JP2008217802A - Credit infrastructure support system, secure electronic trade, electronic commerce, method and technique for controlling and automatizing trade process, distributed computation, and right management - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide modular arrays where right management for electronic trade is integrated with a support service. <P>SOLUTION: The management and the support service supply a secure basis for performing financial management, the right management, certificate authorities, rule bill clearing, usage bill clearing, a secure directory service, and other transaction-related ability to be functioned on the Internet and/or intranet. Distributed trade utilities optimally effectively utilize trade management sources and practically performs scaling in response to electronic trade growth demand. Different support functions are collected in relation of hierarchy and/or network, so as to be adaptable to various business models and/or other purposes. Modular support functions are combined in different arrays, so as to form different commerce utility systems for providing and aiming at different kinds of design. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention generally relates to a secure scheme for optimizing the efficiency of modern computing and networks to manage and support electronic interactions and their results, and for distributed and reliable management in electronic trading. It is.

  More particularly, the present invention relates to a “distributed trading utility”. In other words, it is a base for management support of electronic trade and other electronic interactions and the environment related thereto.

Specifically, the present invention relates to the following items.
・ Efficient management support for electronic trade and communication ・ Method and technology for electronic rights management and support service ・ Safe electronic transaction management / management, electronic process control and automation, payment function, electronic network and / or virtual Technology and provisions for distributed management support services in a distributed environment-Infrastructure and support capabilities for settlement, control, automation and other management. As a result, it is possible to collectively support activities for many trade users by peer-to-peer efficient and secure in the digital community.

  In a high-efficiency and high-efficiency society, the ability to control the purpose and results of each activity is required. In all societies, basic services, facilities and implementation are necessary.

・ Post office delivery ・ School education for children ・ Traffic management and road maintenance by highway management department ・ Fire department fire extinguishing ・ Power supply to power company households ・ Telephone companies and people at long distances Providing directory services when distance devices are connected and the exact number is unknown ・ Bank deposit management ・ Distribution of news and entertainment programs to homes by cable TV and radio stations ・ Maintenance of police security ・ Disposal of trash by the Health Department Collection ・ Necessary welfare policy for people in need of life through welfare services

  These and other “not-in-case” important management support services provide a foundation or foundation for realizing the conveniences required in modern life. This foundation enables efficient and smooth trade.

Consider buying bread at a local bakery. The bakery does not have to do all the work involved in making bread. This is because the management support service provided by the community can be used. For example,
• Bakers do not have to grow wheat to make bread or mill wheat. Instead, the bakery can purchase from a supplier that trucks the flour.

• Similarly, bakers don't have to make fuel to heat the oven. That is, fuel is delivered by pipes or tanks from a specialist in fuel production and supply.
• Sanitary inspection certificate of the local health center presented to the local bakery guarantees the sanitation management of the bakery.

Thus, a management support service that compensates the work of each supplier is important. For example,
• Bakers and their customers trust the government that guarantees money that is used in buying and selling bread and taken out of people's wallets or purses.

  • If you use a check, the bank system will charge the customer's account for the check usage and pay the bakery by the next day.

  • If the bakery and customer use separate banks, the customer's check is processed by an automatic “bills exchange” system. This system enables bill exchange and settlement between different banks. The money is transferred between banks, and if there is not enough money in the account, a check drawn from the account is returned.

  ・ If a credit card can be used for payment at the bakery, customers have more choices in payment methods, making it easier to pay when exchanging bakery items and making it easier to buy bread.

  Such support management services increase the scale and scope of economic activities, thereby further improving the efficiency of economic activities. For example, these important support management services allow bakers to focus on how to make or bake delicious bread. Compared to baking homes in home ovens, it is more efficient for a large bakery opener and skilled baker to bake a lot of bread. Also, it is much more efficient to exchange chickens and breads compared to grain producers who prepare the necessary fuel and bake bread. Therefore, bakers and customers use credit cards to make purchase transactions because both of these payment methods work well, and a very efficient and useful basis for transactions that do not involve cash. This is because they trust the “automation” function.

The electronic community needs management support services, and a global electronic community is formed. Its users need the ability to form, control and automate interactions in the electronic society. There is also a real need for a reliable, secure and reliable support management service for these users.

In international trade, computerization is further accelerating. The Internet is a huge electronic network that connects millions of computers around the world and is actively used as a medium for commerce. An easy-to-use interface (for example, a user can start purchase by “pointing and clicking” on an item and complete the purchase by filling out credit card information in a simple form) is a major trigger. The Internet is rapidly becoming the center of consumers and merchants who purchase goods. The Internet is also becoming an important sales and distribution “channel” for all types of electronic assets and services, including information, software, games and entertainment.

  At the same time, large corporations are using internal and public data networks to connect suppliers and customers. Electronic trade has become increasingly important to an increasingly computerized world with the apparent reduction in computational and network capacity costs. As electronic trading becomes widespread, this new electronic community is creating many new demands for management support in electronic and “settlement” services.

  The electronic community just needs a foundation to support both business and personal electronic interactions and relationships. Large-scale electronic trading is a reliable, efficient, flexible, scalable, third party support and management service provider for secure networks and the importance of the trading process It requires a mechanism that simplifies this part.

For example,
• Value providers for the electronic community need a seamless and efficient mechanism that compensates for the value provided.

  -In the electronic community, providers of products and services need a reliable and efficient electronic payment method that is useful to providers and users of other value chains.

-In the market on computers, buyers do not fully understand invisible payment processing, and therefore require an interface with good operability, efficiency and flexibility in the payment mechanism and financial debt fulfillment system.

  -All types of digitized "content" (text, graphics, movies, animations, images, video, digital linear video, audio and recording analog and digital data, images, software computer programs, data) All types of electronic control processes require a safe, flexible and universally available approach. With this method, it is possible to manage business models such as rights management, bill collection when necessary, and handling information for content usage.

  • With virtually increased trade, all users need reliable, secure and secure infrastructure support services.

  An important objective for successful e-commerce management and trading is the development and operation of a series of management support services. These help achieve the objectives and facilitate the creation of diverse, flexible, valuable and efficient business models throughout electronic trading.

Ginter Patent Specification Offering Comprehensive Solution The Ginter et al. Patent specification described above describes a technology that provides an original and effective ability to help secure distributed transaction-based electronic trading and rights management. For electronic traders, this technology brings many important new business models and business practices, while also supporting traditional business models and business practices.

  Ginter et al.'S patent specification provides a comprehensive, comprehensive system and a wide range of methods, technologies, structures, and arrangements, from large and small businesses and home studies and living rooms, on the Internet (and intranet), Secure and efficient distributed electronic trading and rights management can be used. Such technologies, systems and arrangements provide unprecedented safety, reliability, effectiveness and flexibility in electronic trading and electronic rights management.

  The Ginter et al. Patent specification also provides an “information utility”. “Information utilities” are management support services, facilities, and enforcement networks that facilitate electronic trading in modern new electronic communities and support electronic transactions. As an example, Ginter et al. Describe a wide range of management support services that coordinate and support secure “virtual distributed environments”. The providers of these management support services are listed below.

・ Transaction processor ・ Usage analyst ・ Report acceptor ・ Report creator ・ System administrator ・ License officer ・ Authentication authority ・ Content and message registry ・ Financial bill exchange ・ Consumer / author registration system ・ Template library ・Management structure library-Billing system-Electronic transfer, credit card, bill billing system-Receipt, reply, transaction, analysis, audit system

An invention based on and extending the solution described in the Ginter patent specification. The present invention is based on the basic concept in the Ginter et al. Patent specification and further extends the invention to be effective, flexible and possible. Increase sex. The present invention is an overview of an overall distributed management support service (“distributed trading utility”). As in the preferred embodiment, the present invention can take advantage of the “virtual distributed environment” and other capabilities in the Ginter et al. Patent specification, and can sit on top of these capabilities, It is an extension.

Summary of Features and Benefits of the Present Invention The present invention provides an integrated, modularized management support service for electronic trading, electronic rights and transaction management. These management support services can be used for financial management, rights management, certification authorities, rule payments, usage payments, secure directory services and other transactions for large electronic networks or electronic devices such as the Internet and / or corporate intranets. Provides a basis for the ability to function in the home network.

  These management support services can respond to requests specific to the electronic trade value chain. For electronic trade users, management support services support their own pursuit of profits, and these services can be configured and reused in response to the current competitive business world.

  The present invention provides a “distributed trading utility” that provides a management support service and has a secure, programmable, distributed architecture. The distributed trading utility can maximize the use of resources for trade management. In addition, this utility can be used to evaluate the response to demands associated with an increase in electronic commerce in a way that suits the current situation.

  A distributed trading utility is composed of a number of trading utility systems. The trading utility system provides an infrastructure network that can be used and reused by all electronic communities and / or many or all users.

  Different support functions are functions that can be obtained together in a hierarchical relationship and / or a network relationship to suit different business models and / or other purposes. The modular support function is a function that integrates a variety of different trading utility systems designed for different facilities and different purposes. These trading utility systems can be distributed over a vast number of electronic devices with different degrees of spread.

The comprehensive “distributed trading utility” provided by the present invention is as follows.
・ Practical and effective electronic trading and rights management will be possible.
・ Provide services that safely manage and support electronic interactions and their results.
• Establish infrastructure for electronic trading and human electronic interactions and relationships.

Optimize the efficiency of modern distributed computing and distributed networks.
・ Electronic automation and distributed processing are realized.
Provide an infrastructure for modular, programmable, distributed, optimally computerized electronic trading and communication.

  ・ Provide comprehensive capabilities linked to service support in carrying out various management support tasks.

  -Maximize the advantages of electronic automation and distributed processing by optimally allocating and using resources on the system or network.

・ Effectiveness, flexibility, economy, variability, reusability, correctability, and versatility.
-Economically reflect the conditions required for the user's business and privacy.

  -Optimal distributed processing is possible. This makes the trade model flexible and can be evaluated to meet demand and meet user requirements.

・ The amount of activities and services in all fields can be handled efficiently.
-By combining distributed processing and centralized processing, each business model can be adapted or handled.

  • Combining localized, centralized and networked capabilities allows the ability to be configured or reconfigured independently to adapt to changing conditions.

  • Support multipurpose resources and reuse them for many different models. That is, existing infrastructure can be reused by different value chains with different requirements.

Can support a number of trade and communication models.
• Localized, centralized, and networked resources can be successfully applied to meet individual value chain conditions.

・ Reduce costs and maximize efficiency by sharing common resources.
Support combined, decentralized, peer-to-peer, centralized, networked capabilities.

-Local operation, remote operation and / or centralized operation are possible.
-Operation in synchronous mode, asynchronous mode, or operation in both modes can be supported.

  • Easily and flexibly adapt to many rapidly changing business opportunities, business relationships, and business constraints in a “virtual space”.

  In short, the distributed trading utility provides a comprehensive, integrated management support service for secure electronic trading and other electronic interactions.

  Some of the advantageous features and characteristics of the distributed trading utility provided by the present invention include:

  A distributed trading utility supports programmable, distributed, optimally computerized trading and communication. This utility uniquely provides various services for executing management support work. This support work provides the management overview necessary to maximize the benefits of electronic automation, distributed processing and distributed systems (eg, networks) that optimally utilize resources.

  Distributed trading utilities are particularly suitable for providing a management infrastructure for the Internet, intranets within organizations, and similar environments including producers, users and service systems of scattered electronic information.

  The distributed trading utility architecture provides a foundation for efficient, economical, flexible, programmable, reusable, versatile, electronic trading and communications management support services. Providing these capabilities is important for establishing the basis for human electronic interaction. Through this interaction, an optimal electronic relationship model for business or individuals is supported.

  The distributed trading utility architecture provides a support service platform for electronic trading and communication. With this base, it is possible to adapt and handle any specific model that combines distributed and centralized processing.

  The distributed trading utility supported by this model is uniquely configured or reconfigured step by step, optimally combining the management capabilities of localized, centralized and networked distributed trading utilities.

  • The innovative electronic management capabilities of distributed trading utilities support combined, decentralized, peer-to-peer or centrally networked capabilities. By combining these capabilities, local / remote combinations, centralized asynchronous and / or synchronous network combinations can be handled. Such a combination constitutes the most commercially available, economical, market-oriented-business-required model for any purpose at any time.

  • The distributed trading utility architecture is multipurpose. This architecture supports many trade and communication models. These models may reasonably share (eg, reuse) localized, centralized, networked resources. As a result, the distributed trading utility can optimize a practical and effective electronic trading and rights management model. These models can share resource management costs by sharing and using the same or overlapping resource bases.

  One or more distributed trading utility trading models may share some or all of the resources in one or more models. In virtual space, there are many business opportunities, business relationships, and business constraints that change rapidly. In order to adapt to the requirements of this virtual space, one or more models can change the combination or nature of distributed management operations.

  ・ The distributed trading utility supports the transition from the traditional trading process to the electronic trading process. Electronic trading utilities are distributed processing required for efficient and practical electronic trading models, "Bill Exchange" management rights, security design, structure adapted to purpose, administrative mechanism simplification (administrative smart) agent), negotiation and electronic decision-making technology, and / or electronic automatic control technology, etc., to further digitize the trading process.

  Certain decentralized trading utilities (financial payments, handling checks, etc.) can be executed in a space where the user's electronic equipment can be used safely, such as the “protected processing environment” disclosed in Ginter et al.

  • Distributed bill exchange operations can be performed through many trading utility system sites “virtually networked and / or layered”. This site employs a virtual distributed environment infrastructure that is versatile and can be shared (eg peer-to-peer).

  For a given application or model, many other distributed trading utility services are allowed to provide different types of management and / or support functions.

  Any or all work supported by a distributed trading utility may be performed and / or used by electronic organizations such as a similar organization, consortium or another organization, or an individual user's website .

  One or many parts of a distributed trading utility can consist of a network with a distributed protected processing environment. This environment performs one or more tasks that are layered and / or have peer-to-peer relationships.

  A protected processing environment of multiple distributed trading utilities can be effective for integrated service operations, basic components, and / or bill exchange operations.

  As in the preferred embodiment, many protected processing environments of VDE users have their own layered, networked and / or centralized management and / or VDE A protected distributed processing environment that is useful for distributed trading utility operations can be decentralized to the same extent as it supports a user's relationship to the protected processing environment.

  • In a given model, one or more specific distributed trading utility tasks are completely distributed, and one or more other specific tasks are further (eg layered) and / or fully centralized Can be done. Also, other specific tasks can be partially distributed or partially centralized.

  The basic peer-to-peer control capabilities provided by the distributed trading utility are important, practical, appreciable and / or decentralized operations that simultaneously provide substantial trade management, safety and automation services It is also effective for any of the components.

  A combination of features, arrangements, and / or capabilities of a distributed trading utility is given by a variable combination of decentralized or centralized rules. It can be an end-user protected distributed environment and / or an “intermediate” based protected distributed environment (local, regional, class characteristics, etc.) and / or a protected distributed environment for centralized services. Includes various features, arrangements and capabilities that function in

  Distributed trading utilities are particularly useful to support the Internet and other electronic environments with scattered information producers, users, and service providers. By supporting the activities of users in the electronic world, distributed trading utilities are fundamental and important in order to transfer human activities that were not previously used by computers to the Internet, intranets, and other electronic interaction networks. Play a role. Users of such networks need a platform for distributed trading utilities and support services in order to achieve business or personal demands economically. These secure distributed trading utilities are needed to fully support the ability of the electronic trading model to fully evaluate the needs and to fully handle all required activities and service volumes.

  The distributed trading utility technology is provided by a series of secure and decentralized support and management services for electronic trading, rights management, distributed computing and process control provided by the present invention.

  • Distributed trading utility support services, including highly secure and complex professional and / or contractual services, can be used by electronic trading and value chain users. It is used in a seamless, convenient and relatively straightforward manner without being aware of complex operations that are invisible to the user.

  • Distributed trading utilities can currently guarantee a reasonably high level of security and automation based on physical computers, processes and regulations. On the other hand, it provides enhanced, efficient, reliable, easy-to-use, convenient functions that are needed (or at least highly desired) for the regular and efficient support needed by the electronic community. Guaranteed by providing.

  As in the preferred embodiment, the distributed trading utility supports the creation of a competitive trading model that works in the context of an “open” VDE (virtual distributed environment) based on the digital market.

・ Distributed trade utility realizes convenience and efficient operability for value chain users. For example, through a seamless “distributed” interface (eg distributed applications), a complete and integrated set of important “payments” that are configured to support and optimally support business relationships involving multiple people. “The capability of the function is provided by the distributed trading utility. Settlement and / or support functions and / or secondary support functions may be used individually and / or separately to meet the required operational confidentiality, efficiency, or other objectives. It is configured.

  Providers, retailers, wholesalers, repurposers, consumers, and other value chain users can easily connect to, use, or perform operations with a distributed trading utility service through a distributed trading utility. The connection is simple, seamless, and easy to understand (a single connection can provide many supplementary services).

  -The distributed trading utility can further improve convenience and practicality. It is enhanced by providing or supporting a consumer brand image for payment services provided by participating organizations. However, it uses shared infrastructure and processes.

  • Distributed trading utilities enable significant capabilities arising from the size and expertise of participating organizations by supporting “virtual” models that incorporate special services and the capabilities of many users electronically and seamlessly. sell.

  • Distributed trading utilities allow consumers to easily receive benefits such as services or products. Here, such services or products are brought about by the introduction of various support service “fabrics”. Each service is a provider of a specific service distribution structure and / or related configuration (the overall structure is revealed to value chain users, but most or all of the underlying The complexity is not specified (not required).

  The distributed trading utility service and its capabilities in the preferred embodiment can introduce or combine the capabilities of one or more virtual distributed environments described in Ginter et al. In a reasonable manner. An example is shown below.

A. VDE chain of handling and control Safe, reliable, internal node communication and interoperability
C. Secure database Authentication E. Encryption F. Fingerprint G. Other VDE security technologies Rights management system Object design and safe container technology Container control system Rights and process control language Electronic negotiation Safe hardware Smart agent (smart object) technology (eg smart agent refers to process control, many users, and / or other management agent capabilities that support management integration of distributed nodes)

Distributed and Combined Trading Utility Systems Support management service functions provided by distributed trading utilities can be combined and / or distributed through an electronic community, system or network in various ways. In order to facilitate such coupling and distribution, the preferred embodiment utilizes a protected processing environment based on the virtual distributed environment described by Ginter et al. All protected processing environments can be part of a bill exchange or a bill exchange because the protected processing environment of all such virtual distributed environments is at least partially guaranteed to be reliable. A trade model that meets the interests and requirements of users of VDE trade nodes may support distributed trade utility services. This service can be used, for example, for end-user electronic devices where other VDE-protected processing environments have secure communication technology and other VDE capabilities (as described above, the VDE capabilities can directly integrate the present invention). Dominate all over. Together with value chain nodes that are becoming more centralized, such devices can form a combination that functions like virtual payments protected in a distributed environment. Ultimately, access to resources is taken up by a “virtuality” and rights-based large “virtual” computer that is part of the virtual space.

  The distributed trading utility is a modular, programmable, general purpose utility that supports virtual computers. Distributed trading utilities have a special architectural foundation for electronic trading value chain models and virtual computer design. Features with programmable implementations support various situations that are realistic (logical and / or physical) and / or distributed to provide the same and / or similar services can do. Examples are given below.

  Centralized trading utility systems and services provide specific support service functions or a combination of many functions from an efficient, central location.

  Other trading utility systems are provided in a partially or fully distributed manner.

  Some support management service functions may be distributed in and / or through existing or new communication infrastructure or other electronic network support components.

  Other support services may function within a secure execution space (eg, a protected processing environment) on any or all electronic devices. This works, for example, by using peer-to-peer communication and interaction to provide a secure web of support service structures.

  Other support services may work with the infrastructure supporting the network and the user's electronics.

  Such a distributed support service can supplement the application of a centralized support service (and / or reduce the need for it). Different combinations of the same and / or different, non-distributed and separately distributed services may be provided to support individual activities. In addition, the nature and distribution of services for a given overall model depends on each other's application. Where necessary, application of such individual models is shared with the same trading utility system and services and / or any special and / or any combined distributed trading utility management and / or support function .

  Furthermore, special trading utility systems and service infrastructures are utilized in various ways and by various value chains (eg, business models or business relationship sets). For example, one value chain may choose to maintain a more centralized specific support service function for efficiency, safety, management or other reasons, while another and / or another decentralized model. select.

  For example, if the payment method and rights holder and / or other value chain users agree, the secure infrastructure support service of any one or more distributed trading utilities can be any set of end users or Some or all functions and authorities may be distributed and / or delegated to sets and / or other value chain electronics. There are various advantages to distributing and delegating these services and functions. For example, a secure electronic trading web where any, many, or all collections or sets of equipment can function as at least partially equivalent (if not enough) other equipment with the same trading web structure Only the problem allows a temporary flexibility and efficient generation.

  The following is an exhaustive list of additional features of the distributed management support function provided by the present invention.

  Any combination of any management and / or support function may be integrated with any other management and / or support function.

  Any set or subset of trading utility system functions can also be combined in an integrated structure with any other combination of trading utility system functions. This combination can be distributed according to the required level, and any one or a part of the combination is distributed into one or a plurality of parts. Thereby, the value chain takes the most necessary and / or practical structure. Any combination of degree of decentralization, rights settlement, financial bill exchange, usage aggregation, usage reporting and / or other settlement and / or other distributed trading utility functions can also be realized. Such distributed trading utility functions and / or management and / or support services may be combined with any other required distributed trading utility functions and / or management and / or support services. Such distributed trading utility functions and / or management and / or support services may be combined with any other desired distributed trading utility functions and / or management and / or support services.

  Any one or more management and / or support services and / or functions function as a trading utility system and support the node network of the trading utility system. Each of these nodes supports at least a part of the same type of trade utility management service. Each trading utility system may interact with other trading utility systems and / or nodes that are authorized and / or serviced and / or secure.

  Each trade utility system (or combination of trade utility systems) functions as a “virtual bill exchange” consisting of multiple trade utility systems. As in the preferred embodiment, when following the VDE rules and controls-in the manner described in similar rules and controls-with other trading utility systems and / or other virtual bill exchanges that function on the same web. Function. These “virtual bill exchanges” are authorized by a series of safe handling and management detailed in the Electronic Management Rules Book, and a series of handling and management and other VDE capabilities help automate the electronic trading process. Can participate.

  It is a great advantage to be able to distribute or later apply (modify) any support service function to any required system or network, if necessary, flexibility and efficiency Increase. For example, a “bottleneck” can be avoided when distributing support services such as payment functions. A bottleneck is a centralized settlement function when there is not enough capacity to handle the load. By utilizing the distributed processing capabilities of many devices of value chain users, improving efficiency and system response time, greatly reducing processing overhead, avoiding failures, and providing flexibility in application application Can do. Also, in general, the present invention addresses the need for a larger value chain by applying the needs and conditions of each value chain user.

Examples of Management and / or Support Services Provided by Distributed Trade Utilities Distributed trade utilities are organized into many different special and / or multipurpose “trade utility systems”. The trading utility system is centralized, decentralized, or partially decentralized and partially centralized to provide management, security, and other services required by those who perform actual trade management. A specific trading utility system consists of the application of a distributed trading utility with specific well-known management service functions, such as a financial bill exchange or a certification authority. Other trading utility systems include new types of services and new combinations and configurations of well-known service operations. A trading utility system is any application of a distributed trading utility that supports a specific electronic trading model, and the trading utility system comprises the components of a trading utility system. The trading utility system includes some or all of the examples shown below and allows for a combination of capabilities and distributed structures.

