JP2004086915A - Credit infrastructure support system, method and technique for controlling/automating safe electronic trade, electronic commerce and trace process, distributed computation and right management - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for safe automated trade processes. <P>SOLUTION: This trade process system includes a user site including a first safe environment including a processor and a safe memory. The safe memory is constituted by containing a first safe container including a first managed content and being related to a first rule set, a second safe container including a second managed content and being related to a second rule set and a third rule set. <P>COPYRIGHT: (C)2004,JPO

Description

The present invention generally relates to a secure scheme for optimizing the efficiency of modern computing and networks to assist in managing electronic interactions and results, and for providing decentralized and reliable management in electronic commerce. It is.

More specifically, the present invention relates to “distributed trading utilities”. In other words, it is the basis for supporting the management of electronic trade and other electronic interactions and their associated environments.

Specifically, the present invention relates to the following items.
・ Efficient management support for electronic trade and communication ・ Methods and technologies for electronic rights management and its support services ・ Secure electronic transaction management / management, electronic process control and automation, settlement function, electronic network and / or virtual Technologies and provisions for distributed management support services in distributed environments, infrastructure and support capabilities for settlement, control, automation and other management. As a result, the digital community can collectively support efficient and secure peer-to-peer activities for many trade users.

(4) In a highly efficient and efficient society, the ability to control the objectives and outcomes of individual activities is required. Every society needs basic services, equipment and enforcement.

・ Delivery of mail at post office ・ Child education at school ・ Traffic management and road maintenance by expressway management department ・ Fire fighting at fire department ・ Electricity supply to households of electric power company Provision of directory service in case of connection of devices at a distance and when the exact number is unknown ・ Bank deposit management ・ Distribution of news and entertainment programs to homes by cable TV and radio stations ・ Police security ・ Disposal of garbage by health department Collection ・ Necessary welfare policies for the poor in need through welfare services

These and other "hidden" important management support services provide the basis or foundation to provide the convenience needed in modern life. This base enables efficient and smooth trade.

Consider buying bread at a local bakery. Bakers do not have to do all the work involved in bread making. This is because the management support service provided by the community can be used. For example,
Bakers do not have to grow wheat to make bread or mill wheat. Instead, the bakery can purchase flour from a trucking supplier.

Similarly, bakers do not need to make fuel to heat the oven. That is, the fuel is delivered from a fuel production / supply specialist through pipes or tanks.
• The hygiene inspection certificate of the local health center presented to the local bakery will ensure the hygiene of the bakery.

It is important to provide a management support service that compensates the work of each contractor. For example,
Bakers and their customers trust the government that guarantees the money used in buying and selling bread that will be removed from their wallets or purses.

If you use a check, the banking system will charge the customer's account for the check usage and pay the bakery by the next day.

If the bakery and customer use different banks, the customer's checks will be processed by an automatic “bill clearing” system. This system allows for the clearing and settlement of bills between different banks. Efficient cash transfers between banks are made, and if there is not enough money in the account, the check drawn from the account is returned.

. If a credit card can be used for payment at the bakery, customers will have a wider range of payment options, making it easier to pay for exchanging bakery products and making it easier to purchase bread.

(4) Such support management services expand the scale and scope of economic activities, thereby further improving the efficiency of economic activities. For example, these important support and management services allow bakers to focus on how to make or bake delicious bread. It is more efficient for a bake bakery to open a large number of breads by a skilled and professional baker, compared to each home baking bread in a home oven. Also, bartering chicken and bread is much more efficient than cereal producers preparing the necessary fuel and baking bread. Therefore, it is important that both the bakery and the customer make purchase transactions using a credit card, because both of these payment methods work well and a very efficient and useful basis for non-cash transactions. This is because they rely on the "automation" function.

2. Description of the Related Art At present, an electronic community that requires management support services is forming a worldwide electronic community, and its users are required to have the ability to form, control, and automate interactions in the electronic society. There is also a real need for a reliable, secure and trusted support management service for these users.

In international trade, computerization is further accelerating. The Internet is a huge electronic network of networks connecting millions of computers around the world, and is widely used as a medium of commerce. An easy-to-use interface (eg, the user initiates a purchase by “pointing and clicking” on an item and completing the purchase by filling in credit card information in a simple form) is a major trigger Thus, the Internet is rapidly becoming the center of consumers and merchants. Also, the Internet is becoming an important sales and distribution "channel" for all types of electronic assets and services, including information, software, games, and entertainment.

At the same time, large companies are using in-house and public data networks to connect suppliers and customers. Electronic commerce is gaining importance in an increasingly computerized world with clearly reduced costs of computing power and network capacity. As electronic commerce becomes more widespread, this new electronic community is creating many new demands for administrative support in digitization and "payment" services.

The e-community just needs a foundation that supports both business and personal electronic interactions and relationships. Large-scale e-commerce is an important part of reliable, efficient, flexible, scalable, secure network third-party support and management services and transaction processes. It needs a mechanism that simplifies important parts.

For example,
-Providers of value to the e-community need a seamless and efficient mechanism to compensate for the value provided.

In the e-community, providers of products and services need efficient, reliable, and efficient payment methods for providers and other value chain users.

In the computer market, buyers do not fully understand the invisible payment process, and therefore demand operable, efficient, and flexible interfaces in payment mechanisms and financial obligation fulfillment systems.

-All rights reserved for all kinds of electronic "content" (text, graphics, movies, animations, images, video, digital linear video, analog and digital data such as sound and recording, images, software computer programs, data) And all types of electronic control processes require a secure, flexible and shared use approach. With this method, it is possible to manage business models such as rights management, collection of billing when necessary, and handling information for use of contents.

All users need reliable, reliable and secure infrastructure support services as trade is virtually increasing.

An important objective for successful e-commerce management and trade is the development and operation of a range of administrative support services. These help achieve their objectives and facilitate the creation of a diverse, flexible, reputable, and efficient business model throughout e-commerce.

Ginter Patent Specification Provides a Comprehensive Solution The Ginter et al. Patent specification described above describes a technology that provides an ingenious and effective capability to help secure distributed transaction-based electronic trading and rights management. For e-commerce users, this technology brings many important new business models and practices, while also supporting traditional business models and practices.

Ginter et al.'S patent specification provides a comprehensive, comprehensive system and a wide range of methods, techniques, structures, and arrangements, from large and small businesses and home study rooms and living rooms to the Internet (and intranet). Secure and efficient decentralized electronic trading and rights management can be used. Such techniques, systems and arrangements provide unprecedented security, reliability, effectiveness and flexibility in electronic trading and electronic rights management.

The patent specification of Ginter et al. Also provides an "information utility." “Information Utility” is a network of administrative support services, facilities and enforcement that facilitates electronic commerce and supports electronic commerce in the modern new electronic community. As an example, Ginter et al. Describe a wide range of management support services that coordinate and support a secure “virtual distributed environment”. The providers of these management support services are listed below.

・ Transaction processor ・ Usage analyst ・ Report recipient ・ Report creator ・ System administrator ・ Licensing officer ・ Certification authority ・ Content and message registry ・ Financial clearinghouse ・ Consumer / author registration system ・ Template library ・Management structure library-Billing system-Electronic transfer, credit card, bill billing system-Receipt, answer, transaction, analysis, audit system

The invention based on and extending the solution described in the Ginter patent specification The present invention is based on the basic concept in the patent specification of Ginter et al. Increase sex. The present invention is an overview of an overall distributed management support service ("distributed trading utility"). As in the preferred embodiment, the present invention may take advantage of the "virtual distributed environment" and other capabilities in the patent specification of Ginter et al. It is an extension.

SUMMARY OF THE FEATURES AND ADVANTAGES OF THE INVENTION The present invention provides an integrated, modularized administrative support service for electronic trading, electronic rights and transaction management. These management support services include financial management, rights management, certification authorities, rule payments, use payments, secure directory services and other transactions, such as the use of large electronic networks or electronic devices such as the Internet and / or intranets within organizations. Provides the foundation for the ability to function in a home network.

管理 These management support services can respond to the unique requirements of the electronic trade value chain. For e-commerce users, management support services assist in pursuing their own interests and can be configured and reused in response to the current state of the highly competitive business world.

The present invention provides a "distributed trading utility" with a secure, programmable and distributed architecture that provides management support services. The decentralized trading utility allows the resources for trade management to be used to the fullest extent. Also, this utility can evaluate the response to the demands associated with the increase in electronic trade in a manner that is current.

Distributed trade utility is composed of many trade utility systems. Trade utility systems provide an infrastructure network that can be used and reused by all electronic communities and / or many or all users.

Different support functions are functions that can be obtained together in hierarchical and / or network relationships to suit different business models and / or other purposes. The modular support function is a function that integrates various different trade utility systems designed for different facilities and different purposes. These trading utility systems can be distributed across a vast number of electronic devices of varying degrees of penetration.

The present invention provides a comprehensive "distributed trading utility" as follows.
・ Practical and effective electronic trading and rights management will be possible.
• Provide services that securely manage and support electronic interactions and their results.
Establish infrastructure for electronic commerce and human electronic interactions and relationships.

Optimize the efficiency of modern distributed computing and distributed networks.
・ Electronic automation and distributed processing are realized.
Provides a modular, programmable, decentralized, optimally computerized infrastructure for electronic trading and communications.

・ Provide comprehensive capabilities related to service support in performing various management support operations.

Maximize the benefits of electronic automation and distributed processing by optimally allocating and using resources on the system or network.

・ Effectiveness, flexibility, economy, variability, reusability, modification, and versatility.
-It can economically reflect the conditions required for the user's business and privacy.

・ Performs optimal distributed processing. As a result, the trade model becomes flexible, and it can be evaluated so as to satisfy demand and meet the user's conditions.

・ The amount of activities and services in all fields can be handled efficiently.
-By combining distributed processing and centralized processing, each business model can be adapted or handled.

By combining localized, centralized, and networked capabilities, capabilities can be independently configured or reconfigured to adapt to changing situations.

Support multi-purpose resources and reuse them for many different models. That is, the existing infrastructure can be reused by another value chain with different requirements.

-Can support many trade and communication models.
• Local, centralized and networked resources can be successfully applied to meet the requirements of individual value chains.

-Reduce costs and maximize efficiency by sharing common resources.
Supports combined, decentralized, peer-to-peer, centralized, networked capabilities.

-Local operation, remote operation and / or centralized operation are possible.
Operation in synchronous mode, asynchronous mode, or operation in both modes can be supported.

・ Easily and flexibly adapt to many rapidly changing business opportunities, business relationships and business constraints in the “virtual space”.

In short, distributed trading utilities provide comprehensive, integrated administrative support services for secure electronic trading and other electronic interactions.

Some of the advantageous features and characteristics of the distributed trading utility provided by the present invention include:

分散 Distributed Trade Utility supports programmable, decentralized, optimally computerized trade and communications. This utility provides various services that perform management support services. This support service provides the necessary management overview to maximize the benefits provided by electronic automation, distributed processing and distributed systems (eg, networks) that make optimal use of resources.

The Distributed Trading Utility is particularly suited to providing a management infrastructure for the Internet, an organization's intranet, and similar environments that include scattered electronic information creators, users, and service systems.

The Distributed Trade Utility Architecture provides a foundation for efficient, economical, flexible, programmable, reusable, versatile, electronic trading and communications management support services. Providing these capabilities is important to establish the basis for human electronic interaction. This interaction supports an optimal business or personal electronic relational model.

分散 The Distributed Trading Utility Architecture provides an electronic trading and communication support service platform. With this foundation, it is possible to adapt and handle any particular model that combines distributed and centralized processing.

The distributed trading utilities supported by this model are uniquely configured or reconfigured in stages, optimally combining the management capabilities of localized, centralized, and networked distributed trading utilities.

• The innovative electronic management capabilities of decentralized trading utilities support combined, decentralized, peer-to-peer or centrally networked capabilities. By combining these capabilities, local / remote combinations, centralized asynchronous and / or synchronous network combinations can be handled. Such a combination constitutes the most commercially viable, economical and marketable-business-required-model for any purpose at any time.

分散 The decentralized trading utility architecture is versatile. The architecture supports many trade and communication models. These models may moderately share (eg, reuse) localized, centralized, and networked resources. As a result, the decentralized trading utility can optimize a practical and effective electronic trading and rights management model. These models can share the resource management cost by sharing the same or overlapping resource bases.

One or more distributed utility utility trading models may share some or all of the resources in one or more other models. In a virtual space, there are many rapidly changing business opportunities, business relationships, and business constraints. To accommodate this virtual space requirement, one or more models may change the combination or nature of the distributed management operations.

分散 The decentralized trading utility supports the transition from traditional trading processes to electronic trading processes. The electronic trading utility provides the distributed processing, rights for "clearing house" management, security design, purpose-built structures, and simplified administration mechanisms required for an efficient and practical electronic trading model (administrative @ Smart). agent, negotiation and electronic decision making techniques, and / or electronic automatic control techniques, etc., to further digitize the trade process.

Certain decentralized trading utilities (financial payments, handling inspections, etc.) can be run in a space where the user's electronic devices can be safely used, such as the “Protected Processing Environment” disclosed in Ginter et al.

分散 Distributed clearinghouse operations can be performed through “virtually networked and / or layered” sites of many trading utility systems. The site employs a multi-purpose, shared (eg peer-to-peer) virtual distributed environment infrastructure.

For a given application or model, a number of other distributed trade utility services have been granted to provide different types of management and / or support functions.

Any or all services supported by the Distributed Trading Utility are performed and / or used by similar organizations, consortiums, or other organizations, or electronic community users, such as individual user websites. .

One or many parts of the distributed trading utility can be configured in a network with a distributed protected processing environment. The environment performs one or more tasks in a layered and / or peer-to-peer relationship.

A protected processing environment for multiple decentralized trading utilities can be useful for integrated service operations, basic components, and / or clearinghouse operations.

As in the preferred embodiment, many protected processing environments of VDE users have their own layered, networked and / or centralized management and / or VDE Protected distributed processing environments that serve distributed trade utility operations can be decentralized, as much as supporting the user's relationship to the protected processing environment.

• In a given model, one or more decentralized trading utility operations are fully decentralized, while another specific one or more operations are further (eg, layered) and / or fully centralized. Can be done. Also, other specific tasks may be partially decentralized or partially centralized.

The basic peer-to-peer control capabilities provided by the decentralized trading utility are important, practical, evaluable and / or decentralized services that simultaneously provide substantial trade management, security and automation services. Is also effective for any of the components.

Combinations of features, locations, and / or capabilities of decentralized trading utilities are provided in variable combinations of decentralized or centralized provisions. It may be a protected distributed environment for end users and / or a "distributed" protected distributed environment (local, regional, class-specific, etc.) and / or a protected distributed environment for centralized services. Various features, arrangements and abilities to work with are included. .

分散 Distributed trade utilities are particularly useful for supporting the Internet and other electronic environments where scattered information producers, users and service providers exist. By supporting the activities of users in the electronic world, and by moving previously non-computer-based human activities to the Internet, intranets, and other electronic interaction networks, decentralized trading utilities are essential and important. Play a role. Users of such networks require a distributed trading utility infrastructure and support services to economically fulfill business or personal needs. These secure decentralized trading utilities are needed to fully support the ability of the electronic trading model to fully assess the needs and to adequately handle all required activities and service volumes.

分散 Distributed trading utility technology is provided by a set of secure and decentralized support and management services for electronic trading, rights management, distributed computing and process control provided by the present invention.

分散 Distributed trade utility support services, including highly secure and complex professional and / or contractual services, can be used by electronic trade and value chain users. It is used in a seamless, convenient, and relatively straightforward manner, without being aware of complex operations that are invisible to the user.

• Distributed trade utilities can at present guarantee a reasonably high standard of security and automation based on physical, computer, process and regulations. On the other hand, it provides enhanced, efficient, reliable, easy-to-use and convenient features that are needed (or at least high demand) for the regular and efficient support needed in the electronic community. Guaranteed by providing.

As in the preferred embodiment, the distributed trading utility assists in generating a competitive trading model that operates in the context of an "open" virtual distributed environment (VDE) based on digital markets.

分散 The decentralized trading utility realizes convenience and efficient operability for value chain users. For example, through a seamless “distributed” interface (eg, a distributed application), a complete, integrated set of key “payments” that are programmable and optimally supported to support business relationships involving multiple people. The decentralized trading utility provides the capabilities of "functionality." Payment and / or support functions and / or secondary support functions may be used individually and / or separately to meet the required business confidentiality, efficiency, or other purpose. It is configured.

分散. Distributed trade utilities make it easier for providers, retailers, wholesalers, repurposers, consumers, and other value chain users to connect, use, or do business with distributed trade utility services. The connection is simple, seamless and straightforward (a single connection can provide many supplementary services).

分散 The decentralized trading utility can further improve convenience and practicality. It is enhanced by providing or supporting a consumer's brand image for payment services provided by participating organizations. However, it utilizes shared infrastructure and processes.

Decentralized trading utilities realize key capabilities arising from the size and expertise of participating organizations by supporting a "virtual" model that incorporates the capabilities of special services and large numbers of users electronically and seamlessly. sell.

分散 The decentralized trading utility allows consumers to easily receive benefits such as services or products. Here, such services or products are brought about by the introduction of a "fabric" of various support services. Each service is further divided into a specific service distribution structure and / or a related configuration of service providers (the overall structure is clear to value chain users, but most or all of the underlying The complexity is not explicitly stated (it does not need to be explicitly stated).

The distributed trade utility service and its capabilities in the preferred embodiment can incorporate or combine the capabilities of one or more virtual distributed environments described in Ginter et al. In a reasonable manner. An example is shown below.

A. VDE chain of handling and control Secure, trusted, internal node communication and interoperability
C. Secure database D. Authentication E. Encryption F. Fingerprint G. H. Other VDE Security Technologies Rights management system I. Object design and secure container technology Container control system K. Rights and Process Control Language Electronic negotiation Secure hardware Smart agent (smart object) technology (eg, smart agent refers to process control, many users, and / or other management agent capabilities that support management integration of distributed nodes)

Distributed and Combinable Trade Utility Systems The support management service functions provided by the distributed trade utility can be combined and / or distributed through electronic communities, systems or networks in various ways. To facilitate such coupling and distribution, a preferred embodiment utilizes a protected processing environment based on the virtual distributed environment described by Ginter et al. Since the protected processing environment of all such virtual distributed environments is at least partially reliable, all protected processing environments can be a clearing house or a part of a clearing house. A trade model tailored to the interests and needs of VDE trade node users may support distributed trade utility services. This service may be, for example, an end-user electronic device where the other VDE-protected processing environment has secure communication technology and other VDE capabilities (the VDE capabilities can directly integrate the present invention as described above). Dominates the whole. Together with the more centralized value chain nodes, such devices can constitute combinations that function like virtual payments protected in a distributed environment. Eventually, a portion of the virtual space is occupied by a large "virtual" computer whose access to resources is based on "availability" and rights.

The Distributed Trading Utility is a modular, programmable, general-purpose utility that supports virtual computers. The decentralized trading utility has a special architectural base for the design of electronic trade value chain models and virtual computers. Features with programmable implementation support a variety of realistic (logical and / or physical) and / or distributed situations to provide the same and / or similar services can do. The following is an example.

• Centralized trading utility systems and services provide efficient, centralized point-of-care support functions or a combination of many functions.

Other trading utility systems may be provided in a partially or wholly decentralized manner.

Some support management service functions may be decentralized within and / or through existing or new communication infrastructures or other electronic network support components.

O Other support services may function within a secure execution space (eg, a protected processing environment) on any or all electronic devices. This works, for example, by using peer-to-peer communication and interaction to provide a secure web of support service structures.

Other support services may work with the infrastructure supporting the network and the user's electronics.

Such distributed support services may complement (and / or reduce the need for) the application of centralized support services. Different combinations of the same and / or different, non-decentralized and separately decentralized services may be provided to support individual activities. In addition, the nature and distribution of services for a given overall model will depend on each other's application. If necessary, the application of such individual models is shared by the same trade utility system and services and / or any special and / or any combined distributed trade utility management and / or support functions. .

In addition, special trade utility systems and service infrastructures are utilized in different ways and by different value chains (eg, business models or business relationship sets). For example, some value chains may choose to maintain more centralized specific support service functions for efficiency, security, management or other reasons, while others may use additional and / or different decentralized models. select.

For example, if the payment method and the rights holder and / or other value chain users agree, any one or more decentralized trading utility secure infrastructure support services may Some and all functions and rights may be distributed and / or delegated to a set and / or other value chain electronic devices. There are various advantages to distributing and delegating these services and functions. For example, a secure electronic trading web in which any, many, or all sets of equipment here can function as at least partially equivalent (if not sufficient) other equipment with the same trading web structure. Only for problems, it allows for a flexible proposal of temporary and efficient generation.

The following is a comprehensive list of additional features of the distributed management support function provided by the present invention.

· Any combination of management and / or support functions may be integrated with any other management and / or support functions.

Any set or subset of trade utility system functions may be combined in an integrated structure with any other combination of trade utility system functions. The combinations can be distributed according to the degree required, and any one or some combination of the combinations is distributed into one or more parts. The value chain thereby takes on the most necessary and / or practical structure. Any combination of decentralization, rights settlement, financial note exchange, usage @ aggregation, usage reporting and / or other settlement and / or other decentralized trading utility function degrees may be implemented. Such distributed trade utility functions and / or management and / or support services may be combined with any other required distributed trade utility functions and / or management and / or support services. Such distributed trade utility functions and / or management and / or support services may be combined with any other desired distributed trade utility functions and / or management and / or support services.

Any one or more of the management and / or support services and / or functions may function as a trade utility system and support a network of trade utility system nodes. Each of these nodes supports at least part of the same type of trade utility management service business. Each trade utility system may interoperate with other authorized utility systems and / or nodes that grant and / or provide services and / or are secure.

Each trading utility system (or a combination of trading utility systems) functions as a “virtual clearinghouse” composed of a plurality of trading utility systems. As in the preferred embodiment, when complying with the VDE rules and controls,-in the manner described in the similar rules and controls-interoperate with other trading utility systems and / or other virtual clearing houses functioning on the same web. Function. Such "virtual clearinghouses" are empowered by a series of secure handling and management detailed in the Electronic Controls Codebook, and by a series of handling and management and other VDE capabilities to automate the electronic trading process. Can participate.

It is a great advantage to be able to distribute or later apply (modify) any support service function to any required system or network, if needed, for flexibility and efficiency. Increase. For example, when distributing support services such as a settlement function, a “bottleneck” can be avoided. A bottleneck is that the payment function is concentrated on one point when there is not enough capacity to handle the load. Increase the efficiency and system response time, significantly reduce processing overhead, avoid failures, and provide more flexibility in application applications by leveraging the distributed processing capabilities of many devices in the value chain. Can be. Also, generally, the present invention raises the need for a larger value chain by applying the needs and conditions of each value chain user.

Examples of Management and / or Support Services Provided by Distributed Trading Utilities Distributed trading utilities are organized into many different, special and / or versatile "trade utility systems". Trade utility systems may be centralized, decentralized, or partially decentralized and partially centralized to provide administrative, security and other services required by actual trade managers. Certain trading utility systems consist of the application of a decentralized trading utility with certain well-known administrative service functions, such as a clearing house or a certification authority. Other trading utility systems include new types of services and new combinations and configurations of known service operations. A trade utility system is any application of a distributed trade utility that supports a particular electronic trading model, and the trade utility system comprises the components of a trade utility system. A trading utility system may include some or all of the examples provided below and allow for a combination of capabilities and decentralized structures.

• Financial clearinghouses • Clearinghouses in use • Rights and clearinghouses • Certification authorities • Secure directory services • Secure trading authorities • Multipurpose, general and / or including any combination of the capabilities of the above systems , Combined trading utility systems-other trading utility systems

These trading utility systems have great effectiveness and applicability.
For example, they provide any or all of the following management assistance:
• Reliable, electronic event management • Networked, automated, decentralized, secure process management and control • A series of handling and control in a virtual distributed environment • “Not connected”, virtually connected Rights management and handling (eg, events) management (eg, auditing, controlling, enforcing rights, etc.) across and / or within electronic networks, including or regularly connected networks

The trading utility system may manage the chain of electronic processes or electronic event results for the following examples.
• Electronic advertising • Market and handling analysis • Electronic money • Financial transaction settlement and communication • Manufacturing and other decentralized process control models • Financial bill exchange • Payment fulfillment or at least content, process control (events) and / or rights management Provision of other fees (service fees, product prices or other fees and / or fees) based in part on etc.

Auditing, billing, fulfilling payments (or providing other considerations) and / or other settlement activities. • Obtaining information on the use of one or more secure containers and / or content and / or processes (events). Edit, aggregate, use and / or supply. Also includes secure container content and / or any other content.

• Providing information based on one or more secure containers and / or content and / or handling inspections on processes (events), user profiling, and / or market research • Content (such as advertisements) Access and / or use of information obtained through the use of processes (events); provision of registration services of interest; and / or rights, permits, prices and / or other rules and control information; registered and / or Or, about the object to register

Electronic authentication information such as authentication identity, class affiliation proof and / or attributes of other individuals' identity used or required for regulation and control. Other individual identity attributes may include, for example, class identity (eg, jurisdiction (tax), employment and / or vested class rights for automated processes (eg, club members for whom discounts on purchases may be granted). (Including certification), including the right to fulfill financial transactions by certification of other members.

-Business information for storage and / or authentication and / or back-up and payment of transactions by third parties-Provision of process control and automation services for modified and combined trade utility systems. Here, another trading utility system supports the demands of another value chain and / or business model. Also, such a trading utility system fully supports a decentralized, evaluable, efficient, networked and / or fixed tier and / or virtual clearing house model. This model provides for secure processing in a decentralized clearing house of a trading utility system to pass through clearing houses for defined, managed, or partial, overall and / or detailed transaction information. Ensure secure communication in the environment.

-Electronic trade model, EDI and distributed computing regulations. This regulation sets out the demands of users for a reliable foundation that is efficient, decentralized management, automation, and management of value chains in transactions.
・ Other support and / or management services and / or functions

Detailed description of the embodiment
Distributed Trade Utility FIG. 1 shows an example of a consumer device 100 electrically connected to a distributed trade utility 75. In this embodiment, electronic network 150 connects device 100 to decentralized trading utility 75. Distributed trading utility 75 supports activities performed within consumer device 100.

The Distributed Trading Utility 75 provides the basis for management and support services for electronic trading and communication. This foundation is efficient, cost-effective, flexible, configurable, reusable, programmable, and generalizable. It supports all electronic relationships, interactions and communications, both for personal and business use.

The distributed trading utility can support any electronic device. The device 100 can be any type of electrical or electronic device, such as, for example, a computer, entertainment system, television set, or video player. In the particular example shown in FIG. 1, consumer devices 100 are a home color television set 102, a video player / recorder 104 and a set-top box 106. For example, device 100 may be controlled by hand-held remote controller 108. For example, set-top box 106 may receive television programming from television broadcast station 110 and / or satellite 112 via cable television network 114. The player / recorder 104 can play various types of program material from tape, optical disk or other media, and also has the ability to record program material received via the set top box 106.

The device 100 may have a "protected processing environment" The device 100 is preferably a secure electronic device of the type shown in the embodiment of FIGS. 7 and 8 of Ginter et al. It is preferably part of the "Virtual Distribution Environment" described in the patent specification of Ginter et al. FIG. 1A shows that the television 102, set top box 106, media player / recorder 104, and remote control 108 may each have a "protected processing environment"("PPE") 154. Distributed trade utility 75 interacts with and supports processes running within these protected processing environments 154.

The protected processing environment 154 may reside on one or more computer chips, such as a “secure processing unit” based on hardware and / or software as shown in FIG. 9 of the Ginter et al. Patent. Can be based on The protected processing environment 154 provides a very secure and reliable environment. Within this environment, electronic processes and e-commerce can be performed reliably without the significant danger of tampering or other compromises. The patent disclosure of Ginter et al. Describes techniques, systems and methods for designing, constructing, and maintaining a protected processing environment 154, including rights holders and other value chain participants (including consumer 95). Can rely on its security and integrity. In the preferred embodiment, it is important for the interaction between the decentralized trading utility 75 and the electronic device 100 to gain such trust.

Distributed Trade Utility Can Be Formed From Many “Trade Utility Systems” FIG. 1B illustrates that a distributed trade utility 75 can be formed from multiple trade utility systems 90. Different types of trading utility systems may exist. For example:
・ Financial clearinghouse 200
・ Used clearinghouse 300
・ Rights and permits clearinghouse 400
-Certification authority 500
・ Secure directory service 600
-Trading Authority 700
A VDE administrator 800; and another type of trade utility system 90.

Trade utility system 90 may support and manage functions or operations within protected processing environment 154. For example:
-The protected processing environment 154 of the device 100 may provide an automatic electronic payment mechanism 118 that charges the consumer's bank account or other monetary account based on program consumption. The decentralized trading utility 75 may include a special purpose trading utility system 90 a called “financial clearinghouse” 200. “Financial clearinghouse” 200 supports the financial aspects of the operation of protected processing environment 154. In other words, it protects rights holders and others who receive legitimate payments, and ensures that consumers 95 are not overcharged.

The broadcast station of the television program 102a weighs how much the consumer 95 has watched and watched the video program 102a with the electronic usage metering mechanism 116 in the protected processing environment 154 of the device 100. May require that The decentralized trading utility 75 may include a special purpose trading utility system 90b called a "clearing clearing house" 300. The "use clearinghouse" 300 receives usage information metered by the usage meter 116 within the protected processing environment 154, analyzes it, and provides reports.

The rights holder of the video program 102a may strongly demand a protected processing environment 154 that provides a copy protection mechanism 120 that reliably prevents copying of the video program 102a. Distributed trading utility 75 may include a special purpose trading utility system 90c called "Rights and Authorized Clearing House" 400. The “rights and licensing clearinghouse” 400 provides the licensing required to enable consumers 95 to view certain programs (eg, on a pay-per-view basis) in a protected processing environment 154. To help strengthen the ban on, for example, the copy protection mechanism 120.

The rights holder of the video program 102a confirms that the protected processing environment 154 of the device 100 authenticates the consumer's identity or age before the consumer 95 can view the video program 102a. Own the “digital authentication” 122. Distributed trading utility 75 may include a special purpose trading utility system 90d called "certifying authority" 500. The "certifying authority" 500 generates a "digital certificate" 504 and provides it to the protected processing environment 154. Thereby, the consumer can effectively interact with the license provided by the rights holder.

Other trading utility systems 90 shown in FIG. 1B include:
A “secure directory service” 600 that can assist the protected processing environment 154 in electrically communicating with other computers and devices on the network 150
A trading authority 700 that may be available for process control and automation, such as, for example, securely auditing and overseeing complex e-commerce, including the protected processing environment 154.

In a preferred embodiment, an “administrator” 800 of a virtual distributed environment (“VDE”) that can maintain a protected processing environment 154 that operates smoothly and securely.
Still other trading utility systems 90 not shown in FIG. 1B may be used for managing and / or supporting additional functions and operations. The various trade utility systems 90 may work together and share the entire task to support the consumer 95 efficiently and effectively.

Figure 2E Figures 2A trade utility system that may be dispersed shows exemplary distributed trade utility 75 can be dispersed. Some management and support functions of the trade utility system 90 may also be performed in the consumer electronic device 100 or in a “spread out” manner across a number of different devices that cooperate.

As described above, each device 100 provides a protected processing environment 154 that is tamper resistant and provides a secure location where management and support operations can be performed. This causes the electronic device 100 in the consumer's home to perform operations so that it can be trusted by other parties, such as rights holders and e-commerce participants. Due to the trusted and protected nature of the protected processing environment 154, some, extended, or even entire portions of the trading utility system 90 may include each or any protected processing environment 154 and associated Exists in the electronic device.

2A through 2E show the overall functionality of an example of a trading utility system 90, such as a clearinghouse 300, in a 4-piece jigsaw puzzle. 2A-2E show that these trading utility system functions can be distributed to different degrees. For example:
FIG. 2A shows an example in which all functions of the trade utility system 90 are performed in a secure central facility.

FIG. 2B illustrates an example where most of the functions of the trade utility system 90 are performed in a secure central facility, but some functions are performed within the protected processing environment 154 of the user electronic device 100. Show.

FIG. 2C is an example where some functions of the trade utility system 90 are performed in a secure central facility, but most of the functions are performed in the protected processing environment 154 of the user electronic device 100. Is shown.

FIG. 2D illustrates that some functions of the trade utility system 90 are performed in a secure central facility, some functions are performed in the protected processing environment 154A of the first user electronic device 100A, 7 illustrates an example in which some functions are performed within the protected processing environment 154B of the second user electronic device 100B.

FIG. 2E illustrates that none of the functions of the trade utility system 90 are performed in a secure central facility, and some of the functions are protected in the protected processing environment 154 (1) of the first user electronic device 100 (1). ), Some functions are performed in the protected processing environment 154 (2) of the second user electronic device 100 (2), and some functions are performed in the third user electronic device 100. (3) are performed within the protected processing environment 154 (3), and some functions are performed within the protected processing environment 154 (N) of the Nth user electronic device 100 (N); An example is shown.

Alternatively or additionally, some functions of the trade utility system 90 may be distributed within the network 150, for example, within devices used to communicate data between the devices 100.

Distribution of Multiple Management and Support Functions FIG. 3A illustrates how trade utility system 90 functions or sub-functions may be distributed within the same protected processing environment 154.

For example:
The financial note function 200a operating within the protected processing environment 154a of the consumer device 100A replaces and / or supports some financial note clearing operations performed by the centralized clearing house 200; Certain financial note exchanges, such as possible audits, may be provided.

The financial clearinghouse 300a operating within the protected processing environment 154a of the consumer device 100A may, for example, collect, use, supplement, substitute or add to the clearinghouse clearing operation performed by the clearinghouse 300. Certain usage information clearing operations may be performed, such as combining and analyzing information.

The protected processing environment 154a of the device 100A performs all rights and authorization clearing operations 400a, predetermined authority operations 500a, and predetermined secure directory service support operations 600a; The operations performed by the certification authority 500 and the secure directory service 600 may be performed at a consumer site that supplements, adds to, or replaces the operations.

FIG. 3B shows another example of home electronics 100 (2) through 100N (in this case, personal computer 124) with different combinations of support or management functions (eg, some or more performed by trading authority 700). All functions) are executed locally. For example:
Processes in the protected processing environment 154 (1) are partially decentralized and partially centralized clearinghouse 200A, partially decentralized and partially centralized clearinghouse 300A. A partially decentralized and partially centralized rights and authorization clearinghouse 400A, a partially decentralized and partially centralized certification authority 500A, a centralized secure directory service 600A, and centralized Trading authority 700A.

Processes in the protected processing environment 154 (2) are centralized clearinghouse 200B, partially decentralized and partially centralized clearinghouse 300B, partially decentralized and partially clearing Relies on a centralized rights and licensing clearinghouse 400B, a centralized authority 500B, a centralized secure directory service 600B, and a partially decentralized and partially centralized transaction authority 700B. obtain.

Processes in the protected processing environment 154 (N) are partially decentralized and partially centralized clearinghouse 200N, partially decentralized and partially centralized clearinghouse 300N. Partially decentralized and partially centralized rights and licensing clearinghouse 400N; partially decentralized and partially centralized certification authority 500N; partially decentralized and partially centralized security Directory service 600N as well as a partially distributed and partially centralized trading authority 700N.

Taking this concept of a distributed bill clearing service further, it is possible to completely distribute the distributed trading utility 75 as shown in FIG. 3C. That is, it relies almost or completely on the operation and activities of the management and support services of the user's electronic device 100 within the secure protected processing environment 154. In this manner, the user's own electronic device 100 may, in a decentralized manner, provide any or all financial bill exchanges, use bill exchanges, and rights and authorization bill exchanges, as well as authentication, secure directory services, And perform trading authority services. Such "local" and / or parallel and / or distributed processing bill exchanges may more efficiently respond to individual consumer needs. For example, this may allow consumers to contribute to controls that, on the one hand, provide rights holders with the summary information they require, while preventing certain private data from leaving the consumer's own electronics. The only way.

2A-2E and 3A-3C are not mutually exclusive ways of providing a centralized trading utility system 90. Conversely, a distributed configuration has the advantage of providing a hybrid configuration. In a hybrid configuration, some management and support service functions (e.g., micro-payment @aggregation, usage data privacy functions, and issuance of certificates such as parent-issued certificates for children) are widely distributed; On the other hand, other management and support functions (eg, issuance of critical digital certificates, maintenance of large databases supporting secure directory services, etc.) are even more centralized. Any particular management and support services, clearinghouse or function distribution include, for example, efficiency, reliability, scalability, resource requirements, business model, and other factors. It can depend on a variety of very important issues. In addition, the degree of diversification is determined by a particular business model preceding a particular business sub-model or, for example, a geographical body and / or a governing body and / or a region area. It may include a multi-level hierarchy based on a subset.

Since a given electronic device 100 participates in multiple activities, it is possible that different activities may rely on a distributed and centralized trading utility system 90 in different formulas. For example, for one activity, the protected processing environment 154 may rely on a centralized clearing house 200, and for another activity, the protected processing environment 154 may be partially distributed and partially centralized. For further activities, the protected processing environment 154 may rely on a fully distributed financial clearinghouse 200 for further activities. Different degrees of dispersion may be used for different activities or business models.

Trade Utility System Web FIG. 4 illustrates that the trade utility system 75 may include a vast “web” of distributed, partially decentralized, and / or centralized trade utility systems 90. A network 150 may be used to connect this web of trade utility system 90 to a variety of different electronic devices 100 that may share the distributed trade utility 75. For example, the electronic network 150 may connect to:

A set-top box 106 and / or a media player 104
・ Personal computer 124
・ Computer graphic workstation 126
A multimedia / video game system 128, or other types including, for example, manufacturing controls, home appliances, process control equipment, electronic networking and / or other communication infrastructure devices, mainframes and / or small computers, etc. Electronic device 100

In this example, the same decentralized trading utility 75 may support a variety of disparate activities of multiple different consumers, authors, distributors, providers, merchants, and others. That is, the distributed trading utility 75 can support a wide variety of disparate electronic activities. FIG. 4 also illustrates the trade utility system 90 by exchanging an electronic “container” 152 of the type disclosed in Ginter et al. For security (eg, confidentiality, authenticity and integrity). Communicate with the electronic device 100 (and with each other) and can be managed through the use of certain rules and controls that are processed in a protected processing environment.

The Trade Utility System Web Can Be Substantially Unlimited FIG. 4A shows that the trade utility system web can be vast or unlimited. In fact, the network 150 may be a seamless web connecting millions of electronic devices that span the world and have any number of trading utility systems 90.

The web of the trade utility system 90 can provide very complex interconnections with a variety of different electronic devices that perform a variety of different electronic functions and e-commerce. As described above, any electronic device 100 may be able to communicate with any trading utility system 90 or any other electronic device. This allows for maximum efficiency and flexibility in assigning different trading utility systems to different e-commerce transactions. For example:

• It is best to use a geographically close trading utility system to minimize the total time required to exchange messages.

In some cases, more remote trading utility systems are better equipped to efficiently handle certain types of specialized transactions.

Government regulations also dictate, at least in part, that certain trade utility systems be selected over others. (For example, a Japanese customer may fall into legal affairs when trying to use the Financial Clearing House 200 located on Cayman Island, or a New Jersey resident may have a Financial Clearing House reporting New Jersey sales tax. 200 may be required by law.)

• Different types of competing trading utility systems may be provided by different parties, but these different types of systems populate the web containing distributed trading utilities 75. Interoperability between such systems and / or nodes of the system is important for efficiency and allows for the reuse of electronic commerce resources.

Rights Holders and Providers Can Select Between Trade Utility Systems FIG. 5 illustrates how rights holders can make a selection among different trade utility systems 90. In this example, Bob operates a first clearing house 300a, Alice operates a second clearing house 300b, and Helen operates a third clearing house 300c. These various bill clearing service providers may compete with or complement one another based on quality and / or price. (For example, each may specialize in a different type of transaction.)

Since the electronic network 150 connects the electronic device 100 to many different trade utility systems 90, the rights holders in the digital property (digital @ property) that the consumer is using can select a plurality of different trade utility systems. May be provided. Content providers and rights holders certify specific trading utility systems 90 (or groups of trading utility systems 90) that handle different aspects of the transaction. For example:

-The computer software distributor may specify that the personal computer 124 send the metering information 116a to the Helen clearinghouse 300c to monitor the use of the computer software or other activities performed by the personal computer. .

The rights holder of the video program 102a may specify that the set-top box 106 send metering information 116 about the video to Alice's clearing house.

O The multimedia content provider may specify that Bob's clearinghouse 300a be used to process usage data 116c generated by the multimedia player 128.

In some instances, it also serves to pre-specify the particular clearing house or other trading utility system 90 that particular consumers 95 prefer to use. FIG. 5 illustrates a provider (and / or consumer) selection by a police officer directing metering traffic to a selected clearing house 300. (Electronic control, as described herein and in Ginter et al., Is preferably the mechanism that actually controls how traffic is directed.)

The content provider or rights holder enables the consumer 95 to select from a group of trade utility systems 90 (and / or trade utility system 90 providers) that the content provider / right holder wants to handle. For example:
The television studio certifies certain individual or various trade utility systems 90 and handles transactions relating to television programs, and / or specifies specific individual or various trade utility systems 90 that the studio does not wish to handle. I can do it.

特定 Specific trading utility system 90 sets requirements and criteria for individual (or various) providers and / or consumers 95.

III. Value chain participants enter into legal contracts and / or business relationships with different trading utility systems 90.

Trade Utility Systems Can Work Together FIG. 6 illustrates that different trade utility systems 90 can work together and support different types of operations. In this example:
The clearinghouse 300a, the rights and licensing clearinghouse 400a, the certification authority 500a, and the financial clearinghouse 200a (left hand side of the figure) to support specific operations by the set-top box 106 and the television set 102. Can be used.

The same financial clearinghouse 200a, and different clearinghouses 300b, different certification authorities 500b and different rights and licensing clearinghouses 400b (top of the drawing) used to support certain activities on the personal computer 124 Can be done.

