Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q30/00—Commerce
  • G06Q30/02—Marketing; Price estimation or determination; Fundraising
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
  • G06F21/12—Protecting executable software
  • G06F21/121—Restricting unauthorised execution of programs
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F8/00—Arrangements for software engineering
  • G06F8/70—Software maintenance or management
  • G06F8/71—Version control; Configuration management
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q30/00—Commerce
  • G06Q30/06—Buying, selling or leasing transactions
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2137—Time limited access, e.g. to a computer or data

Definitions

• This invention relates to softgoods distribution via a network and refers particularly, though not exclusively, to softgoods distribution whereby the softgoods can be pre-installed prior to distribution.
• Softgoods have traditionally been distributed on portable storage media, such as diskettes and CD-ROMs.
• the advent of networks such as the internet provided another distribution channel whereby softgoods could be downloaded on line, such as a customer downloading softgoods from a merchant. Both methods of distribution have significant shortcomings.
• a customer is responsible for the installation of the softgoods. This may be a relatively non-trivial task for many people. Even with some popular installation methodologies used, the customer will often have to set the configuration from lengthy lists of options. Unless aware of the consequences of each possible choice, the customer may be unwilling to proceed, or may make a decision which does not give the result the customer was hoping to achieve.
• a significant problem is that the source of the softgoods, or the merchant supplying the softgoods, cannot ensure that the softgoods are used in accordance with the agreed terms upon which the softgoods were supplied to the customer. Once the customer has the softgoods they can repeatedly be installed, be shared with others, or duplicated not only in violation of the agreed terms but also in violation of intellectual property rights.
• a number of merchants have recently commenced a service whereby customers can rent softgoods over the internet.
• a customer can run the supplied softgoods on the service provider's server using the internet to provide remote control. This allows the customer to use the softgoods without the problems and difficulties of installation and maintenance, and allows the merchant to retain control over the softgoods, the use of the softgoods, and so prevent unauthorized duplication.
• Internet online backup systems provide off-site remote storage for customers using various identification systems and passwords which were interactively established when signing.
• This specification discloses how a customer computer can connect to an online service provider computer by, phone, internet, or other method, pay a fee to the service provider, and obtain additional processing and storage resources for the customer's computer.
• the resources can take the form of storage and processing capabilities. These capabilities give the customer's computer what appears to be additional local processing power and/or additional local storage, this storage possibly including preloaded software and/or data.
• the additional resources made available to the customer computer can be used either to enhance the customers' local needs (such as access to storage for additional disk space, or access to a more powerful processor of similar type for program execution), or these additional resources can be used by the customer's computer's to support services on-line that otherwise would be unavailable, impractical, or unaffordable.
• Examples of services include software and information rental, sales, and release update services, anti- viral services, backup and recovery services, and diagnostic and repair services, to name a few.
• service provider's server This requires all data from the customer to be transmitted to that server.
• a system to suitably collect the rent of software by calling a substitutive information charge collection service in the case of performing an installation more than the prescribed number of times When the installation on a hard disk device 5 is started by an instruction from a software user, a processor 1 firstly determines the number of times the software has already been installed by the user. This is recorded on a flexible disk 7 in accordance with a program for collecting the software rent. This calculates a value showing the current number of installations by adding 1 to the number of times it had been installed in the past. The processor 1 continually compares the number of times with a number representing the number of installations for which the software rent has been collected. When the number representing the number of installations for which rent has been collected is less than the number of installations, the software rent is collected by the substitutive information collection service.
• the object stated in this specification is to provide a system to be used for the protection of the copyright of software and securing a copyright income.
• a software user is connected to a copyright manager through a communication system, e.g. a public line.
• Software to be distributed to each user is not complete.
• the user's software automatically calls a copyright manager system.
• the manager system sends the required information for completing the user's system to the user, through the communication service, and collects a software rent in response to the call.
• This patent relates to a software protection method capable of making authorization automatic invalidation and particularly to a leased software protection method for a oneway propagation system including cable and satellite television, aerial, and so forth.
• the method can make the hirer of a software be unable to continuously use it after the expiry of the lease term of the software.
• the time-signal sets of the hirer and the transmitter are synchronized.