・ Financial bill exchanges ・ Use bill exchanges ・ Rights and authorized settlement agencies ・ Authentication authorities ・ Secure directory services ・ Secure trading authorities ・ Multipurpose, general purpose and / or including any combination of the capabilities of the above systems Combined trade utility system-Other trade utility systems

These trading utility systems have great effectiveness and applicability.
For example, they provide any or all of the following management support.
-Reliable, electronic event management-Networked, automated, distributed, secure process management and control-A series of handling and control in a virtual distributed environment-"Not connected", virtually connected Rights management and handling (eg, event) management (eg, auditing, control, enforcement of rights, etc.) across and / or within electronic networks, including regularly connected networks

The trading utility system may manage electronic process chains or electronic event results for the following examples.
・ Electronic advertising ・ Marketing and handling analysis ・ Electronic money ・ Financial transaction settlement and communication ・ Manufacturing and other distributed process control models ・ Financial bill exchange ・ Payment fulfillment or at least content, process control (events) and / or rights management Provision of other consideration (service fee, product price or other fees and / or charges) based in part on

-Auditing, billing, payment performance (or other consideration provision) and / or other settlement operations-Information on the use of one or more secure containers and / or content and / or processes (events) Edit, aggregate, use and / or supply. Secure container content and / or any other content is also included.

・ Providing information based on handling inspection, user profiling and / or market research regarding one or more secure containers and / or content and / or processes (events) ・ To content (such as advertisements) Use of information obtained through access and / or use of processes (events)-Provision of targeted registration services; and / or rights, authorizations, prices and / or other rules and control information; registered and / or Or about the target to register

  • Electronic authentication information such as authentication identity, class affiliation certificate and / or other individual identity attributes used or required for regulation and control. Other personal identity attributes may include, for example, class identity for automated processes (eg, jurisdiction (tax), employment, and / or club members, such as vested class rights (eg, purchase discounts allowed) The right to fulfill financial transactions with member certification of other organizations, including certification.

• Business information on storage and / or authentication and / or guarantor and payment of transactions by third parties • Provision of process control and automation services for modified and combined trading utility systems. Here, different trading utility systems support different value chains and / or business model requirements. Such trading utility systems also fully support decentralized, evaluable, efficient, networked and / or fixed tier and / or virtual clearinghouse models. This model is a protected process in the decentralized clearing house of the trading utility system to pass through clearing house for regulation, management, or part of the entire and / or detailed transaction information. Ensure safe communication in the environment.

-Electronic trade model, EDI and distributed computing rules. This provision demonstrates the user's desire for a reliable foundation that is efficient and capable of managing decentralized management, automation, and value chains in transactions.
Other support and / or management services and / or functions

Detailed Description of Embodiments
Distributed Trading Utility FIG. 1 shows an example of a consumer device 100 that is electrically connected to a distributed trading utility 75. In this embodiment, electronic network 150 connects device 100 to distributed trading utility 75. The distributed trading utility 75 supports activities performed within the consumer device 100.

  The distributed trading utility 75 provides the basis for management and support services for electronic trading and electronic communication. This foundation is efficient, cost-effective, flexible, configurable, reusable, programmable, and generalizable. This supports all electronic relationships, interactions and communications, both for personal use and business use.

The device 100 in which the distributed trading utility can support any electronic device may be any type of electrical or electronic device, such as a computer, entertainment system, television set or video player, for example. In the particular example shown in FIG. 1, consumer devices 100 are a home color television set 102, a video player / recorder 104, and a set top box 106. For example, the device 100 can be controlled by a handheld remote controller 108. For example, the set top box 106 may receive television programs from the television broadcast station 110 and / or satellite 112 via the cable television network 114. The player / recorder 104 can play various types of program material from tape, optical disk or other media, and also has the ability to record program material received via the set top box 106.

Device 100 may have a “protected processing environment” , preferably device 100 is a secure electronic device of the type shown in the example of FIGS. 7 and 8 of Ginter et al. It is preferably part of the “Virtual Distribution Environment” described in Ginter et al. FIG. 1A shows that television 102, set top box 106, media player / recorder 104 and remote control 108 may each have a “protected processing environment” (“PPE”) 154. The distributed trading utility 75 interacts with and supports processes executing within these protected processing environments 154.

  The protected processing environment 154 is implemented on one or more computer chips, such as a “secure processing unit” based on the hardware and / or software shown in FIG. 9 of Ginter et al. Can be based. The protected processing environment 154 provides a very safe and reliable environment. Within this environment, electronic processes and electronic commerce can be carried out reliably without significant danger of tampering or other credit crises. The Ginter et al. Patent disclosure describes techniques, systems and methods for designing, building and maintaining a protected processing environment 154, including rights holders and other value chain participants (including consumers 95). Can trust its safety and integrity. In the preferred embodiment, it is important to gain this trust in the interaction between the distributed trading utility 75 and the electronic device 100.

A distributed trading utility may be formed from a number of “trading utility systems” FIG. 1B illustrates that a distributed trading utility 75 may be formed from a plurality of trading utility systems 90. There can be different types of trading utility systems. For example:
・ Financial Bill Exchange 200
・ Use bill exchange 300
・ Right and Permit Bill Exchange 400
・ Certification authority 500
-Secure directory service 600
・ Trade Authority 700
・ VDE administrator 800, and ・ Other kinds of trade utility system 90

Trading utility system 90 may support and manage functions or operations within protected processing environment 154. For example:
The protected processing environment 154 of the device 100 may provide an automated electronic payment mechanism 118 that charges the consumer's bank accounting or other monetary accounting based on program consumption. The distributed trading utility 75 may include a special purpose trading utility system 90 a called “Financial Bill Exchange” 200. The “Financial Bill Exchange” 200 supports the financial aspects of the operation of the protected processing environment 154. That is, it protects rights holders and other people who receive legitimate payments and ensures that consumers 95 are not charged excessive amounts.

        The broadcast station of the television program 102a measures how much the consumer 95 has watched the video program 102a and what program the protected processing environment 154 of the device 100 is the electronic usage metering mechanism 116. You can request that. The distributed trading utility 75 may include a special purpose trading utility system 90b called "Bill Exchange" 300. The “Bill Exchange” 300 receives usage information weighed by the usage meter 116 within the protected processing environment 154, analyzes it and provides a report.

        The rights holder of the video program 102a may strongly demand a protected processing environment 154 that provides a copy protection mechanism 120 that reliably prevents copying of the video program 102a. The distributed trading utility 75 may include a special purpose trading utility system 90 c called “Right and Authorization Bill Exchange” 400. The “Rights and Authorizations Bill Exchange” 400 provides the protected processing environment 154 with authorizations necessary to allow the consumer 95 to view a particular program (eg, on a pay-per-view basis). For example, to help strengthen the prohibition of the copy protection mechanism 120 or the like.

        The rights holder of the video program 102a authenticates the consumer's identity or age before the protected processing environment 154 of the device 100 allows the consumer 95 to view the video program 102a. Own “digital certificate” 122. The distributed trading utility 75 may include a special purpose trading utility system 90 d called a “certification authority” 500. The “certificate authority” 500 generates a “digital certificate” 504 and provides it to the protected processing environment 154. Thereby, the consumer can interact effectively with the authorization provided by the rights holder.

Another trading utility system 90 shown in FIG. 1B includes:
A “secure directory service” 600 that can assist the protected processing environment 154 in electrical communication with other computers and devices on the network 150
A trading authority 700 that may be available for process control and automation, such as securely auditing and overseeing complex electronic commerce, including, for example, a protected processing environment 154

In a preferred embodiment, an “administrator” 800 of a virtual distributed environment (“VDE”) that can maintain a protected processing environment 154 that operates smoothly and safely.
Still other trading utility systems 90 not shown in FIG. 1B may be used to manage and / or support additional functions and operations. Various trading utility systems 90 may work together to share the entire task to support consumers 95 efficiently and effectively.

The Trading Utility System can be Distributed FIGS. 2A-2E illustrate how the distributed trading utility 75 can be distributed. Several management and support functions of the trading utility system 90 may also be performed in the consumer's electronic device 100 or in a “spread out” fashion across a number of different devices that cooperate.

  As described above, each device 100 provides a protected processing environment 154 that is resistant to fraud and provides a secure location where administrative and support operations can be performed. This performs the operation so that the electronic device 100 in the consumer's home can be trusted by other parties such as the rights holder and the e-commerce participant. Because of the trusted and protected characteristics of the protected processing environment 154, certain portions, extensions, or even the entire trading utility system 90 may be associated with each or any protected processing environment 154 and associated within the entire system. Present in the electronic device.

2A-2E illustrate the overall functionality of an example trading utility system 90, such as a bill exchange 300, in a four piece jigsaw puzzle. 2A through 2E illustrate that these trading utility system functions can be distributed to different degrees. For example:
FIG. 2A shows an example in which all functions of the trading utility system 90 are performed in a secure central facility.

        FIG. 2B illustrates an example where most functions of the trading utility system 90 are performed in a secure central facility, but some functions are performed within the protected processing environment 154 of the user electronics 100. Show.

        FIG. 2C illustrates an example where some functions of the trading utility system 90 are performed in a secure central facility, but most of the functions are performed within the protected processing environment 154 of the user electronics 100. Indicates.

        FIG. 2D illustrates that some functions of the trading utility system 90 are performed in a secure central facility, and some functions are performed within the protected processing environment 154A of the first user electronics 100A; An example is shown in which several functions are performed within the protected processing environment 154B of the second user electronic device 100B.

        FIG. 2E shows that no functions of the trading utility system 90 are performed in a secure central facility, some functions being protected processing environment 154 (1) of the first user electronic device 100 (1). ) And some functions are performed within the protected processing environment 154 (2) of the second user electronic device 100 (2) and some functions are performed by the third user electronic device 100. (3) performed within the protected processing environment 154 (3), and several functions are performed within the protected processing environment 154 (N) of the Nth user electronic device 100 (N), An example is shown.

  Alternatively or additionally, some functions of the trading utility system 90 may be distributed within the network 150, for example, within devices used to communicate data between the devices 100.

Distribution of Multiple Management and Support Functions FIG. 3A illustrates how trading utility system 90 functions or sub-functions can be distributed within the same protected processing environment 154.

For example:
The financial bill function 200a operating within the protected processing environment 154a of the consumer device 100A replaces and / or supports several financial bill exchange operations performed by the centralized financial bill exchange 200. Can provide certain financial bill exchanges, such as possible audits.

        • A financial bill exchange 300a operating within the protected processing environment 154a of the consumer device 100A, for example, a collected usage that complements, substitutes, or adds to a bill of exchange operation performed by the bill of exchange 300 Certain usage information bill exchange operations, such as information combination and analysis, may be performed.

        The protected processing environment 154a of the device 100A performs all of the predetermined rights and authorization bill exchange operations 400a, the predetermined certification authority operations 500a, and the predetermined secure directory service support operations 600a, the rights and authorization bill exchange 400, The operations performed by the certification authority 500 and the secure directory service 600 may be performed at a consumer site that complements, adds or substitutes.

FIG. 3B illustrates that another example of consumer electronics 100 (2) through 100N (in this case personal computer 124) may have different combinations of support or management functions (eg, A state in which all functions are executed locally is shown. For example:
Processes in the protected processing environment 154 (1) are partially distributed and partially centralized financial bill exchange 200A, partially distributed and partially centralized bill of exchange 300A A partially distributed and partially centralized rights and authorization bill exchange 400A, a partially distributed and partially centralized certification authority 500A, a centralized secure directory service 600A, and a centralized Depending on the authorized trading authority 700A.

        Processes in the protected processing environment 154 (2) are centralized financial bill exchange 200B, partially distributed and partially centralized bill of exchange 300B, partially distributed and partially Depends on centralized rights and authorizations bill exchange 400B, centralized certification authority 500B, centralized secure directory service 600B, and partially distributed and partially centralized trading authority 700B obtain.

        Processes in the protected processing environment 154 (N) are partially distributed and partially centralized financial bill exchange 200N, partially distributed and partially centralized bill of exchange 300N Partly distributed and partly centralized rights and authorizations bill exchange 400N, partly distributed and partly centralized certification authority 500N, partly distributed and partly centralized security A reliable directory service 600N, as well as a partially distributed and partially centralized trading authority 700N.

  Taking this concept of distributed bill exchange service further, it is possible to fully distribute the distributed trading utility 75 as shown in FIG. 3C. That is, it relies almost or completely on the operation and activity of management and support services within the secure protected processing environment 154 of the user's electronic device 100. In this way, the user's own electronic device 100 can be distributed in any or all financial bill exchanges, bill exchanges, and rights and authorization bill exchanges, plus authentication, secure directory services, And perform trading authority services. Such “local” and / or parallel and / or distributed processing bill exchanges can be more efficiently addressed to individual consumer requirements. For example, this can allow consumers to contribute to controls that, on the one hand, provide rights holders with the summary information they request while preventing certain private data from leaving their own electronic devices. Is the only way.

  The distributed configurations shown in FIGS. 2A-2E and 3A-3C are not mutually exclusive ways of providing a centralized trading utility system 90. In contrast, a distributed configuration has the advantage of providing a hybrid configuration. In a hybrid configuration, some management and support service functions are widely distributed (e.g., issuing micro-payment aggregation, usage data privacy functions, and authentication issued by the parent for the child). On the other hand, other management and support functions (eg, issuing important digital certificates, maintaining a large database that supports secure directory services, etc.) are even more centralized. Any particular management and support service, bill exchange or function distribution includes, for example, efficiency, reliability, scalability, resource requirements, business model, and other factors Can depend on a variety of very important issues. Furthermore, the degree of dispersion is determined by a specific business model preceding a specific business sub-model, or by, for example, a geographical body and / or a governing body and / or a region area. May include a multi-level hierarchy based on a subset.

  Because a given electronic device 100 participates in multiple activities, it is possible that different activities may depend on a trading utility system 90 that is distributed and centralized in different formulations. For example, for one activity, the protected processing environment 154 may depend on the centralized bill exchange 200, and for another activity, the protected processing environment 154 is partially distributed and partially centralized. For further activities, the protected processing environment 154 may depend on the globally distributed financial bill exchange 200. Different degrees of dispersion may be used for different activities or business models.

Trading Utility System Web FIG. 4 illustrates that the trading utility system 75 may include a vast “web” of distributed, partially distributed and / or centralized trading utility system 90. A network 150 may be used to connect this web of trading utility system 90 to a variety of different electronic devices 100 that may share a distributed trading utility 75. For example, the electronic network 150 may connect to:

Set top box 106 and / or media player 104
-Personal computer 124
-Computer graphic workstation 126
Multimedia / video game system 128, or other types including, for example, manufacturing control devices, home appliances, process control equipment, electronic networking and / or other communication infrastructure devices, mainframes and / or small computers, etc. Electronic device 100

  In this example, the same distributed trading utility 75 may support a variety of disparate activities of multiple different consumers, authors, distributors, providers, merchants and other people. That is, the distributed trading utility 75 can support a wide variety of disparate electronic activities. FIG. 4 also illustrates a trading utility system 90 by exchanging an electronic “container” 152 of the type disclosed in Ginter et al. For security (eg, secrecy, authenticity and integrity). Shows how can communicate with electronic device 100 (and each other) and be managed through the use of secure rules and controls that are processed within a protected processing environment.

The trading utility system web may be substantially unlimited FIG. 4A shows that the trading utility system web may be vast or unlimited. In fact, the network 150 can be a seamless web that spans the world and connects millions of electronic devices with any number of trading utility systems 90.

  The web of trading utility system 90 may provide a very complex interconnection with a variety of different types of electronic devices that perform a variety of different electronic functions and electronic commerce. As described above, any electronic device 100 may be able to communicate with any trading utility system 90 or any other electronic device. This allows for maximum efficiency and flexibility with respect to assigning different trading utility systems to different electronic commerce transactions. For example:

        • It is best to use a geographically close trading utility system to minimize the total time required to exchange messages.

        In some cases, more remote trading utility systems are better equipped to efficiently operate certain types of specialized transactions.

        Government legislation also directs, at least in part, to select a given trading utility system in preference to others. (For example, if a Japanese customer tries to use the financial bill exchange 200 located on Cayman Island, it may fall into a legal problem. Or, a New Jersey resident will be a financial bill exchange that reports New Jersey consumption tax 200 may be required by law to process.)

        • Different types of competing trading utility systems may be provided by different parties, but these different types of systems populate the web containing the distributed trading utility 75. Interoperability between such systems and / or nodes of the system is important for efficiency and allows for the reuse of electronic commerce resources.

Rights holders and providers can select from within the trading utility system FIG. 5 illustrates how the rights holder can make a selection from among different trading utility systems 90. In this example, Bob operates the first bill of exchange 300a, Alice operates the second bill of exchange 300b, and Helen operates the third bill of exchange 300c. These various bill exchange service providers may compete with or complement each other based on quality and / or price. (For example, each may specialize in a different type of transaction.)

  Since the electronic network 150 connects the electronic device 100 to many different trading utility systems 90, the rights holder in the digital property that the consumer is using can be selected from a plurality of different trading utility systems. Can have. Content providers and rights holders certify specific trading utility systems 90 (or groups of trading utility systems 90) that handle different aspects of transactions. For example:

        The computer software distributor may specify that the personal computer 124 sends the weighing information 116a to Helen's bill exchange 300c to monitor the use of the computer software or other activities performed by the personal computer. .

        The rights holder of the video program 102a may specify that the set-top box 106 sends metric information 116 about the video to Alice's bill exchange.

        The multimedia content provider may specify that Bob's bill exchange 300a will be used to process the usage data 116c generated by the multimedia player 128.

  In some examples, a particular consumer 95 also serves to pre-designate a particular bill exchange or other trading utility system 90 that they prefer to use. FIG. 5 illustrates provider (and / or consumer) selection by a police officer directing metering traffic to a selected bill exchange 300. (The electronic control described in this specification and Ginter et al. Is preferably a mechanism that actually controls how traffic is directed.)

The content provider or rights holder allows the consumer 95 to select from the group of trading utility systems 90 (and / or trading utility system 90 providers) that the content provider / right holder wants to handle. For example:
A television studio certifies a particular individual or various trading utility system 90 to handle transactions related to television programs, and / or designates a particular individual or various trading utility system 90 that the studio does not want to handle that transaction Can do.

        A particular trading utility system 90 sets requirements and criteria for individual (or various) providers and / or consumers 95.

        Value chain participants enter into legal contracts and / or business relationships with different trading utility systems 90.

Trading Utility Systems Can Work Together FIG. 6 shows that different trading utility systems 90 can work together to support different types of operations. In this example:
• A bill exchange 300a, a rights and authorizations bill exchange 400a, a certification authority 500a, and a financial bill exchange 200a (left hand side of the figure) to support certain operations by the set top box 106 and the television set 102. Can be used.

        Used by the same financial bill exchange 200a, as well as different use bill exchanges 300b, different certification authorities 500b and different rights and authorizations bill exchanges 400b (top of the drawing) to support certain activities on the personal computer 124 Can be done.

        • Further different financial bill exchanges 200c, certification authorities 500c and used bill exchanges 300c, and the same rights and authorizations bill exchange 400b (right hand side of the drawing) are used to support the electronic activities of the multimedia system 128. obtain.

        A different combination of trading utility systems (in this case, along the bottom of the drawing, used bill exchange 300c, financial bill exchange 200d, rights and authorizations bill exchange 400c, and certification authority 500a) support sound system 130 Can be used to

  This example shows that various trading utility systems 90 can operate in combination, and that different combinations of trading utility systems can be used to support different electronic commerce transactions.

Management and support service functions can be combined into a multi-purpose trading utility system for efficiency and convenience.

FIG. 7 illustrates that the management and service functions or sub-functions of different special purpose trading utility systems 90 are integrated into a more general or multi-purpose trading utility system 90 for maximum convenience, efficiency or other reasons. Can be integrated into. For example:
Bob may operate an integrated or combined trading utility system 90a that provides financial bill exchange 200a functions, certification authority 500a functions, and used bill exchange 300a functions.

        Anne may operate an integrated or combined trading utility system 90b that provides a financial bill exchange function 200b, a rights and authorizations bill exchange function 400b, and a trading authority function 700b function.

        Helen may operate an integrated or combined trading utility system 90c that provides rights and authorizations bill exchange function 400c, and certification authority function 500c.

        Roger may operate an integrated or combined trading utility system 90d that provides a secure directory service 600d, a bill exchange service 300d, a financial bill exchange service 200d, and a rights and authorization bill exchange 400d. .

  A consumer operating electronic device 100 may access any or all of these different trading utility systems 90 or combinations. For example, set-top box 106 may obtain rights and authorizations and authentication from Helen's trading utility system 90c, but may utilize Bob's trading utility system 90a for financial bill exchange and usage analysis.

  The trading utility system 90 may provide any combination of management and support functions, or sub-functions that may be desired to perform the required operations in a given business model with maximum efficiency and / or maximum. Provides convenience. For example, Anne's trading utility system 90 (2) may provide only a specialized subset of the financial bill exchange function.

  FIG. 7A is another view of how the trading utility system 90 may provide a wide variety of different combination or subcombination management and support functions. In FIG. 7A, each of the various management and support functions are displayed with different types of blocks (for illustration):

-The financial bill exchange function 200 is indicated by a square block.
-The bill exchange function 300 is shown as a half-circle building block.
The right and authorization bill exchange function 400 is indicated by a rectangular block.
The certification authority function 500 is indicated by a triangle block.
A secure directory service function 600 is shown as a building block with a tunnel.
• Trade authority function 700 is shown as a cylindrical building block.

  The consumer's and user's devices 100 are shown as standing rectangular columns in the figure. The electronic device network 150 is shown as a way to connect various trading utility systems to each other and to the consumer electronic device 100. Electronic digital containers 152 may be transported along an “information highway” 150 between this electronic network or different electronic equipment.

  FIG. 7A only illustrates some of the many possible combinations of management and support services that can be used. For example:

        In the upper left hand corner, the trading utility system 90A provides at least a plurality of financial bill exchange functions 200a, at least a plurality of rights and authorization bill exchange functions 400a, and at least a plurality of authentication functions 500a. An entire electronic trading utility system 90A of this type may exist, for example, in a business that manages and assigns rights for the rights holder and in processing payments based on those rights.

        The trading utility system 90D for the rights of the facility 90A includes a financial bill exchange service 200d and a trading authority service 700a. It is particularly useful, for example, for auditing and managing an entire composite multi-step transaction while ensuring that the appropriate party for the transaction receives payment.

        In the lower center of the drawing, there is a trade utility system 90B including a financial bill exchange function 200f and a used bill exchange function 300c. The trading utility system 90B is particularly useful for providing payment and other financial item handling, for example, for electronic usage transactions, and auditing and reporting services based on electronic usage.

        The trade utility system 90C shown in the lower center of the drawing combines the certification authority service 500 with the bill exchange service 300f. It can be particularly useful for tracking the issuance of digital certificates and the use of those certificates (e.g., to assess risk, potential liability, insurance costs, etc.).

  The various examples shown in FIG. 7A are for illustrative purposes. Other combinations are possible or may depend on business objectives, convenience and other factors.

Trading Utility System Hierarchy FIG. 8A illustrates that trading utility system 90 or functions may be organized in a hierarchy. For example, the entire financial (or other) bill exchange 200 (N) has the highest responsibility for the operation of a number of other financial (or other) subordinate bill exchanges 200 (1), 200 (2),. May be monitored and / or held. In the example of FIG. 8A, the consumer electronic device 100 can interact with the bill exchange 200 (1), and the bill exchange 200 (1) can interact with another bill exchange 200 (2), etc. . This “hierarchy” of management and support services can be considered in some respects similar to a chain of orders within a large organization or army. That is, one bill exchange will exercise and / or delegate power, control and / or supervision to another bill exchange.