• Yet another financial clearinghouse 200c, a certification authority 500c and a clearinghouse 300c, and the same rights and licensing clearinghouse 400b (right hand side of the drawing) are used to support the electronic activities of the multimedia system 128. obtain.

A further different combination of trade utility systems (in this case, along the bottom of the drawing, clearinghouse clearing 300c, clearinghouse clearing 200d, rights and licensing clearinghouse 400c, and certification authority 500a) support sound system 130. Can be used to

This example illustrates that various trade utility systems 90 can work in combination, and that different combinations of trade utility systems can be used to support different electronic commerce.

Management and support service functions can be combined in a multipurpose trading utility system for efficiency and convenience.

FIG. 7 illustrates that the management and service functions or sub-functions of the different special purpose trade utility systems 90 are integrated into a more general or multi-purpose trade utility system 90 for maximum simplicity, efficiency or other reasons. Can be integrated into For example:
-Bob may operate an integrated or combined trading utility system 90a that provides a financial clearinghouse 200a function, a certification authority 500a function, a clearinghouse 300a function.

Anne may operate an integrated or combined trading utility system 90b that provides a financial clearinghouse function 200b, a rights and authorization clearinghouse function 400b, and a trading authority function 700b function.

Helen may operate an integrated or combined trading utility system 90c that provides a rights and clearance clearinghouse function 400c, and a certification authority function 500c.

Roger may operate an integrated or combined trading utility system 90d that provides secure directory services 600d, clearinghouse services 300d, financial clearinghouse services 200d, and rights and licensing clearinghouses 400d. .

A consumer operating electronic device 100 may have access to any or all of these different trading utility systems 90 or combinations. For example, set-top box 106 may obtain rights and permissions and authorization from Helen's trading utility system 90c, but may utilize Bob's trading utility system 90a for financial note exchange and usage analysis.

The trade utility system 90 may provide any combination of management and support functions, or may provide sub-functions that are desired to perform the required operations in a given business model for maximum efficiency and / or maximum efficiency. Provides simplicity. For example, Ann's trading utility system 90 (2) may provide only a specialized subset of the financial note exchange function.

FIG. 7A is another illustration of how the trade utility system 90 may provide management and support for a wide variety of different combinations or subcombinations. In FIG. 7A, each of the various management and support functions is represented by a different type of building block (for illustration):

The financial note exchange function 200 is indicated by a square block.
The bill exchange function 300 is indicated by a semicircular block.
-The right and authorization clearing function 400 is shown as a rectangular block.
-The certification authority function 500 is indicated by a triangular block.
-The secure directory service function 600 is indicated by a building block with a tunnel.
-The trading authority function 700 is indicated by a cylindrical building block.

機器 The consumer and user devices 100 are shown as upright rectangular pillars in the figure. The electronics network 150 is shown as a way to connect various trading utility systems to each other and to the consumer electronics device 100. Electronic digital containers 152 may be transported along the "information highway" 150 between the electronic network or different electronic facilities.

FIG. 7A only shows some of the many possible combinations of management and support services that may be used. For example:

In the upper left hand corner, the trade utility system 90A provides at least a plurality of financial note exchange functions 200a, at least a plurality of rights and authorization bill exchange functions 400a, and at least a plurality of authentication functions 500a. An entire electronic trading utility system 90A of this type may be present, for example, in a business that manages and transfers rights for rights holders and in processing payments based on those rights.

The trading utility system 90D for the rights of the facility 90A includes a financial note exchange service 200d and a trading authority service 700a. It is, for example, particularly useful for auditing and managing an entire multi-step transaction while ensuring that the appropriate parties to the transaction are paid.

· In the lower center of the drawing, there is a trading utility system 90B including a financial note exchange function 200f and a used bill exchange function 300c. This trading utility system 90B is particularly useful for handling payments and other financial items, for example, for electronic use transactions, and for providing auditing and reporting services based on electronic use.

· The trade utility system 90C shown in the lower center of the drawing combines the certification authority service 500 with the bill clearing service 300f. It can be particularly useful for issuing digital certificates and tracking the use of those certificates (eg, to assess risk, potential liability, insurance costs, etc.).

様 々 The various examples shown in FIG. 7A are for illustrative purposes. Other combinations are possible or may depend on the business purpose, convenience and other factors.

Trade Utility System Hierarchy FIG. 8A illustrates that a trade utility system 90 or functionality may be organized in a hierarchy. For example, the entire financial (or other) clearing house 200 (N) has the highest responsibility for the operation of a number of other financial (or other) subordinate clearing houses 200 (1), 200 (2),. May be monitored and / or have. In the example of FIG. 8A, consumer electronic device 100 may interact with clearing house 200 (1), clearing house 200 (1) may interact with another clearing house 200 (2), and so on. . This "hierarchy" of management and support services can be considered in some respects to be similar to a chain of orders within a large organization or army. That is, one clearing house exercises and / or delegates power, control and / or supervision to another clearing house.

FIG. 8B shows another example of a management and support service hierarchy. In this example, a plurality of centralized clearing houses and / or other entire trading utility systems 90 delegate some or all work responsibilities to other trading utility systems 90. In this particular example, an organization such as a business or disadvantaged organization may have its own trading utility system 156. Certain electronic trading or other activities (eg, the entertainment industry) may have their own vertically specialized trading utility system 158. Certain geographic, territorial or jurisdictional groups (eg, all purchasers of a particular product in Wisconsin) have their own territorial / jurisdictional specialized trading utility system 160. I can do it. Trade utility systems 156, 158, 160 further down in the hierarchy may further delegate authority or responsibility to particular consumers, institutions or other entities.

In one example configuration, the delegated trade utility system 90 may perform substantially all of the actual support work, but with more higher-level trade utility systems notified via reports or other means. 90 may be retained. In another configuration, the upper level trading utility system 90 has nothing to do with the daily activities of the trading utility system that commissioned the work. In yet another example configuration, a more specialized trade utility system performs some tasks, and a higher-level trade utility system performs other parts of the work. The authority used in a particular district's work and in a particular scenario can depend widely on factors such as efficiency, reliability, availability of resources, types of transactions being managed, and a variety of other factors . Delegation of the clearing authority may be partial (e.g., outsourcing the use aggregate but not financial or rights management responsibilities) (e.g., while centralizing some more important functions, (By placing some functions within the electronic device).

The multi-functional trading utility system may be organized hierarchically or peer-to-peer . FIG. 9 includes both hierarchical chaining of instructions and horizontal advanced coordination between different multi-functional trading utility systems 90. 2 illustrates a different and more complex trading utility system environment. In this example, Level 1 primary or upper level trading utility system 90 (1) with highest authority (eg, financial clearinghouse 200), and Level 2 with progressively less power, authority, control, scope and / or responsibility There are five levels of responsibilities for 3, 4, and 5 additional trading utility systems. FIG. 9 also illustrates that different trading utility systems at the same level may have different functions, scopes and / or territories. For example:
Trade utility system 90 (2) (1) may be a "type A" trade utility system.

The trade utility system 90 (2) (2) may be a "type B" trade utility system.

· Trade Utility System 90 (2) (3) may be a “Type C” trade utility system.

At the next lower level, a trade utility system is a type A trade utility system (such as 90 (3) (1) and 90 (3) (2)) and a type B trade utility system (such as 90 (3) (4)). A trade utility system, a type C trade utility system (such as 90 (3) (5) and 90 (3) (6)) or a trade utility system 90 (3) which is a hybrid having type A and type B functions. ) (3) and the like.

FIG. 9 also shows that additional clearinghouses at levels 4 and 5 can have subtypes in addition to types. For example, in the context of the financial clearinghouse 200, type A is for consumer deposits, type B is for electronic checks, and type C is for commercial deposits. Can be responsible. Another category may be the bill clearing for Visa (Type A), MasterCard (Type B) and American Express (Type C). The type A / B clearinghouse then becomes a clearinghouse that can handle both consumer deposits and electronic check clearing. Type B, a subtype of Type B, may be responsible for commercial electronic checks. Subtype I of Type C may be a commercial credit card transaction and Subtype III may be a credit draft. The rationale for multiple instances is that jurisdictional boundaries (eg, France, Germany, New York and Alabama) and / or contractual arrangements (eg, bad credit risk, small number of buyers, very large Outsourcing of transactions). The peer-to-peer size may reflect the need to coordinate the entire transaction (e.g., between a small number of buyers' clearinghouses and a large commercial player's clearinghouse).

The rights and licensing clearinghouse 400 occurs according to the type of content (eg, movie, science, technology and medical, and software). Subtype A may include first-run films, oldies and art films. Subtype B can handle news and textbooks. Type C may be responsible for games, office, educational content. Clearing house peer-to-peer communications may include multimedia display licensing. (For example, a multimedia display may have permissions stored in one clearinghouse that uses back channels to other clearinghouses to ensure that the latest permissions are distributed.)

Some Examples of Trade Utility Systems As discussed above, the trade utility system 90 is generalized and programmable, and thus may provide a mix of different support and management functions to meet the needs of a given transaction. In this way, many or most of the trade utility systems 90 actually implemented are different, making it difficult to categorize execution because they are certain "types" of trade utility systems that conflict with each other. Provides a range of support and management functions.

Nevertheless, certain types of idealized and specialized trading utility systems 90 are very useful for a wide range of models, transactions and applications. Given that the actual implementation mixes functions or subsets of functions from multiple idealized models, it is useful and convenient to describe some of the characteristics of these "pure" trading utility systems 90 of different types. is there. The following is a brief summary of some of the properties of these "pure" idealized trading utility systems.

Financial clearing house 200
FIG. 10 illustrates an example of a financial clearinghouse 200 in more detail. The clearing house 200 handles payments to ensure that the value provider is properly warranted. The clearing house 200 may safely coordinate with other trading utility systems 90 in performing this task.

In this example, the clearing house 200 secures equipment on the network 150 in a secure manner using an electronic container 152, for example of the type described in the patent specification of Ginter et al. With respect to FIGS. 5A and 5B. It may communicate with the processing environment 154. The financial clearinghouse 200 receives payment information 202 from the protected processing environment 154 in these secure containers 152 and electronically or various banking, credit card, etc. so that the appropriate payment is made. Or may interact with other financial institutions.

The financial clearinghouse 200 interacts with, for example, the consumer's bank 206a, the provider's bank 206b, and the consumer's credit card company 206c. For example, the financial clearinghouse 200 may claim funds from the consumer's bank 206a and deposit funds into the rights holder's bank 206b to pay for watching a movie, television program or other content. I can do it. Additionally or alternatively, the financial clearinghouse 200 interacts with the consumer credit card company 206c to request a deposit check, obtain a deposit authorization, payment, and the like.

The financial clearinghouse 200 may provide the payment statement 204 to the consumer 95, for example, by transmitting the statement to the device 100 in the secure electronic container 152b and storing the authentication of the statement information. In this example, the consumer 95 may view the statement 204 using the protected processing environment 154 of the device 100 and may be able to print and save for record keeping purposes.

In one example, the payment mechanism 118 provided to the protected processing environment 154 can be an electronic wallet that provides electronic money for use in payment for electronic services or content. This electronic wallet may hold money in digital form. Consumers 95 can use digital money for whatever they want. If the electronic wallet is empty, the consumer 95 causes the clearing house 200 to refill the wallet by authorizing the clearing house to charge funds from the consumer's bank 206a account. The financial clearinghouse 200 processes the payment of electronic money, and the electronic wallet automatically (e.g., based on the consumer's prior authorization) if the consumer has consumed all of the former content. Arrangements can be made to be refilled, and consumers can be provided with detailed reports and statements 204 on how they have used electronic money.

Clearing House 300
FIG. 11 shows an example of the bill clearing house 300. The clearing house 300 in this example receives the usage information 302 from the usage meter 116, analyzes the usage information, and provides a report based on the analysis. Clearing house 300 may securely coordinate with other trading utility systems 90 to perform these tasks.

For example, clearinghouse 300 may send to consumer 95 a detailed report 304a about all the movies, television programs and other materials that the consumer saw in the previous month. Communication between the protected processing environment 154 and the clearing house 300 may take place in the form of a secure container 152. As described in the Ginter et al. Patent disclosure, the usage meter 116 may meter usage based on a number of different factors, ranging from very detailed to general. If the consumer desires, a detailed usage report 304a can be viewed on the television set 102.

The clearinghouse 300 may report to other clearinghouses the consumer's viewing habits that are compatible with protecting the privacy of the consumer. These reports may also be sent in a secure container 152. For example, clearinghouse 300 may provide summary report 304b to advertiser 306 without revealing the identity of the consumer, but may provide valuable information to advertiser 306 about the viewing habits of the consumer. On the other hand, with the consent of the consumer, clearinghouse 300 may provide more detailed information identifying the consumer to advertiser 306 or other specific people. Conversely, the consumer 95 may be motivated such as, for example, a discount, cash, free movie or other compensation.

The clearinghouse 300 may issue a report 304c to a rights holder 308, such as a producer or director of the video program 102a being viewed by the consumer 95. These reports allow rights holders to identify who has viewed their programming material and other productions. This is very useful to secure payments or to send consumers other similar programming material of interest to them.

The clearinghouse 300 also sends a report 304d to the research company 310 to automatically evaluate the popularity of the given program material. The clearinghouse 300 may also send reports to other market researchers 312 for scientific, market or other research.

Right and license clearinghouse 400
FIG. 12 shows an example of a rights and clearance clearinghouse 400. The rights and clearance clearinghouse 400 stores and distributes electronic licenses 404 (indicated by traffic lights in the figure). Authorization 404 may or may not grant authorization, and may specify the result. The rights and clearance clearinghouse 400 works with other trading utility systems 90 to accomplish its tasks.

In this example, the rights and clearance clearing house 400 acts as a centralized "warehouse" or clearing house for rights related to digital content. For example, broadcasters, authors and other content creators and rights owners may register licenses with the rights and clearance clearinghouse 400 in the form of electronic "control sets." These permissions may specify which consumers may or may not handle the digital property, under what conditions will be performed, and the results of the permission run. The rights and clearance clearinghouse 400 may respond to requests 402 from the secure processing environment 154 of the electronic device by delivering a clearance (control set) 188.

For example, assume that consumer 95 wants to watch a concert or game on television set 102. The viewer operates the remote control unit 108 to request a right to watch a predetermined program. The protected processing environment 154 automatically contacts the rights and authorization clearinghouse 400 on the electronic network 150 and sends an electronic request 402. The rights and clearance clearinghouse 400 "looks up" the request in the library or warehouse to see if it has received (recognized to provide) the required license 404b from the program rights holder 400. Next, the rights and clearance clearinghouse sends the requested clearance 188 to the protected processing environment 154.

For example, a license 188 may allow a consumer to view a concert or match only once and may prohibit copying by the copy protection feature 120. Authorization 188 also (or additionally) specifies a price for viewing the program. (For example, $ 5.95 is deducted from the consumer's electronic wallet.) The device 100 may ask the consumer 95 whether to pay $ 5.95 to watch the program. If the consumer answers "yes" (e.g., by operating the remote control 108), the device 100 automatically requests the consumer's e-wallet and displays the program "to allow the consumer to view the program." release.

Rights and Authorization The clearing house 400 may deliver an authorization 188 in a secure container 152b that may additionally include information controlled by the authorization. Alternatively, the license 188 may arrive at different times through different paths than the program or other content arriving at the device 100. For example, the license is transmitted over network 150, while the program associated with the license may arrive directly from satellite 112 or through another path, such as cable television network 114 (see FIG. 1).

The rights and licensing clearing house 400 issues reports 406 to rights holders or other people who have been granted or not granted licences. For example, a book or video author may be able to know the exact number of people who have requested the right to publish excerpts from the author's work, while being compatible with the consumer's privacy relationship. These types of reports may be supplementary reports provided by clearinghouse 300.

Certification Authority 500
FIG. 13 shows an example of a certification authority. The certification authority 500 issues a digital certificate 504 that provides context for electronic rights management. The certification authority 500 completes the task in cooperation with the other trading utility systems 90.

(4) The certification authority 500 issues a digital certificate 504 that certifies a specific fact. Digital certificate 122 is similar in some respects to a driver's license or high school diploma because it provides proof of certain facts. For example, we may vote in elections, buy liquor, or show a driver's license to prove that we are of the age to be able to watch "R" rated movies. This same driver's license attests to the fact that we have a particular name and live at a particular address and that we have the knowledge (of state car law) and the skills (to drive a car). The digital certificate 504 is equivalent to the aspect of a driver's license that confirms the identity of the licensee and relevant facts about the licensee, except that it is made from digital information instead of a laminar card.

In this example, the certification authority 500 may receive the consumer's request and associated evidence 502 and issue a corresponding digital certificate 504 that authenticates certain facts. The certification authority 500 may also receive evidence, certification, and possibly a certificate @ definition from other people, such as government authorities 506, vocational agencies 508, and universities 510. As an example, certification authority 500 may receive a birth certificate or other identity from government authority 506. Based on this identity information, the certification authority 500 may prepare and issue a digital certificate 504 proving the identity and age of the people. The certification authority 500 may also issue a digital certificate 504 proving occupational status, employment, place of residence, or various other types and categories based on various evidence and input from various people.

The certification authority 500 may authenticate organizations and machines, and people. For example, the certification authority 500 issues a certificate proving that Stanford University is a recognized institution of higher education or that ACME Transportation Company is a solid company and is authorized to transport dangerous goods. I can do it. Also, the certification authority 500 may issue a certificate 504 to the computer, for example, proving that the computer has a particular level of security or is authorized to handle messages on behalf of a particular person or organization.

The certification authority 500 may communicate with the protected processing environment 154 and other parties by exchanging the electronic container 152. The protected processing environment 154 of the electronic device 100 may use a digital certificate 504 issued by the certification authority 500 to manage or enforce rights and authorizations 188 such as those issued by the clearinghouse 400. For example, a set-top box 106 automatically prevents consumers under the age of 17 from viewing certain types of program material, or pays students viewing educational material. Or offer a discount system. These are all based on a certificate 504 issued by the certification authority 500.

Secure Directory Service FIG. 14 shows an embodiment of a secure directory service 600. Secure directory service 600 functions like a computerized telephone or name service directory. Consumers 95 can send requests 602 specifying the information they need. Secure directory service 600 “searches” for information and provides answers 604 to consumers 95. The secure directory service 600 can work with other trading utility systems 90 to perform its work.

Suppose, for example, that consumer 95 wants to order pizza electronically from Joe's @ Pizza. They decide what kind of pizza they want (eg, cheese pizza with large sausages and onions). However, they do not know Joe's @ Pizza's electronic address (which can be like an electronic telephone number). The consumer 95 can use the remote control 108 to enter information about what they want to search for (Lakeville, {Join's \ Pizza in Connecticut]). The protected processing environment 154 may generate a request 602 that includes the identification information and send the request to the secure directory service 600. It can route the request in the secure container 152a.

When secure directory service 600 receives request 602, it may access a database to find the requested information. Secure directory service 600 may have Joe's electronic address previously obtained directly from Joe or otherwise. Secure directory service 600 may return the requested information to device 100 in response 604. Response 604 may also be in secure container 152b. Consumers 95 may use this information to electronically send their orders to Joe's @ Pizza. The order can be displayed on Joe's order terminal within seconds of being sent by the consumer. Joe can deliver to consumers 95 very hot cheese, sausage, and onion pizzas a few minutes later. (However, delivery is done by car, not electronically, because real pizzas are more satisfying than electronic pizzas.)

The secure directory service 600 can help people connected to the network 150 contact other people. As one example, secure directory service 600 can inform clearinghouse 300 of how to find financial clearing house 200 on network 150. Electronic device 100 connected to network 150 may use secure directory service 150 to assist in contacting other electronic devices.

As described above, the request 602 for the secure directory service 600 and the response 604 it returns can be placed in a secure container 152 of the type described in the patent specification by Ginter et al. Using secure container 152 helps prevent eavesdroppers from eavesdropping on the exchange between consumer 95 and secure directory service 600. This protects consumer privacy. Consumers 95 do not mind if their pizza order is eavesdropped on by others, but electronically with certain other people (eg, doctors, banks, lawyers, or others with trust and trust relationships). There may be more interest in protecting the fact that we are dealing with Secure container 152 also helps to ensure that messages sent across the network are authenticated and have not been altered. The electronic container 152 can be trusted that Joe's @ Pizza's pizza order just came from the consumer 95 (and not someone else) and has not changed, , It is relatively confident that no one will send a fake pizza order to Joe in their name. The use of the secure container 152 and the protected processing environment 154 in the preferred embodiment is such that it cannot be denied later that the consumer 95 had actually placed an order with Joe's @ Pizza when ordering pizza. To guarantee.

Trading Authority 700
FIG. 15 illustrates an embodiment of a trading authority 700. The trading authority 700 in this embodiment provides processing control and automation. This helps to ensure that processing and transactions have been successfully completed. Trading authority 700 may interact with other trading utility systems 90 to perform and complete its work.

In further detail, the trading authority 700 of this embodiment monitors the status of the e-commerce and / or transaction, what has happened so far, and what has to be done to complete the entire transaction and / or transaction. Maintain a safe and reliable record of what needs to happen. Also, trading authority 700 may perform a more active role if desired, for example, by generating a request for a particular action to occur. Trading authority 700 may, in some cases, be the only participant in a complex transaction or transaction that "knows" all steps of the transaction. Trading authority 700 may also electronically define the entire process based on electronic controls contributed by various participants in the process.

FIG. 15 illustrates an example of how a trading authority 700 can be used to allow a consumer 95 to order a product such as a sweater. In this particular electronic home shopping (for illustrative purposes and not intended to be limiting in any way), the consumer 95 can use the remote control 108 to select the sweater they want to order at a particular price. May choose a particular seller, style, and color. In this home shopping embodiment, the protected processing environment 154 of the device 100 may generate an electronic order 702 to send to the order entry 704 of an electronic "mail order" company. Order 702 may be sent in secure container 152a.

In this embodiment, the trading authority 700 assists the e-commerce company in coordinating activities and ensuring that all processes required for the sweater to be delivered are being performed in an accurate and timely manner. For example:
-Upon receiving the electronic order 702, the order entry department 704 may provide an electronic notification 706 to the trading authority 700. Trading authority 700 may store electronic notification 706 and issue “requirements” 708.

The trading authority 700 may have issued the requirement 708 before the order is placed, so that the order entry department 704 knows what to do when the order comes.

· Due to “requirements” 708, order entry department 704 may issue orders 710 in electronic and / or paper (or other) form to manufacturing department 712.

The trading authority 700 may issue manufacturing requirements 714 to the manufacturing department to manufacture sweaters according to consumer preferences.

The trading authority 700 may also issue a supply requirement 716 to the supplier 718. For example, trading authority 700 may require supplier 718 to deliver a supply, such as a ball of yarn 711, so that manufacturer 712 has the materials to manufacture a sweater.

The supplier 718 may notify the trading authority 700 by issuing a notification 720 when delivering the supply.

· When manufacturing department 712 has finished the sweater, manufacturing department 712 may alert trading authority 700 by sending notification 722.

-In response to the notification 722 sent by the manufacturing department 712, the trading authority 700 may send a shipping requirement 724 to the shipping department 726, for example, to collect the completed sweater 728 from the manufacturing department and send it to the consumer. Require it to be delivered.

· The trading authority 700 may coordinate with other trading utility systems 90, such as the financial clearing house 200, to arrange payment.

Of course, this example is for illustrative purposes only. The trading authority 700 may, for example, handle electronic order sales, electronic data exchange (EDI), electronic contract negotiation and fulfillment, electronic document delivery, inter- and intra-company transactions, business organizations, to name a few useful applications. It can be used for any kind of different process control and automation, such as electronic integration of secure business processes within or between business organizations.

VDE management service 800
The VDE administrator 800 in the preferred embodiment (see FIGS. 1 and 1A of this application and the related discussion in Ginter et al.) Includes a network 150, equipment 100, a protected processing environment 154, and a distributed trading utility 75. Provides a variety of electronic maintenance and other features to maintain safe, smooth, and effective operation. For example, the VDE administrator 800 may manage cryptographic keys used for electronic security across the network 150, and secure data by the device 100, various trading utility systems 90, and other electronic devices. Maintenance services can also be provided. As described in detail in the Ginter et al. Patent disclosure, other important functions performed by the VDE administrator 800 include installing and configuring the protected processing environment 154, and ensuring that the protected processing environment Includes helping to keep stored authorization and / or usage data secure. VDE administrator 800 may interact with other trading utility systems 90.

In addition to supporting a consumer 95 that can support each other , the trade utility system 90 can support other trade utility systems. This is shown in FIGS. 16A to 16F. For example:
The financial clearinghouse 200 can help ensure that other trading utility systems 90 are paid for their contribution (see FIG. 16A);

使用 The clearinghouse 300 (see FIG. 16B) communicates to other trading utility systems 90 as to how the assistance they provide is being used. For example, clearinghouse 300 may inform certifying authority 500 how the certifying authority's certification was used. (This is very useful for accounting for the amount of possible liability guaranteed by the certification authority or for detecting fraudulent certification.)

FIG. 16C shows that the rights and clearance clearinghouse 400 includes, for example, a financial clearinghouse 200, a clearinghouse 300, another rights and clearance clearinghouse 400 ', a certification authority 500, a secure directory service 600, and transactions. Shows that other trading utility systems 90, such as authority 700, can be supported.

The certifying authority 500 may be another trade, such as, for example, a clearinghouse 200, a clearinghouse 300, a rights and licensing clearinghouse 400, another certifying authority 500 ', a secure directory service 600, and a trading authority 700. A digital certificate 500 can be issued that authenticates the operation of one or more other trading utility systems 90 (see FIG. 16D) that support the utility system 90.

16E shows that the secure directory service 600 includes, for example, a financial clearinghouse 200, a clearinghouse 300, a rights and licensing clearinghouse 400, a certification authority 500, another secure directory service 600 ', and a transaction authority. It indicates that other trading utility systems 90, such as 700, may be supported.

FIG. 16F shows that the trading authority 700 is, for example, a financial clearinghouse 200, a clearinghouse 300, a rights and licensing clearinghouse 400, a certification authority 500, a secure directory service 600, and another trading authority 700 ', etc. Can support other trading utility systems 90.

"Part of Account"
The trading utility system 90 described herein provides useful and important services and features. Operators of such services can and should be compensated for the services they provide. The financial clearinghouse trading utility system 200 can ensure that they and other support service providers receive this compensation without inconvenience to other electronic communities and value chain participants.

In assisting or indemnifying a value chain participant, the trade utility system 90 takes a portion or percentage of the indemnification for the bill clearing service it provides (based on pre-approved contract arrangements). The support services can be compensated based on a small portion of the payment that can be attributed to each electronic transaction ("partial account"). Providers may provide some or all of the fees to their own value chain participants in various ways.

Several different classes of value chain participants are required to compensate the trade utility system 90. For them:
Information consumers (including, for example, those who use information "exhaust" generated by electronic trading, electronic transaction management, and rights management activities);
-Content Rightholders and other electronic providers;
• Participants in a wide range of secure distributed electronic trading.
-In addition, different support service providers may need to support each other in different ways, and thus may need to compensate each other. For example:

One trade utility system 90 may act as an intermediary for a customer of another trade utility system 90;
One trade utility system 90 may need to support the operation of another trade utility system 90; and / or multiple trade utility systems 90 may need to work together and support common transactions. .

Different trade utility systems 90 may work together to establish a common fee to split between them. In other scenarios, each trade utility system 90 may independently bill for the value of its own service. There may be competition between different trading utility systems 90 based on quality of service and price, as deposit card companies are currently competing for provider and consumer business.

Example of Distributed Trade Utility System Architecture The patent disclosure of Ginter et al. Describes a "rights operating system", for example, on page 180 et seq. And in FIGS. A "rights operating system" is a small, secure, event-driven, compartmentalized, service-based, "component" -oriented, distributed, multi-processing operating system environment. Providing an environment that integrates VDE security control information, components, and protocols into traditional operating system concepts. An example of the architecture of a preferred trading utility system 90 provided by the present invention builds on the rights operating system described in Ginter et al.

For example, an example of a suitable trading utility system 90 architecture provides a collection of service functions that a rights operating system can execute as an application. These service functions define various useful tasks that some and / or all of the trade utility systems 90 may need to perform. These service functions are dispersible, scalable, and reusable. These can be combined into various combinations and sub-combinations, depending on the business model, for example, to provide the overall functionality desired for the implementation of a particular trade utility system 90.

FIG. 17A shows an overall example of the architecture of the trade utility system 90, FIG. 17B shows an example of an architecture application of the trade utility system, and FIG. 17C shows further details of service functions.

Referring first to FIG. 17B, in this embodiment, the architecture of the application software for the trade utility system 90 includes a trade utility system descriptor 90A. Trade utility system descriptor 90A contains information about trade utility system 90. This information identifies such a system and its performance, and describes, integrates, and / or interfaces any number of service functions 90B (1), 90B (2),... Trade utility system descriptors 90A and service functions 90B are implemented, for example, using object-oriented programming techniques, such descriptors and service functions are modular and reusable, and trade utility system 90 required. Aids in assuring that it abstracts the characteristics of how the action was actually implemented and / or performed.

The trade utility system descriptor 90A (1) can also function to adjust the operation of the service function 90B. In this embodiment, the descriptor 90A indicates a request and other system actions to the appropriate service function 90B, and an interface requesting one or more service functions may exist between the service functions 90B. , Data types, etc., as well as by assisting in directing the entire process flow between the various service functions 90B. A non-exhaustive list of examples of such service functions 90B includes:

-Audit-Record keeping-Monitoring process-Monitoring status-Complete process definition-Process control-Interface to settlement service

・ Cash transfer ・ Currency conversion ・ Tax calculation and application ・ Account opening and confirmation person setting ・ Payment total ・ Payment non-aggregation ・ Budget approval ・ Status notification ・ Confirmation

・ Incomplete event record ・ Requirement generation ・ Report generation ・ Event result ・ Account reconciliation ・ Identity verification ・ Electronic currency creation ・ Event database management ・ Routing database ・ Request generation

・ Replication ・ Propagation ・ Use database management ・ Billing and processing ・ Market research ・ Negotiation ・ Control set database management ・ Control set generation ・ Processing control logic

・ Event flow generation ・ Routing ・ Archive ・ Rights and permissions database management ・ Template database management ・ Trade management language processing ・ Rights management language processing ・ Advertisement database management ・ Automatic rank generation ・ Automatic rank setting ・ Notary public ・ Signature generation

・ Digital time stamp ・ Fingerprint / Watermark ・ Proposal and reverse proposal ・ Object registration place ・ Object confirmer setting ・ Copyright registration ・ Control set registration place ・ Template registration place ・ Certificate creation

・ Maintaining the withdrawal list ・ Managing the director database ・ Other service functions

FIG. 17C shows the service function 90B in further detail. In this embodiment, service function 90B includes service function descriptor 90C and any number of service application components 90D (1), 90D (2),. Service function descriptor 90C performs the same role as trade utility system descriptor 90A, except that it functions with respect to service function 90B and service application component 90D. The service function descriptor 90C and the service application component 90D are implemented, for example, using object-oriented programming techniques, such descriptors and service application components are modular and reusable, and the requirements of the service function 90B. Helps ensure that the abstraction of the properties of how the performed actions are actually implemented and / or performed. In this embodiment, the service application component 90D performs most of the performance of the service function 90B by performing the steps or sub-functions of the service function 90B.

FIG. 17A shows an example of the overall architecture of the trade utility system 90. The overall architecture shown in this embodiment is an object-oriented system in which the entire trade utility system 90 is a single object and includes the reusable service function 90B object. The object of the service function 90B includes a reusable service application component (object) 90D. Some or all objects may utilize services provided by the trade utility support service layer 90-4, as described in further detail below. The trading utility system architecture 90 of the preferred embodiment shown is built on the rights operating system 90-1 described in detail in the patent specification by Ginter et al. (See, for example, FIG. 12 of Ginter et al.). . The set of service functions 90B includes “applications” executed by the rights operating system 90-1. The number of service functions 90B may be any.

オ ブ ジ ェ ク ト The object oriented design of the architecture of the trading utility system 90 shown in FIG. 17A has some desired attributes. For example, the trade utility system 90 can easily add, remove, and / or replace service functions 90B, and can change, extend, and / or enhance its performance. Similarly, the architecture allows similar flexibility in the case of service functions, allowing for the addition, removal and / or replacement of service application components 90D. Further, the object-oriented design significantly improves the ease and efficiency of reuse of service functions and / or service application components in different trade utility systems 90 or each of the different service functions 90B (as shown in FIG. 17A). I do.

Service function layer 90-2 and (component 90D including _A) an application layer including a service application component layer 90-3, if desired, may be assisted by the trade utility support services layer 90-4. The trade utility support service layer 90-4 may provide increased efficiency for multiple transactions. Such a trade utility support service 90-4 includes, for example,

-Session management-Fault tolerance-Memory management-Load balancing-Database bridging
• other trade utility support services.

In this embodiment, the service function 90B is component-based and may utilize a reusable and component-based service application component 90D. Service application component 90D may typically perform the steps and sub-functions of service function 90B. Each service application component 90D has two parts:
Components do not need to be run in a protected within the processing environment 154 90-B _a; and

It may have one or both of the safety component 90-B _b that must be performed in a protected within the processing environment 154.
In the example of this architecture, there may be a correspondence between the components 90D _b and components 90D _a. For example, at least one component 90D _a, may correspond to at least one secure component 90D _b. There may be one-to-one correspondence between the (common as indicated by the geometry in FIG. 17A) components 90D _a and components 90D _b. In a preferred embodiment, this separation of functionality allows for interaction between the secure processing operation of PPE 154 and service application component 90D when necessary and / or desired. By using this architecture, it is easier and more efficient to create service functions that perform the performance required for both application-level assistance and secure processing.

For example, performance management and / or support functions by the trade utility system 90 include, in a preferred embodiment, application level database functions and the use of protected information in a protected processing environment ("PPE") 154. obtain. This particular example may be a record of payments by a user of the financial clearinghouse 200. Although the operator of such a clearinghouse 200 has chosen to keep historical payment information in an application-level database, information protected by the PPE 154 to accurately determine the customer's current account status. when it was necessary, information in the application level database is coordinated with information protected by PPE154, the execution of the service application components 90D service application components 90D _a that has been processed into a single object by _B, Significantly simplifies the task of using this information in the context of a given service function 90B (eg, a decision to expand additional deposits). Further, this example of a service application component can be reused in other service functions 90B.

In another embodiment, the service application components 90D _A mainly can serve as an interface object for the application level for the object 90D _B corresponding PPE154. For example, if the notary service function 90B requires the application of a digital signature, the service application components 90D _A, performs the essential all of the actual effect of creating and applying a digital signature, the corresponding service application configuration or carry information for the element 90D _B, may provide mainly an interface that receives or. Further, the application-level components 90D _A, the additional exception handling designed to assist the integration of performance in a simple or a different manner than originally designed methods for service functions 90B, protocol conversion , Or other functions.

FIG. 17D-1 shows an example of the correspondence between service functions 90B and general types of useful trading utility system 90 examples. Examples of the service function 90B (“audit”, “record maintenance”,...) Are shown horizontally. Examples of these service functions 90B are examples of the type of trading utility system 90 ("financial clearinghouse", "bill clearinghouse") ... written vertically in a row of boxes along the top of the figure. ) May be useful. The drawing in FIG. 17D-1 is not exhaustive, and additional useful trading utility system types are possible, as are additional service functions 90B. Indeed, the architecture of the trade utility system 90 ensures that both type and service functions 90B are extensible as business models or other factors change.

While the particular business needs and models may tend to suggest using a particular combination and collection of critical service functions in most implementations, the architecture of the trade utility system 90 is such that the practitioner depends on the demands. It is flexible in nature, allowing a wide variety of different service functions to be freely mixed and combined. For example, it would be useful to provide a trading utility system that functions as a "financial clearinghouse 200" that provides payment processing, communications, database management, and other related service functions. The architecture of a trading utility system can provide such a "bill clearing house" and is inherently more generalized and generalizable. For example, the implementation of a particular "financial clearinghouse" trading utility system 90 may combine "non-financial" service functions with financial service functions. The particular function or set of functions implemented in the execution of a given trade utility system 90 depends on the individual needs of the practitioner, for example, as dictated by the business model or function.

17D-2 illustrates, for example, how the functionality of the example "financial clearinghouse" trading utility system 200 can be built from the example service function 90B. In this embodiment, the service function 90B surrounded by a dark line is included in the trade utility system descriptor 90a shown in FIG. 17B. FIG. 17D-2 illustrates an example of a clearinghouse trading utility system 300 constructed based on different subsets of the service functions 90B surrounded by dark lines (shown in FIG. 17D-1). 17D-2 and 17D-3, some service functions 90B (e.g., "audit", "status notification", "event database management", etc.) are provided for both financial and clearinghouses. Can be reused. The combination of the financial and clearinghouse trading utility system 90 may use the union of the service function 90B, which is surrounded by a dark line in FIG. 17D-2, and the service function 90B, which is surrounded by a dark line in FIG. 17D-3. More, less, and / or different functionality may be provided for a particular trade utility system 90 by simply providing and invoking more, less, and / or different service functions 90B.

Distributed Trade Utility System 90
The secure application component 90-3 described above includes or includes, in a preferred embodiment, the inter-control structures and associated rules and methods shown in FIGS. 41A-41D and 48 of Ginter et al. Is also good. These inter-control structures can be used to link different or identical sets of controls running on the same or different trade utility systems 90 or other electronic devices 100. Thus, each active person may have one or more interrelationships with all other active persons, i.e., the trading utility system 90, which is associated with some role in some of the various actions.

FIGS. 17E-1 through 17E-4 illustrate that different examples of an interaction model trading utility system 90 may be used to interact with an ongoing transaction or transaction based in part on these interaction control structures. Show that:

FIG. 17E-1 is an event-mediated model in which the trading utility system 90 receives an event notification 748 from a secure entity (eg, a first protected processing environment) and receives another (and / or identical) 4) illustrates a model that generates an event 758 that triggers the activity of a secure entity (eg, a second and / or first protected processing environment).

FIG. 17E-2 is an interaction model of different trade utility systems, where a first secure entity sends an event notification 748 to both the trade utility system 90 and another secure entity to perform a process. , But before the second entity actually performs the next step of the process from the trade utility system 90, waiting for the receipt of authorization to proceed.

FIG. 17E-3 is a notification model in which the trade utility system 90 receives an event notification 748 for secure auditing purposes, or otherwise unless an exception (eg, an error condition) needs to be resolved. Indicate a model that is more passive bystander, does not directly interact with ongoing processes or transactions.

FIG. 17E-4 is a preferred authentication model, in which the trade utility system 90 can pass an event notification 748 to the next secure entity for the entity to perform the next step in the entire transaction or transaction. Shows an authentication model in which a notification 748 'must be issued to one secure entity in response to receipt of an event notification 748 from the entity.

The various trade utility system 90 interaction models shown in FIGS. 17E-1 through 17E-4 are not exhaustive or mutually exclusive. A given transaction or transaction may include some or all of these in different combinations based on business models or other requirements.

As described above, the present invention distributes the operation of a particular service function 90-2 or service application component 90-3 across a network or system 50 that includes, for example, individual consumer 95 electronics. Provide technology for: FIG. 17F shows an example of a control set 188 that may be used to control a remotely located protected processing environment (eg, consumer electronics) to perform the “local” portion of the exchange operation. Trade utility system 90 may deliver this control set 188 to the consumer's electronic device, another trade utility system 90, or other electronic device (eg, an electronic device that is part of a communications infrastructure). . The trade utility system 90 may, for example, exchange exchange portions (eg, implemented as one or more service functions 90-2 each including one or more service application components 90-3) with the user's electronic device. It can be transferred to a process that can be performed within the protected processing environment 154.

The example of FIG. 17F is a method 850 (eg, meter, billing or budget), in which the AUDIT event 852 (1) is treated as an audit method 854. Examples of metering methods 850 include, for example:
A USE (use) event 852 (2) (eg, "click" on the meter)
An INITIALIZE event 852 (1) (eg, preparing the meter for use);
A RESET event 852 (3) (eg, returning the meter to a known good state after an error condition);
AUDIT (audit) event 852 (4) (e.g., collecting records generated during the USE event and a copy of the current UDE value and preparing for sending to the auditor);
A READ USE RECORD event 852 (5) (eg, returning a copy of the requested usage record);
A READ UDE event 852 (6) (eg, returning a copy of the current UDE)
A READ MDE event 852 (7) (eg, returning a copy of the requested MDE)
And other miscellaneous events.

The AUDIT event 852 (4) of this embodiment can be connected to the auditing method 854. In this embodiment, in order to access the data, the trading utility system 90 requires permission in the form of an appropriate PERC control set and / or an access tag that defines more detailed permissions, and USE event 852 (see METRIC 850). It may require knowledge of the semantics of the recording format written out by 2). Semantic knowledge can occur from an out-of-band contract (eg, a standard) or through access to the MDE (or the appropriate MDE portion) of the meter method 850 that describes the usage record format.

The audit method 854 event is a USE event 856 (2) that performs the function expected by invoking the method event--in this case, collecting usage records and a copy of the current UDE, and sending them out. Including. In this example, assume that the method also has an INITIALIZE event 856 (1). When called, an INITIALIZE event 856 (1) is sent internally and its associated load module is called back to the meter method 850 READ @ MDE event 852 (7) to learn the meaning of the usage record. . The USE event 856 (2) is then invoked, and the load module 858 (2) associated with the processing of this event fires the appropriate event of the metering method 850 (eg, repeat READ \ USE \ RECORD and once READ \ UDE). call. At this point, the expectations of the invocation methods other than managed object packaging and transmission are realized.

USE event 856 (2) may perform further processing to perform further distributed switching functions. For example, while reading a USE record from a meter, the audit method 854 (e.g., categorizes the type of object used, and reports information up the exchange chain simply as to how many different types have been accessed). Analysis function (reduced to a small count). Records from content types that are not of interest may be discarded. The detailed record itself can be destroyed after analysis. In another example, UDE values (eg, how many clicks were recorded) can be compared to the number of usage records retrieved, and if there are conflicts, they are reported and / or locally acted upon (Eg, disabling use of objects from a given provider until further interaction). Further, in other embodiments, the record may remove the user's unique information to ensure privacy. In a further embodiment, the records can be processed and analyzed locally (and then discarded), while other detailed records are saved for later processing.