• the standard time signal of transmitter can be transferred to the hirer, and compared with the time at the hirer. If the difference between the time at the two ends exceeds a preset range, a control program is activated to stop the software.
• an integrated circuit with three independently programmable "time bomb” functions.
• the integrated circuit can be set to disable itself after a certain number of power-up cycles, after a certain total duration of operation, or after a certain absolute time and date. This is particularly advantageous for authorization functions, where the manufacturer may want to enable the user to "test drive” a demonstration or rental item of hardware or software.
• the disclosure below does not apply to softgoods in general. It also does not allow seamless switching between purchase versus lease/rent/test-use.
• a multi-dimensional virtual environment includes one or more respective virtual sites for each internet site. Users are given the ability to explore the virtual environment and access internet site data and services via these virtual site(s).
• the transfer of data related to an internet site and its virtual site includes assigning a transfer priority to each virtual site based on the user's location within the virtual environment, and transferring data based on the assigned priority. Users are provided with the ability to lease portions of the virtual sites on leased portions, to assign internet site data and services to virtual sites, and to relocate virtual sites within the virtual environment.
• a further object is to enable the terms of supply of the softgoods as agreed between the supplier of the softgoods and the customer prior to the supply of the softgoods, to be varied after the supply of the softgoods.
• the present invention provides a system for transferring softgoods from a sender to a recipient, the system including the steps of:
• the mobile computing environment is saved on a stable storage device for repeated uses.
• the transference is by means of a network.
• the network may be the internet.
• the recipient may obtain the softgoods for one or more modes of use including test use, evaluation, lease, rental, purchase.
• the recipient can change from one mode of use to another after installation of the mobile computing environment. This may entail changing the licence under which the recipient uses the softgoods. Payment for the softgoods by the recipient may be on a usage basis, at purchase, or on a time basis. Alternatively, the recipient can return the softgoods to the sender for an upgrade, refund or replacement.
• the terms may specify one or more of a period of time, an expiry date and time, or a predetermined number of uses, upon which event occurring the mobile computing environment is returned to the sender.
• the recipient can add further softgoods to the mobile computer environment. More advantageously, the further softgoods remain on the recipient's machine and are able to be accessed by the recipient after the return of the mobile computing environment.
• the softgoods are encrypted with a sender secret key of the sender prior to their transference to the recipient. More preferably, the softgoods are decrypted using the sender secret key.
• the softgoods are re-encrypted after receipt by the recipient using a recipient secret key of the recipient.
• any further softgoods are encrypted with a further secret key of the recipient.
• the further softgoods are encrypted with a further recipient secret key of the recipient and a further sender secret key of the sender.
• the further softgoods may be decrypted using the further sender secret key.
• the mobile computing environment obtains the sender secret key from the sender every time the recipient commences use of the softgoods.
• the mobile computing environment and the sender authenticate each other before the sender releases the sender's sender secret key.
• the mobile computing environment may be a virtual computer. Description of the drawings
• Figure 1 is a schematic flow chart of a preferred deployment architecture
• Figure 2 is a flow chart showing the steps used when softgoods are purchased.
• Figure 3 is a flow chart showing the steps used when softgoods are leased, rented or used on a trial basis.
• FIG. 1 there is shown a system architecture in which a network such as, for example, the internet is used.
• a network such as, for example, the internet
• the present invention is not limited to use of the internet and use of a local area network, metropolitan area network, or other wide area network could be used.
• physical networks such as "sneakernet” could also be used.
• the sender (in this case a merchant) 1 has a machine 2 which is connected by network 3 to a merchant server 4.
• the merchant's sever 4 is connected to a recipient's (in this case a customer 7) server 5 again by the network 3.
• the network 3 may also connect the customer's server 5 to the customer's machine 6.
• the merchant 1 creates a virtual computer in his machine 2.
• the next step 9 in the process has the softgoods required by customer 7 to be installed onto the virtual computer by the merchant 1.
• the virtual computer with the installed softgoods is then saved on the merchant's server 4 (step 10) before being sent to the customer's server 5 via network 3 (step 1 1).
• the customer 7 can then load the virtual computer onto the customer's machine 6 from the customer's server 5, again via network 3 (step 12).
• the customer 7 can then use the virtual computer on the customer's machine 6 (step 13) in accordance with normal practices.
• the softgoods may be encrypted prior to being transmitted from the merchant's server 4 to the customer's server 5. Encryption may be by the virtual computer being given an identity prior to the softgoods being installed. A secret key is then generated by the merchant's server 4 and used to encrypt the softgoods.
• the virtual computer Upon the virtual computer being downloaded to the customer's machine 6, the virtual computer establishes a connection with the merchant's server 4 via network 3.
• the connection may be a secure connection.
• the virtual computer sends its identity to the merchant's server 4 via network 3, and the merchant's server 4 responds by sending to the customer's machine 6 the secret key to enable the softgoods to be decrypted.