  FIG. 8B shows another example of a management and support service hierarchy. In this example, multiple centralized bill exchanges and / or other trading utility systems 90 as a whole delegate some or all work responsibilities to other trading utility systems 90. In this particular example, a mechanism such as a business or a disadvantage group may have its own trading utility system 156. A given electronic trading or other activity (eg, the entertainment industry) may have its own vertically specialized trading utility system 158. A given geographic, territorial, or jurisdiction group (for example, all buyers of a particular product within Wisconsin) has a specialized trading utility system 160 on their territory / jurisdiction. Can do. Trading utility systems 156, 158, 160 at lower levels in the hierarchy may further delegate authority or responsibility to a particular consumer, organization or other entity.

  In one configuration example, the authority-trusted trading utility system 90 may perform substantially all the actual support work, but more senior trading utility systems that are notified via reports or other means. 90 can be held. In another configuration, the higher order trading utility system 90 has nothing to do with the day-to-day activities of the commissioning trading utility system. In yet another example configuration, a more specialized trading utility system performs some work, and a higher trading utility system performs another part of the work. The authority used in a particular district's work and in a particular scenario can depend widely on factors such as efficiency, reliability, availability of resources, the types of transactions managed, and the diversity of other factors . The delegation of bill exchange authority can be partial (eg, entrusting a collection of uses but not entrusting financial or rights management responsibilities), eg, a consumer while centralizing some more important functions Can be matched to peer-to-peer processing (by locating several functions in the electronics).

The multi-functional trading utility system may be organized hierarchically or peer-to-peer FIG. 9 further includes different elements, including elements of both a hierarchical chain of instructions and horizontal advanced cooperation between different multi-functional trading utility systems 90. Shows a complex trading utility system environment. In this example, a level 1 primary or senior trading utility system 90 (1) having the highest authority (eg, a financial bill exchange 200), and a level 2 having progressively less power, authority, control, scope and / or responsibility. There are five levels of responsibility for 3, 4, and 5 additional trading utility systems. FIG. 9 also shows that different trading utility systems at the same level may be responsible for different functions, ranges and / or areas. For example:
The trading utility system 90 (2) (1) may be a “type A” trading utility system.

        The trading utility system 90 (2) (2) may be a “type B” trading utility system.

        The trading utility system 90 (2) (3) may be a “type C” trading utility system.

  At the next lower level, the trading utility system is a Type A trading utility system (such as 90 (3) (1) and 90 (3) (2)), and a Type B trading utility system (such as 90 (3) (4)). Trading utility system 90 (3 (5) and 90 (3) (6) etc.) or a trading utility system 90 (3) which is a hybrid having type A and type B functions. ) (3) or the like.

  FIG. 9 also shows that additional bill exchanges at levels 4 and 5 can have subtypes in addition to types. For example, in the context of financial bill exchange 200, type A for consumer credits, type B for electronic checks, and type C for commercial credits. You can be responsible. Another category could be bill exchange for Visa (type A), Mastercard (type B) and American Express (type C). The Type A / B bill exchange will then be a bill exchange contract that can handle both the consumer's deposit and the electronic check bill exchange. Type B subtype I may be responsible for commercial electronic checks. Type C subtype I may be a commercial credit card transaction and subtype III may be a credit draft. The rationale for multiple examples is jurisdictional boundaries (eg, France, Germany, New York and Alabama) and / or contractual arrangements (eg, risk of bad credit, few buyers, very large Consignment of responsibility for transactions, etc.). The peer-to-peer size may reflect the need to coordinate the entire transaction (eg, between a few buyers' bill exchanges and a large commercial player's bill exchanges).

  The rights and authorization bill exchange 400 is generated according to the type of content (eg, movie, science, technology and medical, and software). Subtype A may include first-run movies, oldies and art movies. Sub-type B may handle news reports and textbooks. Type C may be responsible for games, offices and educational content. The bill exchange peer-to-peer communication may include multimedia display authorization. (For example, a multimedia display may have authorizations stored in one bill exchange that uses a back channel to other bill exchanges to ensure that the latest authorizations are distributed.)

Some Examples of Trade Utility Systems As noted above, the trade utility system 90 is generalized and programmable, and thus can provide a mix of different support and management functions that meet the requirements of a given transaction. In this way, many or most of the trading utility systems 90 that are actually executed are different, making it difficult to categorize execution because they are certain “kind” trading utility systems that oppose each other. Provides a range of support and management functions.

  Nevertheless, certain types of idealized and specialized trading utility systems 90 are highly useful for a wide range of models, transactions and applications. Given that the actual execution mixes functions or subsets of functions from multiple idealized models, it is useful and convenient to describe some of the characteristics of these “pure” trading utility systems 90 of different types. is there. In the following, a brief overview of some characteristics of these “pure” idealized trading utility systems is given.

Financial bill exchange 200
FIG. 10 shows an example of a financial bill exchange 200 in more detail. The bill exchange 200 handles the payments reliably so that the value provider is legitimately guaranteed. The bill exchange 200 can safely coordinate with other trading utility systems 90 in performing this task.

  In this example, the financial bill exchange 200 can protect the devices on the network 150 in a secure manner, for example using an electronic container 152 of the type described in the Ginter et al. Patent specification with respect to FIGS. 5A and 5B. The processing environment 154 may be communicated. The bill exchange 200 receives payment information 202 from the protected processing environment 154 in these secure containers 152 and is electronically or various banking, credit card so that appropriate payments can be made. Or it can interact with other financial institutions.

  The bill exchange 200 interacts with, for example, a consumer bank 206a, a provider bank 206b, and a consumer credit card company 206c. For example, the bill exchange 200 bills funds from the consumer bank 206a and deposits funds to the rights holder bank 206b and pays for viewing movies, television programs or other content. You can do it. Additionally or alternatively, the bill exchange 200 interacts with the consumer's credit card company 206c to request a deposit check, get deposit authorization and payment, etc.

  The bill exchange 200 may provide the payment statement 204 to the consumer 95, for example, by sending the statement to the device 100 in the secure electronic container 152b and storing the certificate information certificate. In this example, the consumer 95 can view the calculations 204 using the protected processing environment 154 of the device 100 and can allow printing and storage for the purpose of storing records.

  In one example, the payment mechanism 118 provided to the protected processing environment 154 can be an electronic wallet that supplies electronic money for use in payment for electronic services or content. This electronic wallet can hold money in digital form. Consumers 95 can use digital money for whatever they want. If the electronic wallet is empty, the consumer 95 refills the wallet by having the financial bill exchange 200 certify the financial bill exchange and charge money from the account of the consumer's bank 206a. The bill exchange 200 processes the payment of electronic money, and the electronic wallet automatically (eg, based on the consumer's prior authorization) when the consumer has consumed all of the former content It can be arranged to be refilled and provide consumers with a detailed report and calculation 204 on how they spent their electronic money.

Bills exchange 300
FIG. 11 shows an example of a bill of exchange 300 used. The bill exchange 300 in this example receives the usage information 302 from the usage meter 116, analyzes the usage information, and provides a report based on the analysis. The bill exchange 300 can safely coordinate with other trading utility systems 90 to accomplish these tasks.

  For example, the bill exchange 300 may send a detailed report 304a to the consumer 95 for all movies, television programs, and other materials that the consumer watched in the previous month. Communication between the protected processing environment 154 and the bill exchange 300 can be in the form of a secure container 152. As described in the Ginter et al. Patent disclosure, usage meter 116 can meter usage based on a number of different factors, ranging from very detailed to summary. If the consumer wants, a detailed usage report 304a can be viewed on the television set 102.

  Bill of exchange 300 may report consumer viewing habits compatible with consumer privacy protection to other bill of exchange. These reports can also be sent in a secure container 152. For example, bill of exchange 300 provides summary report 304b to advertiser 306 without revealing the consumer's identity, but may provide valuable information about the consumer's viewing habits to advertiser 306. On the other hand, with the consent of the consumer, the bill exchange 300 can provide more detailed information identifying the consumer to the advertising agency 306 or other specific people. Conversely, the consumer 95 may be motivated by discounts, cash, free movies or other compensation.

  The bill exchange 300 may issue a report 304c to a rights holder 308, such as a producer or director of the video program 102a that the consumer 95 is watching. These reports allow rights holders to see who has watched their programming materials and other productions. This is very useful to ensure payment or to send other similar program material they are interested in to consumers.

  The bill exchange 300 also sends a report 304d to the research company 310 to automatically assess the popularity of a given program material. Bill of exchange 300 may also send the report to other market researchers 312 for scientific research, market research or other research.

Rights and Authorizations Bill Exchange 400
FIG. 12 shows an example of a rights and authorization bill exchange 400. The rights and authorization bill exchange 400 stores and distributes electronic authorizations 404 (indicated by traffic signals in the figure). The authorization 404 grants or does not grant the authorization and defines the result. The rights and authorization bill exchange 400 works with other trading utility systems 90 to complete its tasks.

  In this example, rights and authorizations bill exchange 400 functions as a centralized “warehouse” or bill exchange for rights associated with digital content. For example, broadcasters, authors and other content creators and rights owners may register authorizations in the form of an electronic “control set” with rights and authorizations bill exchange 400. These licenses can specify which consumers can or cannot handle digital properties, under what conditions, and the results of the license execution. The rights and authorization bill exchange 400 may respond to the request 402 from the protected processing environment 154 of the electronic device by delivering an authorization (control set) 188.

  For example, assume that a consumer 95 wants to watch a concert or game on the television set 102. The viewer operates the remote control unit 108 to request the right to view a predetermined program. The protected processing environment 154 automatically contacts the rights and authorization bill exchange 400 on the electronic network 150 and sends an electronic request 402. The rights and authorization bill exchange 400 "checks" the request in the library or warehouse and sees if it has received (authorized to provide) the necessary authorization 404b from the program rights holder 400. The rights and authorization bill exchange then sends the requested authorization 188 to the protected processing environment 154.

  For example, authorization 188 may allow a consumer to view a concert or game only once and prohibit copying by copy protection function 120. Authorization 188 also (or in addition) specifies a price for viewing the program. (For example, $ 5.95 is deducted from the consumer's electronic wallet.) The device 100 may ask the consumer 95 to pay $ 5.95 to watch the program. If the consumer responds “yes” (eg, displayed by operating the remote control 108), the device 100 automatically requests from the consumer's electronic wallet and the program is “ release.

  Rights and authorization bill exchange 400 may deliver authorization 188 in secure container 152b that may additionally contain information controlled by authorization. Alternatively, the authorization 188 may arrive at a different time through a different path from the program or other content that reaches the device 100. For example, licenses may be transmitted over network 150, whereas programs related to licenses may arrive directly from satellite 112 or through other passages such as cable television network 114 (see FIG. 1).

  The rights and authorization bill exchange 400 issues a report 406 to the rights holder or other people with or without authorization. For example, the author of a book or video may be able to know the exact number of people who have requested the right to publish excerpts from the author's work while being compatible with consumer privacy. These types of reports may be supplementary reports provided by the bill of exchange 300.

Certification Authority 500
FIG. 13 shows an example of a certification authority. The certification authority 500 issues a digital certificate 504 that provides a context for electronic rights management. The certification authority 500 completes the task in cooperation with other trading utility systems 90.

  The certification authority 500 issues a digital certificate 504 that authenticates certain facts. The digital certificate 122 is similar in some respects to a driver's license or high school diploma because it provides proof of certain facts. For example, we may show a driver's license to prove that we are old enough to vote in elections, buy liquor, or watch an “R” designation movie. This same driver's license proves the fact that we have a specific name and live at a specific address, and that we have knowledge (of the state car laws) and technology (driving a car). The digital certificate 504 is equivalent to a driver's license aspect that verifies the identity of the license owner and related facts about the license owner, except that it is made from digital information instead of a laminar card.

  In this example, the certification authority 500 may receive consumer requests and associated evidence 502 and may issue a corresponding digital certificate 504 that authenticates certain facts. The certificate authority 500 may also receive evidence, proofs and possibly certificate definitions from other people, such as government authorities 506, occupational organizations 508 and universities 510. As an example, the certification authority 500 may receive a birth certificate or other identity information from the government authority 506. Based on this identity information, the certification authority 500 may prepare and issue a digital certificate 504 that proves the identity and age of the people. The certification authority 500 may also issue a digital certificate 504 certifying occupational status, employment, residence, or various other types and categories based on various evidence and input from various people.

  The certification authority 500 may authenticate organizations and machines, as well as people. For example, the certification authority 500 issues a certificate proving that Stanford University is a higher education accredited agency, or that the ACME Transportation Company is a solid company and authorized to transport dangerous goods. Can do. The authentication authority 500 may also issue an authentication 504 to the computer, for example, certifying that the computer has a particular level of security or is authorized to handle messages on behalf of a particular person or organization.

  The certification authority 500 may communicate with the protected processing environment 154 and other entities by exchanging the electronic container 152. The protected processing environment 154 of the electronic device 100 may use a digital certificate 504 issued by the certification authority 500 to manage or perform authorizations 188, such as those issued by the rights and authorization bill exchange 400. For example, a set top box 106 automatically prevents consumers under the age of 17 from seeing certain types of program materials or paying students looking at educational materials. Or offer discounts. These are all based on certification 504 issued by certification authority 500.

Secure Directory Service FIG. 14 shows an embodiment of a secure directory service 600. The secure directory service 600 functions like a computerized telephone or name service directory. Consumers 95 can send a request 602 specifying the information they need. Secure directory service 600 “searches” the information and provides answer 604 to consumer 95. The secure directory service 600 can work with other trading utility systems 90 to perform its work.

  For example, suppose a consumer 95 wants to order pizza electronically from Joe's Pizza. They decide what kind of pizza they want (e.g. cheese pizza with L size sausage and onion). However, they do not know Joe's Pizza's electronic address (which can be something like an electronic phone number). Consumers 95 can use remote control 108 to enter information about what they want to search for (Joe's Pizza, Lakeville, Connecticut). The protected processing environment 154 may generate a request 602 that includes identification information and send the request to the secure directory service 600. It can send the request in a secure container 152a.

  When secure directory service 600 receives request 602, it may access the database to find the requested information. The secure directory service 600 may have Joe's electronic address previously obtained directly from Joe or otherwise. The secure directory service 600 can return the requested information to the device 100 with a response 604. Response 604 can also be in secure container 152b. Consumers 95 can use this information to electronically send their orders to Joe's Pizza. This order can be displayed on Joe's ordering terminal within seconds after the consumer sends it. Joe can deliver a very hot cheese, sausage, and onion pizza to the consumer 95 minutes later. (However, since actual pizza is more satisfying than electronic pizza, delivery is done by car, not electronically.)

  The secure directory service 600 can help a person connected to the network 150 contact other people. As one example, secure directory service 600 can inform used bill exchange 300 how to find financial bill exchange 200 on network 150. An electronic device 100 connected to the network 150 may use a secure directory service 150 to assist in contacting other electronic devices.

  As described above, the request 602 for the secure directory service 600 and the response 604 it returns can be placed in a secure container 152 of the type described in the patent specification by Ginter et al. Using a secure container 152 helps an eavesdropper prevent eavesdropping on exchanges between the consumer 95 and the secure directory service 600. This protects consumer privacy. Consumers 95 do not mind if someone else eavesdrops on their pizza order, but electronically with certain other people (eg, doctors, banks, lawyers, or other people with a trust and trust relationship) There may be more interest in protecting the fact that it corresponds to. Secure container 152 also helps ensure that messages sent across the network are authenticated and have not been altered. The electronic container 152 trusts that the pizza order that Joe's Pizza has just received has actually come from the consumer 95 (not someone else) and has not changed, and the consumer You can be relatively confident that no one will send a fake pizza order to Joe in their name. Using a secure container 152 and a protected processing environment 154 in the preferred embodiment cannot be denied later that the consumer 95 was actually ordering Joe's Pizza when he ordered the pizza. Guarantee.

Trading Authority 700
FIG. 15 shows an example of a trading authority 700. The trading authority 700 in this example provides process control and automation. This helps to ensure that processing and transactions are completed successfully. Trading authority 700 can interact with other trading utility systems 90 to accomplish and complete its work.

  In further detail, the trading authority 700 of this example monitors the status of electronic commerce and / or processing, what has happened so far, and what can be done to complete the entire transaction and / or processing. Maintain a safe and reliable record of what needs to happen. Trading authority 700 may also perform a more active role if desired, for example, by generating a request for a particular action to occur. Trading authority 700 may in some cases be the only participant who “knows” the entire process of processing in a complex transaction or process. Trading authority 700 may also electronically define the entire process based on electronic controls contributed by the various participants being processed.

  FIG. 15 shows an example of how trading authority 700 can be used to allow consumer 95 to order merchandise such as sweaters. In this particular electronic home shopping embodiment (for illustrative purposes and not intended to be limiting in any way), the consumer 95 uses the remote control 108 to identify the sweater they want to order at a specific price. A particular seller, style, and color may be selected. In this home shopping embodiment, the protected processing environment 154 of the device 100 may generate an electronic order 702 that is sent to an order receiving department 704 of an electronic “mail order” company. Order 702 may be transmitted within secure container 152a.

In this embodiment, the trading authority 700 assists the electronic mail order company in coordinating activities to ensure that all the steps necessary to deliver the sweater are performed in an accurate and timely manner. For example:
Upon receipt of the electronic order 702, the order receiving department 704 may provide an electronic notification 706 to the trading authority 700. Trading authority 700 may store electronic notification 706 and issue “requirements” 708.

        The trading authority 700 may issue a requirement 708 before the order is placed, so that the order receiving department 704 knows what to do when the order comes.

        By “requirements” 708, order receiving department 704 may issue order 710 in electronic and / or paper (or other) form to manufacturing department 712.

        Trading Authority 700 may issue manufacturing requirements 714 to the manufacturing department to manufacture sweaters according to consumer preferences.

        The trading authority 700 may also issue a supply requirement 716 to the supplier 718. For example, trading authority 700 may require supplier 718 to deliver a supply such as yarn ball 711 so that manufacturer 712 has the material for manufacturing the sweater.

        The supplier 718 may notify the trading authority 700 by issuing a notification 720 when the supply is delivered.

        • When manufacturing department 712 finishes the sweater, manufacturing department 712 may alert trading authority 700 by sending notification 722.

        In response to the notification 722 sent by the manufacturing department 712, the trading authority 700 may send a shipping requirement 724 to the shipping department 726, for example, collecting the sweater 728 completed in the shipping department from the manufacturing department and Request to deliver it.

        Trading authority 700 may coordinate with other trading utility systems 90, such as financial bill exchange 200, to arrange payment.

  Of course, this example is for illustrative purposes only. Trading authority 700 may, for example, handle electronic order sales, electronic data exchange (EDI), electronic contract negotiation and fulfillment, electronic document delivery, inter-company and intra-company transactions, business organization, to name a few of the many useful applications. It can be used for all kinds of different process control and automation, such as electronic integration of secure business processes within or between business organizations.

VDE management service 800
The VDE administrator 800 in the preferred embodiment (see FIGS. 1 and 1A of this application and the related discussion in the specification of Ginter et al.) Is responsible for the network 150, equipment 100, protected processing environment 154, and distributed trading utility 75. Provides various electronic maintenance and other functions to maintain safe, smooth and effective operation. For example, the VDE administrator 800 may manage cryptographic keys used for electronic security across the network 150 and may also be used to secure data from the device 100, various trading utility systems 90, and other electronic devices. Maintenance services can also be provided. As described in detail in the Ginter et al. Patent disclosure, other important functions performed by the VDE administrator 800 include installing and setting up a protected processing environment 154, and whether the protected processing environment is Including helping to keep stored authorization and / or usage data secure. The VDE administrator 800 can interact with other trading utility systems 90.

In addition to supporting consumers 95 that can support each other , the trading utility system 90 can support other trading utility systems. This is shown in FIGS. 16A to 16F. For example:
• The bill exchange 200 can help ensure that other trading utility systems 90 are paid for their contribution (see FIG. 16A);

        • The bill exchange 300 (see FIG. 16B) communicates to other trading utility systems 90 as to how the assistance they provide is being used. For example, the bill exchange 300 may inform the certification authority 500 how the certification authority's certification was used. (This is very useful for accounting for the amount of possible responsibilities that the certification authority guarantees or detecting fraudulent authentication.)

        FIG. 16C shows a rights and authorization bill exchange 400, for example, a financial bill exchange 200, a bill exchange 300, another rights and authorization bill exchange 400 ′, a certification authority 500, a secure directory service 600, and a transaction Indicates that other trading utility systems 90 such as authorities 700 can be supported.

        • The certification authority 500 may include other trades such as a financial bill exchange 200, a bill exchange 300, a rights and authorizations bill exchange 400, another certification authority 500 ', a secure directory service 600, and a trading authority 700, for example. A digital certificate 500 can be issued that authenticates the operation of one or more other trading utility systems 90 (see FIG. 16D) that support the utility system 90.

        FIG. 16E shows that the secure directory service 600 is, for example, a financial bill exchange 200, a bill of exchange 300, a rights and authorization bill exchange 400, a certification authority 500, another secure directory service 600 ′, and a trading authority. It shows that other trading utility systems 90 such as 700 may be supported.

        FIG. 16F shows that the trading authority 700 is, for example, a financial bill exchange 200, a bill exchange 300, a rights and authorizations bill exchange 400, a certification authority 500, a secure directory service 600, and another trading authority 700 ′, etc. It shows that other trading utility system 90 can be supported.

"Part of Account"
The trading utility system 90 described herein provides useful and important services and functions. Operators of such services can and should be compensated for the services they provide. The financial bill exchange trading utility system 200 can ensure that they and other support service providers receive this compensation without inconvenience to other electronic communities and value chain participants.

  In assisting or compensating for value chain participants, the trading utility system 90 takes a portion or percentage of compensation for the bill exchange service it provides (based on pre-authorized contract arrangements). Support services can be compensated based on a small portion of the payment that can result from each electronic transaction (“part of the account”). Providers can give some or all of the fees to their own value chain participants in various ways.

Several different classes of value chain participants are required to compensate the trading utility system 90. They include:
Information consumers (including, for example, people who use information “exhaust” generated by electronic trade, electronic transaction management, and rights management activities);
-Content Rightsholders and other electronic providers;
• Participants in a wide range of secure distributed electronic trading transactions.
In addition, different support service providers may need to support each other in different ways and thus need to compensate each other. For example:

One trading utility system 90 can act as an intermediary for customers of another trading utility system 90;
• One trading utility system 90 may need to support the operation of another trading utility system 90; and / or • Multiple trading utility systems 90 may need to work together and support common transactions. .

  Different trading utility systems 90 may cooperate to establish a common fee that divides between them. In other scenarios, each trading utility system 90 may charge independently for the value of its own service. There may be competition between different trading utility systems 90 based on quality of service and price, as deposit card companies are currently competing for provider and consumer operations.

Example of Distributed Trade Utility System Architecture The patent disclosure of Ginter et al. Describes “Right Operating System”, for example, on page 180 et seq. And FIGS. "Right Operating System" is a small, secure, event-driven, partitioned, service-based, "component" -oriented, distributed, multi-processing operating system environment It provides an environment that integrates VDE security control information, components, and protocols into a conventional operating system concept. An example of a preferred trading utility system 90 architecture provided by the present invention builds upon the rights operating system described by Ginter et al.