Once the distributed switching function is performed, the information can be grouped into one or more managed objects for transmitting the switching chain upwards to a centralized location. This may include, for example, reporting directly to the provider and / or reporting to another exchange function. Processed records may be released by the audit method 854 (for metering deletion, summarization, filing, etc.) when receipt, processing, transmission, or receipt of confirmation by the recipient is made.

In another embodiment using the metering method 850 shown in FIG. 17F, the AUDIT event 854 may be performed "internally" by the metering method 850. In this embodiment, usage records and UDEs are bundled into one or more managed objects for transmission to the auditor by the load module 853 associated with the AUDIT event 854 (4) of the meter method 850. However, instead of sending these objects, they can be processed locally. To do this, the name service record used by the ROS (see FIGS. 12 and 13 of Ginter et al.) To find the designated auditor can be redirected back to the local PPE 154. . In the PPE 154, the processes controlled by the trade utility system 90 perform (as a proxy for) the local exchange function described above, except that instead of using the contents of the managed object instead of calling the meter method event (call @ to). (Based on the method of delivery and / or the load module). This is more similar to the functions performed at the remote switching facility in that operations are performed on the managed object and its contents. However, processing can be done on networked devices instead of on local consumer electronics.

Distributed support services in this way provide additional performance that may not be available or available in a centralized architecture. For example, a rights and licensing clearing house can transfer a local server within the organization to keep a record of the request and to cache a copy of the permission previously requested by the organization. Such a local rights and licensing clearinghouse reduces network communication and provides a convenient local repository for organization specific licensing (eg, site license of computer software). The licensing server may be authenticated by a rights holder, or a rights and licensing trader, or other rights distribution organization to grant licenses based on demand.

As another example, many secure, mostly automated management and support services can be distributed to all and / or some of the connected devices, at least occasionally. This is done regardless of whether the device is a computer, set-top box, personal digital assistant (PDA) digital phone, intelligent digital television, or any other digital device. Such devices provide a secure and reliable support service using a protected processing environment to perform safely and reliably without interference (e.g., as described in the patent specification of Ginter et al.) And other interference. To be guaranteed.

In another embodiment, one possible VDE content distribution scenario is where the content provider plays the initial packaging role, the distributor performs the distribution function, the user keeps track of the usage records, and the clearing house clears Processing usage and financial information is included. This is in contrast to a centralized processing model where all of these functions are performed by a single centralized party.

As in yet another embodiment, the increased efficiency may be achieved by clearing the clearing house functions to individual user machines, local area network (LAN) servers, and / or corporate LAN / WAN environments to external and commercial "backbone" servers. This is achieved by distributing across the company's "gateway" machines that bridge the gap.

As another example, a company's computer may be authorized by a central certification authority to grant certain types of digital certificates. For example, a company may be a member of a particular trading organization. The certification authority of the trading organization gives the company a digital certificate proving that fact, and transfers the certification authority to the company's own computer to issue a certificate proving that each employer of the company is a member of the trade organization. Attached. Similarly, parents may be authorized to issue digital certificates on behalf of their children.

The techniques described above show how distributed trade utilities can be distributed across multiple trade utility systems by using the architecture of trade utility system 90. Further, the service functions 90-2 provided by one or more trade utility systems 90 may include any (including end-user systems) selected on other trade utility systems 90 or by participants in a given scenario. It can be broken down into complete or partial processing steps (e.g., service application component 90-2) performed by all or part of another system.

Trade utility system type
Financial clearing house 200
FIG. 18 shows an embodiment of a financial clearinghouse trading utility system 200. "Financial clearinghouses" support automatic and efficient financial realization of electronic transactions. For example, the financial clearinghouse 200 collects payments for information and details, and allows the value provider to dispose of payments, including automatically and selectively breaking down payments into payment portions directed to appropriate value chain participants. Arrange money transfers and other compensations efficiently to ensure you receive. The clearing house 200 may also provide deposits, budget restrictions, and / or electronic money to participants (eg, end users) in a protected processing environment. The clearing house may distribute some of its operations to a protected processing environment for the secure and local performance of such operations. The following are some examples of financial clearinghouse assistance functions that may be provided by using the present invention:

• Clearing of financial transactions in a secure, efficient, timely and accurate manner.
• Provide secure financial note exchanges for payment mechanisms that are trusted by and convenient for value providers and users / consumers.

• Widely distributed customers and / or complexity of rights holders and other value chain participants (e.g., providers that provide value to the electronic community for parts of the process that go from creation to distribution, sales, and delivery) Guarantee payments without having to take care of managing a large number of finances that often interface with various financial service standards and protocols.

コ ン テ ン ツ Enable content consumers to pay for information products and related services using a variety of different payment methods through a common and trusted interface.

It allows each party involved in the transaction to verify that a given exchange has alternately occurred as intended, and to prevent rejection of the transaction by any party.

Reconciling accounts when purchasing or using a report (eg, transferring funds from a value chain participant account to one or more provider accounts).
• Support frequent and granular trade note clearing activities.

• Extend the financial note exchange service to all value chain participants (eg, buyers, distributors, and sellers of digital content of all kinds and buyers, distributors, and sellers of physical goods, and other services). User).

-Distributed electronic trading domains include existing electronic, paper and / or paper, including but not limited to deposit card systems, bank debit card systems, smart card systems, electronic data exchange, automatic clearinghouses, digital money, etc. Or interface with other payment and / or bill clearing services.

Directly interface with the entity to establish settlements and adjustments by one or more banks and / or other organizations and / or who may legally perform settlement services.

One or more banks and / or other organizations for digital processes and / or digital information creators, information distributors and / or modifiers, and / or customers and / or other user accounts for funds, deposits and deposits The creation and assignment of identification labels, numbers, names, or other unique identifiers.

Use secure containers in processes, parts or processes that provide secure financial note clearing services.

Rules governing the distribution of the processing performed in each protected processing environment of the decentralized clearinghouse system (eg, the user's protected processing environment, web server, bill clearing performed by a central clearinghouse). And controlling a secure financial note exchange process based at least in part on the control.

· Handle the exchange from one currency to another efficiently and safely.

Enable payments to be made based at least in part on content, process control, and / or rights management use, or for provisions of other considerations, including service fees, product fees and / or other fees or charges. .

Support widespread use of micro-fees and micro-payments based at least in part on content, process control, and / or other use transactions. Support here refers to the decentralized and secure collection and / or processing of minimal trading activities and the network of clearinghouses for further processing and / or collection of information related to such activities. Including passing through regularly.

• Efficiently measure and manage negligible payment activity while minimizing transaction costs.
-Minimize waiting time in handling very small payment transactions.

Aggregate or “bundle” transactions to a local value store or other payment method.

The value chain rules and controls, and the handling chain, and the payment of payments, including allocating or transferring payments to different value chain providers based on the same or different sets of electronic controls that control use and / or other authorizations. Use controls to efficiently manage separation (split). (For example, before a particular payment method is activated, the payment result is securely controlled via parsing the payment amount between various value chain entities as required by rules and controls.)

• Reduce (eg, minimize) the number of electronic messages required to support a given set of electronic transactions, eg, via distributed transaction processing and / or transaction activity aggregation.

Support local aggregation (bundle or combination of each other) of multiple or negligible payments at value chain participants' sites.

Enables value providers (eg, value chain participants) to efficiently test the ability of other value chain participants to pay before offering services or (physical and / or electronic) goods in a deposit To

Enable value providers to authenticate the appropriate level of funding for estimated purchase levels with value chain participants' preferred payment methods. This includes, for example, budget management for deposits and / or currencies that can be consumed towards only certain classes and / or all transactions (eg, content and / or process control types), eg, only G and PG movies Includes providing budget control for expenditure for a specific and specific classification of spending.

Provide the identity of potential value chain participants and tie that identity to the value chain participant's chosen payment method.

Provide periodic reporting of trading activity for clearinghouse coordination and recording purposes. Perform audits, billing, fulfillment, and / or other considerations and / or other bill clearing activities.

The class of spending activity (eg, business, entertainment, travel, home spending), eg, time, location, cost of local funds, and / or purpose, identity, content or acquisition of family or other individuals or groups. Provide event-driven reporting based on the classification of goods and / or services provided and / or any type of classification of spending activity.

Receive certification from a secure chain of handling and control embodied in an electronic control set.

Conferring authentication on and / or with one or more of the clearing houses and / or with one or more decentralized financial clearing houses having some combination of subordinates and / or peer-to-peer relationships; and / or Providing services.

Distribute the financial note clearing function across a network or other system by rules and controls and other VDE techniques as described in the US Patent Specification of Ginter et al. (For example, every consumer or other value chain participant node can perform a distributed financial note exchange service, where the participant node communicates financial note exchange information directly with one or more other participants. obtain.)

—Transfer certification and / or provide services to or with one or more financial clearing houses. The operation of one or more financial clearinghouses may be logical, such as within a company or government agency and / or within one or more jurisdictions and / or within all contributing subsets of the business focus area of a senior financial clearinghouse. And / or may be physically located elsewhere.

分散. Distribute and / or authenticate the financial note exchange function across systems or networks. For example, here, all of the consumers and / or specific or all other value chain participant nodes may have their own secure financial note clearing transactions and clearinghouse clearing with one or more other participants. A decentralized bill exchange that initiates functions in all contexts of the clearing house network, including operations, operating common nodes, and all other activities that make use of VDE technology as appropriate in the other of this list. Can potentially support services.

Effectively calculate, collect and distribute “value added tax” imposed by sales and at least one jurisdiction.

A clearinghouse web where one or more classes of the clearing house have a common peer-to-peer relationship and different groups may have different rights to interact with members of other groups Assist. For example, a clearing house in the end user's protected processing environment may have limited rights to interoperate with a "first" clearing house.

・ Support the clearinghouse's protected processing environment web. Such a protected processing environment includes an unobtrusive “bank” or banking protected processing environment, such a protected processing environment that includes secure (local and / or remote) storage of the currency of the notation. The right to “lend” currency stored in the protected processing environment of the location, end users and / or other clearing houses, to launch electronic currency objects, to make payments from local or remote currency stores, The ability to receive communications (e.g., electronic invoices) that imply debts to pay, the ability to make such payments, and one or more virtual banks ( Or use VDE capabilities to securely manage and perform banking functions, such as the ability to act as a "branch" of banking components Kill.

Support the ability to create conditionally anonymous electronic currencies for financial clearing houses. Such currencies may be used to perform payment obligations, and such currencies may be assessed by the remote banking authority that the receiving party assesses after receipt of such currency as valid or authorized for use. It is treated as authentication without the requirement to connect with.

The protected processing environment of the decentralized clearinghouse supports the ability to run on portable devices such as smart cards (e.g., electronic wallets) with one or more of the capabilities described above. Here, the cellular or land-line communication means (or other transport mechanism) may be online or billed or associated with, for example, the identity of the buyer, seller, and / or distributor, and such activities. Support asynchronous communication of information about current or multiple transactions of other audit information on trading activities, including authentication information, budget management information, deposit acquisition, currency acquisition and / or expenditure information, and the like.

• In exchange for usage data or more fine-grained usage data (eg, to restore privacy considerations in certain situations), eg discounts, subsidies and / or coupons for value chain participants, eg consumer users To help get it.

It may be organized hierarchically in peer-to-peer or combined mode. Here, the responsibilities of the financial note exchange may be distributed in different ways for different trading models and / or activities and / or value chains, and one or more entities may be hierarchical, for example, in one or more cases. And may be hierarchically peer or less advanced in one or more other cases.

The relationships between participants are programmable and can be set (and later modified) to represent one or more desired financial note exchange configurations for a given trading activity, value chain or model.

Distribute taxes, for example, to multiple entities, including one or more governments (eg, cities, states, and the federal government).

FIG. 18 shows an example of a function oriented diagram for the financial clearinghouse 200. In this example, the clearing house 200 operates in a trusted and secure domain to provide a highly automated and protected processing environment. This effectively provides a financial note exchange service for all kinds of electronic trading chains. It also acts as a gateway between the advanced and secure Virtual Distributed Environment (VDE) domain and other domains, providing protocol support for existing infrastructure. The gateway function allows an extremely flexible distributed VDE protected processing environment to develop inflexible, centralized but ubiquitous and trusted existing financial infrastructure services.

The core functions of the financial clearinghouse 200 relate to payment processing 208, payment consolidation 212, payment separation 214, and negligible payment management 216. This is because these functions collect money from customers and other value chain participants and pay for product providers such as value chain services or business partners.

More specifically, clearing house 200 may perform the following functions in this example:
-Payment processing 208
・ Deposit inspection 210
-Payment integration 212
・ Payment separation 214
・ Slight payment handling 216
Event-driven report 218
・ Adjustment 220
・ Database maintenance / management 222
Replication 224, and propagation 226

The financial clearinghouse 200 may receive payment information 202, customer information 230, provider information 232, and integrated reports and invoices 234 from the outside world. It may generate billing orders 236, deposit orders 238, statements and reports 204, 240, release signals 242, and deposit checks and authorizations 244.

Database management 222 and event driven reports 218 can be used to securely provide accurate financial reports for evaluating chain participants. The reconciliation function 220 (for both reporting and financial management) allows the clearing house 200 to provide more reliable financial management. The replication function 224 and the transfer function 226 are used by the clearing house 200 to facilitate distributed processing with other clearing houses 200 and / or other secure or insecure protected processing environments. . As such, the clearing house can securely share state and update information with other trading utility systems or other participants.

In the example shown, payment information 202 (which may be within one or more secure containers 152) is a primary input to payment processing block 208. If desired, payment information 202 may also include some or all of the usage information sent to clearinghouse 300. Alternatively, payment information 202 may include different types of usage information more relevant to financial audit and transaction tracking. This payment information 202 can be reached in real time or on a delayed (eg, periodic or other event driven) basis.

The financial clearing house 200 transfers funds between the customer and the provider using the provider information 232 and the customer information 230. The financial clearinghouse 200 uses integrated reporting and billing 234 to guide the overall payment process 208 and payment consolidation 212 and disaggregation 214. For example, the financial clearinghouse 200 may issue billing and deposit orders 236, 238 to third party financial institutions, such as banks, credit card companies, etc., and may bill customer accounts and deposit corresponding provider accounts. The clearing house 200 may issue statements 204 and reports 240 for the purpose of providing secure auditing and / or information. After performing the deposit check 210, the financial clearinghouse 200 may issue a deposit authorization 244, thereby spreading the deposit to the appropriate value chain participants. This authentication 244 may be entered if it is not completely local (ie, an authorization request comes in, and the clearing house 200 is a source of deposit and / or deposit limit information). / Output function.

The clearing house 200 may issue a release signal 242 in appropriate circumstances, thereby transferring the “pending” financial information to the electronic device 100, which may be transferred, analyzed and / or transmitted by the clearing house 200. Or, after being processed, it can be stopped and / or continued. In certain embodiments, user equipment 100 may store financial information, even within a business model limit, even after it has been "released", i.e., reduced to a summary. Of course, this may already have been done using a copy of the data (for example, if the data is accessible in advance). For example, assume that a partial copy of financial usage information includes business model secrets. The property costs $ 1.00 to view, one dollar of which can be split into multiple agencies. Typically, the user is only aware of the overall calculation and does not know the details of such a split, even if a record exists partially for each participant in the transaction.

FIG. 19 shows an example of the architecture of the financial clearinghouse 200. The clearing house 200 of this embodiment includes a secure communication handler 246, a transaction processing 248, a database manager 250, a switch 252, and one or more interface blocks 244. The clearing house architecture of this example is, for example, Ginter @ et @ al. 12 and 13 (the multi-purpose external service manager 172 in this example can support, for example, a clearing service interface 254) on an operating system. With the secure communication handler 246, the financial clearing house 200 allows other electronic devices 100 (1). . . 100 (N) can be safely communicated. This communication may be via a secure digital container 152. For most trading utility systems 90, including the clearing house 200, it is desirable to support both real-time and asynchronous receipt of the container 152. Further, the clearing house 90 may also support a real-time connection protocol. The real-time connection protocol does not require the container 152 for simple transactions, such as credit card payments without separation requirements. The advantage of using a real-time connection is that the results are obtained in real time. This is important in situations where the user needs a lot of money or deposits to run out (rather than just making a record or receiving a regular replenishment of an unused budget). It may also be useful when a provider (e.g., of content or budget) claims to clear the transaction before any activity initiated by the transaction has taken place.

接 続 Connections for real-time transactions do not always require secure containers 152, but the use of containers 152 is useful even in this scenario. For example, the container 152 allows rules and controls to be attached to the content, and the user can specify how to use the content. Further, the use of containers 152 exploits the capabilities that exist in a protected processing environment. The use of techniques such as email to deliver the container 152 (eg, as an attachment to an SMTP mail message, or as an attachment to another email protocol that supports the attachment) allows for asynchronous processing of the content. Thus, the trade utility system 90 can remove those peak process loads. The cost of operating a clearing house is the depreciation of the equipment. The amount of equipment is mainly determined by peak load requirements. Large variations in load can be expected (compare, for example, 8:00 pm on Friday night with 3:00 am on Tuesday morning). This unloading function can save very large equipment and its associated costs (electricity, labor, maintenance, etc.).

Transaction processor 248 may process and analyze the received information, and database manager 250 may convert the received information for pending and / or historical analysis (to increase credit limits, to analyze payment history). Etc.) in a database. In addition, database manager 250 may also store information relating to current credit limits, addresses for communication (physical and / or electronic), and other account information. For example, Ginter @ et @ al. The patent specification by US Pat. The database manager 250 can be used to store information used for track jamming as well. There may also be a secure processing environment and / or a user utilizing the protected processing environment, and a secure set of information used to communicate with the clearing service. Records relating to communication with the clearing service may also be stored in the database manager 250. Database 250 may also be equipped with a variety of facilities for its content.

$ Transaction processors 248 and 250 together perform most of the functions shown in FIG. Switch 252 is used to route information from or to interface block 244. The interface block 244 is used to communicate with third party clearing services such as, for example, credit card companies, automatic clearing houses (ACH) for bank clearing, billing card accounts, and the like. Optionally, an internal clearing service provided by Federal Reserve Bank 256 may be used in place of or in addition to the indicated third party clearing service, and a general banking arrangement And provide account clearing in accordance with legal requirements. The payment mechanism used by the financial clearinghouse 200 may be symmetrical (eg, notifying the VISA to charge Consumer A's billing account, as permitted by applicable financial and banking regulations, and the vendor). Y, but also informs VISA to charge Consumer A's billing account, provides the amount to the clearing house, and the clearing house clears other payments. Using a mechanism to deposit money in the account of the manufacturer Y).

Financial clearing process example Figure 20 illustrates a processing example of a financial clearinghouse. In this example, provider 164 provides goods, services or content to consumer 95. For example, provider 164 provides one or more digital properties 1029 and associated controls 404 within electronic secure container 152. The secure processing environment 154 at the consumer 95 site may keep a record of payments, usage and other information and provide an audit record 228 identifying this information. The audit log 228 is transmitted from the 95 consumer sites to the financial clearinghouse 200 in one or more secure containers 152b. The audit record 220 may include, for example, the identity of the reporting electronic device 100; the amount of the payment; the provider identification; the payment method desired by the consumer; the name or other identification of the electronic device user; and the type of transaction involved. The reporting time and / or reporting frequency may be, for example, a day, week, month, year or other time interval; occurrence of related or unrelated events (eg, a predetermined number of Purchases have already been made, local e-parses have run out of funds, reporting is required for other reasons, etc.); or a combination thereof.

The financial clearinghouse 200 analyzes the audit record 228 and generates one or more summary reports 240. The clearing house 200 may provide the summary report 240 to the provider 164 by transmitting it electronically within the secure container 152c. The financial clearinghouse 200 may also unify the financial intermediary 258 and one or more financial processors 260 to charge the bank or other account owned by the consumer 95 and to the bank or other account owned by the provider 164. Make a deposit corresponding to the account.

For example, the clearing house 200 receives the audit information and separates the transaction (to the value chain amount for creators, distributors and others; also to the value chain amount of tax authorities and other government entities), and then The amount to be paid by the beneficiaries of each transaction may be calculated. Then, if desired or necessary (depending on the size of the transaction, the fee per transaction, and / or cost / considerations), the transaction may be packaged together for each party and credit card It may be submitted (along with the appropriate account information) to the financial intermediary 258 responsible for the transaction. Financial intermediary 258 (financial intermediary 258 may also be charged or commissioned) then initiates a transaction at financial processor 260, such that each beneficiary receives the appropriate amount. Alternatively, if the clearing house 200 has the necessary capabilities and authorization to submit a credit card transaction directly to a credit card company, the clearing house 200 may transfer the transaction to the financial processor 260 ( For example, VISA) may be directly generated.

The financial processor 260 may send a statement 204 to the provider 164 (and / or the consumer 95) describing the financial charges and payments that have occurred. If desired, financial processor 260 may provide statement 204 in a secure container (not shown). Financial clearing house 200 may receive a portion of the billed amount or a predetermined fee to compensate for the financial bill service provided by financial clearing house 200.

FIGS. 20A to 20F show an example of a financial bill activity using the local electronic money purse 262 maintained in the consumer electronic device 100. FIG. In this example, the clearing house 200 initially provides the consumer 100 with electronic money transmitted in an electronic cash in one or more secure containers 152. The financial clearinghouse 200 may automatically charge the consumer's bank 206a or other account to obtain their funds. The financial clearinghouse 200 may do so at the consumer's request (FIG. 20A).

When the consumer's electronic device 100 receives the electronic funds, it can deposit it in the electronic cash purse 262. The electronic device 100 maintains the electronic cash parse 262 (eg, “MDE” described by Ginter et al.) In a protected processing environment 154 (see FIG. 20B). The consumer's electronic device 100 may use this locally stored electronic money to pay for goods and services consumed by the consumer. For example, publisher 68 may provide work 166 of a book, movie, television program, etc. to consumer electronic device 100 by transmitting it in one or more secure containers 152b. The consumer can operate his own electronic device 100 to open the container and access work 166. The consumer can use the work in a manner specified by the electronic controls associated with it (see FIG. 20C).

If the rights holder has the right to request payment in exchange for the use of work 166, then consumer electronic device 100 will debit electronic purse 262 for the amount of payment required for automation (in this case, $ 5). (FIG. 20C). Further, the consumer's electronic device 100 may automatically generate a usage record 264 that records this usage event. Based on the occurrence of time and / or other events, the consumer electronic device 100 can automatically send the audit log 264 to the financial clearinghouse 200 in the form of one or more electronic containers 152c. Audit records 264 may include a package of audit records transmitted at the audit time or a set of related records stored in a secure database (or an overview thereof to protect consumer privacy) (see FIG. 20D). .

Once the usage record 262 has been received and successfully stored in the own database 250, the clearing house 200 may send a release signal 242 in the electronic container 152d (see FIG. 20D). With this release signal 242, the consumer electronic device 100 can delete the usage record 264 previously held.

Consumers may use the same or different works 166 to facilitate the generation of additional usage records 264 'and to reduce the electronic parsing 262 by other usage claims (in this case, exhausting the content of the parsing). Can be used again (see FIG. 20E). If the electronic parse 262 is exhausted, the consumer electronic device 100 may be prompted to contact the clearing house 200 again, requesting additional funds (see request 288 ') and retrieving the usage record 264'. (In this example, both information is transmitted in the same electronic container 152e) (see FIG. 20F).

The financial clearinghouse 200 may respond by sending additional electronic funds (after charging the consumer's bank or other account) and may provide other release signals. The release signal allows the consumer electronic device 100 to delete the usage record 264 '(see FIG. 20F). The collected money may be paid to the rights holder (after being appropriately reduced to compensate for the trade utility system 90).

Payment Separation FIG. 21 illustrates an example of a financial draft activity that includes a value chain “separation”. In this example, the clearing house 200 efficiently, reliably and securely supports payment separation in the value chain. FIG. 21 shows a content creator, such as a writer, delivering a work 166 to a publisher 168. The publisher publishes the work (eg, in e-book 166 ′) and delivers it to consumer 95. In this example, the payment of the consumer 95 is "separated" or split between the author 164 and the publisher 168, for example, based on a contractual agreement. In this example, the publisher receives $ 4 out of the $ 20 paid by the consumer, and the writer receives the rest.

With separation, the financial clearinghouse 200 may automatically split the consumer's payments into any number of different value chain participants. This is extremely useful in ensuring that all contributors to a product or service can reliably and efficiently receive compensation for their contributions.

FIG. 22 illustrates how the clearing house 200 can support the value chain separation shown in FIG. In the electronic example of FIG. 22, the consumer 95 may electronically deliver his payment to the financial clearinghouse 200. This payment may be in the form of an electronic currency packaged in secure electronic container 152a. Alternatively, it may be in other forms (eg, reported usage information coupled to an authorization to an existing clearing house 200 to charge a consumer 95 bank account).

The financial clearinghouse 200 may distribute the appropriate payment to the writer 164 and the publisher 168 with the appropriate allocation according to the agreement between the writer 164 and the publisher 168. How does the financial clearinghouse 200 that should receive the separated part of the payment know it? In the example of FIG. 22, the work 166 may be sent from the author 164 to the publisher 168 and may be sent from the publisher 168 to the customer 95 in electronic form in one or more secure electronic containers 152. One or more electronic control sets 188 may be contained in the same or different containers. These control sets are associated with the work 166 or other properties. Control set 188 may specify, among other things, the amount that customer 95 should pay to use work 166.

$ Control 188 may also specify and control how customer payments are separated from other value chain participants. For example, writer 164 may specify in writer-provided controls 188b that the writer receives $ 16 for each copy of work 166 purchased by end consumer 95. Because of the security chain of handling and control provided in accordance with the virtual distribution environment (see the disclosure of the patent specification of Ginter et al.), The author 164 has access to the publisher 168, customer 95 and other consumers or properties 166. A potential user can be confident of following this control 188b (to the extent required by the writer's commercial priority and to the extent allowed by the overall system strength). Publisher 168 may add its own controls to the controls specified by author 164. Publisher control 188c provides a (for example) $ 4 add mark. The $ 4 is received by publisher 168 for use of brand name, distribution and marketing services.

{FIG. 22A shows Ginter @ et @ al. Shows a detailed example of how payment separation may be performed using a control set 188 within a customer's secure processing environment 154, as disclosed in US Pat. Ginter @ et @ al. Teaches in FIG. 48 and its associated description how a control set may implement and control overall metering, billing and budgeting processes within a user's protected processing environment 154. FIG. 22A illustrates payment separation based on one or more control sets 188 provided to the protected processing environment 154 of the consumer. Each processing block shown in FIG. 22A can respond to a user request (event) and open and access the content.

In this particular example, whenever a consumer first uses a particular piece of content, metering method 275 is designed to send an event to payment method 277 (meter event 275 may additionally or alternatively include: If desired, an event can be sent each time a consumer uses the content to provide a "pay-as-you-view" feature).

Billing method 277, in this example, includes two different billing methods 277a and 277b. Methods 277a, 277b can be delivered independently. For example, author 164 can deliver sub-billing method 277a and publisher 168 can deliver sub-billing method 277b. Billing method 277a writes information to a billing @ record data structure that specifies the amount to be paid by writer 164 ($ 16 in this example). Billing method 277b writes information to the same or a different billing @ record data structure that specifies the amount ($ 4) to be paid by the publisher. Each of the billing methods 277a, 277b receives the open event passed along by the meter method 275 and writes the respective billing record to the same (or different) billing record data structure.

In this example, the budget management method 279 can be delivered independently of the billing methods 277a, 277b. Budget control method 279 may write a record to budget control record data structure 281. The budget control record data structure 281 specifies (among other things) a payment separation agreement (eg, a $ 16/4 split between the writer and publisher). Budget control record data structure 281 (retained independently of the data structure maintained by billing methods 277a, 277b and thus cannot be compromised by author 164 and / or publisher 168) is sent to financial clearinghouse 200. Can be sent. The financial clearinghouse 200 makes payments and requests a financial clearinghouse, as described above, so that the consumer's account is charged $ 20, the writer's account is deposited $ 16, The publisher's account is deposited with $ 4 (thus separating the user's $ 20 payment between author 164 and publisher 168). Alternatively, the billing record data structure may be sent to the clearing house 300 identified by the author 164 and / or publisher 168. The clearinghouse 300 may analyze the billing record data structure and inform writers 164 and / or publishers 168 of payments expected to be received from the financial clearinghouse 200.

Thus, in this example, the electronic control set 188 has, among other things, (i) the right to obtain a particular digital object, (ii) the cost of exercising that right, and (iii) One may specify or specify how payment for exercise is separated between rights holders. The above ability to define payment separation in advance (before the customer's payment method and agreement is activated) provides high efficiency and high flexibility. For example, a consumer payment method can be used to automatically direct portions of the consumer's payment to the appropriate person who needs to be compensated. The same electronic device 100 used to exercise the rights is also used to facilitate directing payments to a variety of different value chain participants, so that the entire financial note processing is performed. Some are efficiently distributed through multiple parallel computing resources. Ginter @ et @ al. For example, the rights holder releases the control set 188 as described above to a trade stream where the payment agreement is properly executed, because of the high reliability that can be provided by the system disclosed in US Pat. The financial clearinghouse 200 can help ensure efficient and prompt arrival at the destination where the separate payment is required.

The protected processing environment 154 at the consumer 95 site securely implements the extended control 188c and requires full payment and / or payment approval from the consumer 95 before allowing the customer to access the work 166. The control 188c also provides the customer 95 with flexibility as to which financial clearinghouse 200 will be used to handle the payment process and the choice of the desired payment method, while which payment methods are acceptable. Can be specified. The customer's protected processing environment 154c may then automatically send the appropriate payment or payment authorization 190a to the financial clearinghouse 200 for isolation in accordance with control 188a. Control 188a may be the same control as specified by the writer or publisher (or a subset of the above controls for payment separation).

Because the customer's protected processing environment 154c generates controls 188a that are dependent on the publisher or writer-specified controls 188c, 188b (see FIG. 22), these payment controls 188a provide the writer and publisher payments. You can trust to carry out your wishes and reflect the payment split agreement between writers and publishers. The customer protected processing environment 154c may send the customer's payment or payment authorization 152a and their payment controls 188a to the financial clearinghouse 200 in one or more secure electronic containers 152a.

The financial clearinghouse 200 processes the payment or payment approval 152a according to the control 188a. The financial clearinghouse 200 distributes the payment 152b to the publisher and distributes the payment 152c to the writer according to a payment split agreement reached between the writer and the publisher. Thus, for example, the financial clearing house 200 sends $ 4 of electronic money to the publisher and $ 16 of electronic money to the writer; or, the financial clearing house 200 sends the money to the writer and publisher's bank or other account. These amounts may be deposited. Since all of this processing takes place within a secure and trusted virtual distribution environment, each value chain participant automatically and electronically processes each participant in a highly efficient manner, receiving the necessary payments. Can be confidently implemented. Extremely efficient methods flexibly adapt to a variety of different business models and ad-hoc relationships.

FIG. 23 shows another example of payment separation, somewhat more complex than the previous example. This example adds a content distributor or integrator 170 to the value chain. In this example, $ 20 of consumer 95 'would now need to be split into three modalities instead of two. The author 164 again receives $ 16, the publisher receives only $ 3, and the content distributor / integrator 170 receives $ 1 for his efforts. FIG. 24 shows that a basic agreement similar to that shown in FIG. 22 can be used to accommodate payments and other benefits of this new value chain participant.

FIG. 25 shows another example of payment separation. FIG. 25 illustrates aspects that may be used to compensate trading utility system 90 for the role it plays in maintaining and managing value chains. As described above, the decentralized trading utility 75 provides crucial services such as financial bills, usage reviews, licensing, and authorization. An entire business or business may be based on such administrative support services that are provided efficiently and quickly. Trade utility systems require that their own investments and efforts be compensated. One way for a trading utility system to receive compensation is to receive a small portion of each transaction, a "tick." Payment separation mechanisms similar to those described above may also be used to support such small payments to the trade utility system 90.

FIG. 23 illustrates an example where the trade utility system 90 receives 3% of the value of each transaction (eg, $ 0.60 in the example shown). Because the electronic control set 188 described above can be used to implement such minute payability, it can be flexibly and efficiently adapted to any desired business agreement or objective.

FIG. 26 illustrates that payment separation can be used to transfer a single consumer's payment to a variety of different destinations and to different amounts (e.g., credit card, bank account, electronic money, etc.) using a variety of different payment mechanisms (e.g., credit card, bank account, electronic money, etc.) Indicate that it can be used to separate or divide into any number of different currencies for international trading purposes).

FIGS. 27 and 28 show yet another example of payment separation to further illustrate the flexibility with which the decentralized trading utility 75 can handle these and other agreements. The example of FIG. 27 shows that the customer's payment provides the writer 164, publisher 168, integrator 170, repackager 174, and additional work embedded within the electronic properties provided to the customer. It shows that a division is made between the additional writers 164a, 164b of the person. In the example of FIG. 27, for example, the repackager 174 receives content from multiple sources of related matters and combines them to combine source products (eg, a combination of multimedia, “current @ awareness” packages, or profit parties). It is particularly applicable when it comes to publishing things like public relations for sale.

For example, repackager 174 may publish a publicity bulletin on the current policy, written by writer 164 for publishing with two other works written by authors 164a, 164b for publication in the next publication. You can choose an essay. Writers 164, 164a and 164b may give repackager 174 the right to reformat and redistribute the work. With this reformatting right, an up-to-date publication of publicity can be created and redistributed in a secure electronic container for reading by customer 95. In this example, secure electronic container 152a includes at least four separately "delivered" sets of business requirements. The business requirements are: one for each of these three works (as specified by writer 164, writer 164a, writer 164b) and one for the entire publicity (as specified by 174). is there. Alternatively, the various works and / or the controls applied to them may be sent and delivered in an independent secure container 152. And / or some or all of the works and / or controls may be located remotely.

カ ス タ マ To read the publicity, the customer 95 opens the electronic container 152a. Assume that the cost of publicity is $ 10 per issue (as set by repackager 174). The customer's $ 10 payment or payment approval is sent to the Financial Clearing House 200, which disassembles the payment and compensates each value chain participant so that it is all directed by electronic control. (Eg, writer 164 gets $ 1; publisher 168 gets $ 1; integrator 170 gets $ 0.5; additional writers 164a, 164b get $ 1 each; repackager 174 gives the rest of them May be obtained). Thus, the repackager can be compensated for selecting the appropriate articles and for combining them into a single, readable publication. The repackager may also use the repackager's own brand name certification as an indicator of overall quality and may add to it its own unique content of creation.

FIG. 28 shows an example of “super distribution”. One important rights holder's concern is piracy from "pass-along", i.e., illegal duplication and redistribution. This pass-along problem is significant in a digital environment such as the Internet. The above Ginter et al. The virtual distribution environment disclosed in the patent specification and the administrative and support services agreements disclosed in this specification essentially turn the pass-along from a clear threat into a significant opportunity. Due to the unique, automated, secure electronic management of value chain rights provided by the virtual distribution environment in the preferred embodiment, consumers can be treated as trusted members of the value chain. This allows for a super distribution model where every customer is a potential distributor. Super-distribution offers great potential for rights holders in good works, as the revenue from super-distribution bears only the costs of the minimum rights holder.

Referring to FIG. 28, assume that customer 95, who has received a work from integrator 170, is very fond of the work and wishes to pass along to multiple friends and colleagues. Assuming that the integrator 170 has granted the customer 95 the right to redistribute the work, the customer can simply and easily copy a copy of the work to any number of other possible customers 95 (1). . . 95 (N). These other people know the customer 95 and may believe that the customer 95 has not sent them interesting, unlikely high-quality work. In addition, downstream customers can read the abstract or browse an extract of the work without triggering payment (eg, watch a movie trailer, read the first chapter of a novel, etc.). ).

Without paying, after reading the abstract or watching the first 5 minutes of the movie, six downstream customers 95 (3) -95 (8) will pay for the content at an exemplary amount. Suppose you agree to pay some $ 3.25 each. The clearing house 200 provides the writer 164, publisher 168, and integrator 170 with appropriate distributions of revenue (e.g., $ 7 to the writer, $ 7 to the publisher, and $ 8.75 to the integrator, respectively). Distribute).

配 布 Superdistribution allows for any number of levels of redistribution. For example, assume that three of the six downstream customers 95 (3) -95 (8) have decided to pass along the work to each of the other six potential customers. As a result, the other 18 people receive the copy. Authors 164, publishers 168, and integrators 170 each receive additional payments from each of these new customers, because the redistributed work has an associated control structure governing similar payment agreements. The Snow Dharma effect of the redistribution will continue in the above manner for an extended period of time through any number of customers. And this effect can dramatically increase revenue with minimal additional cost for value chain members.

Payment integration or bundling
Micro-fees and micropayments can be important criteria for content usage transactions. For example, a consumer may pay each time they view a particular work, use a piece of computer software, or listen to a piece of music. Different payment agreements can be offered flexibly, so that the consumer can choose to pay the first high for permanent use or to make a smaller payment each time he uses a lower one. Further, micropayments may be the least burdensome and most practical way for the trading utility system 90 to guarantee the service of the system 90. Thus, the ability to handle small payments efficiently is crucial in supporting and enabling low bills.

Traditional financial payment mechanisms, such as credit cards and checks, are not suitable for managing small payments. These systems typically have transaction-level overhead, which places a significant burden on business models based on multiple purchases, each of which is below $ 5. For example, if it costs $ 0.5 to handle a payment transaction, it is not economical to handle payments for values below a certain value (perhaps $ 2 each). This is because the cost of handling the payment accounts for the majority of the transaction value or exceeds the payment amount itself. As a result, traditional financial payment institutions prefer expensive purchases and hate small purchases.

FIG. 29 illustrates that payment consolidation or bundling reduces the number of individual financial transactions that need to be cleared and / or reduces the amount of messaging required to clear those transactions. 3 illustrates an embodiment that can be used to avoid concerns. The payment integration example shown in FIG. 29 may be performed on the consumer's own electronic device 100, in a protected processing environment 154; or in a centralized financial clearinghouse 200; It can be performed at the equipment and partly at the central clearinghouse. This payment consolidation process can combine or combine multiple low payments into a lower payment bundle that can handle higher payments or all payments together. The large payments and / or bundles described above may be periodically reported along with other transaction data to be reconciled and recorded by the decentralized trading utility 75 if desired. The above ability to consolidate low payments has significant benefits in terms of increasing efficiency, reducing the number of individual transactions that need to be cleared, and reducing message congestion across electronic network 150. Have. Of course, payment consolidation may not be suitable for all transactions (e.g., expensive, materially risky transactions may require real-time bill clearing). However, for many regular transactions, payment consolidation can be used to reduce the burden on the trade utility system 90 and the integrated system 50.

支 払 In one variation of this concept, payment consolidation may save each amount of an individual transaction to allow for a high degree of reporting @ granularity. However, payment consolidation may be used to trigger when to report (eg, after $ X has been charged or after Y transactions have been made). Thereby, a large number of individual transactions can be bundled and transmitted / processed together. This type of integration is useful for reducing the number and frequency of movement of individual messages on the electronic network 150. In this example, the reporting electronics 100 may include (i) the sum of the individual transactions integrated, or (ii) each of the individual transactions, or (iii) both, or (iv) a combination of the two. Can report.

FIG. 29 illustrates how consumers manage households, such as reading novels, watching video programs, obtaining and reviewing survey results, interacting with multimedia presentations, enjoying multimedia presentations, and checking book balances. Indicate that you can use your electronic device 100 for a number of different activities, such as doing so. A small payment per use may be associated with each of these activities. For example, a consumer may pay publisher A one dollar and author A one dollar each time they access an electronic version of a work distributed and written by a publisher. Suppose writer A's work is very popular and has been filmized. Consumers may pay for each use to watch one of these movies. That is, pay $ 5 for publisher A, $ 3 for writer A, and $ 0.5 for distributed trading utility 75.

Payment aggregator 266 (which may operate at a consumer site within protected processing environment 154 provided by consumer electronics 100, if desired) may integrate payment into a common entity and publisher A , The amount owned by writer A, and the amount owned by decentralized trading utility 75. This total may be increased each time the consumer triggers a payment event. The integrated payment amount may be periodically or otherwise determined at predetermined time intervals (eg, weekly, monthly, or daily), when a predetermined event occurs (eg, when a consumer exceeds credit approval and a new card is received). , Certain electronic controls have been terminated, etc.) and / or a hybrid of some or all of these techniques to financial clearinghouse 200 or other trading utility system 90. obtain.

FIG. 30 illustrates another example payment integration across multiple consumer transactions. In this example, payments to the same value chain participant using the same payment method are aggregated and aggregated. Such payment consolidation, which may take place at the consumer site and / or at the clearing house, reduces the total number of financial transactions that need to be cleared. This increases efficiency and throughput, and reduces the cost of handling each individual consumer transaction.

FIG. 31 shows still another example of payment integration. In this example, the integration occurs over a number of different consumer transactions. For example, all transactions associated with a particular provider and using a particular payment method may be consolidated by the financial clearinghouse 200. Note that the payment integration techniques shown in FIGS. 29-31 do not necessarily lose individual transaction details. In other words, consumer electronics 100 can record and report detailed information for each transaction, even though payments for individual transactions are combined for more efficient payment processing and handling. The clearing house 200 and / or the clearing house 300 can report detailed usage information on a transaction-by-transaction basis. The above ability to separately handle and process more detailed and detailed usage information while consolidating payments can provide a high level of audit responsibility without unduly burdening the payment handling mechanism. In some cases, loss of detailed records may result in savings at the clearing house. Although they can be ignored, it is advantageous to keep them near on the user's system and / or in a repository in the trade utility system 90.が あ る Where there is a debate over a claim, for example, a partial copy of the detailed record (even if not sent to the clearing house) can serve as useful evidence of what actually happened.