• Such decryption is permanent, unless the customer re-encrypts the softgoods using a secret key of the customer.
• Figure 3 is a flow chart for test-use/review/rental modes of use. The same procedure is used for all such use modes.
• the first step 14 is for the merchant 1 to load a clean virtual computer onto his machine 2.
• step 15 the merchant generates an identity and a secret key for that virtual computer.
• the merchant 1 then installs the softgoods for the customer 7 on the virtual computer (step 16) and encrypts the softgoods using the secret key (step 17).
• the virtual computer with installed, encrypted softgoods is then saved at the merchant's server 4, and the identity and secret key are also saved at the merchant's server 4 (step 18).
• step 19 the virtual computer with installed, encrypted softgoods is sent from the merchant's server 4 to the customer's server 5 via the network 3.
• the customer 7 can then load the virtual computer with installed, encrypted softgoods onto the customer's machine 6 (step 20).
• the virtual computer then establishes a connection with the merchant's server 4 using network 3. This may be a secure connection.
• the virtual computer Upon the virtual computer establishing contact with the merchant's server, the virtual computer sends its identity to the merchant's server 4 via network 3.
• the merchant's server 4 then transmits the secret key to the virtual computer on the customer's machine 6 (step 21).
• the softgoods in the virtual computer are then decrypted by the virtual computer using the merchant's secret key (step 22) thus enabling the customer to use the softgoods in the normal manner (step 23).
• the softgoods and the virtual computer are closed. Prior to closing, the softgoods are re- encrypted using the secret key. Therefore, every time the softgoods are to be used, the virtual computer must repeat steps 21 and 22. This enables the merchant 1 to not only maintain ownership over the softgoods, but also enables the merchant 1 to enforce those ownership rights, and to enforce the previously agreed terms under which the customer 7 obtained and uses the softgoods.
• the customer 7 may add its own softgoods, including data, to the softgoods installed on the virtual computer. In this case, the customer retains ownership of such softgoods. However, they will be encrypted along with the softgoods of the merchant 1. To protect the customer 1, the customer's softgoods may be encrypted using a secret key of the customer 1, which can be obtained from the customer's key folder. Therefore, to use the softgoods, those supplied by the merchant 1 require the merchant's secret key obtained in the manner required by steps 21 and 22, and those supplied by the customer 7 require the customer's secret key.
• the customer's softgoods installed on the virtual computer may be encrypted a final time but using the merchant's secret key as well as the customer's secret key so that the consent of both the merchant and the customer 7 is required for the customer's softgoods to be decrypted.
• the merchant's softgoods installed on the virtual computer will be encrypted using the merchant's secret key, as normal.
• the terms of the agreement may specify that the customer's right of use of the merchant's softgoods installed on the virtual computer expire in any one or more of the following circumstances:
• the virtual computer and all of the installed, encrypted merchant's softgoods are returned to the merchant 1 at the merchant's server 4.
• the customer 7 wants to change the mode of use of the softgoods, eg, purchase, upon agreement with the merchant 1 being reached, and the commercial requirements of the merchant 1 being satisfied, the merchant's secret key is sent by the merchant's server 4 to the virtual computer to decrypt the softgoods, whereupon the softgoods are re-encrypted using the customer's secret key. The customer can then use the softgoods in the normal manner. If the change in mode of use is from test use to rental, the softgoods remain encrypted with the merchant's secret key, as is described above.
• the virtual computer can run on a different machine from the merchant's server 4 and the customer's machine 6, one or both of their secret keys may need to be sent over the network 3 to the virtual computer.
• the merchant 1, the customer 7, and the virtual computer may each have a pair of public and private keys, which are preferably generated in accordance with the RSA public-key cryptography system.
• the merchant 1 When the merchant 1 generates the virtual computer in step 14, and the secret keys are created in step 15, the public key of the merchant 1 is embedded in the virtual computer, and the merchant's server 4 stores a copy of the virtual computer's public key. This enables the merchant's server 4 and the virtual computer to authenticate each other before the merchant's server 4 releases the secret key to the virtual computer, preferably over a secure channel in network 3.
• the protocol for authentication and securing the transmission channel is based on the standard Secure Socket Layer (SSL) protocol. Likewise, the customer's secret key is released to the virtual computer using the SSL protocol.
• SSL Secure Socket Layer

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Business, Economics & Management (AREA)
• Software Systems (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Accounting & Taxation (AREA)
• Finance (AREA)
• Strategic Management (AREA)
• Computer Security & Cryptography (AREA)
• General Engineering & Computer Science (AREA)
• Development Economics (AREA)
• Marketing (AREA)
• Economics (AREA)
• General Business, Economics & Management (AREA)
• Game Theory and Decision Science (AREA)
• Entrepreneurship & Innovation (AREA)
• Multimedia (AREA)
• Technology Law (AREA)
• Computer Hardware Design (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=20430540

Family Applications (1)

Country Status (2)

Family Cites Families (4)

• 2000
  • 2000-04-13 EP EP00928097A patent/EP1257943A1/de not_active Withdrawn
  • 2000-04-13 WO PCT/SG2000/000073 patent/WO2001071599A1/en not_active Application Discontinuation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events