  For example, an example of a suitable trading utility system 90 architecture provides a collection of service functions that a rights operating system can execute as an application. These service functions define various useful tasks that some and / or all trading utility systems 90 may need to perform. These service functions are distributable, scalable, and reusable. These can be combined in various combinations and sub-combinations, for example, depending on the business model, to provide the overall functionality desired for the execution of a particular trading utility system 90.

  FIG. 17A shows an overall example of the architecture of a trading utility system 90, FIG. 17B shows an example of an architecture application of the trading utility system 90, and FIG. 17C shows further details of service functions.

Referring first to FIG. 17B, in this embodiment, the architecture of the application software for the trading utility system 90 includes a trading utility system descriptor 90A. The trade utility system descriptor 90A includes information about the trade utility system 90. This information identifies such a system and its performance and describes, integrates, and / or interfaces any number of service functions 90B (1), 90B (2),. Trading utility system descriptor 90A and service function 90B are implemented using, for example, object-oriented programming techniques, such descriptors and service functions are modular and reusable, and required for trading utility system 90. Helps ensure that the characteristics of how the action was actually implemented and / or performed are abstracted.

The trade utility system descriptor 90A (1) can also perform the function of adjusting the operation of the service function 90B. In this embodiment, descriptor 90A directs requests and other system actions to the appropriate service function 90B, and an interface between which service functions 90B may exist that require one or more service functions. It can be ensured that differences such as data types are adjusted, as well as by assisting in directing the overall process flow between the various service functions 90B. A non-exhaustive list of examples of such service functions 90B includes:

・ Audit ・ Record maintenance ・ Monitoring process ・ Monitoring status ・ Complete process definition ・ Process control ・Interface to settlement service

・ Fund transfer ・ Currency conversion ・ Tax calculation and application ・ Account opening and confirmation person setting ・ Payment total ・ Payment non-calculation ・ Pre-budget approval ・ Status notification ・ Check

・ Incomplete event recording ・ Requirement generation ・ Report generation ・ Event result ・ Account adjustment ・ Identification confirmation ・ Electronic currency creation ・ Event database management ・ Route database ・ Request generation

・ Replication ・ Propagation ・ Use database management ・ Invoice creation and processing ・ Market research ・ Negotiation ・ Control set database management ・ Control set generation ・ Process control logic

-Event flow generation-Routing-Archive-Rights and authorization database management-Template database management-Trade management language processing-Rights management language processing-Advertising database management-Automatic class generation-Automatic class setting-Notary-Signing generation

・ Digital time stamp ・ Fingerprint / watermark ・ Proposal and counter-suggestion ・ Object registration place ・ Object verifier setting ・ Copyright registration ・ Control set registration place ・ Template registration place ・ Authentication creation

・ Retract list maintenance ・ Director database management ・ Other service functions

  FIG. 17C shows the service function 90B in further detail. In this embodiment, service function 90B includes service function descriptor 90C and any number of service application components 90D (1), 90D (2). Service function descriptor 90C performs the same role as trade utility system descriptor 90A, except that it functions with respect to service function 90B and service application component 90D. Service function descriptor 90C and service application component 90D are implemented using, for example, object-oriented programming techniques, such descriptors and service application components are modular and reusable, and service function 90B requirements. It helps to ensure that the characteristics of how the performed actions are actually implemented and / or performed are abstracted. In this example, the service application component 90D performs most of the performance of the service function 90B by executing the steps or sub-functions of the service function 90B.

  FIG. 17A shows an example of the overall architecture of the trading utility system 90. The entire architecture shown in the present embodiment is an object-oriented system in which the entire trading utility system 90 is a single object and includes the object of the reusable service function 90B. The object of the service function 90B includes a reusable service application component (object) 90D. Some or all objects may utilize services provided by the trading utility support service layer 90-4, as described in further detail below. The trading utility system architecture 90 of the preferred embodiment shown is built on the rights operating system 90-1 described in detail in a patent specification by Ginter et al. (See, eg, FIG. 12 of Ginter et al.). . The set of service functions 90B includes “applications” executed by the rights operating system 90-1. The number of service functions 90B may be whatever.

  The object-oriented design of the trading utility system 90 architecture shown in FIG. 17A has several desired attributes. For example, the trading utility system 90 can easily add, remove, and / or replace service functions 90B and can change, expand, and / or enhance its performance. Similarly, the architecture allows for the same flexibility in the case of service functions, allowing the addition, removal and / or replacement of service application components 90D. Furthermore, the object-oriented design significantly improves the ease and efficiency of reuse of service functions and / or service application components in different trading utility systems 90 or different service functions 90B (as shown in FIG. 17A). To do.

Service function layer 90-2 and (component 90D including _A) an application layer including a service application component layer 90-3, if desired, may be assisted by the trade utility support services layer 90-4. The trading utility support service layer 90-4 may provide increased efficiency for a large number of transactions. Such trade utility support service 90-4 is, for example,

-Session management-Fault tolerance-Memory management-Load balancing-Database bridging
-Other trade utility support services may be included.

In this example, the service function 90B is based on components and may utilize a service application component 90D that is reusable and based on components. Service application component 90D may typically perform the steps and sub-functions of service function 90B. Each service application component 90D has two parts:
A component 90-B _{a that} does not need to run in the protected processing environment 154; and

It may have either or both of the secure components 90-B _b that need to run within the protected processing environment 154.
In the example of this architecture, there may be a correspondence between the components 90D _b and components 90D _a. For example, at least one component 90D _a, may correspond to at least one secure component 90D _b. There may be a one-to-one correspondence between component 90-D _a and component 90D _b (as shown by the common geometry in FIG. 17A). In the preferred embodiment, this separation of functionality allows interaction between the secure processing operation of the PPE 154 and the service application component 90D when needed and / or desired. By using this architecture, it is easier and more efficient to create service functions that perform the performance required by both application level assistance and secure processing.

For example, performance management and / or support functions by the trading utility system 90 include, in a preferred embodiment, application level database functions and use of protected information in a protected processing environment (“PPE”) 154. obtain. A specific example of this may be a record of payments by a user of the financial bill exchange 200. An operator of such a financial bill exchange 200 has chosen to keep historical payment information in an application level database, but the information protected by the PPE 154 to accurately determine the customer's current account status. when it was necessary, information in the application level database is coordinated with information protected by PPE154, the execution of the service application components 90D service application components 90D _a that has been processed into a single object by _B, The task of using this information is significantly simplified in the context of a given service function 90B (eg, a decision to expand additional deposits). Further, this example service application component can be reused in other service functions 90B.

In another embodiment, the service application component 90D _A may primarily serve as an application level interface object for the corresponding PPE 154 object 90D _B. For example, if the notary service function 90B requires a digital signature application, the service application component 90D _A performs a corresponding service application configuration that performs essentially all of the actual operations of creating and applying a digital signature. or carry information for the element 90D _B, may provide mainly an interface for receiving or. In addition, the application level component 90D _A provides additional exception handling, protocol conversion designed to help integrate performance in a simpler or different way than originally designed for the service function 90B. Or other functions may be provided.

  FIG. 17D-1 illustrates an example correspondence between a service function 90B and a general type of useful trading utility system 90 example. Examples of the service function 90B ("audit", "record maintenance", ...) are shown horizontally. Examples of these service functions 90B are examples of trade utility system 90 types ("Financial Bill Exchange", "Used Bill Exchange" ... written vertically in a row of boxes along the top of the figure. ) May be useful for performing. The drawing of FIG. 17D-1 is not exhaustive and allows for additional useful trading utility system types and additional service functions 90B are possible. Indeed, the architecture of the trading utility system 90 ensures that both the type and service function 90B can be expanded when the business model or other factors change.

  While specific business desires and models may tend to suggest using specific combinations and collections of critical service functions in most executions, the architecture of the trading utility system 90 is dependent on the requirements of the practitioner. A wide variety of different service functions can be freely mixed and combined and are inherently flexible. For example, it would be useful to provide a trading utility system that functions as a “Financial Bill Exchange 200” that provides payment processing, communications, database management, and other related service functions. The trading utility system architecture can provide such a “financial bill exchange” and is more generalized and generalizable. For example, the execution of a specific trading utility system 90 for a “Financial Bill Exchange” may combine a “non-financial” service function with a financial service function. The particular function or set of functions implemented in the execution of a given trading utility system 90 will depend on the individual requirements of the performer, for example, as dictated by a business model or function.

  FIG. 17D-2 illustrates, for example, how the functionality of the example “financial bill exchange” trading utility system 200 can be constructed from the example service function 90B. In this embodiment, the service function 90B surrounded by a dark line is included in the trade utility system descriptor 90a shown in FIG. 17B. FIG. 17D-2 shows an example of a bill of exchange trading utility system 300 constructed based on a different subset of service functions 90B surrounded by dark lines (shown in FIG. 17D-1). Comparing FIG. 17D-2 and FIG. 17D-3, some service functions 90B (eg, “Audit”, “Status Notification”, “Event Database Management”, etc.) are available for both financial and billing exchanges. Can be reused. The combination of the financial and usage bill exchange trading utility system 90 may use a combination of the service function 90B surrounded by the dark line in FIG. 17D-2 and the service function 90B surrounded by the dark line in FIG. 17D-3. More, fewer, and / or different functionality may be provided for a particular trading utility system 90 by simply providing and calling more, fewer, and / or different service functions 90B.

Distributed trading utility system 90
The above-described secure application component 90-3, in a preferred embodiment, includes or has an inter-control structure and associated rules and methods shown in FIGS. 41A-41D and FIG. 48 of Ginter et al. Also good. These mutual control structures can be used to link different or identical control sets operating on the same or different trading utility system 90 or other electronic device 100. Thus, each active person may have one or more interrelationships with all other active persons, i.e., the trading utility system 90 associated with several roles in some of the various actions.

  FIGS. 17E-1 through 17E-4 may be used to allow different examples of interaction model trading utility system 90 to interact with ongoing transactions or processes based in part on these interaction structures. Show that:

        FIG. 17E-1 is an event-mediated model in which the trading utility system 90 receives an event notification 748 from a secure entity (eg, a first protected processing environment) and receives another (and / or identical) ) Shows a model that generates an event 758 that triggers the activity of a secure entity (eg, a second and / or first protected processing environment).

        FIG. 17E-2 is an interaction model of different trading utility systems, where an event notification 748 is sent to both the trading utility system 90 and another secure entity so that the first secure entity performs the process. , But the second entity waits for receipt of an authorization to proceed before actually performing the next step of the process from the trading utility system 90.

        FIG. 17E-3 is a notification model, where the trading utility system 90 receives an event notification 748 for secure audit purposes, unless otherwise it is necessary to resolve an exception (eg, an error condition) Demonstrate models that are more passive bystanders that do not interact directly with ongoing processes or transactions.

        FIG. 17E-4 is a preferred authentication model before the trading utility system 90 can pass an event notification 748 to the next secure entity for the entity to perform the next step of the entire process or transaction. , Shows an authentication model in which a notification 748 ′ must be issued to one secure entity in response to receipt of an event notification 748 from the entity.

  The various trading utility system 90 interaction models shown in FIGS. 17E-1 through 17E-4 are not exhaustive or mutually exclusive. A given transaction or process may include some or all of these in different combinations based on business models or other requirements.

  As described above, the present invention distributes the operation of a particular service function 90-2 or service application component 90-3 across a network or system 50 that includes, for example, individual consumer 95 electronics. Provide technology for. FIG. 17F shows an example of a control set 188 that can be used to control a remotely located protected processing environment (eg, consumer electronics) to perform the “local” portion of the exchange operation. The trading utility system 90 can deliver this control set 188 to the consumer's electronic equipment, another trading utility system 90, or other electronic equipment (eg, electronic equipment that is part of the communications infrastructure). . Trading utility system 90 may, for example, exchange authentication portions (executed as one or more service functions 90-2, each including one or more service application components 90-3), for the user's electronic device, for example. It can be transferred to a process that can be performed within the protected processing environment 154.

Example of FIG. 17F, the method 850 (e.g., meter, billing, or budget) a, the AUDIT (Audit) event 852 (1) is a method that is treated as the audit method 854. Examples of meter methods 850 are:
USE (use) event 852 (2) (eg, “click” on meter);
INITIALIZE event 852 (1) (eg, prepare meter for use);
RESET event 852 (3) (eg, returning the meter to a known good state after an error condition);
AUDIT event 852 (4) (eg, collecting a record generated during the USE event and a copy of the current UDE value and preparing to send it to the auditor);
READ USE RECORD event 852 (5) (eg, returning a copy of the requested usage record);
READ UDE event 852 (6) (eg, returning a copy of the current UDE);
READ MDE event 852 (7) (eg, returning a copy of the requested MDE);
You can have other miscellaneous events.

The AUDIT event 852 (4) of this example may be linked to the audit method 854. In this example, trade utility system 90 to access the data, format permission of suitable PERC control set and / or access tag defining more detailed usage permissions, and USE event 852 meter method 850 ( Semantic knowledge of the recording format exported by 2) may be required. Semantic knowledge can occur from an out-of-band contract (eg, standard) or via access to the MDE (or appropriate MDE portion) of the meter method 850 that describes the usage record format.

The audit method 854 event is a USE event 856 (2) that performs the function expected by invoking the method event--in this case, collecting usage records and a copy of the current UDE and sending them out. Including. In this example, assume that this method also has an INITIALIZE event 856 (1). When called, the INITIALIZE event 856 (1) is sent internally and its associated load module is called back to the READ MDE event 852 (7) of the meter method 850 to learn the meaning of the usage record. . The USE event 856 (2) is then invoked and the load module 858 (2) associated with processing this event triggers an appropriate event for the meter method 850 (eg, repeat READ USE RECORD to read READ UDE once). call. At this point, the expectation of call methods other than managed object packaging and sending is realized.

USE event 856 (2) may be further processed to perform further distributed switching functions. For example, while reading a USE record from a meter, the audit method 854 (for example, classifying the type of object used and the number of times various types have been accessed for information reported up the exchange chain) Analysis function (decreasing to the correct count). Records from content types that are not of interest can be discarded. The detailed record itself can be discarded after analysis. In another example, UDE values (eg, how many clicks were recorded) can be compared to the number of usage records retrieved, and if there are discrepancies, they are reported and / or taken locally (Eg, disable use of an object from a given provider until further interaction). Furthermore, in other embodiments, the recording may remove the user's unique information to ensure privacy. In a further embodiment, the records can be processed and analyzed locally (and then discarded), while other detailed records are saved for later processing.

Once the distributed exchange function is performed, the information can be combined into one or more managed objects for sending the exchange chain up to a centralized location. This may include, for example, direct reporting to the provider and / or reporting to another exchange function. The processed record can be released by audit method 854 (for deletion by meter method , summary, filing, etc.) upon receipt, processing, transmission, or receipt of confirmation by the recipient.

In another embodiment using meter method 850 shown in FIG. 17F, AUDIT event 854 may be performed “internally” by meter method 850. In this example, usage records and UDEs are bundled into one or more managed objects for transmission to the auditor by the load module 853 associated with the AUDIT event 854 (4) of the meter method 850. However, instead of sending these objects, they can be processed locally. To do this, the name service record used by ROS (see Ginter et al. FIGS. 12 and 13) to find the nominated auditor can be redirected back to the local PPE 154. . In PPE 154, the process controlled by the trading utility system 90 is used to perform the local exchange functions described above (on behalf of them) except that it uses the contents of the managed object instead of commanding the meter method event (call to). Based on the method and / or load module delivered. This is more similar in the sense that the functions performed at the remote switching facility are performed on the managed object and its contents. However, processing can be done on networked equipment instead of on local consumer electronics.

The distributed support service in this method provides additional performance that cannot exist or be available in a centralized architecture. For example, a rights and authorization bill exchange can transfer local servers in an organization to keep track of requests and to cache copies of authorizations previously requested by the organization. Such local rights and authorization bill exchanges reduce network communications and provide a convenient local repository for organization specific authorizations (eg, site licenses for computer software). The authorization server may be authenticated to grant licenses on demand by rights holders, or rights and authorization providers, or other rights distribution organizations.

  As another example, many secure, mostly automated management and support services can be distributed over all and / or some of the devices that are at least occasionally connected. This is done regardless of whether the device is a computer, set-top box, personal digital assistant (PDA) digital phone, intelligent digital television, or any other digital device. Such equipment uses a protected processing environment to support services that are safe and reliable and perform without interference (eg, as described in the Ginter et al. Patent) and without other interference. To be guaranteed.

  In another embodiment, one possible VDE content distribution scenario is where the content provider plays the initial packaging role, the distributor performs the distribution function, the user keeps track of usage records, and the bill exchange is Includes processing usage and financial information. This is in contrast to a centralized processing model where all of these functions are performed by a single centralized party.

  As yet another example, increased efficiency can be achieved by changing bills exchange functions to individual user machines, local area network (LAN) servers, and / or corporate LAN / WAN environments to external and commercial “backbone” servers. This is achieved by distributing it across corporate “gateway” machines that bridge the network.

  As another example, a company computer may be authorized by a central certification authority to grant a particular type of digital certificate. For example, a company can be a member of a particular trade organization. The trade organization's certification authority gives the company a digital certificate that proves that fact, and converts each certification authority on the company's own computer to issue a certificate that proves that each employer of the company is a member of the trade organization. Attached. Similarly, parents can be authorized to issue digital certificates on behalf of their children.

  The techniques described above show how a distributed trading utility can be distributed across multiple trading utility systems by using the trading utility system 90 architecture. In addition, service functions 90-2 provided by one or more trading utility systems 90 may be any (including end-user systems) selected by participants on other trading utility systems 90 or in a given scenario. It can be broken down into full or partial processing steps (eg, service application component 90-2) performed by all or part on other systems.

Trade utility system type
Financial bill exchange 200
FIG. 18 shows an embodiment of a financial bill exchange trading utility system 200. The “Financial Bill Exchange” supports the automatic and efficient financial realization of electronic transactions. For example, the financial bill exchange 200 collects payments for information and details and includes automatically and selectively decomposing payments into payment parts directed to the appropriate value chain participants. Arrange money transfers and other compensation efficiently to ensure you receive. The bill exchange 200 may also provide deposits, budget limits and / or electronic money for participants (eg, end users) in a protected processing environment. The financial bill exchange can distribute some of its operations to a protected processing environment for the safe and local execution of such operations. The following are some examples of financial bill exchange support functions that can be provided by using the present invention:

• Exchange of bills for financial transactions in a safe, efficient, timely and accurate manner.
Provide a secure financial note exchange for payment mechanisms that are trusted by value providers and users / consumers and are easy for them.

-Widely distributed customers and / or complexity of rights holders and other value chain participants (eg, providers supplying value to the electronic community in the process from creation to decentralization, sales, and delivery) Guarantees payments without having to take on the task of managing a large number of finances that often interface with various financial service standards and protocols.

• Enables content consumers to pay for information goods and related services using a variety of different payment methods through a common and trusted interface .

        -Allows each party involved in a transaction to confirm that a given exchange occurred alternately as intended and to prevent any party from rejecting the transaction.

Reconcile accounts when purchasing or using reports (eg, when transferring funds from a value chain participant account to one or more provider accounts).
• Support frequent and granular bill exchange activities.

        • Financial bill exchange services for all value chain participants (for example, buyers, distributors of all types of digital content, and buyers, distributors and sellers of sellers and physical products, as well as other services) To users).

・ Distributed electronic trading domains include existing electronic, paper, and / or deposit card systems, bank deposit card systems, smart card systems, electronic data exchanges, automatic bill exchanges, digital money, etc. Or interface with other payment and / or bill exchange services.

• Directly interface with entities to establish settlements and adjustments by one or more banks and / or other organizations and / or who will perform legal settlement services.

        Other organizations and / or digital information creators, information distribution and / or changers for one or more banks and / or digital processes, and / or other user accounts for customers and / or funds, deposits and deposits By the creation and assignment of identification labels, numbers, names, or other unique identifiers.

        • Use safe containers in the process, part or process of providing a secure financial bill exchange service.

        Rules governing the distribution of processing performed in each protected processing environment of a distributed financial bill exchange system (for example, user protected processing environment, web server, bill exchange performed by central bill exchange facility) And control secure financial bill exchange processing based at least in part on the control.

        • Handle exchanges from one currency to another efficiently and securely.

        • Enable payments based on content, process control, and / or rights management use, at least in part, or other consideration provisions including service fees, product fees and / or other fees or charges .

        Supports wide use of micro-fees and micro-payments based at least in part on content, process control, and / or other usage transactions. Support here refers to the decentralized secure collection and / or processing of negligible trading activities and the network of bill exchanges for further processing and / or collection of information related to such activities. Through regularly.

• Efficiently measure and manage negligible payment activity while minimizing transaction costs.
・ Minimize waiting time in handling extremely small payment transactions.

        Aggregate or “bundle” transactions for local value stores or other payment means (methods).

        The rules and controls of the value chain, and the chain of handling, and the assignment or transfer of payments to different value chain providers based on the same or different electronic control sets that control use and / or other authorizations Use controls to manage separation (split) efficiently. (For example, securely control payment results through parsing payment amounts between various value chain entities as required by rules and controls before a particular payment method is activated.)

        Reduce (eg, minimize) the number of electronic messages required to support a given set of electronic transactions, eg, via distributed transaction processing and / or transaction activity aggregation.

        Support local aggregation (bundles or combinations of each other) of multiple payments or negligible payments at the value chain participant's site.

        Enables value providers (eg, value chain participants) to efficiently check the ability of other value chain participants to pay before offering services or (physical and / or electronic) goods in deposits To.

        • Allow value providers to authenticate the appropriate level of funds against the purchase level estimated by the preferred payment method of the value chain participants. This includes, for example, budget management for deposits and / or currencies that can be consumed for a specific class only and / or for all transactions (eg content and / or process control types), eg G and PG movies only Including providing budget management for spending on a clear and specific classification of expenses.

        Provide confirmation of the identity of a potential value chain participant and tie that identity to the value chain participant's chosen payment method.

        • Provide regular reports of trading activities for the purpose of coordinating and recording bill exchanges. Perform audits, billing, fulfillment, and / or other considerations and / or other bill exchange activities.

        • The class of spending activity (eg, business, entertainment, travel, family spending), such as time, location, cost reversal of local funds, and / or purpose, family or other individual or group identity, content or acquisition Providing event driven reporting based on classification of goods and / or services performed and / or classification of any type of spending activity.

        • Obtain certification from the secure chain of handling and control embodied in the electronic control set.

        Granting and / or authentication to and / or with one or more of the bill exchanges and one or more distributed financial bill exchanges having some combination and / or peer-to-peer relationship Provide service.

        Distribute financial bill exchange functions across networks or other systems with rules and controls and other VDE technologies as described in the Ginter et al. Patent specification. (For example, all consumers or other value chain participant nodes can perform a distributed financial bill exchange service, where the participant node communicates financial bill exchange information directly with one or more other participants. obtain.)

        • Deliver authentication and / or provide services to or with one or more financial quasi bill exchanges. The operation of one or more financial semi-billing exchanges is logical, such as within a company or government agency and / or within one or more jurisdictions and / or within the scope of all contributions of the senior financial bill exchange's operational focus area And / or physically located elsewhere.

        Distribute and / or authenticate financial bill exchange functions across systems or networks. For example, here, all and / or specific or all other value chain participant nodes of a consumer can interact with their own secure financial bill exchange transaction and a bill exchange exchange with one or more other participants. Distributed use bill exchange that initiates functions, operations common nodes, and functions in all contexts of the bill exchange network, including all other activities that make appropriate use of VDE technology as elsewhere in this list Can potentially support the service.