FIG. 32 shows how the example 200 clearing house is modified to include a payment consolidator configuration 268. Payment aggregator 268 may be used to integrate incoming payments from a number of different consumer electronics devices 100 or other sources, and may use the integrated payment for handling via, for example, a third party clearing service. Provided to the switch 200. Payment consolidator 268 selectively consolidates only certain payments, while passing other payments directly to switch 200 for direct handling without consolidation. Payment consolidation may be based on a number of different factors. For example, payments may be consolidated based on consumers, providers, payment methods, or some or all of the above factors. This integration function may be performed in whole or in part in the consumer's 95 electronic device. Alternatively, the integration function may be performed centrally by the central clearinghouse 200.

Clearing House 300
FIG. 33 illustrates an example of a clearinghouse trading utility system 300. Usage clearinghouse services and functions generally collect and analyze detailed, summary, and / or derived usage information about the use and / or execution of digital properties and / or digital processes. And "repass". This information may include any information that describes an e-commerce activity. The clearing house and / or support service may provide and / or facilitate, for example, the following:

Independence audit and reporting (can be presented independently of the financial clearing and bill exchange service);
・ General market research;
Negotiating, conducting, determining and communicating privacy and confidentiality levels with customers and value chain participants regarding the above usage information;
-Sale, lending or use of mass customized marketing and linked lists.

More specifically, the bill clearing service according to the present invention may provide, for example, any combination of the following detailed features and / or functions.

Compiling, integrating, using information that describes and / or otherwise relates to the use of the secure container, the content of the secure container, and / or any other content and / or any digital control process; Drawers and / or offers. The information may include (a) one or more users of the content and / or processing, (b) one or more classifications of the content, control processes, use of the content, and / or the user, and / or (c) Describe and / or otherwise relate to one or more recipients.

O Tracking and reporting of content and / or processing control usage and / or enabling information processing at a very fine (eg, fine) level.

・ Can collect, integrate, analyze, summarize, extract, report, distribute, rent, license, and / or sell usage information.

Use of information derived from users exposed to the content, such as advertising, informational materials, entertainment, training materials, business productivity software applications, etc., and, in the preferred embodiment, through the use of a VDE mechanism Secure provision of at least a portion of the retrieved information and / or information related to the information to an information integration and / or analysis clearing house. The clearing house securely provides at least a portion of the usage information or at least a portion of information derived from the information to at least one other clearing house and / or value chain participant. The clearing house also provides the different usage information derived to different different parties having the role of clearing the bill or the role of another rights holder.

"Information generated by and / or derived from a user-protected processing environment that meters based on a variety of different technologies (eg, the technology disclosed in Ginter et al.). Use of "exhaust" audit records.

The number of times a digital property or any part of the property has been opened, extracted, embedded or executed; the value chain participant has the property (interactive game, or multimedia presentation, computer software, or module or the above product) The ability to collect and analyze detailed information, such as the length of time used (eg, accessories).

Provides a variety of repurposing capabilities for usage information received from consumers or from other secure processing environments.

. Providing independent third party auditing capabilities, for example, useful for file storage and to prevent payment refusals.

Provision of information based on usage audits, user profiles, and / or market research related to one or more secure containers and / or content and / or VDE controlled processing controls in a preferred embodiment.

Providing neutral, trusted third party audit use integration and reporting services to interest holders, such as rights holders, consumers, and / or other value chain participants and / or government entities (taxation, legal Information about the enforcement, commercial research and statistics, etc.).

Provision of audit opportunities in connection with the exchange of bills of control and control rights and permits (eg, regarding which rules and control permits and rights were exercised, for example, to whom, for what and when) (To combine actual user activity back into specific authorizations and rights and / or control and control templates).

In a preferred embodiment, standardized and custom reports, and analyzes based on VDE rules and controls and generated and delivered to a VDE container, are analyzed by content creators, content distributors, industry analysts, commercial associations, and others. To each and / or any one or more groups of any investor and value chain participant, and / or any other party, such as a government statistics expert, moderator and / or trading authority I do.

Raw, refined, summarized, guided reporting of support for multiple business models within any value chain and / or across and / or multiple value chains And any combination of the collected credit data.

Distribute usage information to value chain participants and other parties within or outside the e-community, separately from and / or in conjunction with the financial statement clearing service.

Support privacy and confidentiality controls that fully protect the interests of all value chain participants in using information, for example, the rights in the VDE chain to handle and control a managed business model.

Privacy issues, such as distributors, aggregators, repurposers, or, in a preferred embodiment, secure, managed content, or other processing controls for consumer or value chain content; Not disclose more information than users of other electronic devices that apply VDE to the authority, and inform, for example, what kind of information the user giving such authority will collect or exchange bills of That can be adjusted.

Automatically, based at least in part on rules and controls, confidential or proprietary usage information, including the further processing of such information, or any further use of the clearing house Reliable on hiding (eg, encrypting), removing, and / or transforming the information before delivering it to anyone or any further party, thereby effectively protecting privacy and confidentiality, This includes the protection of business transaction secrets.
Protecting key business model information from prying eyes of other stakeholders and / or from inadvertent disclosure to other stakeholders and / or the public, thereby providing a truly trusted commercial network Provide the basis for

-Value chain participants, including, for example, commercial publishers and distributors, and / or consumers, and service and / or product provider organizations, of usage information to be communicated to any given value chain rights holder. Allows for a level of detail negotiation, where such a level of detail may vary depending on who the particular receiving participant is and the particular type and / or subtype of usage information, and A plurality of different levels of detail for different portions of such usage information may be provided to a given recipient of the usage information and / or a predetermined deliverable, and determining such detail is preferred in a preferred embodiment. Is determined at least in part by the rights of a given participant described by the VDE rules and control information.

Allow consumers and organizations to negotiate the level of detail that should be communicated to rights holders in the value chain.

Give consumers, or other value chains (authors, publishers, distributors, repurpassers) details, aggregations, and / or any predetermined piece of content they use, the class of the content, Authorize the identification and / or negotiation of their desired level of anonymity for usage information regarding a particular transaction, processing class, and / or payment request (eg, anonymity and / or some or all use) Maintaining privacy for details may require a payment premium to make up for the loss of value of such information).

Customizing information consumers and / or other value chain participants to their "information depletion" and rules on how they get their aggregated and otherwise used usage information And conditions on the rights holder's competitive requirements to acknowledge the setting of controls and to receive information for which they have been entitled, and / or for the user and the rights holder to mutually receive electronically approved information. May be provided to the rights holder. The user and / or one or more rights holders may be delivered to the right defining the limit (eg, use of VDE chain handling and control) and / or one or more other rights holders. Describes specific usage information that must be done.

・ Substantial control of the value chain participants, such as which types of information used by the value chain participants were accumulated, who accessed which information, and how such information could be used. Support how important information is aggregated and processed, and to the extent that usage records are tied to particular value chain participants or organizations.

Secure use of containers at any step, part, and / or process that provides secure bill clearing services (e.g., using VDE secured containers as described in VDE protected processing environments and Ginter et al.) Use in combination with communication security performance).

-Usage data or more refined usage data (e.g., some of the provisions of price reductions, subsides and / or coupons to value chain participants, e.g., consumers, distributors, repurpassers, etc.). In the context of privacy enhancement issues) and exchange.

作成 Create and provide marketing research and reporting and stakeholder integrated marketing lists (for targeted mailings, direct sales, and other forms of targeted marketing) to interested parties. Such materials are generally similar to independent magazine and newspaper circular audits, television audience surveys, and / or commercial target marketing lists, but create and distribute the electronic environment with high efficiency. To be safe, and. Such materials may have a significant granularity of information, if desired, and may include one or more of the following: recipient requests, payments, rights, and / or rights holder interests. May provide a significant new form of detail with selective reporting of a substance based on the conflict of interest of one or more parties (eg, display, print, extract, reuse, electronic savings, Rebalancing, etc.).

Automatically use the detailed usage information to form a hierarchy, scheme, group, and / or hierarchy and automatically create individuals, groups of individuals, organizations, organizational groups, digital and / or analog content, or digital And / or analog content groups, in a preferred embodiment, combined with at least one secure container and / or VDE and assigned to one or more classes from usage data to be collected and transmitted.

Such as automatic marketing of transmission and / or other marketing substances or their delivery to a defined set of consumers, professionals, employees and companies (eg one or more classes) Supports propagation and marketing, including supporting efficient value chain automation of delivery of specialized services, where sets are defined by self-selection, usage data, usage data profiles, or any other means The set may be included in any one or more value chain participants (eg, creators, consumers, distributors, service providers, websites, decentralized clearinghouses), where one These participants may receive different, customized substances, where the receiving participant is entitled by rules and controls. , Where the participant may receive such deposits, coupons, cash payments, and / or other forms of compensation for such redistribution, wherein Such re-dispersion may provide some or all of such received material to one or more other parties based on self-selection, usage data, usage data profiles, or by any other means. It may take the form of at least partially directing, where all such processing may be securely managed (eg, supported) by the handling and control of internode VDE chains in certain embodiments.

Value for propagating payments and / or other considerations from the proponent attributable to the rights holder, dispersal of such considerations amongst multiple parties, and at least partially securely automating them. Determined based on the chained user's exposure, the parties have the benefit of the rights holder in connection with the serving content and / or processing as a basis for determining such consideration.

-Based on superior, target market segmentation and more appropriate information products and direct, more specific and detailed usage data, and consumers and implicit, explicit and automatic Supports the design of business models based on the priority of value chains derived from usage information (user profile, class recognition information, etc.).

Enabling the use of "private" clearinghouses (use of clearinghouses controlled and / or operated by the organization) to obtain certain detailed usage information, where such clearinghouses Use may perform usage analysis and / or other processing of such information, and provide more centralized and / or clearinghouses of other parties and / or other value chain participants with such Selective use information (eg, higher levels of summarization, summary information, application of restrictions, and / or modes of use of use information (display, print, savings) , Re-distribution, etc.), wherein different limitations on such usage information may be derived from usage of different classes of content, processing, users and / or user groups. Where applicable, the performance of such information is provided by providing significant additional protection of the company or other organization's confidential transaction secret information by hiding the detailed nature of certain internal activities, where There may be demands for payment and / or other consideration by one or more other parties in the value chain for such detailed usage information.

—Enables an organization to apply a private usage data clearinghouse to the corporate intranet, where such a clearinghouse is integrated with the organization's document flow and / or receipt system.

Receiving usage information from the organization's electronics and using the records internally with a private-use organization (eg, a company, government agency, union, or any other organized operating entity) clearinghouse Aggregate in the form of detailed reports for and / or report raw detailed data for internal use, but disseminate usage data for external distribution, for example, rights holders, and / or It only aggregates in the form of a summary report to other value chain participants and / or one or more commercial clearing houses, where in a preferred embodiment, detailed data for internal use is , Protected as VDE protected content, access or other use of such content is Electronic identity is limited to a particular then-party and / or a particular method based at least in part on a particular party that is securely secured, and the electronic identity may be, for example, the same for any relevant party class with respect to the privilege to use certain information. Gender information (for example, a member of a predetermined survey group and a senior management).

Identify usage-related information that provides critical value usage data through a private clearinghouse and provide it to internal organizational resources allocation, research direction, and other key business objectives.

Disperse bill of exchange used (eg, for efficiency and / or other reasons).

Distribute bill of exchange functionality across networks or other systems (e.g., all consumers and / or other value chain participant nodes potentially, at least partially, have their own secure bill of exchange) Initiating a distributed bill of exchange service in which a participant node communicates usage information directly to one or more other participants), in a preferred embodiment, rules and controls, and Ginter et al. In accordance with other VDE technologies as described in US Pat.

· Organize the clearing house hierarchically and at least partially secure the nuclear levels in the hierarchy.

• Authorize and / or service or cooperate with one or more decentralized secondary bill clearinghouses and provide one or more decentralized secondary bill clearing stations Operations may be logical, such as within a company or government agency, and / or within one or more jurisdictions, and / or a serving subset of the comprehensive business focus area of a senior clearinghouse. And / or physically located outside.

Decentralize and / or otherwise authorize the bill clearing function across the system or network, eg, where the protected processing of each consumer and / or specific or all other value chain participants The environment (node) may potentially support distributed bill of exchange services and may function in the context of a comprehensive distributed trading utility.

Initiate its own secure bill of exchange transaction directly with one or more other participants.

内部 Using any or all of the activities using the virtual distributed environment technology to provide the inter-operable operation to one or more other inter-operable participant nodes.

Use the clearing house in the design, at least in part to form the usage information used, and / or the use is described by the product and / or services associated with the product and / or such usage information Marketing services.

It can be hierarchically organized peer-to-peer or it can be a combined mode, in which the responsibility for clearing the bill used is due to different trade models and / or activities and / or value chains And one or more parties may be hierarchically higher than other then-ones in one or more cases, or hierarchically in one or more other cases, for example. It can be peer or non-people, ie, the relationship between participants is programmable and one or more desired bill exchanges for a given trade activity, value chain, or model (And later modified).

FIG. 33 shows an example of a clearinghouse 300 from the viewpoint of processing. In this example, clearinghouse 300 collects, analyzes, and reports on digital information. Digital information includes, but is not limited to, the use of digital content. The clearing house 300 in this example performs the following functions:

・ Data collection 314
・ Database management 316
・ Privacy control 318
・ Secure audit 320
・ Secure report 322
・ Data aggregation 324
• Propagation and marketing 326
・ Usage analysis 328
A copy 330, and an advertisement 332.

Communication between the clearing house 300 and other electronic devices 100 may be through a secure electronic container 152, if desired. As will be described in more detail with respect to the financial clearing house 200, the clearing house 300 receives containers in real time and / or on an asynchronous receipt basis. In clearinghouse 300, real-time requests can be transmitted or rated information that loses some or all of its value as a function of time (e.g., if certain survey information is not delivered by a particular time). The information is no longer relevant to the given market analysis; or the propagator may not be able to respond effectively to customer preferences if the propagator does not receive the usage information quickly). In other cases, this may involve the delivery of the requested usage information (e.g., vacationing users returning, knowing their requested audit dates, expiring the grace period, and reducing user usage for a given performance). Regulated until audit is performed). The case of asynchronous delivery may still be preferred in some cases, for the same reasons described above for the financial clearing house 200.

Data collection function 314 may include rules and controls 188 (which may provide, for example, information regarding pricing and authorization), financial statements 240a, detailed financial reports 240b, and requests for usage information and / or analysis 336. Used to collect usage records 302, in addition to other types of information. The data collection function 314 may interact closely with the database management function 316 such that various types of information are stored and maintained in use or other databases. The replication and propagation functions 330, 332 synchronize the contents of the database 316 with other databases (eg, maintained by other clearinghouses 300) and / or a number of secure network-protected processing environments or It can be used to provide a distributed database across electronic devices.

Data aggregation 324 and analysis 328 may be used to analyze the content of the data collected by data collection function 314 and / or stored in database 316, auditing 320 and / or using clearinghouse 300. Report 322 may be executed. Privacy control 318 may be used in combination with reporting function 322 to expose only certain information to third parties and not other information, thereby providing privacy and privacy to the consumer from whom the usage information was collected. Confidentiality issues are protected. Such disputes control 316 may be expressed in rules regarding the container from which the information arrives.

Report function 322 may generate various usage audit reports 304. In addition, clearing house 300 may provide propagation and / or marketing support 326 (eg, to support target propagation to demographically relevant consumers, and / or market and propagation research). To provide a). Thus, in one example, clearing house 300 may itself create and / or distribute a display propagation 340 by a given target consumer, or deliver such a transmission instead. The clearing house 300 may form a customized response 342 in response to the information request 336, and furthermore, the relevant audit records may be communicated to the clearing house 300, and once this communication is confirmed, a local An open signal 344 may be formed that allows the electronic device 100 to delete and / or form “no longer pending” in usage information from the database. Consumer 95 is interested in retaining (rather than deleting) this usage information once it has been "opened" (e.g., from the curiosity of monitoring the behavior of others (employees, children, etc.)). .

The clearinghouse 300 forms its own controls 188b, for example, to manage how usage information, market information, or other information can be used by others. For example, clearinghouse 300 may create its own report or analysis to provide to third parties for compensation only. The clearing house 300 may insist that the report provider does not redistribute the report to others. The clearing house 300 may enhance this request electronically by delivering the report in one or more of the electronic containers 152 and associating the electronic control 188b with the report. The electronic control 188b may enforce "no redistribution" regulations, as well as other condition permissions and / or restrictions (e.g., no modification of reports, no printing and display of reports, no quoting of reports).

As noted above, clearinghouse 300 may receive financial statements 240a and / or detailed financial records 240b or other financial information, forming its own financial statements 240c and / or detailed financial records 240d. obtain. For example, clearing house 300 may provide services to the content provider, where clearing house 300 is controlled by content provider 188a in a manner similar to the control delivered to consumer 95. Receive. Based on a comparison of these data, the clearing house 300 may make an estimate of the amount that the content provider should be expected to receive from the financial clearing house 200. Accordingly, clearinghouse 300 may provide an independent audit function (engaging as a double check on financial clearinghouse 200 and providing fraud detection functionality) (e.g., submit usage records and associate A person who has no payment or otherwise has a fraudulent payment can be detected by clearinghouse 300). In addition, control 188 may represent a closed model in which the content provider considers implementation, and then clearinghouse 300 will use clearinghouse 300 if the content provider actually builds the proposed model. Provides a service that performs comparisons on usage data and actually collects and builds models similar to financial results.

FIG. 34 is an example of the architecture of the clearing house 300. In this example, clearinghouse 300 includes a secure communication facility 346, a database and transaction processor 348, an authenticator 350, an authorization @ checker 352, and a data aggregator 354. The clearinghouse 300 architecture may be based on the rights-activated system architecture shown in FIGS. 12 and 13 of the Ginter et al. Patent publication.

Secure communication 346, in this example, provides communication with various electronic devices 100 over electronic network 150 via secure container 152. Database and transaction processor 348 performs most of the functions of FIG. 33 in this embodiment. Approver 350 may be used to approve the consumer and / or data, approval checker 352 may be used to check approval, and data aggregator 354 performs data aggregation function 324. Can be used for The approver 350 and approval checker 352 perform the approval function as described in the publication of Ginter et al. In combination with secure electronics and a protected processing environment.

FIG. 35 shows an example of a comprehensive bill-of-use exchange process. In this embodiment, provider 164 provides digital characteristics to consumers 95 (1), 95 (2), 95 (3). For example, the provider 164 may provide a new or other network 166 to each of the consumers 95 within the electronic container 152. One or more control sets 188 may be associated with work 166 (and, in some embodiments, may be delivered within the same electronic container 152 used to deliver work 166). The control 188 may specify that certain types of usage information are to be gathered in the form of an audit trail, and that the audit trail is to be reported based on a predetermined time and / or other event.

The container 152 can only be opened inside a secure protected processing environment 154 that is part of the virtual distributed environment described in the above-mentioned Ginter et al patent publication, and the provider 164 has the required audit trail. Will be generated and will report along his or her instructions. Consumer 95 uses characteristics 166 and consumer electronics 100 automatically collects and stores usage information in the form of audit trail 302. Then, at the occurrence of a particular event (e.g., once a month, once a week, after a predetermined number of uses, etc.), the consumer electronic device 100 may retrieve the audit trail information 302 inside the digital container using the clearing house. Send to 300.

Clearinghouse 300 may collect audit trail information 302 and store this information in database 316 of clearinghouse 300, analyze the audit trail information, and provide information to provider 164 within another electronic container 152. Generate a report 304 that can be sent.

The provider 164 automatically receives secure information and the clearinghouse 300 relieves the provider from having to collect and analyze this detailed usage information and uses it for his or her work. Audit what was done and how the information was used. In addition, clearinghouse 300 may protect the privacy of consumer 95 by revealing only consumer-approved summary details (eg, reveal how many consumers have used network 166). But does not reveal the consumer's name or address). This verification feature may be more difficult or problematic if the provider 164 attempts his or her own analyzed detailed usage records.

FIG. 36 shows a more detailed example of a shaped bill clearing process having two different clearing houses 300 (1), 300 (2). In this embodiment, the provider 164 delivers the work 166 directly to the consumer 95 and also to a distributor 168 that can redistribute the work to the consumer. The controls 188 associated with the distributed content 166 determine whether the clearing house 300 (1) should collect and analyze information regarding the use of the content 166 distributed directly by the creator 164, and The other clearing house 300 (2) may specify whether to collect and analyze usage information regarding the use of the work 166 when distributed by the distributor 168. Alternatively, the clearing house 300 (1), 300 (2) may collect different types of usage information for the same electronic property 166 (eg, one clearing house for "pay per view" use). Gather information, while other clearing houses may gather usage information for all one-time @ purchase). The clearing house 300 (1), 300 (2) may publish a report 304 to the creator 164 and / or distributor 168 and / or the consumer 95, respectively.

FIG. 37 shows how the clearing house 300 can be used in combination with the clearing house 200. In this embodiment, the consumer's electronic device 100 can be sent to:
• Clearing House 300, audit trail information 302 on the use of electronic content, and • Financial Clearing House 200, usage and payment audit trail information 228 on financial clearing activity.

If desired, clearing house clearing 300 and clearing house clearing 200 may be operated by the same business (in which case, both use and financial audit trail information may be sent inside the same electronic container 152). . The clearinghouse exchange function performed by the clearinghouse 300 may be operated in parallel with the financial clearinghouse function performed by the clearinghouse 200 to provide both detailed usage reporting and efficient financial clearing. to support.

FIG. 38 illustrates another example of a clearing house based on media and / or propagated content placement. Consumers 95 (1), 95 (2), 95 (N) may subscribe to various distributed services 170A, 170B,... These information distribution services 170 may distribute the program material and propagation (commercial content) provided by the content provider 164. Consumer 95 consumes the distributed content, and consumer electronic device 100 gathers and reports usage data associated with clearinghouses 300 (1), 300 (2),...

The clearinghouse 300 performs a demographic analysis on the received usage data and targets specific propagation to other commercial content 164 to specific information services 170 based on the demographic analysis. I do. For example, information service 170A may distribute program material and commercial content 164 of interest to runners and other persons with an interest in physical health. The clearing house 300 (1) may analyze the usage data provided by the consumer 95 to book and display this type of information. Thus, clearinghouse 300 (1) is in a unique location to place propagations on other commercial and non-commercial content that may be of interest to the same group of interests. Similarly, information service 170B may specifically transmit interest information to car enthusiasts. The clearinghouse 300 (2) may collect usage data regarding the use of this type of information, and thus will have its own, successful distribution and distribution and targeting of commercial and non-commercial content to this consumer group. Well located.

FIG. 39 illustrates another example of a bill-of-use exchange process that may be performed by the bill clearing house 300. In this embodiment, clearinghouse 300 may provide a price reduction based on the amount of usage information voluntarily released by consumer 95 as approved by rights holder 164. For example, this may be done by selecting from a set of controls and / or entering electronic negotiations at controls 188 on properties (see Ginter et al., FIGS. 76A and B). The rights holder may consider this as a general rule for that property, or a given rights and authorization clearinghouse 400 may distribute these control sets (eg, the collection of certain categories of usage information). Can be delivered based on the specific location of the control set as a container).

In one embodiment, the consumer's electronic device may be a personal computer, and rights holders 164 distributing computer software may determine which software program consumers 95 use the rights holders in addition to those on which the rights holders themselves are distributed. You may be interested in knowing what you are doing. Consumer 95, on the other hand, may not want to reveal this detailed information about all software programs residing on his or her computer.

As another example, digital communication rights holder 164 may want to know about each of the communication programs viewed by consumer 95. On the other hand, the consumer may not want anyone else to know the type of program he or she is interested in.

The clearinghouse 300 provides financial incentives to consumers 95 for more complete disclosure, but by giving consumers choices, they can effectively adjust their opposing concerns.

In this embodiment, the rights holder 164 distributes the control associated with the electronic content and the consumer 95. The control may specify options for revealing usage information. Consumers can choose to:
• pay in full and guarantee all usage information that is different from important information about guaranteed payments;
Allow limited use of the price instead of a small price cut;
-Benefit from significant price reductions instead of disclosing all usage information.

秘密 Some secretive consumers don't want to be known to the outside world as much as possible about their usage habits, and are willing to pay in full to protect their privacy. Other consumers do not care what the outside world knows about their usage habits and want to benefit from a large price cut based on a more complete disclosure. Any number of levels of such options may be provided, for example, allowing consumers to choose exactly which information to publish and which information to keep confidential. Because the usage data is collected inside a secure and secure processing environment 154 that is part of the consumer's electronic device 100, the consumer is aware that the usage data is handled securely and has not been authorized Verify that publication does not occur without his or her consent.

For example, based on one or more control sets 188 provided to the consumer's protected processing environment 154 and / or consumer selection enabled through such control sets, the consumer's protected processing The environment 154 does not reveal usage information, reveals minimal, limited, or full usage information to the clearing house 300. The clearing house 300 can then freely analyze the limited usage information and all usage information collected by the clearing house, and to the rights holder 164 and to market researchers, brokers, propagators, auditors And provide reporting and analysis to other third parties, such as scientists.

Rights and Authorized Clearinghouse FIG. 40 shows an example of a rights and authorized clearinghouse trading utility system 400. The Right and Authorized Clearing House may perform the service in any combination of the following comprehensive functions:
Electronic objects and associated authorizations, prices and / or other authorized and / or requested actions (actions that support the execution results of performing and / or not performing such actions). register;
Providing a pre-approved authorization on demand, in relation to the particular environment and / or other requirements, such as the class of requestor, procurement or performance, payment requirements, etc .;
• Securely and efficiently perform electronic copyright registration at one or more countries and / or appropriate institutions for other jurisdictional units; and • Report capabilities.

More specifically, rights and authorizations provide services associated with these inventions, which may include, for example, some or all of the following features and features:
Identify, distribute and verify rights along specific characteristics and / or other business rules and controls along the digital electronic value chain.

Provide object registration services and rights, prices and / or other control information for registered objects.

• associating at least one identification number and / or name with each electronic object with its own number and / or name scheme, and / or one or more other organizations, associations (e.g., standard associations) )), Assigned in association with one or more numbers and / or naming schemes defined by the company and / or agency (eg, a government coordinating body).

Receive approval from the secure chain of handling and control included in the electronic control set.

Securely provide authorization for registered electronic properties (e.g., statement of relevant results, such as approved actions and prices, based on rules and controls), and provide such registered properties with rules and control sets (E.g., updating rules and control sets, applying preset templates based on characteristic classes, etc.). This may be provided, for example, at least partially remotely to the registration site during or as a result of such registration and may be securely downloaded.

One for products of intellectual nature used or not used by rights holders in digital content (eg VDE protected digital properties) and any consequences of such use and / or misuse; Authorize rights holders to determine, flexibly define, and securely provide routes to these rights and authorized clearinghouses.

VDE-supported distributed performance and management rights and business rules (pre-approved or other approvals) to a special (ad @ hoc) electronic value chain (where such rights and business rules are persistent) Is supported).

・ Provide the digital object to those who are authorized to use the digital object on demand.

Different terms may be provided based on different authorizations securely associated with one or more combinations of user classes.

Provide rights holders with the approval that the terms set by the rights holder will be attached to them through a potentially diverse and decentralized value chain participant base.

-Requested and / or not including all possible authorizations and / or for requests for special and / or pre-planned bases by requester's rights (class and / or individual) Controls may be provided that do not distribute the desired authorization, e.g., allowing the rights holder to choose to distribute only the most frequently used authorizations associated with a particular digital property, Acknowledges that it will obtain a new authorization consistent with the rights holder's model.

Providing expired authorization and / or automatic acquisition and / or provision of such authorization for automatic recognition of the expiration of such rights on a request and / or through the use of a clearinghouse database mechanism; and And / or in a preferred embodiment refresh the notice of notifying VDE value chain participants of the need to obtain such authorization (eg, users actively attempt to use relevant information and / or electronic control processes) Inform such users beforehand to avoid user frustration and inefficiencies).

Use a secure container as described in Ginter et al. In any step, part, or process in providing secure rights clearing services.

Create and store variances and efficiently and appropriately correlate results (eg, compensation) with actions relating to the use of rights, conditions and their digital properties (and / or use of electronic events controlled by the VDE process) Receive the rights and authorization "template" to authorize the rights holder to specify.

Templates are digital control sets associated with characteristics, content users, user classes, and / or other digital information and / or process control and governance for physical or virtual sites and / or events. Can match directly.

-Templates can be self-issued.
-A template may apply multiple objects / instances.
Templates can be delivered independently to any digital object to which the template can be associated.

テ ン プ レ ー ト Templates are extensible to predict new behaviors and scenarios, which include, but are not limited to, new payment methods, pricing models and price levels, and new authorizations.

The テ ン プ レ ー ト template may be flexible in recognizing all types of digital rights, including, for example, distribution and transmission and / or retransmission rights.

テ ン プ レ ー ト templates can flexibly recognize individual identities and / or class identification rights.

• Different templates may apply different content and / or process control deployment feature types.

Multiple templates may apply the same properties and process control arrangements.

The rights and authorization clearinghouse may maintain a superset template, and modify one or more such superset templates into value chain participants and / or hierarchical secondary clearinghouses to convert this one or more Templates that utilize a subset of and / or an extended set of the superset templates of.

テ ン プ レ ー ト templates can be completed in a number of different ways using, for example, a graphic user interface and / or a rights management language.

-The template "application" can be created and / or modified using a topographical, schematic, directly editable graphic representation of value chain rules and controls, where such The rules and controls and value chain participants are represented, for example, by the display of positional, flowchart, and textile information of mixed icons, where the rules and controls may include, for example, the use of a rights management language. Performed, for example, where higher-level representations of elements and such elements of the management language may correspond directly to graphical representation components.

Multiple value chain participants may contribute to and / or modify the template and / or contribute and / or modify different templates that apply the same digital information.

The user includes, for example, digital information (eg, event management information) that describes and / or manages the control process, such as the same digital information managed via secure VDE chain handling and control. You can choose between different templates to apply.

Distribute the rights bill exchange function across a network or other system (eg, each consumer and / or value chain participant node potentially, at least partially, initiates its own secure rights bill exchange) It may be a decentralized bill clearing service, where the participant node is one or more other participants, an internally operable bill clearing node, in a preferred embodiment a suitable and Ginter et al. Patent. Rights information may be communicated directly with all activities utilizing VDE technology as described in the specification).

The operation is logically and / or physically distributed and / or distributed in a company and government agency and / or one or more jurisdictions and / or rights and bill exchange functions across systems or networks; Or approving one or more decentralized sub-clearing clearinghouses that may be located within a serving subset of a comprehensive business focus area of a higher clearinghouse that otherwise approves and / or Provides services to or in conjunction with one or more decentralized secondary clearing houses. Here, for example, each consumer and / or a given or all value chain participant nodes potentially have their own secure rights clearinghouse transaction and function (1) in the context of a comprehensive clearinghouse network. (Including all activities that utilize VDE technology as appropriate, such as internal operable nodes of one or more other participants and other places on this list) Can support usage bill exchange service.

One or more rights may be automatically provided to participants based at least in part on some aspect of the use of content and / or process control. One or more rights thus provided may be provided as a compensation for a particular use (eg, purchase) profile, for example, as a promotional {component} providing coupons. This particular usage profile may be ascertained directly from the usage information, or may be derived from a weighted formula containing various variables (weighted @ formula).

得 る It can be organized hierarchically, peer-to-peer, or in a combined mode. Here, the responsibilities for rights @ clearing can be distributed in different ways for different trade models and / or activities and / or value chains. Also, one or more particular parties may be, for example, hierarchically senior and other peers with respect to other parties in one or more instances, or may be one peer. It may be lower for parties in these other instances. That is, the relationships between participants are programmable and set to represent one or more desired rights clearing arrangements for a given trading activity, value chain or model (later described). Change).

FIG. 40 illustrates an example of a rights and clearance clearinghouse 400 from a functional perspective. In this example, rights and licensing clearing house 400 may perform some or all of the following four main functions:
-Object registration. Rights and licensing clearinghouse 400 registers digital properties and their associated licensing and pricing.

・ Licensing upon request. In response to the inquiry, the rights and clearance clearinghouse 400 provides the license 188 in a secure electronic container 152 with the associated price. Authorization controls 188 may be provided independent of content.

Negotiated licenses. In response to the inquiry and request, the rights and licensing clearing house 400 negotiates licensing and / or pricing on behalf of the rights holder who has delegated its responsibilities to the rights and licensing clearing house. The rights and licensing clearinghouse 400 may also be an intermediary in negotiations between rights holders and rights users. Rights holders and rights users may negotiate between the parties and may report the results of this negotiation to the Rights and Authorizing Clearing House.

·report. The rights and licensing clearinghouse 400 may provide reports to augment the reports performed by the financial clearinghouse 200 and / or the clearinghouse 300.

In this example, the rights and clearance clearinghouse 400 may provide some or all of the following features:

Creating, updating or modifying 408 licenses;
Licensing distribution 410;
-Database management 412;
Template definition and / or management 414;
Licensing negotiations 416;
・ Report 417;
-Duplicate 418;
Registration 419; and propagation 420

The main task of object registration by the clearing house 400 is performed by the database administration 412. In this regard, the rights and licensing clearinghouse 400 receives the control set 188 and the corresponding object identification 422 in the same or different electronic container 152 and then “registers” this information in the database 412 for later reference. I can do it. The rights and clearance clearinghouse 400 may provide a template function 414 to assist a rights holder in defining a set of controls 188 that specify rights and permissions associated with the rights holder's electronic properties. The registration process 419 and the database 412 may register the control set 188 in addition to the object or property 166.

The database function 412 and the distribution function 410 of the clearinghouse 400 can be used to distribute the desired permissions in response to the request 402. The database function 412 and the distribution function 410 may also be responsible for the task of distributing all permissions for a particular property (via the distribution function 410). Since licensing and / or prices may expire or fluctuate, the rights and licensing clearinghouse 400 may also update the control set 188 that identifies previously issued licensing and / or prices, and these updates May be responsible for distributing the given control set.

The rights and licensing clearing house 400 may also provide a reporting function 417, which issues, for example, a report 406 related to issued or distributed licensing and / or prices. In this example, the operation of the clearing house 400 provides an opportunity for auditing, a channel through which usage information is connected. Such an audit operation (eg, which may be provided by integrating the functions of the rights and clearance clearinghouse 400 with the functions of the clearinghouse 300) is used to create an integrated report. Licenses for integrated reporting are provided and licenses are exercised. Provide very valuable information about market research and business results (businesses @ consequences) and additional accountability to rights holders.

The audit function of this rights and licensing clearinghouse 400 can be particularly advantageous for protecting confidentiality. For example, personal rights and licensing clearinghouse 400 may be extended to provide payment integration to hide sensitive personal transaction level information from financial clearinghouse 200. In another example, the rights and licensing clearing house 400 can issue a report 426. Report 426 may indicate, for example, the number of objects registered in database 412 at the beginning of the reporting period, the number of new objects registered, and possibly the average of these objects and / or particular types of objects. Alternatively, it shows collection statistics (aggregate @ statistics) which is considered to be the number of types of licenses related to the median price.

The rights and authorization clearing house 400 may also respond to the inquiry 402 with a response 428. The request may comprise, for example, a request for a permit that may be automatically granted. Alternatively, the request may need to be entitled by the rights and licensing clearinghouse 400 to determine whether the requester is eligible to receive the licence. Credentials may be established by the presence of one or more valid certificates. The qualifications can be easily checked or stored in the database 412 for transfer to the provider along with other information about the clearance granted by the clearing house. In a preferred embodiment, other entitlements are based on the requester's PPE 54 and a shared secret known by the rights and authorization clearinghouse 400 (eg, one or more tags from the control set 188 held by the requester). May be. This shared secret can be used in combination with authentication. Also, if the eligibility requirements are relatively low or are already established (eg, receiving a shared secret from the beginning), the shared secret alone may be used to receive a license to replace or renew an expired license, for example. May be appropriate.

The rights and licensing clearing house 400 also includes a licensing negotiation engine 416. The license negotiation engine 416 may be used to negotiate a license 188 that the rights holder has not previously approved. For example, the consumer 95 may want to exercise a right that is not in the database 412. Consumer 95 may claim rights. In response, the rights and authorizing clearinghouse 400 may determine whether the rights holder has authorized to negotiate for this right on behalf of the rights holder. If the rights holder has not authorized the negotiating rights and clearing house 400 to clear, the clearing house contacts the rights holder and requests permission and / or authorization itself. If the rights holder has granted permission to negotiate rights and clearance on the clearing house 400, the clearing house clears the electronic negotiation between the consumer's control set and the rights holder's control set (Ginter et al.). 75A-76B). The resulting negotiated control set is sent to the consumer, which enables the consumer to exercise.

FIG. 41 illustrates an exemplary architecture for a rights and clearance clearinghouse 400. In this example, the rights and authorization clearinghouse 400 includes a secure communication facility 430, a database and transaction processor 432, an authenticator 434, an authorization @ checker 436, and a registration processor 438. . As mentioned above, the architecture of the rights and clearance clearinghouse 400 may be based on the rights operation system architecture shown in FIGS. 12 and 13 of the Ginter et al. Patent disclosure and described in the associated text. .

The database and transaction processor 432 performs most of the functions shown in FIG. Registration processor 438 may perform registration function 419. Secure communication facilities 430 are secured across the electronic network 150 with other value chain participants via consumers 95, writers 164, publishers 168, integrators 170, repackagers 174 and secure containers 152. Communicate to The validator 434 and the permission checker 436 perform a validation function as described in the disclosure of the Ginter et al. Patent in connection with secure electronic applications and a protected processing environment.

FIG. 42 shows an example of a right and permission bill exchange process. In this example, author 164 sends work 166 to publisher 168 with control set 188A including control A. Publisher 168 adds control B to the control set (following a secure chain of handling and control) and forms a new control set 188AB. Publisher 168 publishes work 166 with control set 188AB to consumer 95. Publisher 168 may also authorize permission C in a more comprehensive set of controls 188ABC (e.g., control C may be used by journalists to control specific uses of work 166 for specific purposes). (Which allows to extract parts).

The publisher 168 may register the control set 188ABC (and, if desired, the control set 188AB and the control set 188A) with the rights and authorization clearinghouse 400. Publisher 168 may also provide an additional “controls” or “permissions for permissions” “D” (eg, FIGS. 79-85 of the Ginter et al. Patent disclosure). (Distributed control described in connection with) with control 188ABC. These additional "D" controls specify the environment in which rights A, B and / or C may be granted, such as qualifications of credentials, frequency of reissues, and number of controls for a given user. obtain.

Consumer 95 (or any other provider, such as an integrator, repackager, or another publisher) may request a copy of any of the various control sets registered with the rights and authorized clearinghouse 400. For example, if the consumer 95 is a journalist using the work 166 according to the control set 188AB and decides to extract the work for a particular purpose, the consumer will be notified by the publisher 168 to the rights and authorization clearinghouse 400. A previously registered super control set (control \ super \ set) 188ABC may be requested. In another example, a German consumer 95 may receive a control set 188 intended for U.S. diversification, which may require a different set of controls to accommodate European legal and monetary environments. In addition, rights holders may modify previously distributed controls at a later date to add new rights, provide "sale", withdraw rights, etc., and the rights and licensing clearing house 400 Accordingly, these new control sets also have a responsibility to distribute.

42A illustrates another example in which a consumer 95 may register a control set 188X with a rights and clearance clearinghouse 400. Control set 188X relates to objects such as files or software programs that consumer 95 has already received. This new control set 188X requests the rights and licensing clearinghouse 400 to send a new control set 188Y for the named object (named object) to the consumer 95, and the rights and licensing clearinghouse. Request whenever the control registered for that object at 400 is changed. The rights and clearance clearinghouse 400 may automatically send an updated control set 188Y to all registered users of a particular digital property.

In another example, the publisher 168 distributes the work 166 with a fairly limited set of controls 188X to serve as a point of contact for consumers to view the entire content or otherwise obtain authorization for use. 95 allows viewing only the summary and specific rights and licensing clearing houses 400. Consumer 95 can then connect to rights and licensing clearinghouse 400 and obtain a more extensive set of controls 188Y that permits additional levels of use. This provides a high degree of accountability and expanded audit capabilities. This is because this requires the consumer 95 to contact the rights and authorization clearinghouse 400 in order to actually use the previously distributed properties. Similarly, the rights and clearance clearinghouse 400 may provide an updated control set 188Y to replace the expired one. This mechanism can be used, for example, to provide a changeable discount on a particular item over time (e.g., a movie distributor may decide to pay a discount on the first release without first deciding how much to discount). Six months after the release date, it will be possible to discount the release movie).

FIG. 43 illustrates a further example of a rights and authorization clearing operation performed by the rights and authorization clearinghouse 400. In the example of FIG. 43, each of the writer 164, publisher 168, integrator 170, and any other additional value chain participants has their own control sets 188A, 188B, 188C in the rights and authorization clearinghouse 400, respectively. Register (additional controls that control the distribution of these provider controls may also register). The rights and licensing clearinghouse 400 then distributes the newly combined control set 188ABC of individual control sets 188A, 188B, 188C so that any value chain participant may not be of particular interest. From having to formulate its control set. In this example, the rights and licensing clearinghouse 400 also provides an interface to other organizations (e.g., government-related agencies 440 such as copyright offices (Copyright @ Office) or other types of organizations such as professional @ associations). Can have. The rights and licensing clearinghouse 400 automatically registers the copyrights in the works and other objects registered with the rights and licensing clearinghouse 400, such that the rights holders themselves must do so. The burden can be reduced or eliminated. The copyright registration interaction between the rights and clearance clearinghouse 400 and the government agency 440 may utilize, for example, a VDE and secure container 152.

