to the invention is not restricted to disclosed specific embodiment, and be intended to cover modification within the spirit and scope of the present invention that fall into appended claims definition.

Claims (18)

1. one kind is adopted the method for a piece of digital content with ad hoc fashion on computing equipment, and described method comprises:
Acquisition is corresponding to a plurality of digital licenses of described content, described a plurality of digital license comprises a base license and at least one additional license, comprise in each additional license that to the quoting of described base license each in described base license and each additional license has been stated and specified the rule that can how to adopt described content;
Identify described base license;
By wherein quoting of described base license being identified each additional license;
Rule in described base license and each additional license that is identified is gathered into one assembles rule set;
Assess described gathering rule set to determine whether this gathering rule set allows to adopt described content with described ad hoc fashion; And
If described gathering rule set so allows, then adopt described content.
2. the method for claim 1, it is characterized in that, comprise the id of a family attribute in the described base license, and comprise father's attribute in each additional license, the id of the family attribute-bit of described base license the base license in the one licence hierarchy, and father's attribute of each additional license is designated the layering father of described additional license with described base license, and described method comprises by the particular value of the id of the family attribute of determining described base license and locatees each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and identifies each additional license.
3. the method for claim 1, it is characterized in that, all comprise the id of a family attribute and father's attribute in described base license and each additional license each, the described id of family attribute-bit described licence, and described father's attribute-bit any layering father of described licence to define the position of described licence in a licence hierarchy, described method comprises that the base license that is set as null value by his father's attribute identifies described base license, and the particular value of the id of the family attribute by determining described base license and locate each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and identify each additional license.
4. the method for claim 1, it is characterized in that, assess described gathering rule set and determine whether this gathering rule set allows to adopt described content to comprise with described ad hoc fashion and adopt predetermined conflict rule to consult from any conflict between the rule of conflict licence, and described conflict rule solves each conflict based on the position separately of described conflict licence in a licence hierarchy at least in part.
5. the method for claim 1, it is characterized in that, described content is to come encryption and decryption according to the decruption key (KD) that is included at least one described licence, and described method comprises by retrieval (KD) from the described licence that comprises (KD) and deciphers described content with (KD) and adopt described content.
6. the method for claim 1, it is characterized in that, each licence comprises the digital signature that produces according to the PKI of leading back to a common root authorized organization, and described method also comprises based on the certificate chain that begins to extend from this common root authorized organization verifies that the signature of each licence obtains confirming.
7. the method for claim 1 is characterized in that, each additional license is a first order additional license, and described method comprises:
Acquisition is corresponding to a plurality of digital licenses of described content, described a plurality of licence comprises a base license, at least one first order additional license and at least one second level additional license, comprise quoting in each first order additional license to described base license, comprise in each second level additional license that to the quoting of one of described first order additional license each in described base license and each additional license has been stated and specified the rule that can how to adopt described content;
Identify described base license;
By wherein quoting of described base license being identified each first order additional license;
By wherein quoting of one of described first order additional license being identified each second level additional license;
Rule in the additional license of described base license and each sign is gathered into one assembles rule set;
Assess described gathering rule set to determine whether this gathering rule set allows to adopt described content with described ad hoc fashion; And
If described gathering rule set so allows, then adopt described content.
8. method as claimed in claim 7, it is characterized in that, all comprise the id of a family attribute and father's attribute in described base license and each additional license each, the described id of family attribute-bit described licence, and any layering father of the described licence of described father's attribute-bit is to define the position of described licence in a licence hierarchy, described method comprises that the base license that is set as null value by his father's attribute identifies described base license, the particular value of the id of the family attribute by determining described base license is also located each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and is identified each first order additional license, and the particular value of the id of the family attribute by determining each first order additional license and locate each additional license that his father's attribute is set as the particular value of the id of the family attribute of any in the described first order additional license and identify each second level additional license.
9. method as claimed in claim 7, it is characterized in that, assess described gathering rule set and determine whether this gathering rule set allows to adopt described content to comprise with described ad hoc fashion and adopt predetermined conflict rule to consult from any conflict between the rule of conflict licence, and described conflict rule solves each conflict based on the position separately of described conflict licence in a licence hierarchy at least in part.
10. computer-readable medium that stores computer executable instructions on it, described instruction are realized a kind ofly adopting the method for a piece of digital content with ad hoc fashion on computing equipment, and described method comprises:
Acquisition is corresponding to a plurality of digital licenses of described content, described a plurality of digital license comprises a base license and at least one additional license, comprise in each additional license that to the quoting of described base license each in described base license and each additional license has been stated and specified the rule that can how to adopt described content;
Identify described base license;
By wherein quoting of described base license being identified each additional license;
Rule in described base license and each additional license that is identified is gathered into one assembles rule set;
Assess described gathering rule set to determine whether this gathering rule set allows to adopt described content with described ad hoc fashion; And
If described gathering rule set so allows, then adopt described content.
11. medium as claimed in claim 10, it is characterized in that, comprise the id of a family attribute in the described base license, and comprise father's attribute in each additional license, the id of the family attribute-bit of described base license the base license in the one licence hierarchy, and father's attribute of each additional license is designated the layering father of described additional license with described base license, and described method comprises by the particular value of the id of the family attribute of determining described base license and locatees each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and identifies each additional license.
12. medium as claimed in claim 10, it is characterized in that, all comprise the id of a family attribute and father's attribute in described base license and each additional license each, the described id of family attribute-bit described licence, and described father's attribute-bit any layering father of described licence to define the position of described licence in a licence hierarchy, described method comprises that the base license that is set as null value by his father's attribute identifies described base license, and the particular value of the id of the family attribute by determining described base license and locate each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and identify each additional license.
13. medium as claimed in claim 10, it is characterized in that, assess described gathering rule set and determine whether this gathering rule set allows to adopt described content to comprise with described ad hoc fashion and adopt predetermined conflict rule to consult from any conflict between the rule of conflict licence, and described conflict rule solves each conflict based on the position separately of described conflict licence in a licence hierarchy at least in part.
14. medium as claimed in claim 10, it is characterized in that, described content is to come encryption and decryption according to the decruption key (KD) that is included at least one described licence, and described method comprises by retrieval (KD) from the described licence that comprises (KD) and deciphers described content with (KD) and adopt described content.
15. medium as claimed in claim 10, it is characterized in that, each licence comprises the digital signature that produces according to the PKI of leading back to a common root authorized organization, and described method also comprises based on the certificate chain that begins to extend from this common root authorized organization verifies that the signature of each licence obtains confirming.
16. medium as claimed in claim 10 is characterized in that, each additional license is a first order additional license, and described method comprises:
Acquisition is corresponding to a plurality of digital licenses of described content, described a plurality of licence comprises a base license, at least one first order additional license and at least one second level additional license, comprise quoting in each first order additional license to described base license, comprise in each second level additional license that to the quoting of described first order additional license each in described base license and each additional license has been stated and specified the rule that can how to adopt described content;
Identify described base license;
By wherein quoting of described base license being identified each first order additional license;
By wherein quoting of one of described first order additional license being identified each second level additional license;
Rule in the additional license of described base license and each sign is gathered into one assembles rule set;
Assess described gathering rule set to determine whether this gathering rule set allows to adopt described content with described ad hoc fashion; And
If described gathering rule set so allows, then adopt described content.
17. medium as claimed in claim 16, it is characterized in that, all comprise the id of a family attribute and father's attribute in described base license and each additional license each, the described id of family attribute-bit described licence, and any layering father of the described licence of described father's attribute-bit is to define the position of described licence in a licence hierarchy, described method comprises that the base license that is set as null value by his father's attribute identifies described base license, the particular value of the id of the family attribute by determining described base license is also located each additional license of particular value that his father's attribute is set as the id of the family attribute of described base license and is identified each first order additional license, and the particular value of the id of the family attribute by determining each first order additional license and locate each additional license that his father's attribute is set as the particular value of the id of the family attribute of any in the described first order additional license and identify each second level additional license.
18. medium as claimed in claim 16, it is characterized in that, assess described gathering rule set and determine whether this gathering rule set allows to adopt described content to comprise with described ad hoc fashion and adopt predetermined conflict rule to consult from any conflict between the rule of conflict licence, and described conflict rule solves each conflict based on the position separately of described conflict licence in a licence hierarchy at least in part.
CNA2006800255396A 2005-07-14 2006-07-11 Digital application operating according to aggregation of plurality of licenses Pending CN101223549A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US69914305P 2005-07-14 2005-07-14
US60/699,143 2005-07-14
US11/259,677 2005-10-26