        • Effectively calculate, collect, and disperse “value added taxes” imposed by sales and at least one jurisdiction.

        A web of financial bill exchanges where one or more classes (groups) of a bill exchange can have a common peer-to-peer relationship and different groups can have different rights to interact with members of other groups Support. For example, a financial bill exchange in an end user's protected processing environment may have limited rights to interact with a “first” financial bill exchange.

        • Support a web of protected processing environments at the bill exchange. Such a protected processing environment includes an inconspicuous “bank” or banking protected processing environment, such a protected processing environment being a secure storage (local and / or remote) of the notation currency. The right to “lend” currency stored in the secure processing environment of the location, end users and / or other bill exchanges, the right to initiate electronic currency objects, the right to make payments from local or remote currency stores, One or more virtual banks that perform many of the roles currently performed by traditional banks, and the ability to receive communications (e.g., electronic invoices) that signify debt to be paid, and the ability to perform such payments (Or, banking network) VDE performance that safely manages and executes banking functions such as the ability to operate as a banking “branch” Kill.

        • Support the ability to create conditionally anonymous electronic currency for financial bill exchanges. Such currencies can be used to execute payment obligations, such as remote banking authorities that the receiving party assesses that the currency is certified for legitimacy or use after such receipt. It is treated as authentication without the requirement to connect with.

        A distributed processing center's protected processing environment supports the ability to operate on a portable device (eg, an electronic wallet) such as a smart card with one or more of the capabilities described above. Here, a cellular or land-line communication means (or other transport mechanism) can be online or billing or for example the identity of the purchaser, seller and / or distributor, and such activities Supports asynchronous communication of information relating to current or multiple transactions of other audit information relating to trading activities including authentication information, budget management information, deposit acquisition, currency acquisition and / or expenditure information.

        • Discounts, grants and / or coupons for value chain participants, eg consumer users, in exchange for usage data or more fine-grained usage data (eg to restore privacy considerations in certain situations) To help get

        It may be organized in a hierarchical peer-to-peer or combined mode. Here, the responsibilities of the exchange of financial notes can be distributed in different ways for different trade models and / or activities and / or value chains, where one or more specific entities are, for example, hierarchical in one or more cases Is more advanced, in one or more other cases it may be hierarchically peered or less advanced.

        The relationship between participants is programmable and can be set (and later changed) to represent one or more desirable financial note exchange configurations for a given trading activity, value chain or model.

        For example, distribute payments to multiple organizations that include one or more governments (eg, city, state, and federal).

  FIG. 18 shows an example of a function oriented diagram for the financial bill exchange 200. In this example, the financial bill exchange 200 operates in a trusted and secure domain to provide a highly automated and protected processing environment. This effectively provides financial bill exchange services for all kinds of electronic trading chains. It also acts as a gateway between advanced and secure virtual distributed environment (VDE) domains and other domains, providing protocol support for existing infrastructure. The gateway function allows a highly flexible distributed VDE protected processing environment to develop existing financial infrastructure services that are inflexible, centralized but ubiquitous and trusted.

  The core functions of the bill exchange 200 are related to payment processing 208, payment consolidation 212, payment separation 214, and negligible payment management 216. This is because these functions collect money from customers and other value chain participants and pay for product providers such as value chain services or business partners.

More specifically, the financial bill exchange 200 may perform the following functions in this example:
・ Payment processing 208
・ Deposit inspection 210
Payment integration 212
・ Payment separation 214
・ Small payment handling 216
・ Event driven report 218
・ Adjustment 220
Database maintenance / management 222
・ Replication 224, and ・ Propagation 226

  The bill exchange 200 may receive payment information 202, customer information 230, provider information 232 and integrated reports and bills 234 from the outside world. It may generate billing orders 236, deposit orders 238, statements and reports 204, 240, release signals 242 and deposit verification and authentication 244.

  Database management 222 and event driven reports 218 can be used to securely provide accurate financial reports for evaluating chain participants. The reconciliation function 220 (for both reporting and financial management) allows the financial bill exchange 200 to provide more reliable financial management. The duplication function 224 and the transfer function 226 are used by the financial bill exchange 200 to facilitate distributed processing with other financial bill exchanges 200 and / or other secure or insecure protected processing environments. . Therefore, the bill exchange can securely share state and update information with other trading utility systems or other participants.

  In the illustrated example, payment information 202 (which can be reached in one or more secure containers 152) is the primary input to payment processing block 208. If desired, payment information 202 may also include some or all of the usage information sent to bill of exchange 300. Alternatively, payment information 202 may include different types of usage information that are more relevant to financial auditing and transaction tracking. This payment information 202 can be reached in real time or on a delayed (eg, periodic or other event driven) basis.

  The bill exchange 200 uses the provider information 232 and the customer information 230 to transfer funds between the customer and the provider. The bill exchange 200 uses the integrated reporting and billing 234 to guide the overall payment process 208, the payment integration 212 and the payment separation 214. For example, the bill exchange 200 can issue bills and deposit orders 236, 238 to a third party financial institution such as a bank, credit card company, etc., and can charge customer accounts and deposit corresponding provider accounts. The bill exchange 200 may issue a statement 204 and a report 240 for secure auditing and / or informational purposes. The bill exchange 200 may issue a deposit authorization 244 after performing the deposit check 210, thereby spreading the deposit to the appropriate value chain participants. This authorization 244 is entered if it is not completely local (ie, an authorization request comes in and financial note exchange 200 is the deposit and / or deposit limit information source) / Output function may be included.

  The bill exchange 200 may issue a release signal 242 in appropriate circumstances, thereby holding the “pending” financial information to the electronic device 100, which allows the financial bill exchange 200 to transfer, analyze, and / or Or it can be stopped and / or continued after it has been processed. In certain embodiments, user equipment 100 may store financial information within business model limits, even after it has been reduced to a “release”, such as an overview. Of course, this may already be done using a copy of the data (eg if the data is accessible in advance). For example, assume that a partial copy of financial usage information includes business model secret information. The property costs $ 1.00 to see, and that dollar can be split into multiple institutions. Usually, the user knows only the overall calculation results and does not know the details of such a split, even if a record exists for each participant in the transaction.

FIG. 19 shows an example of the architecture of the financial bill exchange 200. The financial bill exchange 200 of this example includes a secure communication handler 246, transaction processing 248, a database manager 250, a switch 252, and one or more interface blocks 244. An example of a financial bill exchange architecture in this example is Ginter et al. 12 and 13 (in this example, the multi-purpose external service manager 172 can support a clearing service interface 254, for example), can be based on the operating system. The secure communication handler 246 allows the financial bill exchange 200 to send another electronic device 100 (1). . . 100 (N) can be safely communicated. This communication may be via a secure digital container 152. For most trading utility systems 90, including financial bill exchange 200, it is desirable to support both real-time and asynchronous receipt of containers 152. In addition, the bill exchange 90 can also support real-time connection protocols. The real-time connection protocol does not require the container 152 for simple transactions, such as credit card payments that do not have separation requirements. The advantage of using a real-time connection is that results are obtained in real time. In situations where users need a lot of money or deposits to run out (rather than just making a record or receiving a regular replenishment of a budget that is not exhausted) It can also be useful when a provider (e.g. content or budget) claims to clean the transaction before any activity initiated by the transaction.

  Although connections for real-time transactions do not always require a secure container 152, the use of container 152 is useful even in this scenario. For example, the container 152 allows rules and controls to be attached to the content, and the user can specify how to use the content. Further, the use of container 152 takes advantage of the capabilities that exist in a protected processing environment. Using technologies such as email to deliver the container 152 (eg, as an attachment to an SMTP mail message or as an attachment to other email protocols that support attachments) allows for asynchronous processing of content. Thus, the trading utility system 90 can remove those peak process loads. The cost of operating a trade bill exchange is the cost of depreciating the equipment. The amount of equipment is mainly determined by peak load requirements. Large fluctuations in load can be expected (eg, compare Friday night at 8pm and Tuesday morning at 3am). This load removal function can save very large equipment and associated costs (electricity, labor costs, maintenance costs, etc.).

  The transaction processor 248 may process and analyze the received information, and the database manager 250 may analyze the received information for pending and / or historical analysis (to increase payment limits, to analyze payment history). Etc.) can be stored in the database. In addition, the database manager 250 may also store information related to current credit limits, addresses for (physical and / or electronic) communications, and other account information. For example, Ginter et al. The patent specification by describes the encumbrances. The database manager 250 can be used to store information used for track disturbance as well. There may also be a protected processing environment and / or a user utilizing the protected processing environment and a secure set of information used to communicate with a clearing service. Records relating to communication with the clearing service may be stored in the database manager 250 as well. The database 250 may also be equipped with various recording functions for the content.

Both transaction processors 248 and 250 perform most of the functions shown in FIG. Switch 252 from the interface block 244 or to the interface block 244 is used to route the information. The interface block 244 is used to communicate with third party clearing services such as credit card companies, automatic bill exchange (ACH) systems for bank clearing, billing card accounts and the like. Optionally, the internal clearing services provided by Federal Reserve Bank 256 can be used in place of or in addition to the indicated third party clearing services, and general banking arrangements And provide account clearing in accordance with legal requirements. The payment mechanism used by the financial bill exchange 200 is symmetric (eg, notifies VISA to charge consumer A's billing account, as permitted by applicable financial and banking rules, and the vendor Y), even if it is asymmetrical (for example, notify VISA to charge Consumer A's billing account and provide the amount to the Bank Note Exchange, It is also possible to deposit in the account of manufacturer Y using a mechanism.

Financial clearing process example Figure 20 illustrates a processing example of a financial clearinghouse. In this example, provider 164 provides goods, services or content to consumer 95. For example, provider 164 provides one or more digital properties 1029 and associated controls 404 within electronic safety container 152. A secure processing environment 154 at the consumer 95 site may keep a record of payments, usage and other information and provide an audit record 228 identifying this information. The audit record 228 is transmitted from the consumer 95 site to the financial bill exchange 200 within one or more secure containers 152b. The audit record 220 may include, for example, the reporting electronic device 100 identification; the payment amount; the provider identification; the consumer's desired payment method; the name or other identification of the electronic device user; and the type of transaction involved. The reporting time and / or reporting frequency can be, for example, time according to day, week, month, year or other time interval; occurrence of related or unrelated events (eg, a predetermined number of items requiring prior approval prior to purchase May be based on the number of different events, such as purchases already made, local electronic parse exhausted funds, need reporting for other reasons, etc.); or combinations thereof.

  The bill exchange 200 analyzes the audit record 228 and generates one or more summary reports 240. The bill exchange 200 may provide the summary report 240 to the provider 164 by electronic transmission within the secure container 152c. The bill exchange 200 may also unify the financial intermediary 258 and one or more financial processors 260, bill the bank or other account owned by the consumer 95, and the bank or other owned by the provider 164. Make a deposit corresponding to the account.

  For example, the financial bill exchange 200 receives the audit information, separates the transaction (to the value chain amount for creators, distributors and others; as well as to the value chain amount for tax authorities and other government entities) and then The amount to be paid can be calculated from the beneficiaries of each transaction. Then, if desired or necessary (depending on the size of the transaction, the price per transaction, and / or the cost conditions), the transaction can be bundled together for each party by credit card It can be submitted (with appropriate account information) to a financial intermediary 258 responsible for the transaction. Financial intermediary 258 (financial intermediary 258 can also be charged or commissioned) then generates a transaction in financial processor 260 so that each beneficiary receives the appropriate amount. Alternatively, if the financial bill exchange 200 has the capability and authorization required to submit a credit card transaction directly to a credit card company, the financial bill exchange 200 may send the transaction to the financial processor 260 ( For example, VISA) may be generated directly.

  The financial processor 260 may send to the provider 164 (and / or the consumer 95) a statement 204 describing the financial claims and payments that have occurred. If desired, financial processor 260 may provide calculation 204 in a secure container (not shown). The bill exchange 200 can receive a portion of the amount charged or a predetermined fee and compensates for the bill bill service provided by the bill exchange 200.

  20A-20F illustrate an example of a financial bill activity using a local electronic money parse 262 maintained on the consumer's electronic device 100. FIG. In this example, the financial bill exchange 200 first provides the consumer 100 with the electronic money sent by placing an electronic cash in one or more secure containers 152. The bill exchange 200 can automatically charge the consumer's bank 206a or other account to obtain their funds. Financial bill exchange 200 can also do it at the consumer's request (FIG. 20A).

  When the consumer electronic device 100 receives the electronic funds, the consumer electronic device 100 may deposit in the electronic cash parse 262. The electronic device 100 maintains the electronic cash parse 262 in a protected processing environment 154 (see, for example, “MDE” described by Ginter et al.) (See FIG. 20B). Consumer electronic device 100 may use this locally stored electronic money to pay for goods and services consumed by the consumer. For example, publisher 68 may provide work 166, such as a book, movie, or television program, to consumer electronic device 100 by sending it in one or more secure containers 152b. The consumer can operate his / her electronic device 100 to open the container and access the work 166. The consumer can use the work in a manner specified by the electronic controls associated with it (see FIG. 20C).

  If the rights holder has the right to request payment in exchange for the use of work 166, the consumer's electronic device 100 will debit the electronic parse 262 with the amount of payment required for automation (in this case $ 5). (FIG. 20C). Further, the consumer electronic device 100 may automatically generate a usage record 264 that records this usage event. Based on the occurrence of time and / or other events, the consumer electronic device 100 can automatically send an audit record 264 to the financial bill exchange 200 in the form of one or more electronic containers 152c. Audit records 264 may include a package of audit records sent at audit time or a set of related records stored in a safety database (or an overview to protect consumer privacy) (see FIG. 20D). .

  If the usage record 262 is received and successfully stored in the own database 250, the financial bill exchange 200 may send a release signal 242 in the electronic container 152d (see FIG. 20D). The release signal 242 allows the consumer electronic device 100 to delete the usage record 264 previously held.

  The consumer may use the same or different work 166 to facilitate the generation of additional usage records 264 'and to reduce the electronic parse 262 by other usage claims (in this case, the parse content is exhausted). It can be used again (see FIG. 20E). If the electronic purse 262 is exhausted, the consumer electronic device 100 may be prompted to contact the bill exchange 200 again, request additional funds (see request 288 '), and use the usage record 264'. (In this example, both information are sent in the same electronic container 152e) (see FIG. 20F).

  The bill exchange 200 may respond by sending additional electronic funds (after charging the consumer's bank or other account) and may provide other release signals. This release signal allows the consumer electronic device 100 to delete the usage record 264 '(see FIG. 20F). The money collected can be paid to the rights holder (after being appropriately reduced to compensate the trading utility system 90).

Payment Separation FIG. 21 shows an example of a financial bill activity that includes a value chain “separation”. In this example, the financial bill exchange 200 supports payment separation within the value chain efficiently, reliably and securely. FIG. 21 shows a content creator, such as a writer, delivering work 166 to publisher 168. The publisher publishes the work (eg, in electronic book 166 ′) and delivers it to consumer 95. In this example, consumer 95 payments are “separated” or split between author 164 and publisher 168, eg, based on a contractual agreement. In this example, the publisher receives $ 4 out of the $ 20 paid by the consumer and the writer receives the rest.

  By separation, the financial bill exchange 200 can automatically split the consumer payments into any number of different value chain participants. This is extremely useful in ensuring that all contributors to a product or service can receive compensation for each contribution reliably and efficiently.

  FIG. 22 shows how the financial bill exchange 200 can support the value chain separation shown in FIG. In the electronic example of FIG. 22, the consumer 95 can deliver his / her payment electronically to the financial bill exchange 200. This payment may be in the form of electronic currency packaged in a secure electronic container 152a. Alternatively, it may be in some other form (eg, reported usage information combined with an authorization for an existing bill exchange 200 to charge a consumer 95 bank account).

  The bill exchange 200 may distribute an appropriate distribution of consumer payments to the writer 164 and the publisher 168 in accordance with an agreement between the writer 164 and the publisher 168. How does the financial bill exchange 200 to receive the separated part of the payment know it? In the example of FIG. 22, work 166 may be sent from writer 164 to publisher 168 and may be sent from publisher 168 to customer 95 in electronic form in one or more secure electronic containers 152. One or more electronic control sets 188 may be included in the same or different containers. These control sets are associated with work 166 or other properties. The control set 188 may specify from other things the amount that the customer 95 should pay to use the work 166.

  Control 188 may also identify and control how customer payments are separated from other value chain participants. For example, the writer 164 may specify in the control 188 b provided by the writer that the writer receives $ 16 for each copy of the work 166 purchased by the end consumer 95. Due to the safe handling and control chain provided according to the virtual distribution environment (see Ginter et al. Patent disclosure), author 164 allows publisher 168, customer 95 and other consumers or properties 166. Sexual users can be confident that they will follow this control 188b (to the extent required by the writer's commercial priorities and to the extent allowed by the overall system strength). Publisher 168 may add the control of publisher 168 itself to the control specified by writer 164. Publisher control 188c provides (for example) a $ 4 additional mark. The $ 4 is received by publisher 168 for use of brand name, distribution and marketing services.

  FIG. 22A shows Ginter et al. A detailed example of how payment separation can be performed using a control set 188 within a customer's protected processing environment 154 is disclosed. Ginter et al. Teaches how the control set can implement and control the entire metering, billing and budgeting process within the user's protected processing environment 154 in FIG. 48 and the associated description. FIG. 22A illustrates payment separation based on one or more control sets 188 provided to the consumer's protected processing environment 154. Each processing block shown in FIG. 22A can respond to a user request (event) and opens and accesses the content.

  In this particular example, the metering method 275 is designed to send an event to the payment method 277 whenever the consumer first uses a particular piece of content (the meter event 275 is in addition or alternatively, If desired, an event can be sent each time the consumer uses the content to provide a “pay for each view” feature.

  The billing method 277 in this example includes two different billing methods 277a and 277b. Methods 277a, 277b can be delivered independently. For example, writer 164 can deliver sub-billing method 277a and publisher 168 can deliver sub-billing method 277b. The billing method 277a writes information to the billing record data structure that specifies the amount ($ 16 in this example) that the writer 164 should pay. The billing method 277b writes information to the same or different billing record data structure that identifies the amount ($ 4) that the publisher should pay. Each billing method 277a, 277b receives the open event passed along by the meter method 275 and writes each billing record to the same (or different) billing record data structure.

  In this example, budget management method 279 may be delivered independently of billing methods 277a, 277b. Budget management method 279 may write a record to budget management record data structure 281. The budget management record data structure 281 identifies (among other things) a payment separation agreement (eg, a $ 16/4 split between a writer and a publisher). The budget management record data structure 281 (which is maintained independently of the data structure maintained by the billing methods 277a, 277b and therefore cannot be compromised by the author 164 and / or the publisher 168) is sent to the financial bill exchange 200. Can be sent. The bill exchange 200, as described above, pays and charges a bill exchange, resulting in a $ 20 charge to the consumer account and a $ 16 deposit to the writer account, A $ 4 deposit is placed in the publisher's account (thus, the user's $ 20 payment is separated between the writer 164 and the publisher 168). On the other hand, the billing record data structure may be sent to a bill of exchange 300 identified by the writer 164 and / or the publisher 168. Bill of exchange 300 may analyze the billing record data structure and inform writer 164 and / or publisher 168 of payments expected to be received from financial bill exchange 200.

  Thus, in this example, the electronic control set 188 has, among other things, (i) the right that a particular digital object is available, (ii) the cost of exercising that right, and (iii) It may specify or define how payments for exercise are segregated among rights holders. The ability to define payment separation in advance (before customer payment methods and agreements are initiated) provides high efficiency and high flexibility. For example, a consumer payment method can be used to automatically direct the consumer payment portion to the appropriate person who needs to be compensated. Since the same electronic device as the electronic device 100 used to exercise the rights is also used to help direct payments to a variety of different value chain participants, the overall financial bill processing Some are efficiently distributed through a number of parallel computing resources. Ginter et al. Due to the high reliability that can be provided by the system disclosed in, the rights holder, for example, releases a control set 188 as described above to a trade stream where the payment agreement is properly executed. The bill exchange 200 can help ensure efficient and prompt arrival at the destination where the separate payment is required.

  The protected processing environment 154 at the consumer 95 site securely executes the extended control 188 c and requires a full payment and / or payment authorization from the consumer 95 before the customer has access to the work 166. Control 188c also gives customer 95 flexibility regarding which financial exchange 200 is used to handle payment processing and the choice of desired payment method, while which payment method is acceptable. Can be specified. The customer's protected processing environment 154c may then automatically send an appropriate payment or payment approval 190a to the bill exchange 200 for separation according to control 188a. The control 188a may be the same control as specified by the writer or publisher (or a subset of the above controls for payment separation).

  Because the customer's protected processing environment 154c generates controls 188a that are dependent on the controls 188c, 188b specified by the publisher or writer (see FIG. 22), these payment controls 188a are responsible for author and publisher payments. You can trust implementing the hope and reflecting the payment split agreement between the writer and publisher. Customer protected processing environment 154c may send customer payments or payment approvals 152a and their payment controls 188a to financial bill exchange 200 in one or more secure electronic containers 152a.

  The bill exchange 200 processes the payment or payment approval 152a according to the control 188a. The bill exchange 200 distributes the payment 152b to the publisher and distributes the payment 152c to the writer according to the payment split agreement reached between the writer and the publisher. Thus, for example, the financial bill exchange 200 sends $ 4 of electronic money to the publisher and $ 16 of electronic money to the writer; or the financial bill exchange 200 sends to the bank or other account of the writer and publisher. You may deposit these amounts. All this processing takes place within a secure and reliable virtual distribution environment, so each value chain participant receives each payment that they actually need and automatically and electronically processes in a highly efficient manner. Can be convinced that it can be implemented automatically. Highly efficient methods flexibly adapt to a variety of different business models and ad hoc relationships.

  FIG. 23 shows another example of payment separation, somewhat more complex than the previous example. This example adds a content distributor or integrator 170 to the value chain. In this example, the $ 95 of consumer 95 'now needs to be split into three styles instead of two. The writer 164 again receives $ 16, the publisher receives only $ 3, and the content distributor / integrator 170 receives $ 1 for the effort. FIG. 24 shows that a basic agreement similar to that shown in FIG. 22 can be used to accommodate payments and other interests of this new value chain participant.

  FIG. 25 shows another example of payment separation. FIG. 25 illustrates aspects that can be used to compensate the trading utility system 90 for the role it plays in maintaining and managing the value chain. As described above, the distributed trading utility 75 provides extremely important services such as financial bills, usage inspection, authorization, and certification. All businesses or businesses may be based on such administrative support services that provide efficient and fast. Trading utility systems require their own investments and efforts to be compensated. One way to receive compensation for a trading utility system is to receive a small portion of each transaction, a “one piece tick”. A payment separation mechanism similar to that described above can also be used to support such minor payments to the trading utility system 90.

  FIG. 23 shows an example where the trading utility system 90 receives 3% of the value of each transaction (eg, $ 0.60 in the example shown). Since the electronic control set 188 described above can be used to implement such a small payment capability, it can be flexibly and efficiently adapted to any desired business agreement or purpose.

  FIG. 26 shows different amounts (amounts) in which payment separation is for a single consumer payment in a variety of different destinations and using a variety of different payment mechanisms (eg, credit card, bank account, electronic money, etc.). Even shows that it can be used to segregate or divide into any number) (recorded in different currency types for international trading purposes).