44A-44E illustrate additional rights and licensing clearing processes that may be performed using the rights and licensing clearinghouse 400. In this example, publisher 168 provides properties 166 and associated control set 188a to consumer 95 (see FIG. 44A). A consumer may attempt to access property 166 using control set 188a using electronic device 100 and associated protected processing environment 154, but the consumer accesses the property in a manner desired by the consumer. May need to request an additional control set 188b. The consumer electronic device 100 may generate a request 402 to the rights and clearance clearinghouse 400 (see FIG. 44B). In response, rights and licensing clearinghouse 400 may distribute request controls 188b, including licensing and pricing information requested by consumer 95 (see FIG. 44C). The consumer then uses the properties 166 according to the control set 188 to generate usage / audit trail information 302 based on the consumer's usage (see FIG. 44D). The consumer's electronic device 100 may report this usage information to the clearing house 300 and upon receiving a release signal from the appropriate clearing house, declares the stored usage information as "pending". Delete and / or release (see FIG. 44E).

Rights Template FIGS. 45A and 45B show an example of a rights template 450, and FIG. 45C shows an example of a corresponding control set 188. Rights template 450 may be somewhat similar to the “blank fill” format. The rights holder can use the rights template 450 to efficiently and effectively define rights for a particular digital property. Such a template 450 is versatile in the virtual distributed environment technology described in the disclosure of the Ginter et al. Patent in that it is sensitive to particular content industries, providers, and types of content. Useful for framing abilities. This allows a user, such as a provider, to be shown in a focused menu of resources that are adaptable or useful for a particular purpose.

For example, the template 450 may be divided in terms of the content or other information characteristics being controlled, how it may be otherwise organized, and / or the attributes these organizational entities may have. Make assumptions about. The template 450 simplifies the process of defining permissions, thereby reducing or eliminating the need for expertise and a significant amount of time to invest in developing the underlying capabilities of a virtual distributed environment. In this example, it may be possible for the user to not necessarily use the template 450, but instead define the permissions 188 in a rights management language (eg, natural or computer-based language) (the user's Most will prefer the easy-to-use graphical interface that the template 450 can provide, but the additional flexibility and associated complexity will be greater if you undertake the routine task of defining the permissions of many different pieces of content. Will not mind giving up).

Examples of rights templates 450 shown in FIG. 45A (eg, which may be appropriate for text and / or graphic providers) include, for example, “title display (view @ title)”, “view summary (view @ abstract)”, and “title change”. , "Re-distribution", "backup", "content display" and "content printing" to define a number of different types of uses / operations associated with particular digital properties. Rights template 450 may further provide a "menu" or list of options corresponding to each type of use. These various options allow rights holders to define rights that others can exercise in connection with the property. For example, rights may include:

・ Unconditional permission ・ Payment condition permission ・ Content-based permission ・ Unconditional prohibition ・ Prohibition and / or permission based on other factors

Rights holders can define a “rights profile” corresponding to that particular property by “fill in” or selecting between these various options. In this example, rights template 450 may facilitate additional models and / or levels for rights exercised with payment terms. Such pricing models and levels provide flexibility in various different categories of business pricing, such as, for example, one-time charges, pay-per-views, and falling costs. Can be defined as See FIG. 45B for an example of how a pricing model and level can be specified using a graphical interface.

The rights template 450 in this example may be self-executed and / or automatically “translated” or compiled into one or more control sets 188 that provide the necessary controls to implement the rights holder's selection. obtain. FIG. 45C has, for example, a “title display” control 188a that allows the title identified by the rights template 450 of FIG. 45A to be viewed unconditionally. Similarly, the control 188 in the example of FIG. 45C further includes control set elements 188 (2)... 188 (N). The control set elements 188 (2)... 188 (N) correspond to the rights and permissions 188 defined by the rights holder based on the rights template 450 of FIG. 45A.

権 利 In this example, rights template 450 may be evolvable. For example, if a new technology makes available and / or creates a new operation, the rights template 450 will still be "upward @ compatible" with the existing rights template while the new operation is being performed. Can be extended to accommodate Different rights templates 450 may be used for different types of properties, different value chain participants, etc. (while a particular rights template may be applied to multiple objects or properties, multiple value chain participants, etc.) . Some rights templates 450 may be a superset of other rights templates. For example, an entire rights grant template 450 may define all possible rights that may apply to a particular property or property classification. Also, sub-templates may be further defined to define rights associated with different consumers, consumer categories, or rights holders. Thus, for example, the writer may use a different sub-template than the distributor uses. Templates can also be recursive. That is, a template may be used to reference another template (similarly, a control set defined by a template may reference another control set).

The rights and licensing clearing house 400 may partially fill in a rights template 450. Alternatively, an automated process may be used to complete and / or duplicate the rights template (e.g., based on pre-existing @instructions of the rights holder). The rights holder can use the graphical user interface (e.g., by displaying a list of options on a computer screen, pointing and clicking with a mouse pointing device and filling in the desired options) using the graphical user interface. Can be completed. In another example, the rights holder may automatically compile or otherwise process the computer to complete the rights template 450, and / or build an associated control set (s) 188. With the rights management language possible, preferences can be defined.

FIG. 46 shows an example of a right and permission bill exchange process using the right template 450. In this example, the rights and clearance clearinghouse 400 and / or the individual rights holder defines a rights template 450 (FIG. 46, block 452 (1)). The rights are then entered into a rights template 450, which defines the authorized and suppressed permissions and associated pricing models and levels (block 452 (2)). The rights holder associates the permissions defined by the rights template with the object (eg, by creating one or more control sets 188 that reference and / or apply the properties being controlled) (block 452 (3)). ). The rights holder then carries the permissions (control set 188) to or separately from the object (block 452 (4)). The rights holder may send these control sets 188 directly to the consumer 95 (block 452 (5)) and / or to the rights and clearance clearinghouse 400 for registration and storage in a database (block 452). (6)). Upon receiving the consumer's request (block 452 (8)), the rights and authorization clearing house 400 may provide such pre-authorized authorization to the consumer as desired (block 452 (block 452)). 7)).

As described above, the provider controls such pre-authorized licensing by the clearing house 400 with a mechanism that provides additional "distributed control" to direct and / or control distributed processing.

Authorization Authority FIG. 47 shows a commerce utility system 500, which is an example of an authorization authority. Certification authorities and services generally create digital documents that "certify", warrant, and / or prove some facts. In fact, for example, identification and / or membership in a particular class (eg, an organization, etc.); age group, possession of a particular qualification type; subordination to one or more particular jurisdictions; and / or fixed periods Or end at a designated time, possession of one or more authorized rights and / or processing for using the content.

More specifically, a certification authority according to the invention may provide any combination of the following advantageous features and functions, for example in the form of a certification:
• Electronic credentials used with or required by rules and / or controls, such as validation, identity, class membership and / or other attributes of identity and / or context. Electronic authentication information includes automatic authentication of this information and / or automatic authentication of a class of this information based on resources (eg, the identity of one or more authentication providers).

• Reliable that the consumer or other participant in the value chain is someone who is and / or is a member of one or more specific groups, classes and / or organizations Provide verification.

Provide trusted verification that a group of value chain participants is what they say collectively. Here, multiple certificates from different parties are examined as a set, and such a particular set of certificates may be used to use the content and / or to perform one or more control operations. Required in the environment.

・ Generate a certificate automatically. Authentication represents the validation of a value chain or part of a value chain as a result of the consolidation of multiple specific certificates.

Predict the acceptable set of certifications from multiple parties by using rules and controls. A party can form an authentication that substantially represents a particular group of authenticated parties. Also, in the presence of certain certifications that identify two or more prospective parties and / or parties that meet certain criteria (eg, sufficient transaction revenue, sufficient creditworthiness, etc.). , A new certificate may be automatically generated, acting as a composite certificate authenticating the collective and co-ordinated presence of multiple parties. In each case, the authentication allows for certain electronic activities (eg, multi-party EDI, content distribution, content usage and / or control processing in commerce systems and / or financial trading systems, etc.). It can be related to regulation and control.

Generate one or more certificates, at least in part, as a result of certificate generation rules and control management. The one or more certificates thus generated may be based on one or more instructions for secure provision and control, for example, after each of a plurality of parties has met certain criteria requirements, such as certain activities. Generated as a result of For example, one or more of authentication and / or authorization and / or use activities and / or deposit and / or payment activities and / or reporting activities and / or VDE-supported electronic agreement activities (including, for example, electronic negotiation activities) Offer.

Certify other supporting services (eg, financial clearinghouses, clearinghouse clearinghouses, right and licensed clearinghouses, trading authorities and other certifying authorities).

認証 Authenticate based on separate authentication (eg, identity) and automatic secure database lookups that can be performed locally or remotely across a distributed database deployment.

Non-automatic (ie, at least partially human) issuing more essential authentication (eg, identity authentication) based on physical evidence, in addition to the automatic service issuing dependency \ certificates; Provide and support) services.

Support (eg, create) digital certificates using public key cryptography, private keys and / or secure VDE virtual networks.

It can issue automatic, trusted, distributed, peer-to-peer secure electronic environments that support the chain of operation and control, and certificates that support the context for rights use.

• Support an unlimited variety of different business models with a versatile, reusable, programmable, and distributed modular architecture using other Distributed $ Commerce @Utility services.

A certificate whose use supports a control set having elements that depend on the presence and / or absence and / or class of one or more digital certificates proving certain facts, which are specific and / or unspecific. Can be issued. Different requirements may co-exist with respect to the presence and absence of certificates associated with different publications.

Can work with a conditional electronic control set to issue one or more certificates authorizing certain rights only to certain consumers and / or other value chain participants (eg, including consumers). is there.

Issue substitutes for expired authentications and support refined time and / or use of authentication and / or other event-driven expiration (including expiration). For example, such expiration criteria may vary based on the particular authentication, class of authentication, user specificity and class, user node, etc.

. Maintain and distribute (including selective distribution) revocation list information for distributed nodes based on, for example, node distribution profiles and / or rules and controls.

Distribute revocation list information in a time-based or other event-based manner between distributed trading utility nodes networked peer-to-peer in a cooperative manner. Here, the information is selectively distributed to one or more specific nodes with consent to the revocation information request. And / or the revocation information is non-selectively distributed to one or more specific nodes.

Receive authority from a secure chain of handling and control embodied in an electronic control set.

• Distribute the function of the certification authority across networks or other systems (eg, every consumer node is potentially a certification authority for a particular type of certification; the parent issues a certification for the child Is empowered).

Organize the certification authorities hierarchically. This includes, through this reliance on certifications issued by other certification authorities at least in part for this purpose, through some certification authorities (ie certification and credibility, validity issued by certification authorities) Enabling automatic verification of relevant decisions).

V. Authorize and / or provide services to or in conjunction with one or more decentralized certification authority sub clearinghouses. The operations of the sub clearing house may be located logically and / or physically anywhere (eg, within a business or government agency and / or within one or more jurisdictions). And / or serve a subset of the entire business symmetric area of a senior certification authority clearinghouse that distributes and / or otherwise permits the clearing and exchange of rights over a system or network.

• Any consumer and / or certain or all other value chain participant nodes can potentially support the decentralized authority's bill exchange service. The decentralized authority's clearing service initiates its own secure authentication and function within the context of the clearing house network. The Distributed Certification Authority's clearinghouse service includes clearinghouse interoperation with one or more other participants' cooperatively available nodes, and throughout this list, all activities are appropriate. Adopts VDE technology.

Provide liability acceptance control (i.e., control for insuring the digital certificate based on the amount of liability accepted by the publisher). Responsibility acceptance controls may include keeping information regarding such liability acceptance secure and providing notification to recipients of the certification regarding the protection of liability afforded by such certification. It may also include that the recipient of the insured certificate accepts all liability beyond the amount of insurance, for example, through explicit electronic acceptance of VDE management and implicit acceptance by continuation.

得 る It can be organized hierarchically, peer-to-peer or in a combined mode. Here, the responsibilities of the certification authority for activities may be distributed in different ways for different trade models and / or activities and / or value chains. Also, a particular one or more parties may be, for example, hierarchically superior to other parties in one or more instances, and may be hierarchically peered in one or more other instances. Or lower. That is, the relationships between participants are programmable and set (and later modified) to represent one or more desired specific certification authority locations for a given trade activity, value chain or model. obtain.

FIG. 47 illustrates an example of a certification authority 500 from a process perspective. In this example, the certification authority 500 creates a digital document, called a certification 504, that “certifies” some facts (eg, identity or class membership). For example, a trusted third party certification authority 500 may indicate that the consumer is the person that the consumer claims, or that the consumer has certain characteristics, attributes, class memberships, etc. Provide a secure digital guarantee for For example, some attributes may be members of a particular class (e.g., employees of a company), people born before a certain date, people with a physical disability, undergraduate faculty (member \ of \ the \ factory), universities May indicate administrative personnel or students (administration @ or @ student @ body) or veterans.

In this example, the digital certificate 504 issued by the certification authority 500 is used as a conveyor in the context of rights use and trading authorization. As described in the disclosure of the Ginter et al. Patent, authentication 504 is particularly powerful in a virtual distributed environment. This is because authentication 504 provides context for rights use. For example, the use and automation of class-based authentication and the decentralized management of trade rights substantially increase the efficiency of trusted networks. For example, a content publisher wants to charge a commercial price for scholarly journal subscriptions to everyone except those who have higher education, and college and college students and professors have 20% Assume that you intend to discount. The digital certificate 504 issued by the trusted certification authority 500 can be used to automatically provide security (within the context of a distributed electronic network). This guarantee ensures that only those who are truly entitled to the discount can exercise it (in this example, only those who are certified as enrolled in the higher education system).

In the example of FIG. 47, the certification authority 500 may perform the following overall functions:
・ Fact collection or check 522
・ Authentication generation 524
・ Maintaining the revocation list 526
Distribution of authentication and revocation lists 528
-Confirmation 530
-Authentication update 532
・ Permission 534
・ Replication 536
Propagation 538, and archive 554

The certification authority 500 collects the evidence 502 as a basis for issuing the digital certificate 504. In this example, evidence 502 may include another digital certificate 504 '(e.g., one certificate may be constructed for another). Fact collection and check function 522 accepts this evidence 502 along with additional credibility data 540 (eg, information regarding compromised or previously misused authentication). Certificate generation function 524 may generate a new digital certificate 504 based on this fact collection and check process 522. The distribution function 528 then distributes the new digital certificate 504 and issues a bill 452 to compensate for the labor and burden involved in issuing the certification authority's certificate.

The certification authority 500 may also maintain a revocation list 542 based on the reliability data 540. The credibility data 540 may be, for example, a compromised or previously misused authentication and the facts are no longer true (eg, Mr. @Smith was formerly a professor at Stanford University, but later Departure from university employment). The revocation list function 526 maintained is important to provide a mechanism to ensure that a "bad" certificate cannot be used once it turns out to be bad. The certificate 504 issued by the certification authority 500 may have expired, and the certification authority may renew a previously issued certificate (eg, for a fee) by performing a certification update function 532. The certification authority 500 may maintain a record or database of issued certificates, which may be distributed (this may benefit from the duplication function 536 and the propagation function 538 to accurately and efficiently differ from the database). ).

FIG. 48 shows an example of an architecture for a certification authority 500. In this example, the certification authority 500 may include a secure communication facility 544, an encryption / decryption processor 546, a billing system 548, a key generator 550, a query mechanism 552, and an electronic archive 554. In this example, secure communicator 544 is used to communicate with other electronic devices 100 and / or other trading utility systems 90. Electronic archive 554 stores keys, certificates 504 and other information required to maintain operation of certificate authority 500. Encryption / decryption processor 546 is used to create digital certificate 504 using strong encryption techniques. The bill issuing system 548 issues a bill 542. The query mechanism 552 is used to query the electronic archive 554. The key generator 550 is used to generate an encryption key required by the certification authority 500 for its operation.

FIG. 49 shows an example of the certification authority processing. In this example, the publisher may send electronic secure container 152 to consumer 95. In order to use a particular license 188a in the safety container 152, the consumer 95 may have certain facts about the consumer (eg, the consumer is a U.S. citizen, the consumer is a veteran, the consumer is 18 Certification from the certification authority 500 may be required to certify for such purposes as being older than age. The consumer may generate a request 502 to the certification authority 500 for issuing an appropriate certificate. The certification authority may check the evidence 502 provided by the consumer 95, or evidence that a third party may provide, and issue the digital certificate 504 required by the consumer (if the certification authority 500 is satisfied). . This digital certificate 504 is not only controlled by the publisher's control set 188a, but also by other rights holders requesting certification of the same facts and other rights holders who have agreed with the trusted certification authority 500 as the certificate issuer. Can also be used for sets.

The certification authority 500 may communicate with the consumer 95 using the secure container 152. This may create and provide a control set 188b with authentication 504. This control set 188b controls some aspects of the use of the certificate 504 (eg, it may not be redistributed and / or modified) and / or handling for issuing further dependency certificates. And define a chain of control (eg, parents empower to issue certificates for their offspring).

Some certification authorities 500 may be represented on behalf of others issuing certifications (eg, in a handling and control chain defined by one or more electronic control sets 188). Distributing the certification authority 500 across a number of different electronic devices has advantages, for example, in terms of efficiency. FIG. 50 illustrates one useful example of this distributed authentication issuance scenario.

FIG. 50 illustrates that the rights holder 164 (and / or the rights and licensing clearinghouse 400) has requested the certification authority 500 (eg, by issuing an electronic control 188a in a secure container 152a), thereby A digital certificate 504 (1) may be issued to a higher education public facility, such as facility 1060. The control set 188a may, in fact, establish the necessary policies and procedures to determine whether a particular facility has been formally licensed. Based on the electronic control 188a and the evidence 502 presented by the facility 1060, the certification authority 500 may issue a digital certificate 504A attesting the formal authorization.

To utilize authentication 504A, students, faculty members, and / or staff at facility 1060 may need to provide additional authentication proving the fact that they are subscribed to facility 1060. Absent. Instead of having the certification authority 500 issue additional certifications 504 for each of the students, faculty and / or staff at the facility 1060, each facility 1060 holding a certification 504A may have its own faculty, staff and / or staff. It may be efficient and / or desirable to issue a dependency certificate 504 (2) to the student. For example, facility 1060 may maintain a current list of all students, undergraduate faculty, and employees. Instead of requiring the certification authority 500 to issue a separate certificate 504 (1) to each of the students, faculty and staff of the facility 1060, the facility may assume this responsibility itself.

For example, facility 1060 may choose to operate its own distributed certification authority 500A. In certain examples, the certification authority 500 may issue an electronic control 188b (eg, subordinate to the control 188a issued by the rights holder 164). The electronic control 188b may, for example, provide the facility's certification authority 500A with certain restrictions (e.g., proving a restricted universe of facts such as "this person is publicly associated with the facility 1060"). Delegates authority and responsibility for issuing subordinate certificate 504 (2). The subordinate certificate 504 (2) may be, for example, a certificate 504 (1) that states that a particular person is associated with the facility 1060 and has an appendix stating a particular deadline date (eg, at the end of the current semester). Can be a copy. The institutional certification authority 500A then issues such a subordinate certificate 504 (2) to each faculty member, student, and staff member on the current directory.

@Recipients of certificate 504 (2) may require yet another certificate 504 (1) to prove their identity. This is because the certification authority 500A proves the fact that a particular unique person has joined the facility 1060 (but does not prove that the particular recipient of such certification is that person). This is because 2) is issued. The recipient may need to obtain this additional “identity” certification 504 (1) from a government operated certification authority 500 (eg, a state or federal government).

The rights holder 164 (and / or the rights and licensing clearinghouse 400 (not shown)) issues a control set 188c to the digital property 166. Digital properties 166 provide other benefits to those who allow discounts or provide a valid digital certificate 504 combination that proves to be a member of the "Authorized Higher Education Institution" class. . Each of the students, undergraduate faculty, and staff at facility 1060 that received certificate 504 (2) may take advantage of these discounts and other benefits. FIG. 50A illustrates how such different digital certificates may be used to support authentication conditional controls 188 (ie, a set of controls in which an element relies on the presence and absence of a certificate 504 to prove certain facts). Is shown.

In this example of FIG. 50A, one or more control sets 188c include, for example, a number of individual controls 188 (1)... 188 (N) adapted to the same digital property 166 or group of properties. Control 188 (3) provides additional and / or different rights to all students, faculty and staff of Stanford University. In the example shown in FIG. 50A, multiple certificates may be used together to provide the requested certificate. For example, the authentications 504 (1), 504 (2), and 504A shown in the example of FIG. 50 are used together, and a particular person uses a discount provided to students, undergraduate faculty, and staff of a higher education public institution. Make it possible. For example:
Authentication 504 (1) may prove the fact that the particular person John Alexander is what he says himself.

Another certification 504A may prove the fact that Stanford University is a higher education public institution.

Another certificate 504 (2) may prove the fact that John Alexander is a student at Stanford University in the current semester.

そ れ ぞ れ Each of these various certificates 504 may be issued by a different certification authority 500. For example, one certification authority 500 (eg, operated by a government entity) issues a certification 504 (1) that authenticates the identity of the consumer, while another certification authority certifies 504 regarding the student's status. (2) and the third certification authority may issue a certificate proving the fact that Stanford is a public university (see FIG. 50).

As a further example, the control set element 188 (1) shown in FIG. 50A may provide certain benefits for California residents. That condition can be satisfied by the consumer presenting a digital certificate 504 (3) that authenticates their residence (eg, with an “identity” certificate 504 (1)). The additional permission 180 (N) shown in FIG. 50A may be satisfied by presenting a certificate 504 (5) that indicates U.S. citizenship. A given person is resident or works in one or more jurisdictions (eg, in a particular city, state, country, or other political unit)-so that unit sales, income, or other taxes are not Such certifications 504 (3), 504 (4) that prove that they are subject to imposed or certain administrative fees) are particularly useful for intrastate and / or international trade. For example, the certification authority 500 may issue a certificate 504 to the financial clearing house 200 in the UK. This certification 504 is a control set distributed by the rights and licensing clearing house 400 that specifies that only the rights holder and / or the UK financial clearing house 200 are authorized to accept payments in pound sterling. 188 can be used. If the clearing house being used has the appropriate UK certification, only consumers who wish to pay in pound sterling will be able to complete the payment transaction. And if you reduce the burden of deciding which transactions of your provider are taxable in the UK and which transactions are not taxable in the UK, this UK clearing house can pay the appropriate UK tax.

FIG. 50A also illustrates a further authentication 504 (4) that authenticates that a person is married to another person. To use authentication 504 (4), it may also be necessary to present a first authentication 504 (1) that authenticates the identity. Such certification, which establishes a relationship between individual people or a relationship between people and an organization, is useful, for example, when a member of a family makes available the certification of a member of another family (eg, A person can benefit from the certificate of his or her spouse's or his parents' authentication).

FIGS. 51A-51D show examples of the detailed format of various digital certificates 504. FIG. The digital authentication 504 (1) in FIG. 51A can authenticate that a certain person is a person who claims to be himself. This authentication 504 (1) may include, for example, the following.

・ Field 560 (1) representing the name of the person
A field 560 (2) for specifying the date of birth of the person
A revocation field 560 (3) that specifies when the digital certificate expires
A public key 560 (4) corresponding to the person's public key, an ID code 560 (5) (which may be a hash of the public key field 560 (4) in this example).
Checksum field 560 (6) that provides error checking capability

The $ digital certificate 504 (1) is encrypted by the certification authority 500 in this example using the private key of the certification authority of a public key-private key cryptosystem pair such as RSA or El @ Gamal. The public key corresponding to the certification authority 500 can be publicized (eg, by distributing the public key in a publicly accessible site on the World Wide Web or in a widely distributed context). Alternatively, it may never be exposed outside of the confidential and protected processing environment 154. In either case, the successful decryption of the digital certificate 504 (1) reveals the original, clear textual information, and provides a high degree of assurance that the digital certificate was issued by the certificate authority 500 (certificate authority). Assume that the private key has not been compromised).

Revocation field 560 (3) is useful because those who skip checking the revocation list have at least some assurance that the authentication is good if the authentication must be updated periodically. The expiration date field 560 (3) provides additional protection by ensuring that the certificate does not last forever, and allows the certificate authority 500 to use different pairs of encryption keys, for example, to comprehensively integrate the authentication process. And give credit. Changing the key pair of the certification authority 500 reduces incentives for those who break a given key. This is because the amount of information protected by the key is limited, but the unauthorized use of a broken key is only valid for a limited time. In addition, unexpected mathematical progress (currently) will render some unused cryptographic algorithms useless. This is because cryptographic algorithms rely on computations that cannot (at present) be treated theoretically. If a new algorithm is used for the reissued certificate by the built-in mechanism for changing the key of the certification authority 500, the effect of such a failure is limited to a certain period. Alternatively, at the expense of additional decryption time, this danger can also be addressed by using multiple asymmetric key pairs generated according to different algorithms for the signature and valid key.

51B, 51C, and 51D show different types of information (for example, the specialty certificate field 560 (7) for the authentication 504 (5), the address field information 560 (8) and An example of a further digital certificate including a student certificate field 504 (9) in the case of a student certificate 504 (2) is shown. These certificates 504 (2), 504 (3), 504 (5) are related to the identity certificate 504 (1) via the common ID field 560 (5), and both the identity certificate and the independent certificate are , Generally may need to be presented together.

FIG. 51E illustrates how an exemplary digital certificate issued by one certification authority may be used in conjunction with a trusted database by other certification authorities to provide another certification. For example, the certain certification authority 500A confirms the valid user identity and creates the identity certification 504 (1) shown in FIG. 51A. The user can submit this identity certificate 504 (1) to another certification authority 500B. Another certification authority 500B has a people and / or organization database 554a with particular attributes. For example, certification authority 500B may be operated by a specialized agency that maintains an internal database 554a. The certification authority 500B trusts the contents of the internal database 554a because the certification authority 500B maintains and maintains the contents of the internal database 554a.

By comparing the identification information in the authentication of FIG. 51A with the contents of the trusted database 554a, the certification authority 500B can perform the authentication of FIG. 51B without requesting physical evidence from the owner of the authentication of FIG. 51A. Can be issued. This solves the important problem of requiring the user to "show up" whenever the user requires highly trusted authentication, and enables the second authentication generation process to be automated. .

FIG. 51E shows that the certificate 504 (2) issued by the certificate authority 500B is based on a lookup of the certificate authority 500C itself in a trusted database 554b (according to the identity certificate 504 (1)). Indicates that 500C may be a good basis for issuing additional certificates 504 (3).

Another example could be a corporation that is organized in the jurisdiction of the Secretary of State and certifies identity to the Secretary of State. If the company grants samples to handle hazardous materials, the company will certify its identity 504 (1) from the Secretary of State (in this case including certification authority 500A) with the hazardous materials. May be submitted to an agent (certification authority 500B) that is currently entitled and authorized to handle the company and is responsible for maintaining the company's database 554a. The certification authority 500B may then issue a certificate 504 (2) that proves this fact, if desired, entirely by automation.

At the time of authentication to allow a participant to act as agent of an entity, one or more participants having a particular relationship with one or more participants of a particular value chain or other participants Participants need to be authorized and perform the duties of a representative of the set of participants. For example, a party may wish to work based on an affiliation or approval from a joint venture of which it is a member. Alternatively, all participants in a particular value chain may need to serve as a whole for the value chain. Each participant receiving such approval from an entity may need to be approved and perform the duties from that entity.

The present invention provides for any "authorized" participant to use the same or different authority, optionally using a digital certificate 504, and to exercise the defined authority under controlled use conditions. It provides a mechanism by which a "virtual entity" can be created. More specifically, digital certificates issue each participant of a virtual entity the authority to act as that entity. The duties are performed within the limits of the terms of use and even with any results specified in the terms of use specified by the electronic controls associated with the container.

FIG. 51F shows an exemplary electronic container 152 containing the following information. A value 564 identifying the "virtual entity", a signature 566 (1) -566 (N) (one for each member of the entity), other information belonging to the entity 568, a digital certificate 504 (1) -504 (N ) (One for each member of the entity), as well as control information 188 and value 564 specifying authority (eg, rights or permissions) and "conditions of use" provide an identifier that uniquely identifies the entity. An “other information” field 568 may provide further information about the entity (eg, the name of the entity, the name and address of each participant, the expiration date on which the entity will exist). The signatures 566 (1) -566 (N) are like signatures of the agreement of the alliance. Each member of the virtual entity agrees to be a member of that :, with his "signature", and agrees to the terms and conditions granted to each participant.

The container 152 in this example further includes an electronic control set 188 that describes the conditions under which the authority can be exercised. Control 188 defines the authority granted to each of the participants. Controls 188 include (in this example) conditions or restrictions for exercising these privileges. Control 188 may grant the same authority and / or terms of use to each participant. Alternatively, control 188 may provide different privileges and / or terms of use for each participant.

{Control 188, for example, authorizes each participant of the virtual entity to act as the certification authority 500 on behalf of that entity. In this particular example, control 188 permits each party to the virtual entity to create a certificate on behalf of that virtual entity. Authorization is performed within the restrictions of the use conditions and with the results specified in the use conditions specified in the control. As mentioned above, the right to grant a certificate is only one example. Any type of electronic right or permission may be granted based on any type of electronic usage conditions.

FIG. 51G is one exemplary process for creating the container 152 of FIG. 51F. In this example, the parties to the virtual entity may negotiate control information to manage the collective activity, based on, for example, the electronic negotiation techniques shown in Ginter et al., Patent specifications FIGS. 75A-76B (FIG. 51G, block 570). . The resulting control information 188 may specify "conditions of use", such as the rights that can be exercised by each participant at the entity, and the limitations (can be defined on a per-participant basis) imposed on each of these rights. .

The participant \ Initiating \ Issueance of the digital container 152 (actually, the protected processing environment of the participant (Protected \ Processing \ Environment) 154) may be selected and used as a random value as the entity identifier value 564 (564). FIG. 51G, block 572). The participant's PPE 154 may then create authentication information for the virtual entity by associating the entity identifier value 564 with other information 568 (FIG. 51G, block 574). The participant's PPE 154 may then sign the virtual entity credentials and indicate the participant's consent to be part of that virtual entity and the terms of use of the control information 188 (FIG. 51G, block 576).

The participant's PPE 154 then creates an electronic container 152, identifying therein control information 188, virtual entity authentication information 564, 566, 568, and an encryption key that the participant can use to exercise its rights. Enter the participant's own authentication 504 (FIG. 51G, block 578). The participant then determines whether the participant still needs to be added to the entity authentication (FIG. 51G, block 580). If yes, the container 152 is sent to other participants of the virtual entity (FIG. 51G, block 582) and is accessed and confirmed by the next participant (FIG. 51G, block 584). 586). The next participant also signs the virtual entity authentication information by adding a signature 566 (2) to the list indicating that they also agree to control 188 and their participation in the virtual entity (FIG. 51G). , Block 588). This new information is used to add to and / or exchange entity authentication information 564, 566, 568 (FIG. 51G, block 590). This next participant also adds its own authentication 504 (2) to the container 152 (FIG. 51G, block 592).

Steps 580-592 may be repeated until container 152 is signed by each participant in the virtual entity (if NO, exit decision block 580). The completed container 152 is then transmitted to all participants (FIG. 51G, block 594).

FIG. 51H illustrates an exemplary process that a virtual entity participant may use to exercise authority on behalf of a virtual entity based on the controls 188 shown in FIG. 51F. The exemplary process of FIG. 51H is performed by the participant's protected processing environment 154 based on the request. The participant's protected processing environment 154 writes an audit record (FIG. 51H, block 594A) and evaluates the request using the usage conditions identified by the control 188 (FIG. 51H, block 594B). If the request is granted by the control 188 (if yes, exits block 594C of FIG. 51H), the participant's protected processing environment 154 accesses the virtual entity value 564 from the container 152 ( (FIG. 51H, block 594D), using the control information 188 associated with the usage conditions to execute the request and produce the appropriate result (FIG. 51H, block 594E). In one example, the participant's protected processing environment 154 acts as the certification authority 500 on behalf of the virtual entity by issuing a digital certificate 504. Issuing the digital certificate 504 means that the digital certificate is digitally signed by encrypting the entity identifier value 564 with the encryption key corresponding to the participant's own certificate 504 included in the container 152 and newly signing. To create the digital certificate part of the issued certificate. This example then writes out additional audit information 594H and reports on the actions taken.

If the requested operation is not allowed by control 188 (FIG. 51H, "No" exits decision block 594C), the FIG. 51H process in this example determines whether the error is fatal (decision). Block 594F). If the error is fatal ("yes" exits decision block 594F), the process disables further use of the information in container 152 (block 594G) and writes out more audit information (block 594H). ) And stop (FIG. 51H, block 594I). If the error is not fatal ("No" exits decision block 594F), the protected processing environment 154 writes additional audit information (block 594H) and may end this task (FIG. 51H, block 594I). ).

プ ロ セ ス There are a variety of different uses for the processes and techniques shown in FIGS. 51F-51H. As an example, assume that a first publisher publishes a derivative work that includes its own content and content provided by a second publisher. Two publishers may form a virtual entity, which allows the first publisher to act on behalf of that entity. But it depends only on the terms of use agreed and agreed by both partners. For example, the second publisher may have the first publisher republish the second publisher's content and extract and anthologically edit the content by the consumer 95 (provided that the consumer is a virtual publisher). Presenting the appropriate certificate 504 issued by the entity, the virtual entity may happily authorize (if the consumer proves that the consumer is allowed to exercise that right). For example, only special applicants with certain characteristics may be eligible to receive authentication 504. In the technique described above, the first publisher can issue a certificate 504 to the applicant on behalf of a virtual entity that includes both the first publisher and the second publisher. The second publisher is a confidant, as the first publisher is negotiated by both publishers and can only issue certificates in accordance with the terms of use agreed upon.

Another example is a manufacturing process involving multiple participants. The terms of use provided by control 188 may permit participants of any value chain in the manufacturing process value chain to perform certain activities on behalf of the entire value chain. For example, a material manufacturer, a finished goods supplier, and a shipping company that transports materials between them may form a virtual entity. The virtual entity may then submit the control set to the trading authority. The control set describes a process that states that all three participants work together. As a simple example, for example, a control set created according to the usage conditions applicable to their virtual entity allows for a unified representation of material requirements, a finished appearance and a delivery schedule.

In another example, a semiconductor company, a system integrator, and three different software providers may form virtual entities that support the semiconductor company's chip design, simulation, and design inspection applications. In this example, a certificate may be issued to each company that is an entity of this example, and to a particular individual of each company. Rules and controls negotiated between companies specify who has access to the software application and associated database and who can make modifications to the software and / or data. In this way, the semiconductor company can authorize access to external contractors and / or providers and specific individuals representing these external companies. These individuals may be granted sufficient access only to solve typical problems and to perform system maintenance tasks. Further, these individuals may be granted additional rights (approvals) for a limited period of time, access to certain executables and / or data for resolution not included in the default permissions. Solve certain problems that require.

The virtual entity feature of the present invention presents, in part, extensions built on the handling chain and control techniques disclosed in Ginter et al. For example, the authentication created in accordance with this aspect of the invention may take advantage of the capabilities of the VDE handling and control chain to manage the authentication chain.

Secure Directory Service FIG. 52 shows an example of a secure directory service trading utility system 600. Secure directory services securely provide electronic directory information and / or other directory information, such as names, addresses, public keys, certificates, and the like. Transmitting such information securely (in a preferred embodiment, via a virtual distributed environment (VDE)) prevents eavesdropping, ensures confidentiality, and enables critical participant interaction effectiveness. By providing critical infrastructure support.

More specifically, a secure directory service provided in accordance with these inventions may provide the following exemplary beneficial features and functions.

Provide secure and reliable directory information based on various different parameters including various classification information.

Securely providing electronic addresses and / or other communication paths of consumers, content providers, clearinghouses and / or other parties based on name, function, physical location and / or other attributes. sell.

• Provide public keys and / or certificates of consumers, content providers, clearinghouses and / or other parties based on, for example, name, function, physical location and / or other attributes.

Efficiently manage and / or automate the reliable communication of requests and responses in secure containers while protecting and, where appropriate, hiding identity-related information.

Rules and controls to ensure {secure containers and content integrity and non-reputability}.

Receive approval from a secure chain of handling and control embodied in an electronic control set.
Distribution of secure directory service functions across a network or other system (eg, any consumer and / or other value chain participant nodes may use one or more other VDEs described in the Ginter et al. Patent specification) Is a potentially decentralized secure directory service that initiates direct transactions with its participants and its own secure directory service.)

Approve and provide services to one or more distributed secure directory service secondary clearinghouses or in conjunction with one or more distributed secure directory service secondary clearinghouses. The operation of one or more distributed secure directory service subordinate clearinghouses may be performed within a company or government agency and / or by distributed senior directory service authorities and / or other authorized secure directory service functions across systems or networks. It may be located logically and / or physically anywhere, such as within one or more jurisdictions and / or a serving @ subset of the overall business concentration area.

• Every consumer and / or some or all other value chain participant nodes potentially provide a secure directory service authority that provides naming and related services and functions within the context of the entire naming service network. Can be supported. The context of the entire naming service network includes one or more other participant internal operation nodes and all activities utilizing VDE technology where appropriate, as elsewhere in this list.

• Hierarchically organized and may represent responsibility and operations for secure directory services for a subset of all directories based on name, function, physical location and / or other attributes.

It can be organized hierarchically, for example providing a directory of directories;
• The responsibility for the directory service can be distributed in different ways for different trade models and / or activities and / or value chains, and one or more parties may be more hierarchical than other parties, for example in one or more instances. It can be organized hierarchically, peer-to-peer or in a combined manner, so that it can be more sophisticated in nature and hierarchically equivalent or lower in one or more examples. That is, the relationships between participants are programmable and may set (and later modify) one or more desired specific directory service locations for a given trading activity, value chain and / or model.

FIG. 52 illustrates an exemplary secure directory service 600 from a process perspective. In this example, secure directory service 600 keeps track of directory information associated with consumers, value chain participants, and / or electronic devices, and provides this information securely based on qualified requests. Archive. In this example, the secure directory service 600 may provide the following functions.

・ Database management 606
・ Database search / readout 608
・ Database replication 610
・ Database propagation 612
• Confirmation 614 and • Approval 616

The database 606 may be accessed by a search and retrieval engine 608 that takes the input information provided to the consumer as a source and uses that information to retrieve relevant records. For example, secure directory service 600 may receive personal, organizational, service and / or device identity 618, electronic address 620, authentication 622, and / or key 624. This information may be stored in database 606.

In response to request 602, secure directory service search and retrieval engine 608 accesses database 606 to have additional information (eg, an individual or institution email address, an individual's public key, an email address). The identity of a person, the identity and address of a person with a certain public key).

In addition, secure directory service 600 may return access controls, audit requirements, and the like. For example, a user may be required to present a valid certificate (eg, authentication 504) for accessing an entity's internal email address. The predefined information fields known to the database 606 may be all visitors (eg, office locations or specific employers, their home directories on a company server, etc.), or the physical address of the consumer. May be available to those presenting a certificate 504 issued by a consumer serving as their own certification authority 500, but not to others. This control may be specified in a secure container that carries information to the secure directory service 600.

情報 Once the requestor is given the information, the person is required to use the information only in an approved form. For example, the person may be able to use the information to formulate the email message, but will not extract the physical address for the mailing list. This restriction may be enforced by control 188b, and secure directory service 600 correlates with the information provided.

As shown in FIG. 53, in addition to the secure communication facility 626, the secure directory service 600 may provide a database 606 and a search and retrieval engine 608. The architecture of the secure directory service 600 may be based on FIGS. 12 and 13 in the disclosure of the Ginter et al. Patent.

FIG. 54 illustrates an exemplary secure directory service process that may be performed by the secure directory service 600. In this example, sender 95 (1) wants to send a message to recipient 95 (2). The sender and the recipient can be the electronic device 100 owned by a consumer, a clearing house, or the like. Sender 95 (1) sends address request 602 to secure directory service 600, which provides some information and requests other information. In response, secure directory service 600 provides the requested information to sender 95 (1). Sender 95 (1) may use that information to send a message to recipient 95 (2). In this example, both address request 602 and response information 604 are maintained in secure electronic container 152 to maintain the confidentiality and integrity of the request and response. In this way, for example, an outside eavesdropper cannot determine who the sender 95 (1) wants to communicate with or what information is needed to make the communication. The directory response cannot be "fooled" to direct the requested message to another location. In addition, as described above, directory service 600 may include controls 188 and / or requests along with its response, or request controls 188 as part of its input.

Trading Authority 700
FIG. 55 illustrates an example of a trading authority trading utility system 700. These inventions also enable a secure "trading authority" ability to provide the following general features:

Verifying, authenticating, and / or auditing the safety of events in a multi-event transaction or process handling and control chain (including, for example, acknowledgment, including, for example, non-repudiation purposes).

-Secure storage, validation, authentication, and / or distribution of control sets (including, for example, authorization and, for example, non-rejection purposes) in a chain of handling and control of multi-event transactions or processes

Issue requirements for any or all transaction steps and / or process steps.

-Participate in inter-control methods and models that utilize distributed, automated events, if desired (e.g., for distributed computation, process management, EDI, currency referencing, etc.). Actively participate in transactions or processes (including, through management, supervision, mediation, arbitration, initiation).

Steps and / or transit paths may be authenticated, including authenticating the appropriate routing of electronic information via a trading authority telecommunications switch adapted to authenticate certain information, the authentication being the required route And / or authenticate that transmission of such electronic information has complied with certain contracted rules and controls. For example, certain contracted rules and controls may obtain certain archived information and / or do not exceed a budget, and / or other limitations and / or restrictions, such as: The number of information containers, the value of the electronic currency contained in the currency container over a period of time, the amount of funds entrusted in purchase orders, the appropriate ordering authorities, etc.

The trading authority may simply be a secure, attentive bystander and certifier to e-commerce and / or trading steps (over a series of trading steps), and the trading authority may provide secure multiple-party electronic They may be secure promoters of commerce and / or trading authorities may actively and directly participate in e-commerce.

More specifically, trading authorities in accordance with these inventions may provide the following advantageous features and / or functions.

• Secure and confirm event notification information suitable for chaining multi-stage transactions and / or handling and control processes.

• The chain of handling and control of required transactions and / or process steps, based on components that represent elements of a business process, can be enhanced, along with its certification or verification requirements. Here, for example, each of the one or more trading authorities authenticates and / or establishes one or more specific events at one or more steps "locations" in the trading sequence.