Publications (1)

Publication Number Publication Date
CN101223549A true CN101223549A (en) 2008-07-16

Family

ID=39632424

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006800255396A Pending CN101223549A (en) 2005-07-14 2006-07-11 Digital application operating according to aggregation of plurality of licenses

Country Status (1)

Country Link
CN (1) CN101223549A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772026B (en) * 2010-01-08 2014-03-19 中兴通讯股份有限公司 Method and system for controlling authorization according to expansion license
CN106934254A (en) * 2017-02-15 2017-07-07 中国银联股份有限公司 The analysis method and device of a kind of licensing of increasing income

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772026B (en) * 2010-01-08 2014-03-19 中兴通讯股份有限公司 Method and system for controlling authorization according to expansion license
CN106934254A (en) * 2017-02-15 2017-07-07 中国银联股份有限公司 The analysis method and device of a kind of licensing of increasing income
CN106934254B (en) * 2017-02-15 2020-05-26 中国银联股份有限公司 Analysis method and device for open source license

Similar Documents

Publication Publication Date Title
KR100984440B1 (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management(drm) system
RU2392659C2 (en) Flexible architecture for licensing in copyright control system
KR100949657B1 (en) Using a flexible rights template to obtain a signed rights labelsrl for digital content in a rights management system
US7747533B2 (en) Digital application operating according to aggregation of plurality of licenses
JP4750352B2 (en) How to get a digital license for digital content
KR101298293B1 (en) Digital license migration from first platform to second platform
TWI413908B (en) Flexible licensing architecture for licensing digital application
CN100576148C (en) Be used to provide the system and method for security server cipher key operation
KR101143228B1 (en) Enrolling/sub-enrolling a digital rights management drm server into a dram architecture
US8700533B2 (en) Authenticating licenses for legally-protectable content based on license profiles and content identifiers
JP4418648B2 (en) System and method for issuing licenses for use of digital content and services
US7685642B2 (en) System and method for controlling rights expressions by stakeholders of an item
KR20040073357A (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management(drm) system
CN101398875A (en) Software publisher trust extension application
CN101243469A (en) Digital license migration from first platform to second platform
AU2003240981B9 (en) System and method for supplying and managing rights expressions
CN101223549A (en) Digital application operating according to aggregation of plurality of licenses
Brennan Music Copyright Management using Smart Contracts and Tokenization on the Ethereum Blockchain
Chong et al. LicenseScript-A language and framework for calculating licenses on information over constrained domains
Chan A Digital Rights Management System for Educational Content Distribution
EP2341460A1 (en) System and method for managing usage rights expressions

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20080716