  FIGS. 27 and 28 show yet another payment separation example to further illustrate the flexibility with which the distributed trading utility 75 can handle these and other agreements. In the example of FIG. 27, customer payments provide authors 164, publishers 168, integrators 170, repackagers 174, and additional work embedded within electronic properties provided to the customer. Indicates that the person is divided between additional writers 164a, 164b. In the example of FIG. 27, for example, the repackager 174 receives content from multiple sources of related matters and combines them into a source mix product (eg, a multimedia combination, a “current awareness” package, or a profit party). Publishing something like public relations to sell to).

  For example, Repackager 174 could publish public relations about the current policy and was written by writer 164 for publishing along with two other works written by writer 164a, 164b for publication in the next issue of the publication. You can choose an essay. Authors 164, 164a and 164b may grant repackager 174 the right to reformat and redistribute the work. This right to reformat can be used to create the latest publication of the public relations, which can be redistributed for customer 95 retrieval within the secure electronic container. In this example, the secure electronic container 152a includes at least four separately “delivered” business requirement sets. Business requirements are one for each of these three works (as specified by writer 164, writer 164a, writer 164b) and one for the entire public relations (as specified by 174). is there. Alternatively, various works and / or controls applied to them can be sent and delivered in an independent safety container 152. And / or some or all of the works and / or controls can be remotely located.

  Customer 95 opens electronic container 152a to read the publicity. Assume that the cost of public relations is $ 10 per issue (as set by repackager 174). Sent to the customer's $ 10 payment or payment-approved financial bill exchange 200, which disassembles the payment and compensates each value chain participant so that it is all directed by electronics control. Give (e.g., writer 164 gets $ 1, publisher 168 gets $ 1, merger 170 gets $ 0.5, additional writers 164a, 164b each get $ 1 and repackager 174 gives them the rest You may get). Thus, the repackager can be compensated for selecting appropriate articles and combining them into a single, easy-to-read publication. The repackager may also use the repackager's own brand name certification as an indicator of overall quality, and add to the repackager's own unique content.

  FIG. 28 shows an example of “superdistribution”. One important rights holder's concern is piracy, or illegal copying and redistribution from “pass-along”. This pass along problem is serious in a digital environment such as the Internet. Ginter et al. The virtual distribution environment disclosed in the patent specification and the administrative and support service agreements disclosed in this specification basically change the path along from a clear threat to a significant opportunity. Because of the unique, automated, value chain rights secure electronic management afforded by the virtual distribution environment in the preferred embodiment, consumers can be treated as trusted members of the value chain. This enables a super-distribution model where all customers are potential distributors. Since the revenue from the super distribution bears only the least rights holder's expense, the super distribution offers great profit potential to the right holder in good works.

  Referring to FIG. 28, assume that a customer 95 receiving a work from the integrator 170 likes the work very much and wants to pass along a plurality of friends and colleagues. Assuming that the consolidator 170 has granted the customer 95 the right to redistribute the work, the customer can simply and easily copy the work, any number of other possible customers 95 (1). . . 95 (N). These other people may know the customer 95 and believe that the customer 95 has not sent them an interesting piece of work that may not be of high quality. In addition, downstream customers can read the gist or refer to the extracted part of the work without triggering payment (eg, watch a movie trailer, read the first chapter of the novel, etc.) ).

  After paying no fees, after reading the gist or watching the first 5 minutes of the movie, six downstream customers, 95 (3) -95 (8), paid for the content at an illustrative amount Suppose you agree to pay each $ 3.25. The bill exchange 200 allows writers 164, publishers 168, and integrators 170 to distribute revenue appropriately (eg, $ 7 to writers, $ 7 to publishers, and $ 8.75 to integrators). Can be sure to receive).

  Super distribution allows any number of levels of redistribution. For example, assume that three of six downstream customers 95 (3) -95 (8) have decided to pass along a work to each of the other six potential customers. As a result, the other 18 people receive copies. Since the redistributed work has an associated control structure that governs similar payment agreements, author 164, publisher 168, and integrator 170 each receive additional payments from each of these new customers. The redistribution snow dharma effect will continue in the above manner through any number of customers for an extended period of time. And this effect can dramatically increase revenue with minimal additional cost for value chain members.

Payment integration or bundling
Micro-fees and micropayments can be important criteria for content usage transactions. For example, consumers may pay each time they watch a particular piece of work, use a piece of computer software, or listen to a piece of music. Different payment agreements can be flexibly provided, so that the consumer can choose to pay a high price for permanent use first, or a lower payment for a lower price. Further, small payments may be the least annoying and most practical way for trading utility system 90 to guarantee the service of system 90. Thus, the ability to handle small payments efficiently is critical in supporting and enabling low billing.

  Traditional financial payment mechanisms such as credit cards and checks are not suitable for managing small payments. These systems typically have transaction level overhead that imposes a significant burden on business models based on multiple purchases, each under $ 5. For example, if it costs $ 0.5 to handle a payment transaction, it is not economical to handle payments for a value lower than a certain value (perhaps $ 2 each). This is because payment handling costs account for the majority of the transaction value or exceed the payment amount itself. As a result, traditional financial payment institutions prefer high-priced purchases and hate small purchases.

  FIG. 29 shows that these payment integrations or bundlings reduce these by reducing the number of individual financial transactions that need to be exchanged and / or reducing the amount of messaging required to exchange those transactions. Fig. 4 illustrates an embodiment that can be used to avoid concerns. The payment integration example shown in FIG. 29 can be performed on the consumer's own electronic device 100, in a protected processing environment 154; or in a centralized financial bill exchange 200; It can be executed at the equipment and partly at the central bill exchange. This payment integration process can consolidate or combine multiple low-value payments together into a high-value payment or a bundle of low-value payments that can handle all payments at once. Such high payments and / or bundles may be periodically reported along with other transaction data to be reconciled and recorded by the distributed trading utility 75 if desired. The above-mentioned ability to integrate low-value payments has significant benefits in terms of increasing efficiency, reducing the number of individual transactions that need to be exchanged, and reducing message congestion across the electronic network 150. Have. Of course, payment integration may not be suitable for all transactions (eg, high-priced, high-risk transactions may require real-time bill exchange). However, payment consolidation can be used to reduce the burden on the trading utility system 90 and the overall system 50 in many regular transactions.

  In one variation of this concept, payment integration may save the respective amounts of individual transactions to allow for a high degree of reporting granularity. However, payment integration can be used to trigger when reporting occurs (eg, after X dollars have been charged or after Y transactions have been made). Thereby, a large number of individual transactions can be bundled and sent / processed together. This type of integration is useful for reducing the number and frequency of movement of individual messages on the electronic network 150. In this example, the reporting electronics 100 can either (i) sum up the individual transactions combined, or (ii) each of the individual transactions, or (iii) both, or (iv) a combination of the two. Can be reported.

  FIG. 29 shows a consumer managing a household budget such as reading a novel, watching a video program, obtaining and reviewing survey results, interacting with a multimedia presentation, enjoying a multimedia presentation, and checkbook balance Indicates that his / her electronic device 100 may be used for a number of different activities, such as A small payment per use may be associated with each of these activities. For example, a consumer may pay Publisher A for $ 1 and Author A for $ 1 each time he accesses an electronic version of a work distributed by the publisher and written by the writer. Suppose writer A's work is very popular and has been turned into a movie. Consumers can pay for each use to watch one of these movies. That is, publisher A pays $ 5, writer A $ 3, and distributed trade utility 75 $ 0.5.

  Payment integrator 266 (if desired, may operate at a consumer site within the protected processing environment 154 provided by consumer electronic device 100) may integrate payments into a common entity, publisher A The total amount of money owned by writer A, and the money owned by distributed trading utility 75 are maintained. This total amount can be increased each time the consumer triggers a payment event. Integrated payments can be made periodically or otherwise at predetermined time intervals (eg, weekly, monthly, or daily), at the occurrence of a predetermined event (eg, a consumer has exceeded credit authorization and a new card And / or a predetermined electronic control has been completed, etc.) and / or a hybrid of some or all of these technologies to be reported to the financial bill exchange 200 or other trading utility system 90 obtain.

  FIG. 30 shows an example of another payment integration across multiple consumer transactions. In this example, payments using the same payment method to the same value chain participants are consolidated and aggregated. The above payment integration, which can be done at the consumer site and / or at the financial bill exchange, reduces the number of total financial transactions that need to be exchanged. This increases efficiency and throughput and reduces the cost of handling each individual consumer transaction.

  FIG. 31 shows yet another example of payment integration. In this example, the integration occurs over many different consumer transactions. For example, all transactions associated with a particular provider and using a particular payment method may be integrated by the financial bill exchange 200. Note that the payment integration techniques shown in FIGS. 29-31 do not necessarily lose the details of individual transactions. In other words, the consumer electronics device 100 can record and report detailed information for each transaction, even though individual transaction payments are combined for more efficient payment processing and handling. The bill exchange 200 and / or the bill exchange 300 can report detailed usage information for each transaction. The ability to separately handle and process more detailed and detailed usage information while consolidating payments can provide a high level of audit responsibility without overly burdening the payment handling mechanism. In some cases, the loss of detailed records may cause savings on the bill exchange side. Although they can be ignored, it is advantageous to keep them near on the user's system and / or in a repository in the trading utility system 90. Where there is a dispute over a billing request, for example, a partial copy of a detailed record (even if not sent to the bill exchange) can serve as useful evidence of what actually happened.

  FIG. 32 illustrates how the 200 example banknote exchange can be modified to include a payment integrator configuration 268. Payment integrator 268 may be used to integrate payments coming from a number of different consumer electronics 100 or other sources, for example, for handling via a third party clearing service. Provided to the switch 200. Payment integrator 268 selectively integrates only certain payments, while passing other payments directly to switch 200 for direct handling without integration. Payment integration may be based on a number of different factors. For example, payments can be integrated based on consumers, providers, payment methods, or a combination of some or all of the above factors. This integration function may be performed in whole or in part within the consumer 95 electronics. Alternatively, the integration function can be performed centrally by the central bill exchange 200.

Bills exchange 300
FIG. 33 shows an example of a bill of exchange exchange utility system 300. Bill of exchange services and functions generally collect and analyze detailed, summary, and / or derived usage information about usage and / or performance of digital properties and / or digital processes And “repurpose”. This information may include any information that describes the electronic commerce activity. A bill of exchange and / or support service may provide and / or facilitate, for example:

Independence audits and reports (can be presented without relying on financial clearing bill exchange services);
・ General market research;
-Negotiation, implementation, confirmation and communication of privacy and confidentiality levels with customers and value chain participants regarding the above usage information;
• Sales, lending or use of mass customized marketing and linked lists.

  More particularly, a bill exchange service according to the present invention may provide any combination of the following detailed features and / or functions, for example:

  Compile, integrate, use information that describes and / or otherwise relates to the use of safety containers, the contents of safety containers, and / or any other content and / or any digital control process, Drawer and / or offer. The information may include (a) one or more users of content and / or processing, (b) content, control processes, content usage, and / or one or more classifications of users, and / or (c) One or more recipients are described and / or otherwise associated with them.

  -Content and / or processing control usage tracking and reporting and / or information processing capabilities at a very fine (eg detailed) level.

  • Collect, integrate, analyze, summarize, extract, report, distribute, rent, license, and / or sell usage information.

  Use of information drawn from users published to content, such as advertisements, informational materials, entertainment, training materials, business productivity software applications, etc., and in preferred embodiments through the use of VDE mechanisms Secure provision of at least a portion of the extracted information and / or information related to the information to an information integration and / or analysis bill exchange. The bill exchange securely provides at least part of the usage information, or at least part of information derived from the information to at least one other bill exchange and / or value chain participant. In addition, the bill exchange provides the different usage information withdrawn to different other parties having the role of bill exchange or other rights holders.

  “Information generated by and / or derived from a user-protected processing environment, metering based on a variety of different technologies (eg, the technology disclosed in Ginter et al.) Use of “exhaust” audit records.

  The number of times a digital property or any part of the property has been opened, extracted, embedded or executed; the value chain participant has the property (interactive game or multimedia presentation, computer software or module or the above product Ability to collect and analyze detailed information, such as the length of time used.

  Provide a variety of repurpose capabilities for usage information received from consumers or other secure processing environments.

  Providing independent third-party auditing capabilities, useful for example for archiving files and preventing payment refusals.

  Providing information based on usage audits, user profiles, and / or market research related to one or more safety containers and / or content and / or in a preferred embodiment, managed control managed VDEs.

  Provide neutral and trusted third party audit use integration and reporting services for rights holders, consumers, and / or other value chain participants and / or profit parties such as government bodies (taxation, law Execution, commercial research and statistics).

  Provide audit opportunities related to rule and control rights and authorization bill exchange (eg, which rule and control authorizations and rights were exercised, for example to whom, for what Reporting (as a result of which actual user activity is coupled back to specific authorizations and rights and / or control and control templates).

  In preferred embodiments, standardized and custom reports, and analyzes based on VDE rules and controls and generated and delivered to VDE containers, content creators, content distributors, industry analysts, commercial associations, and others To each and / or any one or more groups of any investors and value chain participants and / or any other party such as a government statistician, regulator and / or trading authority To do.

  Raw, refined, summarized, derived, reporting support for multiple business models within any value chain and / or across and / or multiple value chains And providing any combination of collected credit data.

  Distribute usage information to value chain participants and other parties within or outside the electronic community separately from and / or in conjunction with financial closing bill exchange services.

  Supports privacy and confidentiality controls that fully protect the interests of all value chain participants regarding information usage, eg, the rights in the VDE chain that handles and controls the managed business model.

  Privacy issues, such as distributors of consumer or value chain content, aggregators, repurposers, or in preferred embodiments secure, managed content, or other processing controls; Not to disclose more information than users of other electronic devices that apply VDE to authority, and inform what kind of information to collect, such as, for example, a user who gives such authority or to exchange bills Can be adjusted.

Automatically, based at least in part on rules and controls, such as sensitive or proprietary usage information, further processing of such information, or any further use of the bill exchange, such as Trust in hiding (eg, encrypting), removing, and / or transforming information before delivering it to anyone or any further party, thereby effectively protecting privacy and confidentiality, This includes the protection of confidential business transaction information.
Protect key business model information from peeking at other interested parties and / or protect it from inadvertent disclosure to other interested parties and / or the public, thereby providing a truly trusted commercial network With the foundation for.

  -For example, commercial publishers and distributors, and / or consumers, and value chain participants, including service and / or product provider organizations, of usage information to be communicated to rights holders of any given value chain Allowing a level of detail negotiation, where such level of detail may vary depending on who the particular recipient is receiving and the specific type and / or subtype of usage information, and this A plurality of different levels of details for different parts of the usage information can be provided to a given usage information recipient and / or a given deliverable, such determination of details being preferred embodiments. Determined by the rights of a given participant described at least in part by VDE rules and control information.

  • Allow consumers and organizations to negotiate the level of detail that should be communicated to value chain rights holders.

  Details to consumers or other value chains (creators, publishers, distributors, repurposers), aggregation, and / or any given piece of content they use, content class, Allow identification and / or negotiation of their desired level of anonymity for usage information regarding a particular transaction, class of processing, and / or payment request (eg, anonymity and / or some or all uses) The privacy of details may require a payment premium to make up for the loss of value of such information).

  Rules for information consumers and / or other value chain participants to customize their “information exhaustion” and how they are aggregated or otherwise used Conditions for rights holders' competing requirements to authorize and control settings, receive information they are entitled to, and / or receive electronically approved information by users and rights holders Can be provided to the rights holder. A user and / or one or more rights holders can be delivered to a right that defines a limit (eg, use of VDE chain handling and control) and / or one or more other rights holders, or delivery Describes specific usage information that must be done.

  ・ Substantial control of value chain participants, such as what kind of value chain participant usage information was accumulated, who accessed what information, and how such information could be used Support over how information is aggregated and processed and the usage records are tied to a particular value chain participant or organization.

  • Use containers securely in any step, part, and / or process of providing a secure bill exchange service (eg, VDE reserved containers as described in VDE protected processing environments and Ginter et al. Used in combination with communication security performance).

  • Offering price data, subsidies and / or coupons to the value chain participants, eg, consumers, distributors, re-passers, etc., usage data or more refined usage data (eg some Support in exchange for privacy issues in the context of

  • Create and provide marketing research and reporting and co-integrated marketing lists (for target mailing, direct sales, and other forms of target marketing) to interested participants. Such materials are generally similar to independent magazine and newspaper circulation audits, television audience surveys, and / or commercial target marketing lists, but generate and distribute electronic environments with high efficiency. , And to be safe. Such materials have a significant amount of information, if desired, and can be one or more of the information that underlies the recipient request, payment, rights, and / or interests of the rights holder. Can provide important new forms of detail (e.g., display, printing, extraction, reuse, electronic savings), with selective reporting of substances based on conflicts of interest of one or more parties that are part of Redistribution).

  • Use detailed usage information to automatically form a class hierarchy, scheme, group, and / or class, automatically personal, personal group, organization, organizational group, digital and / or analog content, or digital And / or analog content groups, in a preferred embodiment, combined with at least one reserved container and / or VDE and assigned to one or more classes from usage data that are collected, collected and transmitted.

  Such as propagation and / or automatic marketing of other marketing materials or delivery of these to a defined set of consumers, professionals, employees and companies (eg, one or more classes) Supports propagation and marketing, including supporting efficient value chain automation of the delivery of various services, where the set is defined by self-selection, usage data, usage data profile, or any other means This set can be included in any one or more value chain participants (eg, creator, consumer, distributor, service provider, website, distributed bill exchange), where one These participants can receive different, customized substances, where the receiving participant is authorized by rules and controls If granted, redistribute such materials, where participants may receive deposits, coupons, payments of money, and / or other forms of consideration for such redistribution, where , Such redistribution is based on self-selection, usage data, usage data profile, or any other means, at least by some or all of such received material to one or more other parties It can take a partially directed form, where all such processing can be securely managed (eg, supported) by handling and controlling inter-node VDE chains in a given implementation.

  The value of propagating the dispersal of parts of such consideration among multiple parties and at least partially safely automating other considerations from the propagator due to payments and / or rights holders Based on the exposure of the chained users, multiple parties have the rights holder's interests related to serving content and / or processing as the basis for determining such consideration.

  Based on superior, targeted market segmentation and more relevant information products, and direct, more specific and detailed usage data, and consumers and implicit, explicit and automatic Supports the design of business models based on the value chain priority derived from usage information (user profile, class recognition information, etc.).

  • Allows the use of “private” bill exchanges (use of bill exchanges controlled and / or operated by the organization) to obtain predetermined detailed usage information, where such bill exchanges Use of such information to perform usage analysis and / or other processing of such information, such as to more centralized and / or other party bill exchanges, and / or other value chain participants. Usage information that is selectively limited to some or all of the usage information (eg, higher level summaries, summary information, application of restrictions, and / or usage patterns of usage information (display, print, save) , Redistribution, etc.), where different limitations in such usage information are due to usage information derived from content, processing, use of different classes of users and / or user groups Where the performance of such information is provided by concealing the detailed nature of certain internal activities, providing significant additional protection of confidential trade secret information of a company or other organization. There may be demands for payment and / or other consideration in return for such detailed usage information by one or more other parties in the value chain.

  • Allows an organization to apply private usage data bill exchanges to a corporate intranet, where such bill exchanges are integrated with the organization's document flow and / or receipt system.

  Receives usage information from electronic devices in the organization and uses the records internally with private use organizations (eg, companies, government agencies, associations, or any other organized operating entity) bill exchange Aggregate in the form of detailed reports for and / or report raw detailed data for internal use, but use data for external distribution, eg, rights holders, and / or It only aggregates in the form of a summary report to other value chain participants and / or one or more commercial bill exchanges, where, in a preferred embodiment, detailed data for internal use is , Protected as VDE protected content, access or other use of such content is not Limited to a specific current party and / or a specific method based at least in part on a specific party that is securely maintained, e.g., the electronic identity is the same with respect to the privilege of using specific information, eg, of any relevant party class Sex information (for example, a member of a predetermined research group and a senior manager) is included.

  • Through private use bill exchanges, identify usage-related information that provides critical value usage data, and allocate it to internal organizational resource allocation, research direction, and other important business purposes.

  Distribute bill of exchange (eg, for efficiency and / or other reasons).

  Distribute bill exchange functions across networks or other systems (eg, all consumers and / or other value chain participant nodes potentially share at least partially their own secure bill exchange) A distributed use bill exchange service that initiates, where the participant node communicates usage information directly to one or more other participants), in a preferred embodiment rules and controls, and Ginter et al. Distributed consistent with other VDE technologies such as described in US Patent Specification.

  • Organize the bill exchanges hierarchically and at least partially protect the nuclear level in the hierarchy confidentially.

  -Authorize one or more distributed usage sub-bills exchanges and / or provide services to, or work with, one or more distributed usage sub-bills exchanges Office operations are logical, such as within a company or government agency, and / or within one or more jurisdictions, and / or serving subsets of a comprehensive business focus area of a higher-end billing exchange. And / or physically located outside.

  Distribute bill exchange functions across systems or networks and / or otherwise authorize, for example, where each consumer and / or specific or all other value chain participants are protected The environment (node) can potentially support distributed bill exchange services and can function in the context of a comprehensive distributed trading utility.

  Initiate its own secure bill exchange transaction directly with one or more other participants.

  Use any or all of the virtual distributed environment technology activities to provide internally operable operations to one or more other internally operable participant nodes.

  Use the bill exchange in the design to form the usage information used, and / or the product and / or service related to the product and / or such usage is described by such usage information Marketing services.

Can be hierarchically organized peer-to-peer or combined mode, in which the bill exchange responsibility is for different trading models and / or activities and / or value chains A particular one or more parties, eg, one or more cases may be hierarchically higher than the other at that time, or one or more other cases may be hierarchical. Peer or non-superior, i.e., the relationship between participants is programmable and one or more desired bill exchange processes for a given trading activity, value chain, or model Is set to express (and later modified).

  FIG. 33 shows an example of a bill of exchange 300 from a processing point of view. In this example, the bill exchange 300 collects, analyzes and reports on digital information. Digital information includes, but is not limited to, the use of digital content. The bill of exchange 300 in this example performs the following functions:

・ Data collection 314
Database management 316
・ Privacy control 318
・ Safe audit 320
・ Safe report 322
Data aggregation 324
Propagation and marketing 326
Usage analysis 328
Duplicate 330, and Advertising 332.

Communication between the bill exchange 300 and other electronic devices 100 can be through a secure electronic container 152 if desired. As will be described in greater detail with respect to the financial bill exchange 200, the bill of exchange 300 receives containers in real time and / or on an asynchronous receipt basis. In a bill exchange 300, a real-time request is a propagation or rating information that loses some or all of its value as a function of time (eg, if a given survey information is not delivered by a particular time, The information may no longer be relevant to a given market analysis; or if the propagator does not receive usage information quickly, the propagator cannot respond effectively to customer preferences). In other cases, it may involve delivery of the requested usage information (eg, a vacationing user returns to know their requested audit date, the grace period ends, and the Regulated until audited). Asynchronous delivery may still be preferred in some cases for the same reasons described above for financial bill exchange 200.

  Data collection function 314 may include rules and controls 188 (which may provide, for example, price and authorization information), financial statements 240a, detailed financial reports 240b, and usage information and / or requests for analysis 336. Used to collect usage records 302 in addition to other types of information. The data collection function 314 may interact closely with the database management function 316 so that various types of information are used or stored in other databases. The replication and propagation functions 330, 332 synchronize the contents of the database 316 with other databases (eg, maintained by other bill of exchange 300) and / or multiple secure network protected processing environments or It can be used to provide a distributed database across electronic devices.