For example, the entire transaction control set may be formed from a number of separate sub-control sets contributed by a number of different participants.

Utilize reciprocal methods for coordinating requested trading events, including, for example, a series of events between value chain participants.

Receive approval from a secure chain of handling and control embodied in the electronic control set.

Intervene to actively manage the chain of transactions and / or handling and control processes.

• Coordinating the chain of workflow and / or handling and control processes and / or other business processes.

• Trusted, including authentication and / or verification steps in decentralized information, EDI, financial transactions, and / or trade system value chain activities that greatly enhance the security of decentralized rights management. Also, it can provide automatic and efficient management based on a secure and distributed electronic trading environment. Such security may match or exceed the security available in a centralized, online trading model.

得 る Manage at least some of the transactions within and / or between value chain participants (eg, organizations, private consumers, virtual groups).

Identify and / or monitor the status and outcome of satisfaction with atomic transactions, at least in part through the use of rules and controls.

得 る. Oversee what is happening (eg, by using an inference engine and / or expert system) based on error conditions and / or transaction profile analysis.

It may provide security, routing, prioritization and confidentiality coordination of the negotiation process, where different decentralized stakeholders can work together efficiently through a sensitive and trusted interface.

• Provide notarization, confirmation, authentication and / or delivery of secure documents and / or process controls where appropriate.

• Authenticate steps and / or transit paths, including authenticating the proper routing of electronic information via a trading authority telecommunications switch adapted to authenticate certain information, where the authentication is performed with the appropriate route and The transmission of such electronic information verifies that it has complied with certain contracted rules and controls. For example, certain contracted rules and controls do not exceed budget, or other limitations: the number of "conveyed" information containers in a given period, the value of an electronic currency represented by a currency container over a period of time. The amount of funds entrusted in the purchase order, the appropriate ordering authority, etc. are issued to meet the requirements for receiving such authentication or proof at the node receiving such routed information.

Decentralized authority functions over a network or other system (e.g., any consumer and / or other value chain participant node potentially starts at least partially its own authority functions) A usage clearing service, wherein the participant node may communicate usage information directly with one or more other participants), rules and controls, and described in the patent specification of Ginter et al. According to other VDE technologies that have been implemented.

Provide electronic or other arbitration, mediation and negotiation services.

FIG. 55 illustrates a specific example of a trading authority 700 in terms of overall functionality. Trading authority 700 provides, among other things, a security audit facility that maintains the current state of all transactions or processes based on event notifications received from trading participants.

In this particular example, trading authority 700 performs the following functions.
・ Event notification collection 730
・ Effective event database management 732
・ Requirement generation 734
・ Safety verification audit 736
・ Report 738
・ Notification 740
・ Reply 742
・ Propagation 744

In this example, trading authority 700 receives a notification that an event has occurred in the form of event notification 748. The event notification 748 may be transported to one or more secure electronic containers 152. The event notification collection process 730 may collect these event notifications 748 and store them in a valid event database 732. Trading authority 700 may generate further notifications 748 'based on its valid event database 732, and a response indicating the current state of the transaction or process in response to request 752 and / or based on other requirements. 750 may be issued. In addition, trading authority 700 may generate and output an audit record 754 indicating progress and status of the transaction or process based on the contents of its valid event database 732 analyzed by audit function 736. Trading authority 700 may also issue report 756 based on its reporting function 738. Valid event database 732 may be a distributed event notification database, in which case reply process 742 and propagation process 744 may be used to maintain and update data in a distributed manner.

Another key function of the trading authority 700 in this example is to issue new or modified event requirements 758 that can be used to control or influence the entire process or transaction. That is. Trading authority 700 may receive control set 188, price and permissions 188 ', event flow requirements 760, and / or process routing requirements 762. Event flow requirements 760 and process routing requirements 762 may be specified in one or more control sets. In response to this information and the contents of the valid event database 732, the trading authority 700 uses its requirement generation process 734 to create a new or modified event requirement 758. The trading authority 700 may also create a new or modified control set 188 "and a new or modified price and / or license 188" ". Trading authority 700 may use financial statements 764 as input to its security audit function 736.

FIG. 56 shows an example of the architecture of the trading authority 700. In this example, trading authority 700 (which may be based on the VDE Rights Operating System (ROS) architecture shown in Ginter et al., FIGS. 12 and 13) includes a secure communication facility 770, a database and transaction processor 772, process control logic 774, routing tables 776 and an adaptive control set database 778. These functions can be performed by methods at one or more control sites). In addition, trading authority 700 may also include a document notary 780 that includes a seal generator 782, a digital timestamp generator 784, and a fingerprint / watermark generator 786.

The secure communication facility 770 allows the trading authority 700 to communicate over the electronic network 150 in a secure manner (eg, by the secure electronic container 152). The database and transaction processor 772 performs most of the process shown in FIG. The adaptive control set database 778 may perform a valid event database function. Routing table 776 may be used as part of requirement generation function 734 to route the appropriate message to the appropriate entity.

Process control logic 774 may include an inference engine or expert system used to handle error conditions that are not completely expected or specified by event flow requirements 760 and / or process routing requirements 762. Process control logic 774 may operate based on rule-based principles, fuzzy logic, neural networks, or some or all of these, or other methods of process control logic. Process control logic 774 determines the next event that will occur within the entire transaction or process.

Document Notary 780 provides a document generation that is proven, for example, attaching digital seals and / or stenographic information to the exported and / or digital document.

FIG. 57 illustrates an example of a trading authority process. In this simplified process, the trading authority 700 may be an internal entity of the company that is used to audit and oversee the entire product delivery process. In this example, the consumer 95 issues a product order 788. This order 788 is received by the order receiving department 704. The order receiving section 704 issues an order event 710 to the trading authority 700. In response to this order event 710, trading authority 700 may issue rules and / or requirements in the form of one or more control sets 188 that specify how order department 704 handles the order. These rules 188 specify, for example, a set of chain and procurement departments 709A, warehouses 709B, shipping companies 726, and a procedure that oversees the activities of the payment collection department 709C. Rules 188 may be sent from one department to another, which is secure electronic container 152, and specify the requirements of the transaction and the overall process flow that will occur. Each department then sends a safety control 188 to the next department, via the rules themselves and / or routing supervised by the trading authority 700. Each department may also issue event notifications 748 alerting trading authority 700 of the current status of all processes. The trading authority 700 may store this status information in its secure enabled event database 732 for auditing purposes and / or to allow the trading authority to proceed to the next step in the process.

Trading Authority 700 uses the interaction models shown in FIGS. 17E-1 through 17E-4, for example, to interact with ongoing transactions or processes. A particularly useful scenario for trading authority 700 is managing the processes performed by multiple parties, such as joint ventures or companies that address other common objectives. In this type of business scenario, multiple companies may work towards a common overall goal, but for example, have their own internal objective of protecting their own sensitive business secrets. May have. Trading authority 700 can be used as an independent third party intermediary / mediator, without requiring any company to disclose detailed process information to anyone other than trading authority 700. Coordinate activities between multiple companies.

For example, trading authority 700 may generate a control set that specifies event flows and / or process routing requirements 758 and / or control sets 188 that mean different things in different contexts. As one example, a control set issued by trading authority 700 may cause one company to perform one step and another to perform another step. At this time, each company does not know that a particular step or series of steps is being performed by another company. As such, trading authority 700 may develop a control set 188 that may be used to provide only partial disclosure between persons acting as different individuals or companies.

FIGS. 58A and 58B illustrate examples of steps and processes performed by a trading authority 700 that is “atomic”. In this example, trading authority 700 serves something similar to a football team coach. By accepting the skill sets and requirements of each individual "player" and linking them together into an overall "game plan", the trading authority 700 will allow any number of Value chain participants can be relevant.

In this example, each value chain participant 164 (1),... 164 (N) of the process managed by the trading authority 700 identifies the participant's own business requirements, restrictions, and processes for the transaction or 188 (N) to manage (FIGS. 58A and 58B, block 750). These individual control sets 188 (1), 188 (N) specify how each individual participant plays its part. Each participant 164 (1),... 164 (N) knows their role in the overall transaction, but does not know what role others are playing, or I don't know for sure how to form a "team" of participants. As such, the personal control set 188 (1), 188 (N) typically describes only the secondary transactions and cannot take into account the overall transaction.

The trading authority 700 also receives another control set 188X that summarizes the control sets of the various participants and specifies how to link them with the overall trading process with requirements and limitations (FIGS. 58A and 58B). , Block 752). This overall transaction control set 188Y specifies how to resolve conflicts between sub-trade control sets 188 (1), 188 (N) provided by individual participants (this is for example Ginter The disclosures of these patents may relate to the electronic notarization process 798 shown in FIGS. 75A-76A). The trading authority 700 combines the participant's individual control sets-tying them together with additional logic to create an overall trading control superset 188Y (FIGS. 58A and 58B, block 752). The trading authority stores the resulting superset 188Y in local storage (FIG. 58B, block 754). This overall control superset controls how the trading authority 700 processes events and performs "atomic" trading.

す る と Upon receiving an arrival event that requires processing (FIG. 58B, block 756), trading authority 700 may activate overall trade control superset 188Y (FIG. 58B, block 758). The trading authority 700 may then communicate a corresponding mutual control set corresponding to each part of the overall trade control superset 188Y to each participant in the trade, thereby enabling each participant to communicate with the superset. (FIG. 58B, block 760). Alternatively, when each participant in this example provides its control set 188 (1), 188 (N) to the trading authority 700, each participant may establish an inter-control set that can communicate with the control set that the participant has sent to the trading authority 700. maintain.

Trading authority 700 may begin monitoring the received event using the activated control superset (FIG. 58B, block 762). If the arriving event is not an error condition ("N" exit of decision block 764 in FIG. 58B), then trading authority 700 determines whether the event is an indication that the atomic transaction has been completed (FIG. 58B). , Block 765). If the atomic transaction has not been completed (“N” exit of decision block 765 of FIG. 58B), control returns to block 762 to monitor the event. If the atomic transaction has been completed (“Y” exit at decision block 765), trading authority 700 determines that the transaction has been completed (block 774 of FIG. 58B).

If the arrival event is an error condition ("Y" exit of decision block 764 of FIG. 58B), trading authority 700 processes the error event in control superset 188Y (FIG. 58B, block 766). If the error is not critical (FIG. 58B, decision block 767, "N" exit), then control returns to block 762 to wait for the next event notification to arrive.

と き に は When the error is critical (FIG. 58B, decision block 767, “Y” exit), trading authority 700 may invoke a critical error handling routine (FIG. 58B, block 768). Severe error handling routine 768 may attempt to resolve the error based on rules in control superset 188Y and / or interface engine 774, or other process control logic. Such an interface engine or other process control logic 774 may be programmed with respect to the business model of the overall transaction and have sufficient information to select appropriate actions based on error conditions.

プ ロ セ ス The process illustrated in FIG. 58B can be nested. For example, a sub-transaction defined by one "participant" may itself be an atomic transaction based on contributions from multiple participants, all of which may be the same or different transactions. It is managed by the authority 700.

Security Checkpoint Trade Utility System The trade utility system 90 can include service functions that can authenticate and / or prove security information, archive services, and the information communicated in a certain manner. The provision of the rejection service can be performed as the “security checkpoint system 6000” (see FIG. 58C). Security checkpoint system 6000

Providing a decentralized, highly efficient and automated audit and archive layer for electronic trading interactions; and increasing the security depth of distributed security environments such as VDE and distributed trading utility layers.
Enable.

This allows the security checkpoint system 6000 to perform security and / or management functions. The capabilities of this trade security system leverage the positive benefits of a centralized security model, such as the ability to have central authorities physically control the processing nodes, to achieve maximum efficiency and flexibility. Evolved into a distributed "user space" model that can support reliable and manageable scalability (the main weakness of centralized systems) and provide the enhanced security benefits of multiple independent security environment layers I do. The latter capability is particularly adapted for sensitive communications where extra security is desired. These security layers are enabled by the required involvement and security processing of the protected processing environment of one or more independent security checkpoints that enhance the underlying distributed security environment.

Information passing through one or more security checkpoint systems 6000 may be used to communicate to information recipients (e.g., a party receiving information in a container) communication and / or security steps prior to receiving the information. Process) can be authenticated and / or verified to confirm that it has occurred. This authentication and / or verification may include, for example, authenticating and / or verifying the routing of appropriate communications through the requested and / or authorized secure processing security chuck point system 6000. Such checkpoints may be, for example, distributed throughout the telecommunications network or "localized" at physical and / or logical locations of the end-user VDE node (see FIG. 58C).

The security checkpoint system 6000 may use telecommunications switches adapted to authenticate and / or verify certain information and processes. For example, the certificate issued by the security checkpoint system 6000 may be that the required routing has been followed, that the required checkpoint has been verified by the assured electronic container with which it is communicated, and / or that such a container or It may be verified that the transmission of other electronic information has been performed in accordance with written rules and controls. For example, such a service may verify and / or certify that certain budgets, other limits and / or constraints have not been violated, and / or that other requirements have been met, and / or Can help to prove.

For example, the security checkpoint system 6000 may determine the number of information containers that have been "transported" within a given time period, included in (or represented by) a given container, and / or for a certain time period. The value of e-currencies contained in multiple containers (very important to reduce improper e-currency activity), as consigned in buy orders, including where appropriate ordering authorities exist Assist in ensuring requirements on financial volumes, etc., including without breaking limits or other constraints. The assessment of such requirements may include, for example, a container (or other digital information) communicated from certain logical and / or physical areas, nodes, node groups, users, or user organizations, and / or other user groups. Communication), which may be related, for example, as the VDE assurance container moves through the adapted one or more telecommunications switches, assured nodes and / or individual users and / or organizations and / or The determination is made by referring to the area recognition information.

These trading utility system "communication checkpoint" capabilities may be provided, for example, by providing one or more "independent" decentralized security "checkpoints" along the telecommunications route, and reliably provided by such checkpoints. By requiring the presence of appropriate authentication and / or verification to be reliably associated with and / or inserted into the container by a process managed by the checkpoint (or group of checkpoints) Providing useful security features by substantially increasing security reliability. This presence is tested by the receiving node to ensure that appropriate authentication or verification processes at least a portion of the contents of one or more classes of the received container, such as by rules and controls. May be required to be present. Such classes of containers may include, for example, specific individuals and / or groups and / or containers and / or container contents having certain one or more specific attributes.

The security checkpoint system 6000 may be "independent" from the end user's virtual distributed environment node from a security perspective. For example, such nodes may use their key processing and their protected processing environment for checkpoint management so that the security branch of the end-user node does not directly provide the security of the checkpoint operation. It may be independent from a security point of view, as it maintains an internal multiple assurance execution compartment and helps ensure that the branches associated with the assurance execution compartment do not have such other compartments.

The security checkpoint system 6000 may also include, for example, the identity of the intended container recipient, the class of the container information, the checksum (checksum) used for future confirmation (eg, non-repudiation) and / or Audit information may be collected, including searching for other information and / or archiving some or all of the contents of the container. Part of this information may be, at least in part, at least one of the container sender, the intended and / or actual container recipients, and / or governmental authorities authorized to access such information. Without the cooperation of, some or many of such information may be encrypted so that it cannot be decrypted.

FIGS. 58C and 58D illustrate “checkpoint security” which provides communication checkpoint security, non-rejection, and archive services within the content of the telecommunications network connecting users 95 (1), 95 (2), 95 (3). An example of the configuration of the trading utility system 6000 is shown. In this example, security checkpoint system 6000 may be part of a telecommunications infrastructure. For example, security checkpoint system 6000 can be part of one or more telecommunications switches or other devices designed to detect voucher electronic container 152, for example, based on the header information it has.

The security checkpoint system 6000 in this example has assurance capabilities to control whether assurance containers 152 sent through the communication infrastructure are allowed to pass, and the routing history of containers within the communication infrastructure. In one example, the controls that operate the protected processing environment of the user 95 (1) may include certain containers 152 (e.g., containers carrying electronic currencies) that may require the security checkpoint system 6000 (or some class of security check). Request to be routed through the point system). Such controls 404 prevent the container 152 or its contents (eg, the currency it contains) from being used unless routed through the appropriate security checkpoint system 6000.

For example, assume that user 95 (1) sends container 152 to user 95 (2) through the telecommunications infrastructure. The infrastructure may detect that the information being sent is a container and may route the container for interception by a security checkpoint system (eg, system 6000 (5)).

After intercepting the container 152, the security checkpoint system 6000 (5) checks the control information in the container to determine whether the requirements for further communicating the container to the user 95 (2) are satisfied. . The security checkpoint system 6000 (5) may send the container to the user 95 (2) only when these requirements are met. Alternatively, the container may be modified so that the user 95 (2) can open it or use the contents of the container in accordance with the container control 404 (the container control 404 may restrict use). Security checkpoint system 6000 may modify at least a portion of container control 404, for example, to add additional usage restrictions.

The example of FIG. 58C shows two “webs” of the security checkpoint system 6000. In this example, these webs may each be (1) a security checkpoint system, and (2) a security checkpoint system 6000 that is certified (eg, by certification authority 500) to be a member of a particular class. Indicates a set.

Here, in this example, “Web 1” indicates a class of the authenticated security checkpoint system 6000 (1) to 6000 (5), 6000 (7), and “Web 2” indicates an authenticated security check system. The classes of the point systems 6000 (4) to 6000 (6) are shown. As an example, "Web 1" security checkpoint system 6000 may be certified to be able to handle containers containing electronic currency 6004.

One of the requirements identified in the control information associated with the container 152 is that a "Web2" security checkpoint system (e.g., system 6000) to enable certain assurance audit functions such as, for example, credit e-currency tracking. (5)). The “Web1” security checkpoint system (eg, system 6000 (3)) may refuse to pass container 152 to user 95 (2) based on these controls 404, or Modification of the container 152 to make it available may be refused.

As a further example, assume that user 95 (2) wants to pass container 152 to another user 95 (3). The control 404 associated with the container 152 may, in this particular example, require that further communication of the container 152 must go through the "Web1" security checkpoint system 6000 (7). This routing requirement may reside in the control 404 provided by the user 95 (1) or may be added by the security checkpoint system 6000 (5) or the protected processing environment of the user 95 (2). .

In the particular example shown, control 404 controls "Web 1" via additional routing that does not include security checkpoint system 6000 (e.g., other types of trading utility systems and / or non-guaranteed telecommunications switches). Security checkpoint system 6000 (7) may allow container 152 to be passed to user 95 (3).

FIG. 58D illustrates an example process performed by an example security checkpoint system. In this illustrated process, security checkpoint system 6000 receives container 152 (FIG. 58D, block 6002) and determines whether the requirements identified by its associated controls 404 have been satisfied (FIG. 58D, FIG. 58D). (Decision block 6004). If the requirements have been met, security checkpoint 6000 may perform a "requirements satisfied" procedure, for example, modifying control 404 to satisfy the above routing requirements (FIG. 58D, block 6006). If the requirements have not been met (FIG. 58D, “N” exit of decision block 6004), the security checkpoint system may perform a “requirements not satisfied” procedure (FIG. 58D, block 6008).

各 Each set of procedures may include, for example, some form of assurance audit. As the security checkpoint 6000 passes through a container 152 containing, for example, electronic currency, the security checkpoint 6000 may record one or more of the following audit information.

-Identification of the sender-Identification of the node of the sender-Identification of the recipient-Identification of the node of the recipient-Authentication on which the currency is based-Other security checkpoints 6000 through which the currency has passed
-Identification of the previous handler of the currency-Date and time of transmission-Date and time of receipt-Currency transfer period-Other assurance audit information

If the security checkpoint system 6000 denies the passage and / or modification of the container 152, the audit including available tracking information, such as: • the name of the sender • the nature of the defect • the intended recipient • other tracking information Reports can be generated. The security checkpoint system 6000 may also notify the sender, intended recipients, government authorities, or other authorities. The security checkpoint system 6000 may further charge, for example, the sender for "failed communications."

The security checkpoint system 6000 may then determine whether additional communication is required (FIG. 58D, decision block 6010). If not, the process is complete. When additional communication is required (“Y” exit of decision block 6010), security checkpoint system 6000 may send container 152 to the next system (FIG. 58D, block 6012). The next system may be an additional security checkpoint system 6000 that performs additional processing (FIG. 58D, blocks 6016, 6004, 6006, 6008).

Example

Example-Electronic Content Distribution Value Chain FIG. 59 illustrates how the illustrated distributed trading utility 75 can be used to support the illustrated electronic content distribution value chain 162. In FIG. 59, for example, author 164 may create valuable works such as novels, television programs, music songs, and the like. The author provides the work 166 to the publisher 168 (eg, in electronic digital form).

The publisher distributes the work to consumers 95 using his own brand, name recognition, and marketing efforts. Publisher 168 may also provide work 166 to content "aggregator" 170, a person who provides customers with access to a wide range of content from multiple sources. Examples of aggregators include, for example, traditional online database services and world wide websites that host content from many diverse sources. Typically, consumers use aggregator services by searching for information related to one or more consumer-defined topics. Aggregator 170 may provide search tools to consumers 95 making their selections.

Aggregator 170 may distribute work 172, including some or all of original work 166, directly to consumers 95. Aggregator 170 may also distribute work 172 to "repackagers" 174. The repackager 174 may, for example, obtain content from several sources for related matters and combine them into a multimedia source, a newsletter publication, or a mixed source product such as a "current awareness" package. Can be summed up. In these services, the repackager selects content and organizes it based on the interests of the audience. Consumers 95 may subscribe to electronic newsletters on particular topics, or consumers may give repackager 174 a short list of topics of interest. The repackager 174 selects relevant information and communicates that information to the consumer. Here, the repackager makes a choice for the consumer.

For example, repackager 174 may be a publisher of a newsletter and may republish some or all of author's work 166 in newsletter 176. Repackager 174 may distribute newsletter 176 directly to consumers 95, or the newsletter may pass through yet another channel. The repackager 174 uses the search engine provided by the aggregator 170 to find documents of interest to the consumer 95 and compiles these documents with both the aggregator 170 brand and the repackager 174 brand. And then send the newsletter to the consumer 95.

The decentralized trading utility 75 may support the value chain of FIG. 59 in many ways. For example,
1. The certification authority 500 can issue a certificate that allows each of the participants in the value chain to identify who they are and to indicate that they are part of one or more specific classes. . For example, author 164 and / or publisher 168 may specify that any authenticated aggregator or repackager is entitled to extract or include work 166 as long as appropriate payment is made. The certification authority 500 can issue a digital certificate 504 that supports the desired business purpose, wherein the certificate is that the aggregator 170 is actually a trusted aggregator and the repackager 174 is a trusted trusted repackager. Certify that As long as the author 164 and / or the publisher 168 trust the security of the overall system 50 and the certification 504 issued by the certification authority 500, they will ensure that the work 166 is not authorized by anyone other than the appropriate types of people they identify. Don't be afraid to be excerpted or assembled.

In another example, the certification authority 500 can issue a certificate 504 to the aggregator 170 or another user. The certification authority 500 can issue the certification 504 to the author 164 or the issuer 168. Authentication 504 establishes that author 164 or issuer 168 agrees that aggregator 170 or another user is authorized to modify permission 404. Authors 164 or publishers 168 may have specific permissions 404 and themselves may be modified only under conditions where "authorized aggregator" authentication is present.

In another example, the certification authority 500 allows one or more user classes to use, for example, content and / or certain parts of content, and / or modify permissions, to the extent that (possible) Certification, which may be limited to certain uses and / or modifications by using certain VDE rules and controls appropriately given by the author or issuer or certification authority (as permitted by such rules and controls) Can be issued.

2. The rights and permissions clearinghouse 400 in this particular example may register the work 166 and issue the appropriate permissions 404 consistent with the permissions and instructions provided by each value chain participant. For example, author 164 can register work 166 with rights and clearance clearinghouse 400 and identify electronic controls 404 that define the rights of all other value chain participants.

For example,
The control set 404 specifies, as one example, that the publisher 168 can distribute an unlimited number of copies of the work 166 for as long as the publisher pays the author 164 a certain amount of dollars for each copy to distribute. .

The control set 404 allows the publisher 168 to allow the consumer 95 to read the work 166 repeatedly an unlimited number of times, but to prevent the consumer from copying or redistributing the work, It can be appreciated that additional controls are added.

The electronic control set can move with the work 166 in the electronic container 152, but can also be provided separately. For example, the rights and clearance clearinghouse 400 may provide, upon request, a control set associated with the work 166 to anyone who requests the control set.

The rights and authorization clearinghouse 400 may maintain different versions of the control set 404 for different classes of users, for example, the consumer 95 may receive one control set 404a, and the aggregator 170 may receive another version of the control set 404a. Having received control set 404b, repackager 174 may have received a different control set 404c. Each of these control sets, if given a "pre-authorization permission" system that makes the widespread use of the work 166 extremely efficient and highly secure, such a control set would be author 164 or other Can be provided in advance by the rights holder. Further, such control sets can be seamless and interact with the VDE distributed template application, and one or more template applications can be used by such distributors of such control sets to participate in such control set participation. (Or otherwise made available). In one particular “super-distribution” business model, the work 166 is distributed as widely as possible, and the rights and clearance clearinghouse 400 allows the particular value chain participant to distribute the work in a particular manner under particular conditions. The task is to provide a current control set 404 that is authorized to use.

3. The clearing house 300 in this particular example may support the value chain by collecting usage information from each value chain participant. The clearing house 300 thereby provides a security audit function, for example, generating a report that tracks how many times work 166 has been used and used so.

In one example, clearinghouse 300 analyzes usage information to determine how many consumers 95 have read the work. The clearing house 300 may, for example, convert the consumption information into various value chain participants that vary in detail and / or the type of specific information to match privacy concerns and the permissible business rights of each party. You can report. As an example, clearinghouse 300 may provide consumer 95 with a detailed report on the use of his or her own particular work 166, while author 164 or publisher 168 may have, for example, Only summary report information may be provided that does not include the consumer's name, address, or other indication identifying the information.

As another example, reports may flow directly from repackager 174 to aggregator 170, publisher 168, and author 164. The report may be sent directly along any logical path or through any party's sequence, and for each party that is acceptable to the value chain and at least enforceable by partial VDE rules and controls. Any mixture of information may be included.

4. The financial clearinghouse 200 in this example provides a guaranteed clearing of financial details of the transaction, ensuring that appropriate value chain participants compensate other value chain participants. As an example, the financial clearinghouse 200 may receive payments from the consumer 95 based on the consumer's use of the work 166, and may share some of the payments with the author 164, publisher 168, and other appropriate values. Chain participants can be properly allocated by an automated and efficient process that is at least partially managed by VDE rules and controls. For example, the financial clearinghouse 200 may mediate with other banks or financial institutions to achieve automated payment transfers and / or manage electronic money maintained throughout the value chain shown. To help. The financial clearinghouse 200 ensures that itself and other trading utility systems 90 are properly compensated for the management and support services they provide. That is, a secure VDE process running within the trade utility system 90 may automatically secure payments to such administrative and support providers.

5. The guaranteed directory service 600 in this example supports the illustrated value chain by facilitating electronic communication between the value chain participants and / or the trading utility system 90. For example, the assurance directory service 600 provides electronic addresses and / or routing information that allows one value chain participant to electronically contact another on request. As an example, assume that consumer 95 wants to obtain the latest version of work 166, but finds that the electronic address of publisher 168 has changed. The consumer 95 electronically contacts the voucher directory service 600, which provides the current address information. Of course, in commercial trade system applications, for example, assurance directory services provide more detailed services for the identification of desired parties, such as other dimension searches of directory resources to identify parties based on class attributes. obtain. The assurance directory service 600 may identify content based on, for example, the type of content and / or rules and controls associated with such content (eg, pricing, acceptable usage parameters such as redistribution rights, etc.). Can also be provided.

6. Trading authority 700 in this example can be used to assist repackager 174 in creating newsletter 176. For example, trading authority 700 may assist in automating the process where a number of different works produced by a number of different authors are all collected and excerpted for publication in a newsletter. The trading authority 700 ensures that the overall current status of the multi-step process is maintained and identifies which steps have been performed and which steps have not yet been performed. The trading authority 700 can, for example, assist in arbitration and mediation between different participants in such multi-stage processes, and in some cases (eg, new instructions or requirements based on errors or other conditions). Aggressively affects or controls the process).

Example-Production Chain Diagram 60 illustrates an exemplary production value chain supported by a decentralized trading utility 75. In this particular example, customer 95 places an order with manufacturer 180 and receives confirmation of the order. The manufacturer may order parts and supplies from a number of other suppliers 182 (1) -182 (N). Supplier 181 (1) -182 (N) may in turn add additional orders or subassemblies to additional suppliers 182 (a1),. . . You can order at Bank 184 may fund supplier 182 based on a copy of the order and a guarantee that the manufacturer will repay the loan. Shipping / warehouse company 186 may provide shipping and warehousing for suppliers and / or end products.

In this value chain, the certification authority 500 and the trading authority 700 can assist in the secure flow of electronic orders, confirmations, delivery times and conditions, and contracts, and also allow each value chain participant to provide the necessary information to other It can also help ensure that the desired degree of tightness can be maintained while exchanging with value chain participants. The clearinghouse 300 may assist in the secure auditing of the overall transaction, tracking of physical and electronic packages between value chain participants, and other use-related operations. The financial clearinghouse 200 may process financial agreements between value chain participants, for example, to assist in coordination between the world of the electronic network 150 of the bank 184 and a paper-centric or other world. The rights and clearance clearinghouse 400 may provide a secure archive for the electronic control 404 that defines some or all of the transactions. Trading authority 700 can also reliably monitor the overall progress of transactions occurring between value chain participants and provide periodic status reports as appropriate to each value chain participant. . In addition, trading authority 700 directs or arbitrates the entire transaction to ensure that all steps and requirements are met. The assurance directory service 600 can assist in routing electronic information between different value chain participants. Of course, as described above with respect to the present invention and as applied throughout the present specification, the VDE chain of processing and control and other capabilities, including rules and controls and secure communication techniques, are preferably Used as a basis for activities.

Examples of How Trade Utility Systems Support Each Other The previously described FIGS. 16A-16E illustrate how different trade utility systems 90 support each other. More specifically, FIG. 16A illustrates that a financial clearinghouse 200 may include, for example, a clearinghouse 300, a rights and authorized clearinghouse 400, a certification authority 500, a guaranteed directory service 600, a trading authority 700, and other financial clearinghouses. It illustrates that one or more other trading utility systems 90, including the exchange 200 ', can be serviced. Under such conditions, the plurality of trading utility systems make up both the virtual clearing house and higher order trading utility systems.

In each example, the clearing house 200 collects funds for support services and deposits these funds into at least one provider account using at least one payment method. The financial clearing house 200 may also provide a VDE audit record confirming the source and amount of funds and the donor account funded by the financial clearing house 200. The financial clearinghouse 200 may assist one or more other support services to establish a provider account and determine one or more account numbers and applicable time periods and conditions. Communicate with one or more support services. Both the request for a support service to the clearing house 200 and its response to the requesting support service are communicated within a VDE-guaranteed container (as previously described) to provide its substantial security. It can be processed at each location by one or more VDE protected processing environments, utilizing confidentiality, a flexible control architecture, and trust. The financial and account information may be provided in the form of a VDE control set and / or may be incorporated into the VDE control set by the financial clearinghouse 200 and / or one or more other supporting services. The financial clearinghouse 200 may serve each other to facilitate further operation and management efficiency. For example, one financial clearinghouse 200 may provide services to another country or to another geographical area. In another example, one financial clearing house 200 may provide another financial clearing house 200 with access to one or more payment methods that are not directly supported by the second financial clearing house 200.

FIG. 16B illustrates that the clearing house 300 may provide services to other trading utility systems 90. In one example, clearinghouse 300 may convert raw data, aberrated data, at least partially derived information, and / or reports into financial clearinghouse 200, rights and authorized clearinghouse 400, certification authority 500. , A secure directory service 600, a trading authority 700, and other electronic clearing services such as clearinghouse 300 '. These other infrastructure services exist for this information for market research for their own services and / or to resell this information, possibly in connection with their own usage information. It can be used as an independent third party proof of the transaction and its details. In one example, the rights and authorization clearinghouse 400 may send reports containing their own information and a combination of information from the financial clearinghouse 200 and the clearinghouse 300, as well as from the guaranteed directory service 600 and the certification authority 500. , May be sold to the publisher. More specifically, the report may include a list of objects registered in the rights and clearance clearinghouse 400 by a particular issuer, rights and requests for updated or additional rights and clearances to the clearinghouse. The total number of clearinghouse 200 revenues for each digital property, the certification authority 500 for the publisher indicating that the user has been authenticated and has obtained a valid application for the publisher's digital work The number of certificates and the number of requests to the assurance directory service 600 for information about the publisher's online website network address may be included. In each case, the support service provided the information to the rights and clearance clearinghouse for binding to this report's publisher.

Example-A distributed trading utility 75 may support the purchase, licensing, and / or lending of digital property. A distributed trading utility 75 may provide significant credit, security, and convenience, for example, when a customer pays for digital information. And efficiency. In addition, the creator and distributor of the information can price this information, in fact any digital property in any digital format, in various formats and in different markets.

FIG. 61 illustrates an example of an information delivery service configuration 1000 in which an information provider 168 provides electronic content for purchase, rental, and / or licensing. In this example, information service company 168 distributes information 166 to several global markets, including individuals. Their market area includes professionals, home office users, small office markets, and medium and large companies and business customers. For example, the provider 168 delivers content in electronic form to home consumers 95 (1), professionals 95 (2) such as lawyers, and companies and other organizations 95 (3). In one example,
-An individual consumer 95 (1) buys three articles 166 (1) from an online encyclopedia by applying for a price.

. Lawyer 95 (2) buys three chapters 166 (2) from a paper on patent law. as well as,

The two product marketing managers of the large company 95 (3) receive the proprietary market research report 166 (3).

Prior to the information delivery transaction, the customer 95 (1), the expert 95 (2), and the company 95 (3) obtain the network address of the information provider 168 or identify the content that the user wants to process. To help, a guaranteed directory service 600 may be used. Subsequently, these parties 95 may send an electronic message to provider 168 requesting the particular information they wish to receive. The provider 168 may deliver this information 166 in a VDE-guaranteed electronic container 152 according to relevant rules and controls 188 that control pricing and permissions. Each party 95 has an electronic device 100 that includes a protected processing environment 154 that performs these controls 188.

Provider 168 may price information differently in different markets. For example,
Expert 95 (2) and small office / home office (SOHO) pay the transaction fee.
Large company 95 (3) pays a mix of subscription and transaction fees (eg, company 95 (3) pays $ 10 per page printed or excerpted from a larger report, and also pays the subscription fee obtain). as well as,
Individual consumer 95 (1) pays a flat subscription fee.

In each of these cases, local, state, and / or federal sales taxes are included in retail prices where appropriate. The payment method may be provided in an electronic control set 188 delivered with the associated content 166 and / or independently in the electronic container 152 (eg, as provided in Ginter et al.).

Financial clearing house 200 ensures that provider 168 receives payment with an approved payment method. Information delivery service 168 accepts a wide variety of payment methods. Certain forms of payment are more popular in some markets than others. For example,
-In the professional, SOHO, and consumer markets, credit (MasterCard and Visa) and charge (American Express) are popular.

Consumers 95 (1) also prefer credit cards, and the use of bank debit cards is increasing.

Large company 95 (3) pays through credit and charge cards, automated clearing houses (ACHs), and Billing and payment through traditional VDE-guaranteed electronic data exchange (EDI) transactions based on the 12 protocol are also used.

The financial clearinghouse 200 makes payments more efficient in several ways. For example, the financial clearinghouse 200 provides the provider 168 with a convenient "one-stop shopping" interface to several payment methods to keep track of at least the account number associated with a given provider.

In this particular example, certification authority 500 may deliver a digital certificate identifying one or more classes of consumers to each of consumers 95. For example, the certification authority 500
Demonstrate that consumer 95 (1) is an individual consumer applicant for information service 1000, and furthermore that the consumer is a registered college student and (for taxation purposes in connection with transactions) One or more certificates 504 (1), proving the resident fact;
A certification 504 (2) that proves that the expert 95 (2) is a licensed lawyer in California; and a company 95 (3) that is organized in accordance with the law and has a certain credit value. One or more certificates 504 (3) proving the fact that they have
Can be delivered.

The control set 188 may activate different payment methods based on the presence of the appropriate digital certificate 504. For example, the control set 188 (1) delivered to the consumer electronics device 100 (1) authorizes the consumer 95 (1) to use each of the three articles 166 (1). The control set 188 (1) may be, for example, a consumer 95 (1) that has other parties that perform certification authority capabilities under authorization from an independent certification authority 500 (or from an information distributor or higher authority). ), The requirement that the consumer 95 (1) must have a certificate 504 (1) proving that it has an unexpired application to the online encyclopedia. For example, this certification 504 (1) is issued by a certification authority 500 (e.g., operated or licensed by the United States government or other governmental entity), where consumer 95 (1) is a United States citizen; It can be used in conjunction with other certifications that prove the fact that you live in the United States and are a valid resident of California.

The individual consumer consumer 95 (1) pays the information provider 168 for an application through a transaction transmitted to the financial clearinghouse 200 in the VDE electronic container 152. The payment transaction involves, for example, sending an electronic container 152 (7) containing rules and controls 188 (4) and audit records 302 (1) to the clearing house 200 and involving the consumer device 100. The audit record 302 (1) includes, for example,
・ Who should pay
-Volume of transactions,
・ Specific payment method (for example, VISA card)
-The applicant's VISA card number and expiration date-the identity of the information applicant, and-the account number of the provider to be paid,
Can be indicated.

The assurance container 152 (7) may also include rules and controls 188 (4) indicating that municipal, California, and United States federal sales taxes should be collected. The financial clearinghouse 200 collects an appropriate sales tax and deposits the funds in an appropriate account. For example, certain funds would be deposited in an account belonging to the appropriate California tax collection agency 1002.

In exchange for payment, the subscribed customer 95 (1) may receive a certificate 504 (1) from the certification authority 500 indicating that she is indeed an applicant and the current expiration date of the application.

Expert Lawyer 95 (2) in this example may be in the UK. He purchased three chapters 166 (2) from patent dissertations using MasterCard, but pays in British pounds instead of dollars. To execute a purchase transaction, lawyer 95 (2) may first be pre-authorized by financial authority 200 to purchase up to 500 US dollars (or equivalent pounds) each month. The preauthorization may be sent from the clearing house 200 to the lawyer's equipment 100 (2) in the form of a budget control 188 (5) in a guarantee container 152 (8). The protected processing environment 154 (2) in the attorney's equipment 100 (3) may be open to the container 152 (8), proving that the budget control 188 (5) is authentic, Control is stored in an associated assurance database maintained by PPE 154 (2).

Upon receipt of the beginning of each of the three chapters 166 (1), the lawyer's protected processing environment 154 (2) may generate an associated audit record, and only the purchase amount available credit in the budget record. Reduce. At the end of the month, or when the $ 500 pre-authorized credit has been fully used, the attorney's PPE 154 (2) will provide the clearing house 200 with all purchases, their amounts, and one of the suppliers to be paid. A warranty container 152 (9) may be sent with an audit record 302 (2) indicating one or more accounts. This supports efficient automation of the clearing process. The financial clearinghouse 200 opens the security container 152 (9), bills the lawyer's credit card account, and pays the bill to the appropriate supplier account.

Prior to the company content transaction, the decentralized corporate clearing house 200A in company 95 (3) operates under the authorization of the financial clearing house 200 while the managers 95 (3) A, 95 (3) B. Send a warranty container 152, a budget record 188 indicating their current approved monthly information and market research budget. The corporate decentralized certification authority 500A (at the same level of trust as certification authority 500 in this example) may also issue a digital certificate 504 (not shown) to company employees.

In this example, each product manager 95 (3) A, 95 (3) B prints the selected portion of the report and the budget on his or her local device 100, and the budget is printed for each page printed. Reduced by $ 10. The protected processing environment 154 (3) in the local electronics 100 (3) ensures that this process is performed and the appropriate digital certificate 504 issued by the certification authority 500 and / or the distributed corporate certification authority 500A. Condition it to control 188 (3), which may require (3).

In accordance with the control 188 (3) provided by the information provider, the organization's equipment 100 (3) may have purchased during the reporting period, for example, at the end of the month or when the month's budget has been fully used. And an audit record (not shown) indicating the amount and the supplier account number for the purchase is sent to the internal corporate clearinghouse 200A. The decentralized local corporate clearing house 200A gathers the total of the audit records and sends at least one audit record 302 (3) in the guarantee container 152 (12) to the external financial clearing house 200 for automated bill clearing. The payment of the total amount to the provider of the market research report via the exchange (ACH) may be authorized. Also included in the assurance container 152 (11) are the account number of the company 95 (3) to which the funds were requested (eg, as part of the audit record 302 (3)) and the market research company to which the funds should be paid. Account number exists. The financial clearing house 200 completes the payment process via the ACH and sends the VDE-guaranteed container (providing at least one audit record) back to the internal corporate clearing house 200A as confirmation. Distributed clearing house 200A may then use the assurance container (not shown) to send at least one confirmation audit record to each of product managers 95 (3) A, 95 (3) B.

Embodiments: The decentralized trading utility 75 is an important part of electronic trading that allows consumers to purchase tangible items and support payment transactions , including selling, purchasing, distributing and / or managing all types of intangibles. Or with payment. Trade on intangibles (eg, digital information) has many of the same security, reliability and efficiency requirements as trade on tangibles. In order for a computer to truly become a trading device, a distributed, secure, reliable rights / event management software layer, such as the virtual distributed environment described in Ginter et al. Rights to operate the system or middleware). Thus, even when the tangible, rather than the digital asset, is a secure electronic trading object, the decentralized trading utility 75 can play an important role.

FIG. 62 shows an example of a tangible merchandise purchasing and payment system 1010. In the example of FIG. 62, a known provider of clothing and certain items used in a related home may provide products beyond digital networks such as, for example, the Internet / World Wide Web. L. Imagine Bean or Lands' End. In this example, the company creates:
A web catalog server 1012 that provides the consumer 95 with a line of clothing
A web procurement server 1014, which is an interface to the procurement function
A third web server 1016 that acts as a secure clearing house 200 and as an interface to several payment methods (eg, Master Card (“MC”), VISA and American Express (“AMEX”)).

The company also creates the following in this example:
Register the service with a secure directory service provider 600, and
Establishing a provider account with at least one payment method, such as a credit card, debit card and / or bank, through the financial clearinghouse 200, and
-Register some transactions with the trading authority 700.

In this embodiment, the company registers with a trading authority 700, which may be a distributed trading authority within the company that sells the goods, and an atomic transaction involves, for example, at least one electronic control set described below. Have:
Deliver orders processing procurement of one or more organizations, such as wholesalers 1018 and logistics 1020 (which may or may not be the same company);
-Receiving a confirmation that the desired product is actually stocked,
-Receipt of order confirmation,
Receiving pre-payment authorization from the payment method for the specific consumer placing the order;
・ Shipping instructions for merchandise,
・ Confirmation that the product was actually transported, and
Controls to complete payment transactions.

In this embodiment, the company also obtains at least one digital certificate 504 from a certification authority 500 that tests at least one of the following:

The company is a legal company registered in Delaware,
The company has not gone bankrupt and / or has some credit;
The company has a specific designated federal government tax identification number, and
The company has state tax certification numbers in each of several states, certain states and their corresponding certification numbers.

Consumers 95 use their electronic device 100 as a web browsing possibility to access catalog server 1012 across the world wide web of the Internet. The catalog server 1012 sends to the consumer 95 a web page 1022 providing a page from the electronic catalog. Web page 1022 may be sent to one or more secure electronic containers 152 (1). Consumer 95 uses his or her electronic device 100 to display web page 1022A and clicks on the web page section showing a men's short sleeve Oxford button-down shirt for $ 15.95. The current web page is replaced by web page 1022B from procurement server 1014. The second web page 1022B may be sent to a secure container 152 (2).

The consumer electronic device 100 has a protected processing environment 154. PPE 154 opens secure container 152 and displays page 1022B on the screen. The displayed page 1022B is in a form having several fields including a catalog number, a shirt description and a retail price. Consumer 95 fills in the fields of color, neck size, normal or tall, normal or fit, and quantity. Consumer 95 also indicates where the shirt should be delivered, the desired delivery service class, and the consumer's address.

For the consumer 95 who has all the required information, the electronic device 100 places the form field information 1024 in the secure container 152 (3) and stores the container 152 (3) in the procurement server 1014. Send it back. The procurement server 1014 opens the container 152 (3) and reads the field information 1024. Procurement server 1014 creates a VDE audit record indicating receipt of information 1024. Procurement server 1014 also creates control set 188 and / or event notifications that initiate purchase transactions.

The procurement server 1014 communicates with the wholesaler 1018 directly or through the trading authority 700. Procurement server 1014 then determines whether the requested item is stocked and transportable. If the procurement server 1014 determines that the requested item is stocked and transportable, and the information 1024 provided by the consumer is sufficient to proceed. If so, the procurement service returns another web page 1022C to the consumer indicating the following:

・ Purchase can be procured,
-Some various sales taxes and delivery fees,
The address provided and the class of the selected delivery service,
New fields for payment-related information, and
-A question asking whether the consumer wants the procedure.

The procurement service 1014 also sends the audit record 302 (1) to the consumer's PPE 154 and the trading authority 700 indicating which portion of the relatively large, atomic transaction being fulfilled is being procured.

If the consumer 95 decides that he does not want to proceed with the transaction after seeing the details of the procurement himself, the consumer's equipment 100 will procure a secure VDE container 152 (5). A service 1014 and a transaction authority 700 indicating that the transaction is to be canceled may be sent. If the consumer 95 says yes, the transaction is continued and the consumer is prompted to take the payment method from the provided list. In this embodiment, the above list corresponds to the payment methods supported by both the merchandise provider and the clearing house 200. Consumer 95 fills in the credit or charge card number, eg, due date and billing address.

Once the requested information is complete, the consumer device 100 sends the information to the financial clearinghouse 200 in a secure VDE container 152 (5) using the consumer's own secure PPE. And another VDE container (not shown) may be sent to trading authority 700 along with the audit records.

The financial clearing house 200 obtains the pre-authentication from the credit card processing company and returns the pre-authentication authorization information 1026 to the procurement server 1014, for example, using a secure VDE container 152 (6). The clearing house 200 sends another VDE container 152 (7) to the trading authority 700 with an audit record 302 (2) indicating the completion of the pre-authentication phase.

The procurement server 1014 may send an additional VDE secure container 152 (8) to the consumer 95 with a new web page 1022D and audit trail information 302 (3), shown below:

・ The order processing is complete,
The sale has been approved by the payment method,
The consumer's credit card is fully charged when the goods are shipped; and
A transaction confirmation number for further reference so that the procurement service 1014 and / or the transaction authority 700 can be queried.

The procurement service 1014 (eg, in cooperation with the wholesaler 1018) has the audit records 302 (4) and 302 (5) wrapping the goods and passing them to the express delivery service 1020, for example, indicating shipment. The VDE secure containers 152 (9) and 152 (10) can be sent to the clearing house 200 and the trading authority 700, respectively. In this example, the courier delivery service (“logistic”) 1020 includes a VDE secure container 152 (11) indicating that the courier service 1020 owns its packaging, the trading authority 700 and the procurement service 1014 (and If desired, also send to consumer 95).

Regarding the delivery of the package with the goods, in this embodiment, a VDE secure container including an audit log 302 (7) indicating the delivery of the completed package to the transaction authority 700 marking the next completed transaction. Express delivery service 1020 sends 152 (12) and then the clearing house 200, express delivery service 1020, procurement service 1014, and, in some instances, additional VDE security indicating completion to the consumer 95. Container 152 may be sent.

Example: The decentralized trading utility 75 can support the transactions that consumers pay for services, a prominent feature of the advanced Western economy, especially the United States economy at the end of this century, which is a major manufacturing "smoke stack". The economy has shifted from the "economy" to the "services economy". The decentralized trading utility 75 can support transactions paid by consumers and, in many instances, consumers or otherwise use services.

FIG. 63 shows an example of the online service system 1030. In one embodiment, the online service 1032 is obtained from a certification authority 500 that registers with the secure directory service 600 and that proves that the digital certificate 504 (1) is the same as the online service. The online service also agrees to trust the certification authority 500 and the certificate 504 issued by the party authorized by the certification authority 500 to issue certificates for certain facts.

For example, online service 1032 may agree to accept a certificate 504 (3) issued by a decentralized certification authority 500A from a parent authenticated by certification authority 500 (through certification 504 (2)), and that they accept the child Issue a certificate proving the fact that these children are currently minors. The online service 1032 then provides that the adult responsible for the child must issue another certification testimony to the willingness to take financial responsibility (eg, unconditionally or on a transaction basis). In a certain aggregate level of spending for a certain limit or in a certain period of time, in some cases, how many per month (so much per month) a child may have on certain subject materials distributed by online services It does not allow access or accept digital signatures based on certificates for purchase transactions.These certificates 504 (2), 504 (3) are used in the VDE secure container It may be sent from the authority 500 to the parent and / or at least one child.

Here, imagine that the child 95 (2) reserves an online game called "chat". Online service 1032 has a web interface specifically designed for school-age children. This service 1032 provides reservations that must be updated quarterly. Using a personal computer or television and an electronic device 100 such as a set-top box with two-way communication and a protected processing environment 154, the child 95 (2) uses a secure registration service 600. Locates online service 1032 and sends a message requesting a reservation. In response, online service 1032 sends a request 1034 for payment, membership, and member information to parent 95 (1) or a guardian in VDE secure container 152 (4). The parent or guardian and / or other paying individual 95 (1) has his or her (or their) credit card number, expiration date and billing in one or more other secure containers 152 (5). The book address information 1036 is provided to the online service 1032.

In this embodiment, the online service 1032 stores the consumer's service account, credit card and / or other payment information 1036 in the VDE secure container 152 (6) (in a variation of this embodiment, the parent 95 (1) The financial and related information may be provided directly to the clearing house 200 (which may be provided to the clearing house 200 in the VDE secure container 152 (5)). The online service provider 1032 also provides the clearing house 200 with the clearing house network address and provider account number. In a protected processing environment (e.g., a general purpose computer locked in a physically secure safe or other secure facility), the clearing house 200 secures the secure container 152 (6). ) To retrieve payment information 1036 and complete the payment transaction with the credit card company.

In this example, the financial clearing house 200 then proceeds to the following information 1038 (this list is for illustration purposes only, and the general information that any available information set may have been communicated to). To the online service 1032 in at least one secure VDE container 152 (7):

• VDE audit record for this transaction • Trading authority number • Provider account number • Consumer account number for the service and
・ Payment amount

Next, the online service 1032 sends the secure container 152 (8) to the consumer 95 (1) whose payment was accepted. In some embodiments, online service 1032 may direct certification authority 500 to issue a certification 504 attesting to the validity of the reservation until a particular date. Online service 1032 may also provide an audit record 302 (1) derived from information 1038 provided by financial clearinghouse 200.

Each time the child 95 (2) logs on to the online information service 1032, the child's PPE 154 checks to determine if any authentication 504 is present or known, and if so,
Whether these digital certificates testify to reservations for currently unexpired online services, and whether any minor child certificates are presented and valid (eg, children Was not expired because he had not yet reached his 18th birthday)
Check to determine.

If, through these authentications 504, it is determined that the child 95 (2) has been authorized to use the online service 1032 and has been barred from accessing certain "adult" content. , Online services give selective access to the authority-given parts.

に お い て In this online service feature, multi-person interactive games are distributed. In this embodiment, child 95 (2) plays a game with at least one other authorized and authenticated minor child, the adult is excluded by potential VDE rules, and Controlling this game in certain embodiments is prohibited. At least a portion of software (eg, executable code and / or interpretable code such as Java) that implements at least one portion 1040 of at least one game includes at least one VDE secure container 152 (9). Can be used and downloaded from the online service 1032 to the child information application 100 (2).

Using the methods described in Ginter et al.'S disclosure, these programs and / or program 1040 portions are determined to be reliable and unaltered. The at least one key used to calculate a one-way hash function that generates a digital signature used to determine the integrity of at least one program 1040 or at least a portion of the program is provided by a certification authority 500. The issued authentication 504 is linked to the identity of the online service 1032.

In this embodiment, when the child 95 (2) plays the game, at least part of his or her movements is measured according to the method disclosed in co-pending Ginter et al. An audit record 302 (2) shown is created. At some point, these audit records 302 (2) are communicated to an online service 1032, which may include the clearing house 300 used in this example. The clearing house 300 in use may analyze these usage records 302 (2) and use the usage records 302 (2) to determine how much to charge the child 95 (2).

Example: Distributed Trading Utility 75 can be used to provide value chain disaggregation for purchasing and / or using tangible items Distributed Trading Utility 75 facilitates purchasing or other types of transactions for tangible goods Can be used to FIG. 64 shows a tangible merchandise delivery system 1040. For example, company 1042 places an order for office supplies using electronic device 100 including PPE 154. The order is a box of paper clips, a stapler, a peg, a case of 8.5 x 11 inch copy paper, and a dozen yellow rated size notepads. These items are manufactured by the manufacturer 1050, distributed by the distributor 1048, and sold to the company by the retailer 1046.

In this embodiment, the clearing house 200 receives payments 1052 from the company 1042 and separate payments 1052A, 1052B, and 1052C that are delivered to the retailer 1046, distributor 1048, and manufacturer 1050, respectively. Spread the payments by splitting into.

For example, company 1042 sends its order 1044 to retailer 1046 in VDE electronic container 152 (1). In this example, retailer 1046 receives order 1044 and provides in response thereto a control set 188 indicating the provider account number of distributor 1048 and / or manufacturer 1050 and a percentage of the retail price received by each. To provide procurement services. If desired, the retailer 1046 may provide a different set of controls 188 (regardless of quantity) for each item ordered, to ensure that different payouts are fulfilled on a per item basis. Tolerate. Retail store 1046 may provide this control set 188a to company 1042.

The control set 188a may be adjusted in the presence of one or more digital certificates 504 issued by the certification authority 500. For example, the control set 188a may require that the company 1042 provide a digital certificate 504 (1) issued by the certification authority 500. Authentication 504 (1) attests to the identity of the ordering company 1042. Another certificate 504 (2) may be provided in the same chain of trust as the certificate authority 500, which ensures that the orderer has the authority to order up to a particular spending limit. Company 1042 may provide the same or a different authentication 504 (2), which also indicates that purchasing employees within the company are authorized to use the company's charge card.

に お い て In this embodiment, the company 1042 pays with a company charge card. The clearing house 200 first obtains a payment authorization from a credit card company before the retailer 1046 carries the goods. Upon receiving the pre-authentication notification, retailer 1046 may ship merchandise 1047 to company 1042. Following delivery of the goods 1047, the retailer 1046 creates at least one VDE audit and / or billing record 1052 in at least one VDE secure container 152 (2) and transfers the container to the financial clearinghouse 200. Communicate (audit information may also or alternatively be sent to retailer 1046).

The financial clearing house 200 then allocates all payments to each participating value chain represented by the control set 188a (eg, which can be received directly from the retail store 1046 and / or through the company 1042) to charge card transactions. Complete. In this manner, distributor 1048 and / or manufacturer 1050 receive the payment at the same time retail seller 1046 receives the payment. The control set information 188a may be the total payment share, and the local, state and federal tax provider account numbers (which may be) and the account numbers of the delivery charges, such as an overnight express company. ) Is also shown.

例 The example of FIG. 64 shows that value chain distribution can determine tangible and intangible objects. Similar techniques may also be used, if desired, further back through the supply chain of the manufacturer 1050 (e.g., for the metal provider from which the paperclip was manufactured).

Example: Distributed Trade Utility 75 Helps Distribute Digital Properties by Providing Registry and Other Services Distributed Trade Utility 75 is an electronic society that effectively distributes electronic or digital properties or content. To assist. For example, using the electronic device 100 provided in the protected processing unit 154, the creator or other rights holder 400 can exchange digital objects in a secure container with registered rights and authorized bill exchanges. To the place 400.

The rights and clearance clearinghouse 400 opens the container for use, for example, its own VDE protection processing unit, and assigns a uniform object identifier indicating the identity of the creator. Object types are registered, software, video, sound, text, multimedia, etc. and digital signatures for objects. A uniform object identifier is unique as a whole, or only in the namespace domain of the creator or some other entity (such as an online service, a digital library or a particular jurisdiction such as a particular country). obtain.

In this embodiment, using a protected processing environment, the rights and licensing clearinghouse 400 uses a private key of the rights and licensing clearinghouse to sign a digitally uniform object identifier and associate the object with the object. The identifier is returned to the person or organization registered in the VDE secure container. The rights and authorization clearinghouse 400 may maintain a copy of the object or only a uniform object identifier for the object and its signature to the object and its uniform object identifier. In another example, the rights and licensing clearinghouse 400 digitally signs a new object consisting of the original object and its uniform file identifier, and signs the new object and / or its signature with the rights and licensing note. Stored in the exchange 400 archive.

The creator may also send the authorization in the VDE secure container and a pricing template 450 (see FIGS. 45A-45C) indicating that the authorization has been granted. The prices are charged based on their authorization and, if applicable, the individuals, classes and / or the exercising of the jurisdiction to which those prices and authorizations apply. More than one authorization and pricing template 450 may be sent within one VDE secure container 152 or to another VDE secure container 152 that may be used for each authorization and pricing template.

In this example, using the VDE secure container 152, the object is then communicated from the creator to the distributor 168 (see FIG. 16). Using authentication 504, the distributor 168 really has the authority to selectively change the authorization and price of objects to the VDE instance (PPE 154) interpreting the creator's control set, And it can prove to create new authorization and pricing templates. Distributor 168 sends the VDE secure container to the rights and clearance clearinghouse 400 that includes the uniform object identifier with the new controls. In the preferred embodiment, the distributor 168 has the option of leaving its uniform object identifier unchanged if the object remains unchanged. However, if the distributor were changed to add its own brand to the object, the uniform identifier would have to be changed to reflect the distributor's opinion. The digital signature is calculated again using the distributor's private key. As described above, object registration has the option of storing only the digital signature, or both the signature and the actual object.

Example: Distributed Trade Utility 75 can be used to facilitate copyright registration, as an added service value. The rights and licensing clearinghouse 400 may provide a copyright registration service (see FIG. 43). The rights and licensing clearinghouse 400 may send a copy of the object to an appropriate government agency 440 online copyright registration service (eg, a copyright office in the United States). Objects and uniform object identifiers can be sent in a VDE secure container with controls indicating the payment mode, if registration or processing is charged.

In this embodiment, the copyright registration service sends the financial clearinghouse 200 at least one VDE secure container with at least one audit record indicating the price to be paid, the payment method, the registered party account and the government account to receive the funds. Receive an audit record that may be sent and that the transaction has been previously authorized in the VDE secure container (or the proposed transaction has not been authorized for any reason).

If the transaction was previously authorized by the clearing house 200, in this example, the VDE enabled computer at the U.S. Copyright Office opens the secure container and provides a uniform object identifier. Add objects to the registration database. The particular uniform object identifier, the particular uniform object identifier, and the particular digital signature make sure that the object is actually registered with the registration authority and that at least one person is the copyright holder at the time the object is registered Under the chain of trust emanating from a certification authority 500 (which in this example could be operated by or on behalf of the United States government) in a copyright registration service. To submit. This authentication 504 provides copyright registration information within the VDE secure container based on the person who registered the object (and / or the person designated as the notified person) and then the request within the secure VDE container. Get, send to the clearing house 400.

The copyright registration service instructs the clearing house 200 to proceed with at least one VDE secure container by performing a previously authorized transaction (if all necessary information is part of the prior authorization process). And / or send it to the clearing house 200 along with at least one audit record that provides the information to the clearing house 200. The copyright registration service instead receives audit records from the clearing house in the VDE secure container. In the VDE secure container, the audit record indicates that the payment transaction has been completed and that funds have been deposited in the appropriate account or accounts, or that the payment transaction has not been completed and that the payment transaction has been completed. Not accuse why. The information provided to clearing house 200 may be, for example, the amount of the payment, the method of payment, a registration party account, an account to receive US government funds, and a payment transaction that must be completed.

Example: Distributed Trading Utility 75 Can Support Renewal or Change of Authorization and Pricing Distributed Trading Utility 75 provides a mechanism for regenerating expired rights and licenses, and furthermore, provides electronic and digital properties Promotes dispersion. See FIG. 42A.

In one embodiment, imagine that an employee at Fortune $ 1000 company has a set of controls on expired digital assets, perhaps pieces of software or Java applets. The VDE protected processing environment at the employee's computer sends the VDE secure container to the rights and clearance clearinghouse 400.

The Distributed Trading Utility 75 may also facilitate the distribution of electronic and digital properties by providing a mechanism for distributing rights, authorizations and prices that is modified by one or more parties in the distribution chain. In one embodiment, imagine that a consumer has digital objects in her hard disk and a VDE control set distributed by the publisher. Authorizations and prices originally indicated the payment per model used, with the user paying 10 cents for each operation on the object, such as printing or viewing.

To determine if the new rights and prices are now available, the protected processing environment on the consumer's PC is based on the network address obtained from the control set together with the MIME-enabled email. , Send the VDE secure container to the rights and clearance clearinghouse 400. The consumer has obtained the rights and the address of the authorized clearinghouse from the secure directory service 600. The directory service 600 sends, for example, a query at the VDE secure container and receives a response at the VDE secure container.

The VDE secure container sent to the authorized clearinghouse 400 contains the object identifier in addition to the rights and current control requirements including price. In the rights and clearance clearinghouse 400 server, the protected processing environment opens the VDE secure container, pulls most current control sets from the control database, and other controls via reply email via the desired control. Send to VDE secure container. The consumer's protected processing environment opens the container and replaces and / or augments the expired controls with new controls. Consumers are now able to use the content according to the rules and controls specified in the control set received from the rights and authorization clearinghouse and processed by the VDE instance on the local computer or other device. In this example, these new rules and control sets reduce the pay-per-use price from 10 cents per operation to 5 cents per operation.

Example: Distributed Trade Utility 75 may support a model for distributing new rights Distributed Trade Utility 75 may not have some or all rights initially satisfactorily distributed to the ultimate consumer, Transactions that must be demanded instead can also be favored. In one embodiment, imagine that a lawyer attempts to start a publishing business by combining her / his own dissertation with other material obtained from legitimate information distribution. Legitimate distribution of information has chosen the clearing house 400 to be a distributor of control set information for many characteristics. For each object, they register at the rights and clearance clearinghouse 400, and they also register two sets of controls in the format described in the Ginter et al. Patent shown below.

One set of controls specifies default controls, including prices for retail consumers, and
• The second set of controls conveys price and rights that have little benefit to the retail consumer, eg, the right to certify. Athony Public Relations Publishers derives chapters from academic articles on patent law and In addition, we hope to include 1000 words extracted from scholarly articles. Having already obtained the academic dissertation chapter and its retail control set, the public relations publisher sends the questions in the VDE secure container to the Rights and Authorized Clearing House 400 using an Internet MIME-enabled email and enclosed. Seeking extract and licensing rights for the chapter identified by the identified uniform object identifier. The lawyer uses the secure directory service 600 (alternatively, the address of the rights and licensing clearinghouse 400 may be included in the original retail version received by the lawyer) to provide the rights and licensing clearing house. 400 were found.

The rights and licensing clearinghouse 400 checks the object database, finds the control set information for the named object in the universal object identifier, and, for each, depending on the price, extracts and rights. Determine both the availability and the certification. Extract rights do not convey the rights to alter the excerpted portion. If all chapters have not been edited, the authentication right is transmitted according to a control that sets a discount of 30% from the assigned retail price for a certain extract length.

Using the VDE-aware page composition application, a public relations publisher combines several jobs, including 1000 word excerpts, to form new jobs. The publisher registers the new object with the rights and authorization clearinghouse along with the control set. The public relations publisher also registers new objects using, for example, the copyright registration feature, for example, with the United States Patent and Copyright Office. Public relations publishers distribute new work within the VDE secure container. The VDE secure container also has a control set for each of the other edited jobs, and also completes publicity for all. According to the controls, which apply to the respective control of the part where the composite object and the other rules are present, the local VDE-protected processing environment for the used equipment maintains the use of the truck. At times, the VDE instance sends audit records to the clearing house 300 and the clearing house 200 that are using it.

Example: Distributed Trade Utility 75 Can Support Electronic Rights Negotiation Distributed Trade Utility 75 can support electronic rights negotiation. In one embodiment, imagine a professor creating a course pack. In this example, many different tasks used by students of a particular course last only one semester. In this example, the professor sends the VDE secure container with the query to the appropriate rights and clearance clearinghouse 400 and returns a set of controls for the digital properties listed in the query. By reviewing licensing and prices, the professor states that the book chapter has a large enough price to make the total price of the course pack higher than the highest price she / he desires. Notice that

Using the negotiation mechanism disclosed in Ginter et al. (See, for example, FIGS. 75A-76B), a professor attempts to negotiate with a rights and clearance clearinghouse 400. The rights and clearance clearinghouse 400 then lacks permission to negotiate and automatically decides to turn to negotiation with the publisher.

Since the proper certification 504 has been obtained from the certification authority 500 by providing qualifications to indicate "high education" class membership, the protected processing environment of the publisher's web server ensures that the professor's targeted assets Provide a new and modified set of controls. The control has a discounted price, the control requires that the copies printed on the VDE enable an authorized printer to keep track of the number of copies printed, and the control uses VDE technology. Report back to various parties for transactions that use. If still not satisfied with the price, the professor sends a reverse offer to negotiate VDE in the secure container to the publisher. The publisher's VDE instance negotiates with the professor's negotiated reverse offer control set, consent has been achieved, and a new control with a new agreed upon price, duration and conditions for the professor to continue to manufacture course packs next. Provide a set. The rights and licensing clearing house 400 seeks to recognize some reduced prices. Because in this example, the professor would provide a digital certificate that testifies to the fact that she has a full-time contract with the University of California, Los Angeles, and has a certain minimum number of students using the material. Because it can be. This certification satisfies the requirements stated by the publisher on the rights and clearance clearinghouse 400.

Example: One Useful Use of Fulfillable Certification Authorities 500 is for the issuance of digital certificates in the interest of government. In addition to issuing a certificate proving identity and legal status, etc., the government certification authority 500 issues a certificate certifying that it is feasible, eg, a load module. For example, the government certification authority 500 certifies at every level a feasible set that represents the laws and trade practices of the managed district. Saudi Arabia, for example, strongly recommends that, in their administrative controls, all equipment have a government-approved load module that examines container attributes and ensures that only appropriate content is released. Insist. California certifies load modules that calculate state taxes and the like.

Example-Entertainment Distributed Distributed Trading Utility 75 can be used to effectively and flexibly support models for movie distribution to the consumer market. For example, movie and entertainment companies such as Disney want to provide an electronic decentralized trading utility 75 to support the distribution of movies to consumers 95. Disney may open trade utility system 90 itself, or may contract with a neutral third party to provide trade utility system 90 for profit. In this embodiment, the purpose of the trade utility system 90 is to support secure pay-per-view / pay-per-use, rental, leasing, and decentralized transactions of other movies to consumers.

The movie itself can be distributed in a digitized form, for example, a digital versatile disk (DVD) or other high capacity media. Such media stores, in addition to the movie itself, one or more secure containers that include control sets for controlling use of the movie. Consumer 95 may play the movie using media player 104 (see FIG. 1) having network 150 connection or other "back channel" (eg, the ability to read or write from something like a smart card). .

The media player 104 has a protected processing environment 154, such as a secure processing unit for managing rights and operating electronic containers. The storage media may also be played by a personal computer 124 provided with a protected processing environment and network connection.

Set-top box 104 may be controlled by electronic controls distributed on the media and / or through the back channel. Control requires that the set-top box 104 record consumer usage and payment information for each property that the consumer has decided to view. For example, the consumer 95 places a media, such as a DVD optical disc, in the media player 104 and presses a “play” button. The consumer's media player 104 displays a message (eg, on the television set 102) that tells the consumer how much it will cost to watch the particular movie next (eg, $ 2.95), and Ask consumers if they want to proceed. If the consumer answers "yes", the media player 104 plays the movie on the consumer's television set 102 and records the usage and payment information for reporting to the consumer utility system 90. The processing environment 154 protected within the media player 104 ensures consumer payment for watching the movie under secure control by one or more associated electronic control sets delivered to the media player 104; And monitor and collect information that can ultimately be used to provide secure usage audits. Secure usage audits include, for example, Disney, movie actors, directors and others involved in making the movie, who may be interested in seeing how many consumers watched the movie (and demographic information for promotional purposes, etc.). (Potentially providing) can be used to allow secure confirmation. For example, the protected processing environment of the media player 104 may securely collect and record the following information, for example, in meters, bills and / or budget audit trails associated with a particular control.

-Movie title-Movie digital descriptor-Time and date properties played-Number of hours played property-Person who played the property

In some embodiments, the consumer 95 needs to have a digital certificate 122 issued by an appropriate certification authority to testify to a fact. Such a digital certificate 122 may be used to provide the context of the electronic control set delivered to the media player 104. Such authentication allows consumers to play the movie and / or prevent the movie from playing under certain conditions and / or affect the controls applied when the movie is played. Before being done, it may need to be present.

For example, the parent was able to obtain a digital certificate 122 indicating that the household has children. This “child's parent” digital certificate 122 could be used to prevent the media player 104 from playing any movie other than a movie with a rating of “G” and “PG”. Such a certificate 122 could have been issued by the same organization providing other management and support of the services associated with this embodiment, if desired.

Electronic controls provided for certain movies on media such as optical discs may also specify special value chain disaggregation to be applied in connection with payment preparation. For example, the media player 104 should have the movie disperser, the studio and the distributed trade utility 75 receive a certain percentage of the royalties of 2.95 $, and the state government should be in the form of a sales tax or VAT. "Know" from the electronic rules and controls delivered to media player 104 that they must receive a tax payment. Because this information is maintained in the media player's protected processing environment 154, the consumer 95 is never exposed to the payment disaggregation scheme and / or details thereof. (Consumers typically do not mind that the "cut" of the distributor is at odds with the studio's revenue. The protected processing environment within the media player 104 can be localized or distributed as described above. This payment disaggregation may be provided through a consolidated or centralized clearing house 200.)

Media player 104 can report usage containment information collected on a real-time (online) and / or periodic event driven basis. In one embodiment, the media player reports information gathered in the previous month at the end of each month. The media player may report the collected payment information (including the disaggregation data provided by the control set) to the financial clearinghouse 200 fulfilled by Disney) (or, for example, such information may be directly The financial clearinghouse 200 may be able to ensure that the consumer's account is properly billed and that various payers (e.g., Disney, movie distributors and others in the value chain). Ensuring proper “split” of consumer payments.Financial clearing house 200 also provides consumer deposit checks and authorizations, ensuring that consumers do not accrue unpaid accounts. Help to be.

Media player 104 may report usage information and collect it at clearinghouse 300, operated by an independent auditor (movie producers and actors may use independent third-party auditors who are not Disney May perform the function) or, for example, report such information to Disney and / or the clearing house 200. If rules and controls require that the rights of other value chain parties and Disney cannot verify, modify and / or delete such information, for example, due to VDE protection mechanisms, If so, certain such information will be hidden from Disney. The clearing house 300 analyzes the data being used and submits a report indicating the total number of times viewed, market share, and the like. The clearing house 300 in use may also further analyze the information and provide demographic and / or market research information. This type of information can be very useful to advertisers and marketers.

Disney may also operate the rights and clearance clearinghouse 400. Even in the present embodiment, rights and licensing clearinghouse 400 can provide a supplemental set of controls for various reasons, even though licensing is distributed on optical media. For example, control sets distributed in the media expire on a certain date. The rights and clearance clearinghouse 400 may submit a new set of controls instead of the expired one. The rights and licensing clearinghouse 400 also submits authorization to provide "sale" and / or change other prices (e.g., reduce the price of a movie of the order). The rights and licensing clearinghouse 400 also submits special authorizations (e.g., excerpting or editing rights that a multimedia developer or advertiser may have been able to request, and / or, for example, for printing purposes, Mickey) Redistribution rights for certain screens, such as an approved image of a mouse). Disney has "pre-approved" these special licenses, and the rights and licensing clearing house could automatically provide them as needed. The digital certificate 122 is used to perform an authorization interaction, whereby the user receiving the control set is authorized to utilize it.

Embodiments-Distributed Trade Utility 75 Can Support Collection, Analysis and Repurposing of Usage Information Prior to the invention disclosed in the specification of Ginter et al., The electronic community, among other things, had a local computer or It lacked a general purpose, reusable, distributed, peer-to-peer technology that could efficiently and effectively monitor and measure use in a protected processing environment. The collection, analysis and reporting of usage data provides significant value to rights holders and other decentralized chain participants, infrastructure decentralized trading utilities 75, consumers, and other interested parties. Understanding what happened can often be a basic determinant or contributor to what may have happened or must have happened. In addition, the information in use can be repurposed to support a wide range of other commercial activities, including advertising and trading models.

In this embodiment, one or more consumers are imagined in each of several companies having information devices 100, such as personal computers, having a VDE Protected Processing Environment (PPE) 154 described in Ginter et al. thing. In this embodiment, for a period of time, perhaps one month, the VDE keeps track of detailed usage information, and stores this information at each computer, which is a logical extension, and under the control of each computer PPE. Imagine continuing to store, in an encrypted database on each hard disk. Each of these consumers typically purchases different combinations of information and entertainment from different sources. Each instance of the VDE captures usage information according to controls purchased or otherwise used and / or associated with the service.

Immediately at the beginning of each month and / or during any other demanding (permitted, if supported) reporting period, each instance of the VDE will include a copy of each of the digital features used in the previous month. The usage record is communicated to the clearing house 300 according to the relevant controls. Next, for any use of the property during the previous month or other reporting period (eg, daily, weekly, seasonal, yearly), clearinghouse 300 will report to each of the rights holders. I will provide a.

In one embodiment, these reports include information identifying both individual consumers and the company that employs them. In another embodiment, the report includes detailed usage information, but individual consumer confirmation is removed by clearinghouse 300. Alternatively, both individual consumer and legal entity identification can be eliminated. Alternatively, usage information may be gathered by any one or more certain categories, such as industry, geography, and / or by country and / or other useful categories.

In another useful embodiment, a particular company or individual consumer may not have licensed VDE (subject to this right, of course, available through appropriate rules and controls), and firstly their information Confirmation information may be communicated from the device to the clearing house 300. The user may have established a VDE control that prohibits the disclosure of such confirmation information. In another embodiment, the user may use the arrangement mechanism disclosed in the Ginter et al. Application, with the required levels of various control sets associated with the information purchased or used by each consumer. Additional levels of privacy and confidentiality may be negotiated. That is, the electronic negotiating process creates a modified or new set of rules and controls that reflects the added level of privacy and confidentiality. In yet another embodiment, the rights holder, rights and authorized clearinghouse 400 or clearinghouse 300 or others may be using the same negotiation mechanism, VDE rules instead of privacy and confidentiality and It may be negotiated through the use of a control set.

As shown in FIG. 11 and FIGS. 33-39, the verification information is removed, the data is collected, the data is analyzed, reports are generated, and / or those reports are sent to rights holders and other interested parties. The functions of the clearing house that can be transmitted may reside in one or more logical and physical locations. For example, a distributed clearing house 300 operating a local computer (or other information equipment) may perform the functions of any or all of these clearing houses. The one or more clearinghouses may be located within a given company or within a given group of companies, including, for example, siled industries such as healthcare, commerce or business groups ("affiliations"). Similarly, the functions of these clearinghouses may be performed by clearinghouses in each country or other jurisdiction, or may be defined by any other classification and / or geographic variability.

The clearinghouse 300 may also provide raw data, collected data, and / or customized reports to rights holders, distribution chain actors, and / or other interested parties. These organizations include, for example, content creators, publishers, repackers, repurposers, advertising agencies and their clients, business associates, market research and consultancy firms, distribution audits and audience surveys. Includes company, sales, market transactions, and advertising features of companies interested in one or more markets, and government agencies.

In another embodiment, clearinghouse 300 may also use advertisers that handle specific advertisements and / or advertisements by individual consumers within companies and / or group companies, markets, and / or other analytical groupings and categories. Information may be sold in the category.

Example: A Secure Directory Service that Protects Confidentiality and Privacy Personal and professional confidentiality and privacy are often an essential aspect of modern experience. Individuals do not need to know who they are associated with. In many aspects of work, companies may not want to communicate, influence, and disclose their interests in performing work. In today's Internet, for example, it is possible for a person with some kind of access to determine the characteristics of a query between a given person and a directory service. Such information may provide important clues as to the arrangement of work that is present or about to occur and has not been publicly announced (eg, absorbed or merged).

The VDE secure container provides one standard for a secure directory service 600 where confidentiality and privacy are maintained. In one embodiment, a Fortune 100 lawyer (the Corporation, Counsel, in a, Fortune) company seeks to obtain the e-mail address of an in-house investment bank clerk handling the proposed acquisition. But I do not share my concerns with anyone. The legal representative sends the query in the VDE secure container to the secure directory service 600 with the name of the person who wants to contact and the company. The secure directory service then sends the response in another VDE secure container back to the legal representative. Both the inquiry and the response utilize a certificate issued by a certification authority 500 that authenticates both the legal representative and the secure directory service 600. Payments for inquiries are handled by the clearing house 200, which deposits payments in the secure directory service 600 provider's savings account, while debiting the savings account of the company that employs the legal representative.

Since these transactions are performed using VDE and VDE secure containers, those who observe the communication will only confirm the fact that they are communicating at most. Securities analysts are developing techniques for "trading analysis." Here, the communication frequency between two or more parties is observed, and changes in the communication frequency correlate with other information to make inferences about their content and / or purpose.

However, it is possible to use VDE and VDE secure containers to negotiate trade analysis at some additional cost. In this one embodiment, the company sends the VDE container to the secure directory service 600 with an empty or "null" query that generates a return message in the VDE container with a null response in the average amount of elapsed time. In the case of a VDE on the computer of the legal representative, a transaction of the payments that are proprietary to the clearing house is generated, but these payment records with others are collected and the pattern of the inquiry and the Eliminate the correlation between Although ineffective from a trade perspective, this method of using VDEs and VDE secure containers to counteract trade analysis attacks is, in principle, a secure and trusted method disclosed in the Ginter et al. Application. Is used between multiple organizations that seek to hide communication patterns while taking advantage of efficiently distributed trading capabilities.

Example: Cooperation between the Inside and Outside of the Clearing House for an Organization Various trading utility systems 90 vary in degree and change combinations, as illustrated in FIGS. 2A-2E and 3A-3C. Can be dispersed. In one embodiment, shown in FIG. 65, an American Fortune 100 company 1070 having operations in several countries and in multiple countries, ie, multiple locations within each country (eg, the United States, Japan, and Europe), It has been found desirable to distribute the VDE distributed trading utility 75 internationally. In order to increase the efficiency of purchasing external information and to make the most of information providers and their information, Company 1070 will make all purchases made within the United States and within the U.S. dollar distribution Have chosen to negotiate with several providers on agreements dealing with In this example, company 1070 maintains its own global intranet 1072. The Intranet 1072 includes a headquarters 1074HQ (shown here as being in the United States), company US employee electronics (1074US (1), ..., 1074US (N)), company Japan (company Japan). Connect to employee electronics (1074JP (1), ..., 1074JP (N)) and company European employee electronics (1074EU (1), ..., 1074EU (N)). Intranet 1072 also allows each of these employees 1074 to communicate with one another. VDE-based transactions between company 1070 and its information provider also route the Internet from one or another company's U.S. gateway.

To provide efficient administrative and support services, the company 1070 distributes at least one decentralized clearing house 200 and at least one decentralized clearing house 300 in each country. For example, a company 1070 operates a financial clearing house 200A and a clearing house 300A in the United States, a financial clearing house 200B and a clearing house 300B in Japan, and a financial clearing house 200C and a clearing house 300C in Western Europe. I can make it. Some of these decentralized clearing houses may be located in countries with multiple sites and in the United States. In addition to negotiating agreements with informants, company 1070 also negotiates agreements with large trade clearing houses 300 and major financial clearing houses 200. These centralized clearinghouses may be located anywhere and may communicate with the company 1070 via the Internet and an intranet 1072 within the organization. Neither of these clearinghouses 200, 300 is affiliated with a company 1070 that does not go through this business agreement. Each of the decentralized clearing houses within company 1070 operates under the simultaneous authority of both the company and the external clearing house with which the company has business agreements.

In this one embodiment, a product market trade manager 1074JP (1) hired by the company 1070 in Japan obtains a market research report 166 from a US distributor 1076. The report and associated controls are sent from US distributor 1076 to this employee 1074JP (1) in VDE secure container 152a. The VDE instance on the administrator's device 1074JP (1) keeps track of use and keeps payment to the information provider. Periodically, these audit records 302 (1), 302 (2) are sent to the decentralized clearing house (private clearing house) 300B in the VDE secure containers 1052b, 1052c and to the internal financial clearing house 200B. Sent. Both of them are located in Japan on a private organizational network (or intranet) 1072 within the company. In this embodiment, from time to time, due to the VDE controls associated with the purchased content, the private clearing house 300B removes individual identities according to VDE rules and controls governing the protected processing environment process, and The audit record 302 (3) is sent to an external clearinghouse 300 in a secure container. All of the distributed clearinghouses 300 A, 300 B, 300 C in the company send periodic communications to the trade clearinghouse 300 in the VDE secure container 152. The main clearinghouse 300 then creates the reports and sells the reports, licenses, and / or distributes them to report holders or other parties. The other part, for example the third part, which has a trading interest in obtaining the information, has the individual's identifier removed. In many situations, company names have also been removed in accordance with VDE rules and controls.

From time to time, due to the VDE control 188a associated with the purchased content 166, a copy of the complete usage record (with employee identification information) may also be stored on the company's main clearinghouse 300HQ (which may be located at headquarters). Sent. Similarly, audit records are also sent to all decentralized clearing houses 300A, 300B, 300C of the company. These are then collected and combined for further analysis, reporting, and auditing.

The internal decentralized clearinghouses 200A, 200B, 200C also receive their audit records 302 in the VDE secure container 152 from the VDE protected processing environment 1074 according to the VDE control set for purchasing information. Each internal decentralized clearing house 200A, 200B, 200C collects payments and sometimes sends a VDE secure container 152 with an audit record 302 indicating the totals collected that are forwarded to the information provider as a result of the transaction. The company may also provide updated information about the savings account to which the company's funds are transferred and / or the provider's savings account to receive the funds. The external clearing house 200 then terminates these payment transactions and returns an audit report to the company 1070 and an information provider confirming the payment transactions. In a preferred embodiment, these movements occur securely under the control of distributed VDE nodes and are at least partially automated by the use of VDE containers and controls to manage a series of handling and multi-node, multi-organization sequencing processes. . As in an alternative embodiment, the calculation of the payment volume and the completion of the payment transaction are performed at an external primary financial clearinghouse 200 from usage information received from the clearinghouse 300. Of course, if the clearing house 300 and the clearing house 200 are in the same entity, the clearing house has already received such information. In this embodiment, the external and internal finances then compare the payment information.

This embodiment is not affected by the range in which administrative services and support services are distributed. In a related embodiment, as shown in FIGS. 2A-2E and FIGS. 3A-3C, the functions of the clearinghouse and financial clearinghouse are distributed in each VDE-aware protected processing environment 1074. In this embodiment, each protected processing environment 1074 may report directly to the main external clearing house 200, 300, to a distributed external clearing house, and / or to the functions of the internal clearing house. These clearinghouses are organized differently, as described above, for each continent (North America, South America and Central America, Australia, Europe, etc.) than for each country and company 1070 location.