  Data aggregation 324 and analysis 328 may be used to analyze the content of data collected by the data collection function 314 and / or stored in the database 316, with the bill exchange 300 to audit 320 and / or Report 322 may be executed. The privacy control 318 can be used in combination with the reporting function 322 to expose only certain information to third parties and not other information, so that the privacy for the consumer from which usage information was collected and Confidential issues are protected. Such dispute control 316 may be expressed in rules regarding the container from which information arrives.

  The reporting function 322 may generate various usage audit reports 304. In addition, the bill exchange 300 can provide propagation and / or marketing support 326 (e.g., to support targeted propagation to demographically appropriate consumers and / or market and propagation research). Can be used to provide Thus, in some examples, the bill exchange 300 itself creates and / or distributes a display propagation 340 by a given target consumer, or delivers such a propagation instead. The bill of exchange 300 may form a customized response 342 in response to the information request 336, and further, once the relevant audit records are communicated to the bill of exchange 300 and confirmed, An open signal 344 may be formed that allows the electronic device 100 to delete and / or form “no longer pending” in usage information from the database. The consumer 95 is interested in retaining this usage information once it has been “opened” rather than deleted (eg, from the curiosity of monitoring the behavior of others (employees, children, etc.)). .

  Bill of exchange 300 forms its own controls 188b, for example, to manage how usage information, market information, or other information can be used by others. For example, the bill of exchange 300 may create its own report or analysis that is provided to a third party for compensation only. The bill exchange 300 may insist on the person providing the report not to redistribute the report to others. Bill of exchange 300 may enhance this requirement electronically by delivering reports within one or more electronic containers 152 and associating electronic controls 188b with the reports. This electronic control 188b may enforce “non-redistributable” restrictions, as well as other conditions permitting and / or limiting (eg, report cannot be modified, report cannot be printed and displayed, report can be cited).

  As described above, the bill exchange 300 may receive the financial statement 240a and / or detailed financial record 240b or other financial information to form its own financial statement 240c and / or detailed financial record 240d. obtain. For example, the bill exchange 300 may provide services to the content provider, where the bill of exchange 300 controls the 188a from the content provider in a manner similar to the control that the bill exchange 300 is delivered to the consumer 95. Receive. Based on the comparison of these data, the bill exchange 300 can generate an estimate of the amount that the content provider should be expected to receive from the financial bill exchange 200. Accordingly, the bill of exchange 300 may provide an independent audit function (engaged as a double check for the financial bill exchange 200 and provide a fraud detection function) (e.g., submit a usage record and associated with it). Anyone who has no payment or no fraudulent payment can be detected by the bill exchange 300). In addition, control 188 may represent a closed model where the content provider considers implementation, after which the bill of exchange 300 will use the bill of exchange 300 when the content provider has actually constructed the proposed model. Provides a service that performs comparisons on usage data and actually collects and builds a model similar to financial results.

  FIG. 34 is an example of the architecture of the bill of exchange 300. In this example, the bill exchange 300 includes a secure communications facility 346, a database and transaction processor 348, an authenticator 350, an authorization checker 352, and a data aggregator 354. The bill of exchange 300 architecture may be based on the rights activation system architecture shown in FIGS. 12 and 13 of Ginter et al.

  The secure communication 346 provides communication with various electronic devices 100 over the electronic network 150 via the secure container 152 in this embodiment. The database and transaction processor 348 performs most of the functions of FIG. 33 in this example. The approver 350 can be used to approve consumers and / or data, the approval checker 352 can be used to check approvals, and the data aggregator 354 performs a data aggregation function 324. Can be used for. The approver 350 and the approval checker 352 perform an approval function as described in Ginter et al.'S publication in combination with a secure electronic device and a protected processing environment.

FIG. 35 shows an example of a comprehensive usage note exchange process. In this example, provider 164 provides digital characteristics to consumers 95 (1), 95 (2), 95 (3). For example, the provider 164 may provide a new or other network 166 to each of the consumers 95 inside the electronic container 152. One or more control sets 188 can be associated with the workpiece 166 (and, in some embodiments, can be delivered within the same electronic container 152 used to deliver the workpiece 166). Control 188 may specify that a predetermined type of usage information should be collected in the form of an audit trail and that the audit trail should be reported based on a predetermined time and / or other event.

  The container 152 can only be opened within a secure protected processing environment 154 that is part of the virtual distributed environment described in the Ginter et al. Patent publication mentioned above, and the provider 164 can request the audit trail requested. You can be confident that will be generated and reported along with his or her instructions. The consumer 95 uses the characteristics 166 and the consumer's electronic device 100 automatically collects and stores usage information in the form of an audit trail 302. Then, in the occurrence of a specific event (eg, once a month, once a week, after a predetermined number of uses, etc.), the consumer electronics device 100 uses the audit trail information 302 inside the digital container to check the bill of exchange. Send to 300.

  Bill of exchange 300 may collect audit trail information 302 and store this information in database 316 of bill of exchange 300 to analyze the audit trail information and send it to provider 164 in another electronic container 152. Generate a report 304 that can be sent.

  The provider 164 automatically receives secure information, and the bill exchange 300 has to collect and analyze this detailed usage information, opening up the provider and using it for his or her work Audit the amount used and how the information was used. In addition, the bill exchange 300 can protect the privacy of the consumer 95 by revealing only the summary details approved by the consumer (eg, revealing how many consumers have used the network 166). But does not reveal the consumer's name or address). This verification function can be more difficult or problematic if the provider 164 attempts his or her own analyzed detailed usage record.

  FIG. 36 shows a more detailed example of a bill usage bill exchange process with two different bill exchanges 300 (1), 300 (2). In this embodiment, provider 164 delivers work 166 directly to consumer 95 and also delivers to distributor 168 that can redistribute the work to consumers. The control 188 associated with the distributed content 166 is whether the bill exchange 300 (1) should collect and analyze information regarding the use of the content 166 distributed directly by the creator 164, and When the other bill of exchange 300 (2) is distributed by the distributor 168, it may specify whether usage information regarding the use of the work 166 should be collected and analyzed. Alternatively, the bill exchanges 300 (1), 300 (2) may collect different types of usage information for the same electronic property 166 (eg, some bill exchanges are related to “pay per view” usage). Gather information, while other bill exchanges may gather usage information for all one-time purchases). The bill of exchange 300 (1), 300 (2) may issue a report 304 to the creator 164 and / or distributor 168 and / or consumer 95, respectively.

FIG. 37 shows how the bill of exchange 300 can be used in combination with the financial bill exchange 200. In this embodiment, the consumer electronic device 100 can send to:
A bill exchange 300, audit trail information 302 regarding the use of electronic content, and a financial bill exchange 200, usage and payment audit trail information 228 regarding financial bill exchange activities.

  If desired, the bill of exchange 300 and the bill of exchange 200 can be operated by the same business (in this case, both usage and financial audit trail information can be sent inside the same electronic container 152). . The bill exchange function performed by the bill exchange 300 can be operated in parallel with the bill exchange function performed by the financial bill exchange 200, providing both detailed usage reporting and efficient financial bill exchange. to support.

  FIG. 38 illustrates another example of a bill exchange based on media and / or propagation content placement. Consumers 95 (1), 95 (2), 95 (N) may reserve various distributed services 170A, 170B,. These information distribution services 170 may distribute program material and propagation (commercial content) provided by the content provider 164. The consumer 95 consumes the distributed content, and the consumer's electronic device 100 collects and reports usage data associated with the bill exchanges 300 (1), 300 (2),.

  Bill of exchange 300 performs a demographic analysis on the received usage data and targets a specific propagation for other commercial content 164 to a specific information service 170 based on this demographic analysis. To do. For example, the information service 170A may distribute program material and commercial content 164 of interest to runners and other persons interested in physical health. The bill of exchange 300 (1) may analyze the usage data provided by the consumer 95 that reserves and displays this type of information. Thus, the bill exchange 300 (1) is in a unique position to place the propagation on other commercial and non-commercial content that may be interested in the same group of interest. Similarly, the information service 170B may specifically send interest information to carmania. The bill of exchange 300 (2) may collect usage data regarding the use of this type of information, and therefore, to distribute and target propagation and commercial and non-commercial content to this consumer group. Well located.

  FIG. 39 shows another example of a bill of exchange process that may be performed by the bill of exchange 300. In this embodiment, the bill exchange 300 can provide a price reduction based on the amount of usage information that is approved by the rights holder 164 and voluntarily disclosed by the consumer 95. For example, this can be done by selecting 188 from the control set and / or entering electronic negotiation at control 188 for the characteristic (see Ginter et al., FIGS. 76A and B). A rights holder may consider this in advance as a general rule for its characteristics, or a given rights and authorized bill exchange 400 may deliver these control sets (eg, collection of specific categories of usage information). Based on the specific location of the control set as a container).

  As an example, the consumer's electronic device may be a personal computer, and the rights holder 164 distributing computer software uses any software program consumer 95 in addition to those distributed by the rights holder itself. You may be interested in knowing what you are doing. On the other hand, consumer 95 may not want to reveal this detailed information about all the software programs that exist on his or her computer.

  As another example, digital communication rights holder 164 may want to know about each of the communication programs that consumer 95 sees. On the other hand, a consumer may not want someone else to know what kind of program he or she is interested in.

  Bill of exchange 300 provides consumers 95 with financial incentives for a more complete disclosure, but can effectively adjust these opposing interests by giving consumers choice.

In this embodiment, the rights holder 164 distributes the electronic content and the control associated with the consumer 95. The control may specify options for revealing usage information. The consumer may choose:
• Fully keep all usage information different from important information about payments that are paid in full and guaranteed;
・ Instead of a small price reduction, limited use is permitted;
・ Instead of disclosing all of the usage information, you will benefit from a large price cut.

  Some secretive consumers don't want to know the consumer's usage habits to the outside world as much as possible, and are willing to pay the full amount to protect consumer privacy. Other consumers don't care what the outside world knows about their usage habits, and want to benefit from large price cuts based on a more complete disclosure. Any number of levels of such options can be provided, for example, allowing consumers to choose exactly what information is public and what information is kept secret. Because usage data is collected within a secure protected processing environment 154 that is part of the consumer's electronic device 100, the consumer is not securely authorized and authorized to use the data. Validate that no release occurs without his or her consent.

  For example, consumer protected processing based on one or more control sets 188 provided to the consumer protected processing environment 154 and / or consumer choices made possible through such control sets. The environment 154 does not reveal usage information to the bill exchange 300 or reveals minimum usage information, limited usage information, or total usage information. The bill exchange 300 can then freely analyze the restricted usage information and all usage information collected by the bill exchange, to the rights holder 164 and to market researchers, brokers, propagators, auditors. , And provide reporting and analysis to other third parties such as scientists.

Rights and Authorized Bills Exchange FIG. 40 shows an example of a rights and authorized bills exchange trading utility system 400. The Rights and Authorized Bills Exchange service can perform any combination of the following comprehensive functions:
Electronic objects and associated authorizations, prices and / or other authorized and / or requested actions (operations that support execution results for performing and / or not performing such actions) sign up;
Provide pre-approved authorization on demand in connection with specific requirements and / or other requirements such as authorization requester, procurement or procurement performance, class of payment requests, etc .;
• Perform electronic copyright registration in a safe and efficient manner with the appropriate authority for one or more countries and / or other jurisdictive units; and • Report functionality.

More particularly, rights and authorizations provide services associated with these inventions, which may include, for example, some or all of the following functions and features:
Identify, distribute, and verify specific property rights and / or other business rules and controls along the digital electronic value chain.

  Provide object registration services and rights, prices and / or other control information for registered objects.

  Associate each electronic object with at least one identification number and / or name with its own number and / or name scheme and / or one or more other organizations, associations (eg, standard associations) )), A company, and / or an institution (eg, a government coordinating body) and assigned in association with one or more number and / or name schemes.

  Receive approval from the safe chain of handling and control included in the electronic control set.

  Securely provide authorization for registered electronic properties (eg, description of relevant results such as authorized operations and prices based on rules and controls), and make such registered properties a rule and control set (For example, application of a preset template based on rules and control set updates, class of characteristics, etc.). This can be provided, for example, at least partially remotely to the registration site during such registration or as a result of registration and downloaded securely.

  One that seeks in digital content any intellectual property product (eg, VDE-protected digital characteristics) used or not used by the rights holder and any consequences of such use and / or misuse The rights holder is allowed to determine the above rights and the route of the authorized bill exchange, to define it flexibly, and to provide it securely on this route.

  VDE supported decentralized performance and management rights and business rules (pre-approved authorization or other authorizations), ad hoc electronic value chain (where such rights and business rules are persistent) To be supported).

  Provide digital objects to those authorized to use digital objects upon request.

  Different terms may be provided based on different authorizations securely associated with one or more combinations of user classes.

  • Provide rights holders with approvals to adhere to terms set by rights holders on a potentially diverse and decentralized value chain participant base.

  Not and / or requested and / or for requests for special and / or pre-planned bases according to the rights of the requester (class and / or individual), not including all possible authorizations Controls that do not distribute the desired authorization may be provided, for example, allowing rights holders to choose to distribute only the most frequently used authorizations associated with a particular digital property, , Allow new authorizations to match the rights holder model.

  Expiring authorization for automatic recognition of the expiration of such rights on request and / or through the use of a bill exchange database mechanism, and automatic acquisition and / or providing such authorization and In a preferred embodiment, refresh notifications to inform VDE value chain participants of the need to obtain such authorization (e.g., the user actively attempts to use relevant information and / or electronic control processes) Notify such users before to avoid user frustration and inefficiencies).

  Use a secure container as described in Ginter et al. In any step, part, or process in providing a secure rights exchange service.

  Efficiently and appropriately create and store distributions and results (eg, compensation) associated with actions related to the use of rights, conditions and their digital characteristics (and / or use of electronic events controlled by the VDE process) Receive rights and authorization “templates” that allow rights holders to identify.

  Templates are digital control sets associated with process control and governance for characteristics, content users, user classes, and / or other digital information and / or physical or virtual sites and / or events. Can match directly.

・ Templates can be self-issued.
A template can apply multiple objects / instances.
The template can be delivered independently to any digital object with which the template can be associated.

  Templates can be extended to predict new behaviors and scenarios, which include, but are not limited to, new payment methods, pricing models and levels, and new authorizations.

  Templates can flexibly recognize all kinds of digital rights, including, for example, distribution and transmission and / or retransmission rights.

  Templates can flexibly recognize individual identities and / or class identification rights.

  Different templates may apply different content and / or process control placement characteristic types.

  Multiple templates may apply the same characteristics and process control arrangement.

  The rights and authorizations bill exchange can hold a superset template and modify one or more such superset templates to value chain participants and / or hierarchical sub-bills exchange Templates can be created that utilize a subset and / or an expanded set of superset templates.

The template can be completed in a number of different ways, for example using a graphical user interface and / or a rights management language.

  Template “applications” may be created and / or modified using a topographical, graphical, and directly editable graphic representation of value chain rules and controls, where Rules and controls and value chain participants are represented, for example, by the display of mixed icons, positional, flow charts, and textile information, where rules and controls use, for example, the use of rights management languages. Here, for example, higher-level representations of such elements in elements and administrative languages may directly correspond to the graphic representation component.

  Multiple value chain participants may contribute to and / or modify the template and / or contribute to and / or modify different templates that apply the same digital information.

  The user contains, for example, digital information (eg, event management information) that describes and / or manages the control process, eg, the same digital information managed via secure VDE chain handling and control You can choose between different templates to apply.

  Distribute rights bill exchange functions across networks or other systems (eg, each consumer and / or value chain participant node potentially initiates at least partially its own secure rights bill exchange) It can be a distributed rights bill exchange service, where the participant node is one or more other participants, an internally operable bill exchange node, in a preferred embodiment, suitable and Ginter et al. Rights information can be communicated directly with all activities utilizing VDE technology as described in the specification).

  The operation is logically and / or physically distributed and / or distributed elsewhere in the company and government and / or one or more jurisdictions and / or systems or networks Approve one or more distributed rights sub-bills exchanges, which may be located within (or within the serving subset of a comprehensive business focus area of a higher-order bill exchange) Provide services to or in conjunction with one or more distributed rights sub-bill exchanges. Here, for example, each consumer and / or a given or all value chain participant node potentially has its own secure bill exchange transaction and function (1) in the context of a comprehensive bill exchange network. Distributed to start one or more other participants' internal operational nodes, and other places on this list, including all activities that use VDE technology as appropriate It can support bill of exchange service.

  One or more rights may be automatically provided to participants based at least in part on some aspect of the use of content and / or process control. One or more rights thus provided may be provided as a compensation for a specific usage (eg, purchase) profile, eg, as a promotional component that provides coupons. This particular usage profile can be ascertained directly from the usage information or can be derived from a weighted formula containing various variables.

  Can be organized hierarchically, peer-to-peer, or in a combined mode. Here, the responsibility for rights clearing may be distributed in different ways for different trade models and / or activities and / or value chains. Also, one or more specific parties can be hierarchically higher than other parties in one or more instances and hierarchically peers, or one Can be subordinate to parties in these other instances. That is, the relationship between participants is programmable and configured to represent one or more desired rights exchange arrangements for a given trading activity, value chain or model (later Change).

FIG. 40 shows an example of a rights and authorization bill exchange 400 from a functional perspective. In this example, the rights and authorization bill exchange 400 may perform some or all of the following four main functions:
-Object registration. The rights and authorization bill exchange 400 registers the digital properties and associated authorizations and prices.

  ・ Permission and approval upon request. In response to the inquiry, rights and authorization bill exchange 400 provides authorization 188 along with the associated price in secure electronic container 152. Authorization control 188 can be provided independently of content.

  -Negotiated permissions. In response to the inquiry and request, the rights and authorization bill exchange 400 negotiates authorization and / or price on behalf of the rights holder who delegated its responsibilities to the rights and authorization bill exchange. The rights and authorization bill exchange 400 may also be an intermediary in negotiations between rights holders and rights users. Rights holders and rights users may negotiate between the parties and report the results of this negotiation to the Rights and Authorization Bill Exchange.

  ·report. The rights and authorizations bill exchange 400 can provide reports to augment the reports performed by the financial bill exchange 200 and / or the bill of exchange 300 used.

  In this example, the rights and authorization bill exchange 400 may provide some or all of the following functions.

-Create, update or change authorization 408;
・ Distribution of authorizations 410;
Database management 412;
Template definition and / or management 414;
・ Permission negotiation 416;
Report 417;
・ Replication 418;
Registration 419; and Propagation 420.

  The main task of object registration by the rights and authorization bill exchange 400 is performed by the database management 412. In this regard, rights and authorization bill exchange 400 receives control set 188 and corresponding object identification 422 in the same or different electronic container 152 and then “registers” this information in database 412 for later reference. Can do. Rights and authorization bill exchange 400 may provide a template function 414 to assist the rights holder in defining a control set 188 that identifies rights and authorizations associated with the rights holder's electronic properties. Registration process 419 and database 412 may register control set 188 in addition to objects or properties 166.

  The database function 412 and distribution function 410 of the rights and authorization bill exchange 400 can be used to distribute the desired authorization in response to the request 402. Database function 412 and distribution function 410 may also be responsible for the task of distributing all authorizations for a particular property (via distribution function 410). Since authorizations and / or prices can expire or fluctuate, rights and authorizations bill exchange 400 can also update control sets 188 that identify previously issued authorizations and / or prices, and these updates. Accountable for distributing distributed control sets.

  The rights and authorization bill exchange 400 may also provide a reporting function 417 that issues, for example, reports 406 relating to issued and distributed authorizations and / or prices. In this example, the operation of the rights and authorization bill exchange 400 provides an audit opportunity, ie, a channel through which usage information is connected. Such an audit action (e.g., may be provided by integrating the functions of the rights and authorizations bill exchange 400 with the functions of the bill of exchange 300) is used to create an integrated report. Authorization for integrated reporting is provided and authorization is exercised. Provides rights holders with very valuable information and business results about market research and additional accountability.

  This auditing function of the rights and authorization bill exchange 400 can be particularly advantageous in protecting confidentiality. For example, the personal rights and authorization bill exchange 400 can be extended to provide payment integration to hide sensitive personal transaction level information from the financial bill exchange 200. In another example, the rights and authorization bill exchange 400 can issue a report 426. Report 426 indicates, for example, the number of objects registered in database 412 at the beginning of the reporting period, indicates the number of new objects registered, and possibly an average of these objects and / or specific types of objects. Or show aggregate statistics that are considered to be the number of license types associated with the median price.

  The rights and authorization bill exchange 400 may also respond to the query 402 with a response 428. The request can comprise, for example, an authorization request that can be automatically authorized. Alternatively, the request may need to be qualified by the rights and authorization bill exchange 400 to determine whether the requester is eligible to receive authorization. Credentials can be established by the presence of one or more valid certificates. Credentials can be easily verified or stored in the database 412 for transfer to the provider along with other information about authorization granted by the bill exchange. In a preferred embodiment, other credentials are based on the requester's PPE 54 and a shared secret known by the rights and authorization bill exchange 400 (eg, one or more tags from the control set 188 held by the requester). It may be. This shared secret can be used in combination with authentication. Also, if the eligibility requirements are relatively low or already established (eg, receiving a shared secret from the start), the shared secret alone, for example, to receive an authorization to replace or renew an expired authorization May be appropriate.

  The rights and authorization bill exchange 400 also includes an authorization negotiation engine 416. The authorization negotiation engine 416 may be used to negotiate authorizations 188 that the rights holder has not previously approved. For example, the consumer 95 may want to exercise a right that is not in the database 412. The consumer 95 may request rights. In response, the rights and authorization bill exchange 400 may determine whether the rights holder is authorized to negotiate for this right on behalf of the rights holder. If the rights holder has not granted the right to negotiate with the rights and authorization bill exchange 400, the bill exchange contacts the rights holder and requests permission and / or authorization itself. If the rights holder has authorized the rights and authorizations bill exchange 400 to negotiate permission, the bill exchange will provide an electronic negotiation between the consumer control set and the rights holder control set (Ginter et al. 75A-76B) may begin. The resulting negotiated control set is sent to the consumer, which allows the consumer to exercise rights.

  FIG. 41 shows an exemplary architecture for a rights and authorization bill exchange 400. In this example, the rights and authorization bill exchange 400 has a secure communication facility 430, a database and transaction processor 432, an authenticator 434, an authorization checker 436, and a registration processor 438. . As mentioned above, the architecture of the rights and authorization bill exchange 400 may be based on the rights operating system architecture shown in FIGS. 12 and 13 of the Ginter et al. Patent disclosure and described in the associated text. .

  Database and transaction processor 432 performs most of the functions shown in FIG. Registration processor 438 may perform a registration function 419. The secure communication facility 430 is secured across the electronic network 150 with other value chain participants via the consumer 95, author 164, publisher 168, integrator 170, repackager 174, and secure container 152. To communicate. The verifier 434 and authorization checker 436 perform the verification function as described in the Ginter et al. Patent disclosure in connection with secure electronic applications and protected processing environments.

  FIG. 42 shows an example of the right and authorization bill exchange process. In this example, writer 164 sends work 166 with a control set 188 A that includes control A to publisher 168. Publisher 168 adds control B to the control set (according to a safe handling and control chain) to form a new control set 188AB. Publisher 168 issues work 166 with control set 188AB to consumer 95. Publisher 168 may also have permission C in the more comprehensive control set 188ABC (eg, control C may be used by journalists for specific purposes of work 166 for a specific purpose, which may be relatively less used but sometimes necessary. An additional set of (allowing excerpts) can be specified.