In one further embodiment, headquarters 1074HQ and its associated headquarters-based clearinghouse 200HQ, 300HQ provide a centralized clearinghouse system through which all usage and financial information must flow. In particular, in a more centralized embodiment, all user devices 1074 report their use and financial transactions to the head office clearinghouse 200HQ, 300HQ in a secure container 152 across an intranet 1072. The head office's clearinghouse 200HQ interfaces directly to a VDE compliant multi-purpose payment system. These multi-purpose payment systems are designed to ensure the enforcement of automated secure financial transaction realizations in accordance with rules and controls governing payments related to variables such as volume, entity, location, timing, and / or other conditions. Directly support the use of VDE chains of handling and control. Second, these headquarters clearinghouses 200HQ, 300HQ (single integrated trading utility system) will have properly collected and / or other audit trails, and payment information located in each country. It communicates to each clearing house 200A, 200B, 200C, 300A, 300B, 300C. Although less efficient than the lower embodiments described above, this configuration is based on acting as the central administrator for deposit and / or e-currency preparation for decentralized internal clearing houses, and It can appeal to large companies seeking to exercise centralized control over usage and financial information by efficiently managing the in-house collection of transactions related to.

Example: Trading Authorities Available Within and Between Organizations FIG. 66 illustrates an exemplary use of trading authorities 700 for intra-organizational and inter-organizational communication. FIG. 66 shows organization A (left side of the figure) as having an "intranet" (private data network within a particular organization) 5100A. Intranet 5100A may be, for example, a local and / or wide area network. The user electronic devices 100 (A) (1),. . . , 100 (A) (N) (eg, employees of organization A) communicate with each other over an intranet 5100A.

FIG. 66 also shows its own intranet 5100B, user electronics 100 (B) (1),. . . , 100 (B) (N), and another organization B that may have a private trading authority 700B. FIG. 66 further illustrates a public data network 5104 (eg, such as the Internet) and a public transaction authority 700 (C). FIG. 66 illustrates that in this example, organizations A and B communicate with the outside world through trusted trading authorities 700 (A), 700 (B). Trading authorities may also include "gateways", "firewalls", and other related communication components, if desired. In another embodiment, trusted trading authorities 700 (A), 700 (B) communicate over the Internet 5104 instead of requiring an actual "gateway", "firewall" to / from the Internet 5104. To operate across the interior of each organization A, B, potentially creating an electronic container 302 to do so.

In this embodiment, the users of the organization A are protected from the processing environments 100 (A) (1),. . . , 100 (A) (N) may have an example of a processing environment in which a virtual distributed environment is protected and may communicate with one another over an intranet 5100 (A) via a secure electronic container 302. Similarly, the electronic devices 100 (B) (1),. . . , 100 (B) (N) may have an example of a processing environment in which a virtual distributed environment is protected and may communicate with one another over an intranet 5100 (B) via a secure electronic container 302. Further, organization A and organization B may communicate with each other over the Internet 5104 via secure electronic container 302.

取 引 Organization A's private trusted trading authority 700 (A) may be used to facilitate organization A's internal communications and processes. Private protected trading authority 700 (A) may be used, for example, to carefully track items sent from one user to another user within organization A. On the other hand, public transaction authority 700 (C) is used to coordinate between organization A and organization B without revealing confidentiality information from any organization to other organizations. obtain. The following is a more detailed example. The arrangement of FIG. 66 can be usefully used to conduct business transactions.

Copy to user 100 (A) (1), 100 (A) (3) and 100 (A) (5) (neither of them can change notes after signing off) and to anyone else Users 100 (A) (2), 100 (A) (7) -100 (A) (10), and 100 (A) (12) with unreliable copies Before distributing the confidential notes to each of the users 100 (A) (1), 100 (A) (3) and 100 (A) (5) (each of which can modify the notes) Assume that it does not need to be approved by Private transaction authority 700 (A) may maintain a rule set that specifies these requirements. Trading Authority 700 (A)
Send a memo (in a secure container) to each of the users 100 (A) (1), 100 (A) (3) and 100 (A) (5) for approval in a "brute force" manner obtain.
• If any one of these users changes the note, trading authority 700 (A) may circulate the note to the other two for additional comments and corrections.

Once all three users 100 (A) (1), 100 (A) (3) and 100 (A) (5) approve the memo, trading authority 700 (A) is empowered. Put each of their digital and / or handwritten signatures or initials on a note, the note is only read and the user 100 (A) (1) -100 (A) (3), 100 (A) (5) A note to one or more secure containers having a control set that specifies that they are only read by 100 (A) (7) -100 (A) (10), and 100 (A) (12). Put.

-Trading authority 700 (A) may then send a copy of the note in the container to each of these users. Or, the same container may be requested and circulated from one party to another.
• Trading authority 700 may request electronic control to maintain a trace of a security audit showing where the container was, who opened the container, who has access to the notes held by the container, and when. Accordingly, trading authority 700 (A) may increase personal liability obligation accounting liability by proving, when, and for how long a particular person has viewed a particular document.

Organization A's intranet 5104 may also be used to exchange and / or distribute sensitive design specifications. For example, trading authority 700 (A) may maintain a detailed record of those who have accepted the design specification in digital form. Therefore, we assure our personal responsibility and accountability and provide a high degree of efficiency.

し た As mentioned above, private trading authorities 700 (A), 700 (B) may also provide a “firewall” function to prevent confidential information from leaking outside of the respective organizations A, B. For example, assuming that organization A is an integrated circuit designer, organization B is an integrated circuit manufacturer. Tissue A designs and identifies the circuit layout of the chip and makes a "tape out" to send to Tissue B. Tissue B manufactures integrated circuits based on “tape out” and delivers chips to Tissue A.

Trading authority 700 may be used to facilitate the above business transactions while maintaining the confidentiality of each of organizations A and B. For example,
• Private Trading Authority 700 (A) of Organization A oversees the overall design and specification design efforts within Organization A. All communications take place in secure container 302 over organization A's intranet 5100 (A) to maintain confidentiality. Trading authority 700 (A) may maintain a historical record of historical designs, work in progress, and specification versions as the design process proceeds.

-Private trading authority 700 (A) of organization A may manage the development of the final design specification, ensuring that all conditions required to promote the design specification are met.

Once the design specifications are completed, trading authority 700 (A) may move the design specifications in security container 152 to each of those in organization A that require a "sign-off." . Each of the devices 100 (A) (1),. . . , 100 (A) (k) attach and / or embed a digital signature, a handwritten signature, a seal, and / or a fingerprint as described above, indicating approval of the specification.

• Once satisfied that the specification has been "signed off" to the appropriate people, trading authority 700 (A) may send it to public trading authority 700 (C) over Internet 1104 in secure container 302. Public trading authority 700 (C) may be a trading authority held by organizations A and B to act as a liaison between them. Organization A's private trading authority 700 (A) may filter (or protect) any information sent to public trading authority 700 (C) so that organization B has access only to the information intended for it. Can be contracted. For example, private trading authority 700 (A) may provide additional electronic control within the container to prevent organization B from seeing any detailed audit information indicating where the specification is in organization A. I can do it.

-The public transaction authority 700 (C) independently certifies the design specification, while authorizing and / or authenticating against the latter evidence that organization A has delivered it at the specified data and time in accordance with the contract. Can act as a trusted third party.
• Public Trading Authority 700 (C) then forwards the design specification (still in a secure container) across the Internet 5104 to Organization B's Private Trading Authority 700 (B).

Organization B's private transaction authority 700 (B) copies a copy of the design specification across Organization B's intranet 5100 (B) to the appropriate users in Organization B 100 (B) (1), 100 (B). (N) automatically. Nobody outside organization B needs to know who received the copy of the specification. On the other hand, organization A's trading authority 700 (A) may include electronic controls to limit access to only certain engineers within organization B, if desired. These safety controls are carried into the organization B and the electronic devices 100 (B) (1),. . . , 100 (B) (N). The trading authority 700 (B) of organization B may manage the chip manufacturing process while assuring that all steps and conditions required to manufacture chips according to the design specifications of organization A will follow.

Example-A Trading Authority That Can Facilitate International Trade FIG. 67 illustrates an example of how trading authority 700 conducts international trade. In this specific example, trading authorities 700 coordinate complex multilateral transactions between companies 1106A, 1106B, and 1106C located in their own respective countries (eg, the United States, Australia, and Europe). Company 1106A has its own bank 1108A and lawyer 1110A. Similarly, company 1106B has its own bank 1108B and lawyer 1110B, and company 1106C has its own bank 1108C and lawyer 1110C.

The trading authority 700 assists in forming consent between international parties, for example, by passing offers and counter offers back and forth in a secure container and using contracts that form the technology described above. To provide some non-repudiation. Once a contract has been formed, trading authority 700 maintains a main set of rules and all conditions of control that must be met for a transaction to be completed. Thus, it can provide results for different events. Alternatively, once the contract is executed, the role of the trading authority can be virtual, especially in a simple model, such that value chain rules and controls are carried by the VDE container. The rules and controls of the VDE container specify, as a whole, all processes and conditions that must be satisfied, including their sequence of operations. The rules and controls provided to trading authority 700 may take into account international law having different rules that apply to different countries. This regulation may take into account various import and export requirements and restrictions, and international tax treaties between nations. This regulation includes upfront and / or ongoing tariffs related to routing and filing requests, confirms reputable distribution authorities, and sets out certain contractual conditions with relevant national and international authorities. Assist in filing, managing any freight or other transportation requirements, helping to establish reliable translation services for contract terms and conditions (especially standard terms and conditions), and internationally certified Manage the differences in demands and forms of the authorities in charge and impose the obligation to comply with the required social rules by effectively governing the bodies, governing effectively, nationally and substantively governing Collect dues, such as taxes on the territory in which they reside. The trading authority 700 can communicate between various international parties using secure electronic containers and can securely validate various reliable event notifications provided by the international parties.

Example: Distributed Trading Authorities Complex business interactions under the control of trading authority 700 may also be distributed, for example, within and between organizations and / or controlled areas. Complex international real estate transactions require the involvement of several functions that are not the buying and selling of companies (some financial institutions, insurance companies, and law firms and possibly governments in a few countries). Suppose that In addition, each of the organizations that are organized and individual to the transaction have a computer that is VDE aware, and within this respective organization or institution, this real property under the authority authorized by the main trading authority 700 Suppose there is at least one decentralized trading authority serving a transaction.

に 対 し て Each of the organizational and individual entities for the transaction has a computer that is VDE aware. Within each organization and agency, there is at least one decentralized trading authority, which provides services for this real property transaction under an authority authorized by the main trading authority 700.

In this one embodiment, each of the entities for the real property transaction has distributed trade rules and parameters describing their business relationships in the form of VDE rules and controls that define the role of each entity in the overall transaction. Have. For example, an insurer must guarantee characteristics at a value and cost that are acceptable to the buyer and approved by the mortgaged lender. Also, these trading VDE rules and controls have already been mutually agreed upon using the negotiation mechanism described in the Ginter et al. Application and some negotiations have been made with the history of negotiating these rules and controls. Assume that the rules and controls are all stored at the main trading authority for this real estate transaction. The top trading authority may be the primary trading authority 700, and may optionally be mutually agreed with the decentralized trading authorities. In this embodiment, the former is assumed. In short, all parties agree on the rules and controls governing the transaction. The negotiating process may be simplified because the trading authority 700 distributes a distributed template application for international real estate sales. This template is based on the past experience of the trading authority 700, and in particular was created by the trading authority 700 for this transaction as a service that added value to its important customers.

Each of the parties to the transaction, subject to the VDE control set that defines this atomic transaction, is responsible for seeing that some portion of the transaction is completed before closing and completing the entire transaction. . In some cases, several parties have a common responsibility for completing all transaction parts. For example, buyers and sellers must agree on a purchase price. This embodiment contributes to work requirements, including, for example, their price and other fluctuations. In addition, using the VDE negotiation mechanism, we reach agreement that represents a fair balance of interests. If the electronic negotiation is unsuccessful, the party may negotiate directly or the VDE secure container with an audit record indicating the failure will then notify each of the others authorized to participate in the entire transaction. Sent to authorities.

If the buyer and seller agree, this one embodiment completes the negotiation (or receives an order to complete the negotiation digitally signed by both parties using VDE technology). The processing environment then sends a notification to the decentralized trading authorities notifying others (including other participating trading authorities) whose prices have reached agreement. Based on the VDE control of a subtransaction, the VDE may securely notify the party or parties that certain other subtransactions are currently being completed. In this embodiment, the title search company may now perform those tasks. Insurers may now begin negotiations with buyers for coverage using the VDE negotiation mechanism. A lawyer at the lawyer's office for the buyer can begin negotiations with the counterparty at the sales company. Both forensic lawyers interact with their outside attorneys using VDE and VDE secure containers, creating and negotiating various documents whose implementation is completed in partial or all transactions.

In this embodiment, each of the parties may have one or more digital certificates issued by the licensing authority 500 to authenticate each of the parties for this transaction and its sub-transactions. The financial clearinghouse 200 provides payment communication means for various value-added services (eg, provided by the trading authority 700). The clearing house 300 collects audit records that are sent from time to time in VDE secure containers from each of the participating VDE's protected processing environments and provides an audit of these transactions by an independent third party. Secure directory service 600 helps participants locate each other's electronic addresses while maintaining confidentiality and privacy.

As each of the sub-transactions is completed, the decentralized trading authority within the organization where the sub-transaction was completed will notify the primary authority for this transaction 700 of completion of the sub-task. In accordance with the previously agreed VDE rules and control sets, some or all persons participating in the transaction may also be in a protected processing environment of at least one participating VDE, for example, individuals, distributed trading utility systems, distributed It may be notified by an audit trail and / or message sent and authorized securely by including the PPE at the node to the transaction authority and / or the primary authority for this transaction.

Once all components of the entire transaction have been completed, the trading authority, in this example, the primary trading authority for this real property sale, has fulfilled all the prerequisites and has resolved the entire transaction. Notify each participant and each participating decentralized trading authority. Optionally, the trading authority may give the seller and obtain a last opportunity to proceed with the completion or to continue the transaction. This one embodiment illustrates that the trading utility system 90 including the trading authority 700 can be distributed in an intermediate VDE protected processing environment that supports one or more trading utility systems 90.

Examples- Amortizing digital broadcast network infrastructure and other resources that span many users, building a critical mass faster than competitors, products that appeal most to customers and Supporting tailoring and tailoring services, maximizing the negotiating leverage power for purchases, building the most comprehensive infrastructure, Act as the best "one-stop" resource for work activities. These are all key concepts in successfully building a modern business. VDE and the Distributed Trade Utility establish a fund to create highly competitive and successful virtual space businesses that demonstrate these attributes. Many of these businesses reflect the characteristics of the Internet and the World Wide Web. Like VDE and distributed trading utilities, they constitute a decentralized community that achieves its maximum benefits through electronic trading cooperation. They offer different service layers, and complementary products and services, and realize the great advantage of coordinating their activities with their mutual benefits.

Digital Broadcasting Network (“DBN”) is truly an innovative trading business. Consisting of sites and services based on many different World Wide Webs ("webs"), DBN participants can maximize their buying and power by sharing resources and market transactions and customers. Greater influence and operational efficiency are gained by generating information and by supporting rational administrative overlays linking many (often complementary) activities to each other. As well as its underlying consistent rules enabling both the World Wide Web and the design of VDE and decentralized trading utilities, and superimposing the capabilities of both these architectures, digital broadcast networks have been Adopt a highly efficient and largely automated and distributed community that maximizes business efficiency. In a similar manner, other embodiments include other classifications of entities that function with each other as virtual businesses (eg, companies or other organizations). The decentralized nature of VDE and trade utility systems are particularly important in providing an efficient infrastructure for these modern, potentially large, virtual space business activities.

Digital broadcasting networks can function as a cooperative of websites and service providers with central or local and logical (market-based) headquarters groups, for example. Alternatively, it can function as a shareholder @ corporation for profit in the reminiscence of a business model of a television broadcaster (eg, NBC). Alternatively, functioning as a cooperative or virtual enterprise having a mixture of several or a mixture of the above attributes and employing distributed, peer-to-peer, hierarchical, centralized administrative business relationships and activities. obtain. In one embodiment, multiple companies are sized and connected to each other to provide an individual participant with some expertise and the ability to coordinate with each other in a "higher" level of a cooperative or business in several ways. Provides adjustment benefits.

In one embodiment, the digital broadcast network may be a single company with many licensed franchises. The licensed franchise is responsible for geographically and / or logically specialized market areas and / or for the distributed trading utility service hierarchy and / or other websites in a peer-to-peer context as described above. You can configure a website. On behalf of itself and its franchise, the company, for example,
-Negotiate with advertisers and their agents for optimal rates for exposure time,
Get the lowest cost for content provided by third parties,
Resell market analysis and user profile information,
A franchise that can share its revenues with DBN and / or other franchises,
Provide advertising to the franchise according to the franchise and / or franchise user base profile;
Guarantee a certain number of "eyes" (exposure and / or other interactions) for the advertiser's material,
Secure virtual networks that employ the capabilities of VDE and distributed trading utilities so that the entire organization operates in a secure and highly efficient manner, including the use of common user application tools, interfaces, and government activities To provide
・ Advertise the network according to the benefits of the network and the franchise,
Purchase and / or supply content to franchises according to their needs and / or franchise needs as dictated by their usage profile;
Collect and analyze the use of content (including advertising), purchase of virtual space, and other data as permitted with the franchise's consent,
-Allows franchises to perform many network functions on a local basis. The local criterion is to obtain and create available geographical and / or logical local (consistent with the focus there) content (and / or specific interest in its user base). ,
Negotiating consent for advertising products of value given the franchise's physical and / or logical market focus;
A web "broadcast" space (at least of content, having the rest of the consent control, and enforced, for example, by rules and controls under the control of the DBN and / or some one or more other network participants Control at least one portion of the device), and exercise local control over some portion), and
Perform other administrative support and / or service functions for benefits and / or networks.

In one embodiment, the DBN employs the many security and administrative capabilities of VDE and the many service features provided by the present invention to manage and automate distributed relationships and activities that are central to the DBN business model. . For example,
-Trading authority 700 may provide overall administrative content for managing the network community. For example, trading authority 700 may manage the routing of content to the appropriate franchise (by using VDE rules and controls in the preferred embodiment). The chain of handling and control over reporting usage information may also be managed. Trading authority 700 may obtain and / or derive its electronic control set from an agreement between the DBN and its franchise. Electronic negotiation can be used to create these agreements. Trading authority 700 may also receive controls that reflect direct bilateral or other networked relationships between franchises and other participants.

Rights and Permits Clearinghouse 400 may extend content-related trading rights to network franchises. It acts as a repository for rights, including content rights held by the network entities themselves and made available to other network entities, related to content provided to customers by the network entities themselves. Such content rights may include, for example, displaying, selling, redistributing, re-planning, and advertising. It may provide additional rights (e.g., redistribution rights or specialized redesign rights) and / or provide automated profiles, e.g., based on usage.

-The clearinghouse 300 may collect usage data in market analysis, user profiles, and ad support. It can also analyze the information and the reports drawn. It may distribute that information internally to the DBN as appropriate and sell other usage-based information based on reporting and / or trading opportunities externally.
-The financial clearinghouse 200 assures the implementation of appropriate compensation throughout the network. It can collect payments from franchises for content by DBN. It may distribute them to franchise payment fees as a result of advertising and resale of usage information. It may, for example, collect payments from franchises for the support of DBN infrastructure and services generally, such as network advertising. It connects to the infrastructure of a multipurpose financial clearinghouse and sends and receives payments related to information.

Secure directory service 600 may maintain a directory service based on unique validation and / or classification characteristics. A very large number of franchises can exist overall. Directory service 600 may also maintain customer directory information, including unique identifiers and profile information. Secure directory service 600 may maintain directory information for content that is owned, managed, and / or available to the network.

-The certification authority 500 may certify the roles of all participants in the network. It issues certificates to each franchise, for example. It may also issue certificates that authenticate the trade relationships of the groupings of network entities, and may promote efficient security relationships with third parties. They can also issue certificates to their customers, recognizing certain specified customer rights with respect to trading activities with organizations outside of the customer (eg, a discount scheme, or becoming a member of a larger “DBN” community). Can be represented.

Some or all of certain service functions (eg, as described above) may be highly distributed, may work significantly, predominantly, or even more exclusively in franchises, and serve network web servers.

Although the present invention has been described in terms of the presently most practical and preferred embodiments, the present invention is not limited to the disclosed embodiments, but instead is intended to vary within the spirit and scope of the appended claims. It is intended to cover all modifications and equivalent arrangements.

The figure which shows an example of the distributed trading utility (Distributed @ CommerceUtility) which supports an example of a consumer's electronic device. FIG. 4 illustrates a protected processing environment (“PPE”) in a consumer electronic device. FIG. 9 illustrates that a distributed trading utility may include multiple examples of a trading utility system. The figure which shows a mode that a management and a support service function are distributed. The figure which shows a mode that a management and a support service function are distributed. The figure which shows a mode that a management and a support service function are distributed. The figure which shows a mode that a management and a support service function are distributed. The figure which shows a mode that a management and a support service function are distributed. The figure which shows the example of a distributed trading utility system. The figure which shows the example of a distributed trading utility system. The figure which shows the example of a distributed trading utility system. The figure which shows an example of the web of a trading utility system. FIG. 2 illustrates an unlimited web of consumer equipment and trade utility systems. FIG. 9 is a diagram showing a state in which a right holder can select between multiple trading utility systems connected to an electronic “information highway”. The figure which shows an example of a mode that different trade utility systems function together. FIG. 4 is a diagram illustrating an example of how multiple management and support service functions are combined and integrated into a trade utility system. The figure which shows an example of the web of the combination function trading utility system. The figure which shows the example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a multifunctional trading utility system. The figure which shows an example of a financial clearinghouse. The figure which shows an example of a clearinghouse. The figure which shows an example of a right and a clearance clearinghouse. The figure which shows an example of a certification authority. The figure which shows an example of a secure directory service. The figure which shows an example of a trading authority. FIG. 6 illustrates that a trade utility system may support other trade utility systems. FIG. 6 illustrates that a trade utility system may support other trade utility systems. FIG. 6 illustrates that a trade utility system may support other trade utility systems. FIG. 6 illustrates that a trade utility system may support other trade utility systems. FIG. 6 illustrates that a trade utility system may support other trade utility systems. FIG. 6 illustrates that a trade utility system may support other trade utility systems. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows the example of the interaction model of a trade utility system. The figure which shows an example of the structure for distributing a part of management and support service operation. The figure which shows an example of the financial clearing house trading utility system. The figure which shows an example of a structure of a financial clearinghouse. The figure which shows an example of a financial note exchange process. FIG. 6 illustrates further examples of financial note exchange activities and processes. The figure which shows an example of a value chain (payment) decomposition (disaggregation). FIG. 22 is a diagram illustrating an example of how the decomposition of FIG. 21 may be implemented in a clearinghouse context. The figure which shows an example of a structure for implement | achieving payment decomposition | disassembly on the processing environment protected by the user. The figure which shows an example of a more complicated value chain (payment) decomposition. FIG. 6 illustrates an example of how disassembly can be achieved within a clearinghouse context. FIG. 4 is a diagram illustrating an example of a value chain decomposition detailing guarantees to a decentralized trading utility. FIG. 4 illustrates an example of a value chain (payment) decomposition for an arbitrary number of recipients. FIG. 9 illustrates a further example of how value chain (payment) disassembly and rebalancing can be achieved via a financial clearinghouse. FIG. 4 illustrates an example of a superdistribution @ payment and re-disassembly scenario using a financial clearinghouse for financial note exchange. FIG. 4 illustrates an example of a value chain (payment) decomposition in a consumer's protected processing environment or other site. The figure which shows the example of the value chain (payment) decomposition | disassembly which crosses multiple transactions. FIG. 4 illustrates an example of value chain (payment) decomposition crossing multiple transactions and multiple consumers. FIG. 1 illustrates an example of a trading utility system architecture that provides payment resolution. The figure which shows an example of the used clearing house trading utility system. The figure which shows an example of a clearing house clearinghouse architecture. The figure which shows an example of a use bill exchange process. FIG. 4 is a diagram illustrating a further example of a bill of exchange clearing process using a multi-use bill clearinghouse. The figure which shows an example of the used bill clearing process using a clearing house and a clearing house. The figure which shows an example of the media arrangement | positioning process (media @ placement @ process) of a clearing house. FIG. 7 illustrates an example of a bill of exchange process for providing discounts based on different levels of consumer use disclosure. The figure which shows an example of a right and permission clearing house trading utility system. 1 is a diagram illustrating an example of a rights and clearance clearinghouse architecture; FIG. FIG. 4 is a diagram illustrating an example of a rights and authorization bill exchange process. The figure which shows an example of the control set registration process for an update. FIG. 4 is a diagram illustrating a further example of a rights and authorization bill exchange process. The figure which shows another example of a right and a permission bill exchange. The figure which shows the example of a right template. The figure which shows the example of a right template. The figure which shows an example of the control set corresponding to the example of a rights template. FIG. 4 is a diagram illustrating another example of a rights and authorization bill exchange process. The figure which shows an example of the certification authority trade utility system. The figure which shows an example of a certification authority architecture. The figure which shows an example of an authentication process. The figure which shows an example of a distributed authentication process. FIG. 7 illustrates an example of a control set whose execution and / or other results are conditional on the presence of digital authentication. The figure which shows the example of a digital authentication data structure. FIG. 6 is a diagram illustrating an example of another digital certificate and a technique for generating a digital certificate based on a trusted database. The figure which shows an example of the technique which prescribes a virtual entity (virtual @ entity). The figure which shows an example of the technique which prescribes a virtual entity (virtual @ entity). The figure which shows an example of the technique which prescribes a virtual entity (virtual @ entity). The figure which shows an example of the secure directory service trading utility system. The figure which shows an example of a secure directory service architecture. The figure which shows an example of a secure directory service process. The figure which shows an example of a trading authority trading utility system. FIG. 2 illustrates an example of a trading authority architecture. The figure which shows an example of a trading authority process. The figure which shows an example of a mode that a transaction authority produces | generates a control super set (control @ superset). FIG. 4 illustrates an example of steps performed by a trading authority. The figure which shows an example of the secure checkpoint trading utility system. The figure which shows an example of the secure checkpoint trading utility system. The figure which shows the example of the mode that a distributed trading utility can support a different electronic value chain. The figure which shows the example of the mode that a distributed trading utility can support a different electronic value chain. FIG. 6 illustrates an example of shopping, licensing, and / or renting. The figure which shows an example of shopping and payment about a tangible item. It is an example of a customer paying securely for a service. The figure which shows the example of the value chain decomposition | decomposition about shopping of a tangible thing. FIG. 1 illustrates an example of cooperation between a trade utility system inside and outside an organization. The figure which shows an example of the transaction authority between and within a mechanism. The figure which shows an example of inter-state trade.

Explanation of reference numerals

75 Distributed Trading Utility 100 Consumer Equipment 102 Home Color Television Set 102a Television Program 104 Video Player / Recorder 106 Set Top Box 108 Handheld Remote Controller 150 Electronic Network 154 Protected Processing Environment

Claims (21)

A system for secure and automated transaction processing,
A user site including a first secure environment including a processor and a secure memory;
The secure memory contains a first managed content and is associated with a first set of rules, and a secure container includes a second managed content and is associated with a second set of rules. Storing a second secure container and a third set of rules,
The first rule set is:
A first rule that specifies a first secure interoperable transaction processing system that includes a first plurality of interoperable clearing houses;
A second rule that allows the user to select one or more clearinghouses from the first plurality, wherein the selected clearinghouse includes at least one of the first managed content. A second rule used to at least partially process a transaction that includes the part.
The second rule set is:
A third rule specifying a second secure interoperable transaction processing system including a second plurality of interoperable clearing houses;
A fourth rule that allows the user to select one or more clearinghouses from the second plurality, wherein the selected clearinghouse includes at least one of the second managed content. A fourth rule used to at least partially process a transaction that includes the part.
The third rule set is:
One or more rules specifying one or more clearinghouses acceptable to the user;
A fifth rule specifying a user request restricting the use of the identification information provided by the user;
The user site compares the clearing house specified by the third rule set with the clearing house specified by the first rule set or the second rule set, and a match exists. A system that can show you. The method of claim 1, wherein the fifth rule specifies that a clearing house must delete at least some of the identification-related information before transmitting information related to the user to a third party. system. A method of processing a digital transaction,
Sending the node to the user site;
Initializing the node, wherein the initialization comprises:
Specifying at least one processing center to be used for processing at least some digital transactions involving the node;
Initializing, including specifying at least one privacy-related option associated with an acceptable use of identification information associated with the user;
Sending a secure container containing the managed content to the user site, wherein the secure container is associated with a rule set that at least partially governs access or other use of the managed content. Steps and
Indicating that the user intends to access at least a portion of the managed content;
Displaying a message to the user in response to the rule set, wherein the message includes information relating to conditions required before access to the managed content is allowed;
The user indicating consent to the conditions;
Allowing access to at least a portion of the managed content to the user, wherein the access is at least partially managed by the rule set;
Responsive to the rule set, a communication is securely transmitted from the user site to the processing center, the communication including information related to the transaction. 4. The method of claim 3, wherein the step of designating at least one processing center includes presenting a list of candidate processing centers to the user, wherein the user selects one processing center from the list. 4. The method of claim 3, wherein the node is sent and installed in an at least partially secure manner. Initializing the node includes specifying a payment method;
4. The method of claim 3, wherein the communication information includes information related to a payment made using the specified payment method. 4. The method of claim 3, wherein the communication information includes usage information, and the usage information is securely transmitted from the processing center to a third party site. 4. The method of claim 3, wherein the step of accepting a condition by the user comprises the step of accepting a specified price by the user. A method of processing a digital transaction,
Sending the electronic device to a user, the electronic device including software from the first entity;
At the user site, initializing the electronic device, wherein the initialization comprises:
Registering the software with the first entity and selecting a payment option, the registration comprising:
Specifying privacy options related to the acceptable use of the identity;
Initializing, comprising: transmitting registration information from the user to the first entity;
Sending a first secure container to the user, the first secure container including a first managed content, and accessing or accessing at least a portion of the first managed content. Steps associated with a first rule set that at least partially governs other uses;
The user using the electronic device to gain access to at least a portion of the first managed content under at least partial control of the first rule set;
Creating a second secure container containing information related to the user's access to the first managed content under at least partial control of the first set of rules; The second secure container at least partially manages access or other use of the managed content of the second container, and wherein the user is in return for access to the first managed content. Associated with a second set of rules including information related to the payment made by said payment option, said payment being at least partially specified by said payment option selected in said initialization step;
Transmitting the second secure container to a second entity at least partially specified by the second rule set;
Extracting information from the second secure container at the second entity and performing an operation on at least a portion of the extracted information;
Transmitting information related to the user's use of the first managed content from the second entity directly or indirectly to the first entity. A method of processing a digital transaction,
The first rights holder sending the first content to the administrator;
The administrator storing the first content in a first secure container and associating a first rule set with the first secure container, wherein the first rule set is At least partially managing access or other use of the first content;
The administrator communicating the first secure container to a user;
At the user's site, the user indicating a desire to access at least a portion of the first content;
The user selecting a first clearinghouse in response to the first rule set;
The user obtaining access to at least a portion of the first content, wherein the access is at least partially managed by the first rule set;
In response to the first set of rules, the payment information and usage information associated with the user's access at least partially governs access or other use of at least some content of a second secure container. Stored in the second secure container associated with a second rule set, wherein the second rule set includes a privacy policy regarding the use of identification information associated with the user. Including rules generated by the user, at least partially specifying
The second secure container is communicated to the administrator;
The administrator accessing the content of the second secure container, wherein the access is at least partially managed by the second rule set;
The administrator communicating at least some of the payment information of the second secure container to the first clearinghouse, wherein the manager sends the first clearinghouse a clearing request to the first clearinghouse. The communication is at least partially governed by the user's rule requirements;
The administrator communicating at least some of the usage information of the second secure container to the first clearinghouse;
The first clearing house communicating to the rights holder payment and usage information related to the user's access to the first content. A method of processing a digital transaction,
The first rights holder sending the first content to the administrator;
The administrator storing the first content in a first secure container and associating a first rule set with the first secure container, wherein the first rule set is At least partially managing access or other use of the first content;
The administrator communicating the first container to a user;
At the user's site, the user indicating a desire to access at least a portion of the first content;
The user selecting a first clearinghouse in response to the first rule set;
The user obtaining access to at least a portion of the first content, wherein the access is at least partially managed by the first rule set;
In response to the first set of rules, the payment information and usage information associated with the user's access at least partially governs access or other use of at least some content of a second secure container. Stored in the second secure container associated with a second set of rules that:
The second secure container is communicated to the administrator;
The administrator accessing the content of the second secure container, wherein the access is at least partially managed by the second rule set;
The administrator communicating at least some of the payment information for the second secure container to the first clearinghouse;
The administrator communicating at least some of the usage information of the second secure container to the first clearinghouse;
The first clearinghouse communicating to the rights holder payment and usage information related to the user's access to the first content;
A second rights holder communicating second content to the administrator;
The administrator storing the content in a third secure container and associating a third set of rules with the third secure container, wherein the third set of rules is associated with the second secure container. At least partially managing access or other use of the content of
The administrator communicating the third secure container to a user;
At the user's site, the user indicating a desire to access at least a portion of the second content;
The user selecting a second clearinghouse in response to the third rule set;
The user obtaining access to at least a portion of the second content, wherein the access is at least partially managed by the third set of rules;
Storing, in response to the third rule set, payment information and usage information associated with the user's access in a fourth secure container associated with a fourth rule set; The fourth set of rules at least partially managing access or other use of at least some content of the fourth secure container;
The fourth secure container is communicated to the administrator;
The administrator accessing the content of the fourth secure container, wherein the access is at least partially managed by the fourth rule set;
The administrator communicating at least some of the payment information for the fourth secure container to the second clearinghouse;
The manager communicating at least some of the usage information of the fourth secure container to the second clearing house;
The second clearinghouse communicating to the rights holder payment information relating to the user's access to the second content;
The second clearing house communicating to the rights holder usage information related to the user's second content access. A method of processing a digital transaction,
A first rights holder communicating the first content to an administrator;
The administrator storing the first content in a first secure container and associating a first rule set with the first secure container, wherein the first rule set is At least partially managing access or other use of the first content;
A second rights holder communicating second content to the administrator;
Prior to communicating the first secure container to a user, the administrator stores the second content in the first secure container, wherein the first rule set is At least partially managing access or other use of the second content;
The administrator communicating the first secure container to the user;
At the user's site, the user indicating a desire to access at least a portion of the first content;
The user selecting a first clearinghouse in response to the first rule set;
The user obtaining access to at least a portion of the first content, wherein the access is at least partially managed by the first rule set;
In response to the first set of rules, the payment information and usage information associated with the user's access at least partially governs access or other use of at least some content of a second secure container. Stored in the second secure container associated with a second set of rules that:
The second secure container is communicated to the administrator;
The administrator accessing the content of the second secure container, wherein the access is at least partially managed by the second rule set;
The administrator communicating at least some of the payment information for the second secure container to the first clearinghouse;
The administrator communicating at least some of the usage information of the second secure container to the first clearinghouse;
The first clearing house communicating to the rights holder payment and usage information related to the user's access to the first content. At the user's site, the user indicating a desire to access at least a portion of the second content;
The user selecting a second clearinghouse in response to the first rule set;
The user obtaining access to at least a portion of the second content, wherein the access is at least partially managed by the first rule set;
Storing, in response to the first rule set, payment information and usage information associated with the user's access in a third secure container associated with a third rule set; The third set of rules at least partially managing access or other use of at least some content of the third secure container;
The third secure container is communicated to the administrator;
The administrator accessing the content of the third secure container, wherein the access is at least partially managed by the third rule set;
The administrator communicating at least some of the payment information of the third secure container to the first clearinghouse;
The administrator communicating at least some of the usage information of the third secure container to the first clearinghouse;
13. The method of claim 12, further comprising the step of the first clearinghouse communicating to the rights holder payment and usage information related to the user's access to the second content. A digital trading method,
A first rights holder packaging a first content into a first secure container associated with a first rule set, wherein the first rule set includes the first secure set; At least partially managing access or other use of at least some of the contents of the container;
The first rights holder communicating the first secure container to a user;
The user obtaining access to at least a portion of the first content, wherein the access is at least partially managed by the first rule set;
The user selecting a first clearing house from a plurality of clearing house options, wherein the selection is at least partially governed by the first rule set;
The user selecting a privacy option related to the use of the identity;
The user communicating payment information to the first clearing house, wherein the communication is at least partially governed by the first rule set;
The first clearing house clearing information to the first rights holder, wherein the first clearing house clearing information is communicated to the first rights holder. Is at least partially governed by the user's privacy options;
The first rights holder receiving usage information related to the user's access to the first content. A digital trading method,
A first rights holder packaging a first content into a first secure container associated with a first rule set, wherein the first rule set includes the first secure set; At least partially managing access or other use of at least some of the contents of the container;
The first rights holder communicating the first secure container to a user;
The user obtaining access to at least a portion of the first content, wherein the access is at least partially managed by the first rule set;
The user selecting a first financial clearinghouse from a plurality of financial clearinghouse options, the options being at least partially managed by the first rule set;
The user communicating payment information to the first clearing house, wherein the communication is at least partially governed by the first rule set;
The first clearing house clearing information to the first rights holder;
The first rights holder receiving usage information related to the user's access to the first content;
A second rights holder packaging the second content into a second secure container associated with a second set of rules, wherein the second set of rules includes the second set of rules in the second container; At least partially managing access or other use of the content;
The second rights holder communicating the second secure container to a user;
The user obtaining access to at least a portion of the second content, wherein the access is at least partially managed by the second set of rules;
The user selecting a second financial clearing house from a plurality of financial clearinghouse options, the options being at least partially managed by the second rule set;
The user communicating payment information to the second clearing house where the communication is at least partially governed by the second rule set;
The second clearing house communicating payment information to the first rights holder;
The first rights holder receiving usage information related to the user's access to the second content. A digital trading method,
Communicating a first rule set to a user site, wherein the first rule set is associated with a first entity;
Communicating a second set of rules to the user site, wherein the second set of rules is associated with a second entity;
Communicating a first secure container to the user site, wherein the first secure container includes first content;
Accessing at least a portion of the first content at the user site;
Creating a second secure container at the user site,
The generation of the second secure container is at least partially managed by the first rule set;
The second secure container is associated with a third set of rules that at least partially governs access or other use of the content of the second secure container;
The third rule set including rules generated by or on behalf of the user;
Incorporating payment-related information into the second secure container;
Communicating the payment-related information from the user site to the first entity in response to the first set of rules, wherein communicating the payment-related information to the first entity comprises at least Transmitting, in part, the second secure container to the first entity;
Communicating usage related information from the user site to the second entity in response to the second set of rules;
Using at least a portion of the payment-related information at the first entity, wherein the use is at least partially governed by rules of the user from the third set of rules. Including methods. 17. The user's rules from the third set of rules at least partially specify a privacy policy associated with an acceptable use of an identity associated with the user or the user site. the method of. A digital trading method,
Communicating a first rule set to a user site, wherein the first rule set is associated with a first entity;
Communicating a second set of rules to the user site, wherein the second set of rules is associated with a second entity;
Communicating a first secure container to the user site, wherein the first secure container includes first content;
Accessing at least a portion of the first content at the user site;
Communicating payment related information from the user site to the first entity in response to the first set of rules;
Communicating usage related information from the user site to the second entity in response to the second set of rules;
Communicating a third set of rules to the user site, wherein the third set of rules is associated with a third entity;
Communicating a second secure container to the user site, wherein the second secure container includes second content;
Accessing at least a portion of the second content at the user site;
Communicating payment related information from the user site to the third entity in response to the third set of rules;
Communicating usage related information from the user site to the second entity in response to the second set of rules;
Communicating usage related information from the second entity to a fourth entity, wherein the fourth entity owns at least some rights in the first content. A digital trading method,
Communicating a first secure container from a first party to a second party, wherein the first secure container includes first content and is associated with a first rule set; A rule set at least partially managing access or other use of at least a portion of the content of the first secure container;
Comparing the request specified by the first rule set with the request specified by a second rule set residing at the second party site, wherein the compared request is a bill of exchange. Including a request associated with the exchange, wherein the comparison process comprises:
Comparing a first clearinghouse candidate specified by the first rule set to an acceptable clearinghouse specified by the second rule set;
Determining that the first clearinghouse candidate is not acceptable to the second rule set;
Comparing a second clearinghouse candidate specified by the first rule set to an acceptable clearinghouse specified by the second rule set;
Determining that the second clearinghouse candidate is acceptable to the second rule set;
Designating the use of the second clearinghouse candidate;
Comparing the privacy related request included in the second rule set with the information use request of the first rule set, wherein if there is a match, the second party may determine the first content Obtaining access to at least a portion of
Transmitting payment information from said second party to said second clearinghouse candidate;
Using the payment information to at least partially clear payment by the second party for the access to the first content. A digital transaction management system,
Means for creating a secure digital container, comprising: means for packaging content in the secure digital container; and means for associating a rule set with the secure digital container, wherein the rule set comprises the secure digital container. Means for at least partially managing access or other use of the content in a digital container;
Means of communicating secure containers from rights holders to administrators;
Means at the administrator's site to undertake an automated negotiation between a rule set specified by the rights holder and a rule set specified by the administrator, the negotiation providing payment related information. Means including at least one or more designations of one or more clearing houses for clearing and one or more clearing houses for clearing usage related information;
Means for communicating the secure digital container to prospective users of the content packaged in the container;
Means for communicating payment information and usage information from a user of the content, including means for rules associated with the content to at least partially control the communication;
Means for a financial clearinghouse specified in an automated negotiation between the administrator and the rights holder to receive payment related information from the user and communicate the payment related information to the rights holder;
Means for receiving clearinghouse use from a user and transmitting the use-related information to the rights holder for a clearing house specified in an automated negotiation between the administrator and the rights holder. system. 21. The system of claim 20, further comprising means for enforcing privacy-related restrictions specified by a user at the administrator's site.

Images