  Publisher 168 may register control set 188ABC (and control set 188AB and control set 188A, if desired) with rights and authorization bill exchange 400. Publisher 168 also has an additional “controls over controls” or “permissions for permissions” (eg, FIGS. 79-85 of Ginter et al. Patent disclosure). Distributed control) described in conjunction with control 188ABC. These additional “D” controls specify the environment in which rights A, B, and / or C may be granted, such as qualifications, reissue frequency, number of controls for a given user, etc. obtain.

  A consumer 95 (or any other provider such as an integrator, repackager or another publisher) may request a copy of any of the various control sets registered with the rights and authorization bill exchange 400. For example, if consumer 95 is a journalist using work 166 in accordance with control set 188AB and decides to extract work for a particular purpose, then the consumer may have publisher 168 contact rights and authorization bill exchange 400. A previously registered super control set 188ABC may be requested. In another example, a German resident 95 may receive a control set 188 intended for US decentralization, which may require a different control set to adapt to European legal and monetary environments. In addition, rights holders may change previously distributed controls at a later date to add new rights, provide “sale”, withdraw rights, etc., and the rights and authorized bill exchange 400 will meet demand. Accordingly, these new control sets are also responsible for distribution.

  FIG. 42A illustrates another example in which the consumer 95 may register the control set 188X with the rights and authorization bill exchange 400. FIG. Control set 188X is associated with objects such as files or software programs that consumer 95 has already received. This new control set 188X requests the rights and authorization bill exchange 400 to send a new control set 188Y for the named object to the consumer 95, and the rights and authorization bill exchange Request whenever the control registered for the object is changed at 400. The rights and authorization bill exchange 400 may automatically send an updated control set 188Y to all registered users of a particular digital property.

  In another example, the publisher 168 distributes the work 166 with a fairly limited control set 188X as a connection point for viewing the entire content or otherwise obtaining authorization to use it. 95 allows to view only the summary and specific rights and authorizations bill exchange 400. The consumer 95 can then connect to the rights and authorization bill exchange 400 to obtain a more extensive control set 188Y that allows further levels of use. This provides a high degree of accountability and increased auditing capabilities. This is because it requires the consumer 95 to contact the rights and authorization bill exchange 400 to actually use the previously distributed properties. Similarly, the rights and authorization bill exchange 400 may provide an updated control set 188Y to replace an expired one. This mechanism can be used, for example, to provide a discount that can be changed for a particular item over time (eg, the first time a movie distributor decides how much to discount on initial release, It will be possible to get a discount on the first six months after the release date).

FIG. 43 shows a further example of rights and authorization bill exchange operations performed by the rights and authorization bill exchange 400. In the example of FIG. 43, writer 164, publisher 168, integrator 170, and any other additional value chain participants each have their own control sets 188A, 188B, 188C to rights and authorization bill exchange 400, respectively. Register (additional controls that control the distribution of these provider controls may also register). The rights and authorization bill exchange 400 then distributes the newly combined control set 188ABC consisting of the individual control sets 188A, 188B, 188C, and any value chain participants are not of particular interest. Free from having to construct a control set. In this example, the rights and authorization bill exchange 400 also provides an interface to other organizations (eg, government agencies 440 such as Copyright Office or other types of organizations such as professional associations). Can have. The rights and authorization bill exchange 400 automatically registers the copyright in the work and other objects registered in the rights and authorization bill exchange 400, such that the rights holder himself has to do so. The burden can be reduced or eliminated. The copyright registration interaction between the rights and authorization bill exchange 400 and the government agency 440 may utilize, for example, a VDE and a secure container 152.

  44A-44E illustrate additional rights and authorization bill exchange processes that may be performed using the rights and authorization bill exchange 400. In this example, publisher 168 provides property 166 and associated control set 188a to consumer 95 (see FIG. 44A). The consumer may attempt to access the property 166 using the control set 188a using the electronic device 100 and the associated protected processing environment 154, but the consumer accesses the property in the manner desired by the consumer. May decide to require an additional control set 188b to do so. The consumer electronic device 100 may generate a request 402 to the rights and authorization bill exchange 400 (see FIG. 44B). In response, rights and authorization bill exchange 400 may distribute request control 188b, including authorization and pricing information requested by consumer 95 (see FIG. 44C). The consumer then uses properties 166 according to control set 188 to generate usage / audit trail information 302 based on the consumer's usage (see FIG. 44D). The consumer's electronic device 100 can report this usage information to the bill exchange 300, and upon receiving a release signal from the appropriate bill exchange, the usage information stored therein is marked as “pending”. Delete and / or release (see FIG. 44E).

Rights Template FIGS. 45A and 45B show an example of a rights template 450, and FIG. 45C shows an example of a corresponding control set 188. The rights template 450 may be somewhat similar to the “fill in blank” format. Rights holders can use rights templates 450 to efficiently and effectively define rights for specific digital properties. Such a template 450 is multi-purpose for the virtual distributed environment technology described in the Ginter et al. Patent disclosure in that it is sensitive to specific content industries, providers, content types, etc. Useful for framing capabilities. This allows a user, such as a provider, to be shown in a focused menu of resources that are adaptable or useful for a particular purpose.

For example, the template 450 may be segmented, otherwise organized, and / or the attributes that these organizational entities have regarding the characteristics of the content or other information being controlled. Make assumptions about. Template 450 simplifies the process of defining authorizations, thereby reducing or eliminating the need for expertise and significant time investment to develop the underlying capabilities of a virtual distributed environment. In this example, the user may not necessarily use the template 450, but instead may be able to define the authorization 188 in a rights management language (eg, natural language or computer-based language) (user's Most will prefer the easy-to-use graphic interface that the template 450 can provide, but if you are undertaking the routine task of defining permissions for many different content pieces, additional flexibility and associated complexity Would not mind giving up.)

  Examples of rights templates 450 shown in FIG. 45A (eg, may be appropriate for text and / or graphics providers) include, for example, “view title”, “view abstract”, “change title” ”,“ Redistribution ”,“ Backup ”,“ Content Display ”and“ Content Printing ”to define a number of different types of usage / operations associated with specific digital properties. Rights template 450 may also provide a list of options corresponding to each type of “menu” or usage. These various options allow the rights holder to define the rights that others can exercise in connection with the property. For example, the rights may include:

・ Unconditional authorization ・ Authorization with payment conditions ・ Content-based authorization ・ Unconditional prohibition ・ Prohibition and / or authorization based on other factors

A rights holder may define a “rights profile” corresponding to that particular property by selecting “fill in” or between these various options. In this example, rights template 450 may facilitate additional models and / or levels for rights exercised with payment terms. Such pricing models and levels are flexible for various different categories of business pricing, such as, for example, one time charges, pay per view, and declining costs. Can be defined. See FIG. 45B for an example of how pricing models and levels can be specified using a graphical interface .

  The rights template 450 in this example can be self-executed and / or automatically “translated” or compiled into one or more control sets 188 that provide the necessary control to achieve rights holder selection. obtain. FIG. 45C has a “Title Display” control 188a that allows, for example, the title specified by the rights template 450 of FIG. 45A to be viewed unconditionally. Similarly, the control 188 in the example of FIG. 45C further includes control set elements 188 (2)... 188 (N). Control set elements 188 (2)... 188 (N) correspond to rights and permissions 188 defined by the rights holder based on rights template 450 of FIG.

  In this example, rights template 450 may be progressive. For example, when a new technology makes a new action available and / or created, the rights template 450 will still be “upward compatible” with the existing rights template, while this new action. Can be extended to accommodate. Different rights templates 450 may be used for different types of properties, different value chain participants, etc. (at the same time a particular rights template may apply to multiple objects or properties, multiple value chain participants, etc.) . Some rights templates 450 may be a superset of other rights templates. For example, the entire authorization template 450 may define all possible rights that may be applied to a particular property or property classification. In addition, sub-templates may be further defined to define rights associated with different consumers, consumer categories or rights holders. Thus, for example, a writer can use a different sub-template than the distributor uses. Templates can also be recursive. That is, a template can be used to reference other templates (similarly, a control set defined by a template can reference other control sets).

The rights and authorization bill exchange 400 may partially fill the rights template 450. Alternatively, an automated process may be used to complete and / or duplicate rights templates (eg, based on rights holder pre-existing instructions). The rights holder uses a graphical user interface (eg, by displaying a list of options on a computer screen and pointing and clicking with a mouse pointing device to fill in the desired options) using the rights template 450. Can be completed. In another example, the rights holder can either automatically compile or otherwise process the computer to fill the rights template 450 and / or build an associated control set (s) 188. It is possible to define preferences according to one's own preferences using a rights management language that can.

  FIG. 46 shows an example of rights and authorization bill exchange processing using the rights template 450. In this example, the rights and authorization bill exchange 400 and / or individual rights holder defines a rights template 450 (FIG. 46, block 452 (1)). The rights are then entered into the rights template 450, thereby defining authorized and restricted authorizations and associated pricing models and levels (block 452 (2)). The rights holder associates the permissions defined by the rights template with the object (eg, by creating one or more control sets 188 that reference and / or apply controlled properties) (block 452 (3) ). The rights holder then carries authorization (control set 188) to or from the object (block 452 (4)). The rights holder may send these control sets 188 directly to the consumer 95 (block 452 (5)) and / or to the rights and authorization bill exchange 400 for registration and storage in the database (block 452). (6)). Upon receipt of the consumer's request (block 452 (8)), the rights and authorization bill exchange 400 may provide such a preauthorized authorization to the consumer as desired (block 452 ( 7)).

  As described above, the provider controls such pre-authorized authorization by the rights and authorization bill exchange 400 by a mechanism that provides additional “distributed control” that directs and / or controls the distributed processing.

Certification Authority FIG. 47 shows a Commerce Utility System 500, which is an example of a certification authority. Certification authorities and services typically create digital documents that “certify”, warrant and / or prove some facts. In fact, for example, identification and / or membership in a particular class (eg, organization, etc.); age group, possession of a particular qualification type; dependency on one or more particular jurisdictions; and / or a fixed period Or one or more authorized rights and / or possession of processing to use the content, which ends at a specified time.

More specifically, a certification authority according to the present invention may provide any combination of the following advantageous features and functions, for example in the form of certification:
Electronic authentication information used with or required by rules and / or controls such as confirmation, identity, class membership and / or other attributes of identity and / or context. The electronic authentication information includes automatic authentication of this information and / or automatic authentication of this class of information based on resources (eg, the identity of one or more authentication providers).

  Trusted as a consumer or other value chain participant is a person who is and / or is a member of one or more specific groups, classes and / or organizations Provide verification.

  Provide a trusted verification that a group of value chain participants is what they say collectively. Here, multiple certificates from different parties are examined as a set, and such a specific set of certificates is specific to use the content and / or to perform one or more control processes. Required in the environment.

  • Automatically generate a certificate. Authentication represents the validation of a value chain or value chain portion as a result of a confluence of multiple specific certificates.

  • Predict the group of authentications acceptable from multiple parties through the use of rules and controls. The party can form an authentication that substantially represents a particular group of authenticated parties. Also, in the presence of certain certifications that identify two or more expected parties and / or parties that meet certain criteria (eg, sufficient transaction revenue, sufficient credit worthiness, etc.) New certificates can be automatically generated, acting as a composite certificate that authenticates the collective and coordinated presence of multiple parties. Individually, the authentication may allow certain electronic activities (eg, content use and / or control processing in multi-party EDI, content distribution, commerce systems and / or financial trading systems, etc.) May be related to regulation and control.

  Generate one or more certificates, at least in part as a result of the certificate generation rules and control management. The one or more authentications thus generated may be, for example, a secure provision and control based on one or more instructions after each particular criteria requirement, such as a particular activity, is met by each of a plurality of parties. Is generated as a result of For example, one or more of authentication and / or approval and / or usage activities and / or deposit and / or payment activities and / or reporting activities and / or VDE-supported electronic agreement activities (eg including electronic negotiation activities) Is an offer.

  Authenticate other supporting services (eg financial bill exchanges, bill exchanges used, rights and authorizations bill exchanges, trading authorities and other certification authorities).

  Authenticate based on alternative authentication (eg, identity) and automatic secure database lookups that can be performed locally or remotely across distributed database deployments.

  In addition to automated services that issue dependent certificates, non-automatic (ie, at least in part, human-issued) issues more essential authentication (eg, identity authentication) based on physical evidence. (Provide and assist) services.

  May support (eg, create) digital certificates using public key cryptography, private keys and / or secure VDE virtual networks.

Can issue certificates that support the context for rights use in an automated, trusted, distributed peer-to-peer secure electronic environment that supports the chain of operations and controls.

  Supports a variety of different and diverse business models with a multipurpose, reusable and programmable distributed modular architecture using other Distributed Commerce Utility services.

  Authentication supporting its control set with elements that depend on the presence and / or absence and / or class of one or more digital certificates to prove certain facts, specific and / or unspecific It can be issued. Different requirements may coexist with respect to the presence and absence or presence of certificates associated with different publications.

  Can work with a conditional electronic control set to issue one or more certificates that grant specific rights only to specific consumers and / or other value chain participants (eg, including consumers) is there.

  Issue a surrogate for expired authentication and support sophisticated time and / or use and / or other event-driven expiration (including termination) of authentication. For example, such expiration criteria may vary based on specific authentication, authentication class, user specificity and class, user node, and the like.

  Maintain and distribute (including selective distribution) revocation list information for distributed nodes, eg, based on node distribution profiles and / or rules and controls.

  Distribute revocation list information between nodes of a distributed trading utility networked peer-to-peer for collaborative use in a time-based or other event-based manner. Here, the information is selectively distributed to one or more specific nodes with consent to the cancellation information request. Also / or cancellation information is non-selectively distributed to one or more specific nodes.

  Receive authority from the safe chain of handling and control embodied in the electronic control set.

  Distributing the functions of certification authorities across networks or other systems (eg, every consumer node is potentially a certification authority for certain types of certification; parents should issue certification for their children Is given authority).

  • Organize certification authorities hierarchically. This may involve several certification authorities (ie certification and reliability, validity and validity issued by certification authorities), relying at least in part on certifications issued by other certification authorities for this purpose. To allow automatic verification of relevant decisions).

  • Authorize and / or provide services to or in cooperation with one or more decentralized certificate authority sub-bills exchanges. The operation of the sub-bill exchange can be located logically and / or physically anywhere (eg, within a company or government agency and / or within one or more jurisdictions). And / or serving a subset of the entire business symmetric area of a senior certification authority bill exchange that distributes and / or otherwise permits rights bill exchange functions across systems or networks.

  Any consumer and / or certain or all other value chain participant nodes can potentially support the distributed certification authority's bill exchange service. The decentralized authority's bill exchange service initiates its own secure authentication and functions within the context of the entire bill exchange network. The decentralized certification authority's bill exchange service includes the interoperability of the bill exchange with one or more other participants' collaborative available nodes, and throughout this list all activities are appropriate Adopt VDE technology.

  Provide Liability Acceptance Control (ie, control to insure digital authentication based on the amount of responsibility accepted by the publisher). Responsibility acceptance control may include maintaining information about such responsibility acceptance securely and providing notification to the recipient of the certification regarding protection of the responsibility afforded by such authentication. It may also further include that the recipient of the insured certificate accepts all responsibilities beyond the amount of insurance, for example through explicit electronic acceptance of VDE management and implicit acceptance by continuation.

  Can be organized hierarchically, peer-to-peer or in combined mode. Here, the responsibility for the activities of the certification authority may be distributed in different ways for different trading models and / or activities and / or value chains. Also, a particular one or more parties can be hierarchically higher than other parties in one or more instances, for example, and hierarchically peered in one or more other instances. Or lower order. That is, the relationship between participants is programmable and set (and later changed) to represent one or more desired specific certification authority arrangements for a given trading activity, value chain or model. obtain.

  FIG. 47 shows an example of a certification authority 500 from a process perspective. In this example, certification authority 500 creates a digital document that “certifies” some fact (eg, identity or class membership), called certification 504. For example, a trusted third party certification authority 500 may indicate that the consumer is the person the consumer claims, or that the consumer has certain characteristics, attributes, class membership, etc. Provide a secure digital guarantee about. For example, some attributes include members of a certain class (eg, employees of a company), people born before a certain date, people with a disability, members of the faculty, universities May represent an administrative or student body or veteran.

  In this example, the digital certificate 504 issued by the certificate authority 500 is used as a conveyor for the context of rights usage and transaction authorization. As described in the Ginter et al. Patent disclosure, authentication 504 is particularly powerful in a virtual distributed environment. This is because the authentication 504 provides a context for rights usage. For example, the use and automation of class-based authentication and distributed management of trading rights inherently increases the efficiency of trusted networks. For example, content publishers want to charge commercial prices for academic journal subscriptions to everyone except those who have higher education, and 20% to college and university students and professors Assume that you intend to discount. The digital certificate 504 issued by the trusted certificate authority 500 can be used to automatically provide assurance (in the context of a distributed electronic network). This guarantee ensures that only those who are truly entitled to a discount can exercise it (in this example, only those who are certified as participating in a higher education system).

In the example of FIG. 47, the certification authority 500 may perform the following overall functions:
・ Fact collection or check 522
Authentication generation 524
-Maintain cancellation list 526
Authentication and revocation list distribution 528
Confirmation 530
Authentication update 532
・ Permission 534
・ Replication 536
Propagation 538, and Archive 554

  The certification authority 500 collects evidence 502 as a basis for issuing the digital certificate 504. In this example, evidence 502 may include other digital certificates 504 '(eg, so that some certificates can be built on others). The fact collection and checking function 522 accepts this evidence 502 along with additional reliability data 540 (eg, information regarding compromised or previously misused authentication). The certificate generation function 524 may generate a new digital certificate 504 based on this fact collection and checking process 522. The distribution function 528 then distributes the new digital certificate 504 and issues an invoice 452 to compensate for the effort and burden undertaking that may be issued by the certification authority.

  The certification authority 500 may also maintain a revocation list 542 based on the reliability data 540. The reliability data 540 is, for example, a compromised or previously misused authentication and the fact is no longer true (eg Mr. Smith was formerly a professor at Stanford University, It shows the certification). The revocation list function 526 maintained is important to provide a mechanism to ensure that a “bad” authentication cannot be subsequently used once it is known to be bad. The certificate 504 issued by the certificate authority 500 may expire, and the certificate authority may renew the previously issued certificate (eg, for a fee) by executing the certificate renewal function 532. The certification authority 500 may maintain a record or database of issued certifications, which may be distributed (which can vary the database accurately and efficiently, benefiting from the replication function 536 and the propagation function 538). Can be distributed over different positions).

  FIG. 48 shows an example architecture for a certification authority 500. In this example, the authentication authority 500 may comprise a secure communication facility 544, an encryption / decryption processor 546, a billing system 548, a key generator 550, a query mechanism 552, and an electronic archive 554. In this example, the safety communicator 544 is used to communicate with other electronic devices 100 and / or other trading utility systems 90. The electronic archive 554 stores the keys, authentication 504 and other information required to maintain the operation of the certification authority 500. The encryption / decryption processor 546 is used to create the digital certificate 504 using strong encryption techniques. The bill issuing system 548 issues a bill 542. Query mechanism 552 is used to query electronic archive 554. The key generator 550 is used to generate an encryption key that the certification authority 500 needs for its operation.

  FIG. 49 shows an example of certification authority processing. In this example, the publisher may send an electronic safety container 152 to the consumer 95. In order to use a specific permit 188a in the safety container 152, the consumer 95 may have certain facts about the consumer (e.g., the consumer is a US citizen, the consumer is a veteran, A certification may be requested from the certification authority 500 to authenticate with respect to, for example, an age over age. The consumer may generate a request 502 to the certification authority 500 for issuing an appropriate certificate. The certification authority may check the evidence 502 provided by the consumer 95, or evidence provided by a third party, and issue the digital certificate 504 required by the consumer (when the certification authority 500 is satisfied). . This digital certificate 504 is not only from the publisher's control set 188a, but also from other rights holders requesting certification of the same fact and from other rights holders who have agreed to the trusted certification authority 500 as a certificate issuer. It can also be used for sets.

  The certification authority 500 may communicate with the consumer 95 using a secure container 152. This may generate and provide a control set 188b with authentication 504. This control set 188b controls some aspects of the use of the authentication 504 (eg, it may not be redistributed and / or modified) and / or handled for issuing additional dependency certificates. And define a chain of control (eg, parents are authorized to issue certificates for their offspring).

  One certification authority 500 may be represented on behalf of others (e.g., within a chain of handling and control defined by one or more electronic control sets 188). Distributing the certification authority 500 across a number of different electronic devices has advantages, for example, in terms of efficiency. FIG. 50 shows one useful example of this distributed certificate issuance scenario.

  FIG. 50 illustrates that the rights holder 164 (and / or the rights and authorization bill exchange 400) (eg, by issuing an electronic control 188a in the secure container 152a) to the certification authority 500 of the facility 1060. Request that higher education public facilities be able to issue a digital certificate 504 (1). The control set 188a may in fact establish the strategies and procedures necessary to ascertain whether a particular facility has been officially authorized. Based on electronic control 188a and evidence 502 presented by facility 1060, certification authority 500 may issue a digital certificate 504A that attests to the fact of formal authorization.

  In order to utilize certification 504A, a student, faculty member, and / or staff member of facility 1060 may need to provide further authentication to prove the fact that they are affiliated with facility 1060. Absent. Instead of having the certification authority 500 issue a further certificate 504 for each student, faculty member and / or staff member at facility 1060, each facility 1060 holding the certificate 504A may have its own faculty member, staff member and / or It may be efficient and / or desirable to issue a dependency certificate 504 (2) to a student. For example, the facility 1060 may maintain a list of all current students, faculty faculty, and employees. Instead of requiring the certification authority 500 to issue a separate certificate 504 (1) to each of the students, faculty and staff of the facility 1060, the facility may undertake this responsibility itself.

  For example, the facility 1060 may choose to operate its own distributed certification authority 500A. In one example, the certification authority 500 may issue an electronic control 188b (eg, subordinate to the control 188a issued by the rights holder 164). The electronic control 188b may, for example, provide the facility's certification authority 500A with a specific restriction (eg, certify a limited universe of facts such as “This person is publicly associated with the facility 1060”, etc.). Delegate authority and responsibility to issue subordinate authentication 504 (2). This subordinate certificate 504 (2) includes, for example, a certificate 504 (1) that has an appendix that states that a particular person is associated with the facility 1060 and that states a specific due date (eg, the end of the current semester) Can be a copy. The facility certification authority 500A then issues such a subordinate certification 504 (2) to each faculty member, student and staff member on the current list.

  Recipients of authentication 504 (2) may need yet another authentication 504 (1) to prove their identity. This verifies that the certification authority 500A has the fact that a particular unique person has joined the facility 1060 (not the fact that the particular recipient of such certification is that person) authentication 504 ( This is because 2) is issued. The recipient may need to obtain this further “identity” certification 504 (1) from a government-operated certification authority 500 (eg, a state or federal government).

Rights holder 164 (and / or rights and authorization bill exchange 400 (not shown)) issues control set 188c for digital property 166. Control set 188c provides other benefits to those who provide a combination of valid digital certificates 504 that allow discounts or prove that they are part of a class of “authorized higher education facilities”. . Each student, faculty member, and staff at facility 1060 that receives certification 504 (2) may take advantage of these discounts and other benefits. FIG. 50A illustrates how different digital certificates can be used in this way to support authentication conditional control 188 (ie, a control set whose elements depend on the presence and absence of certificate 504 certifying a particular fact). Show.

In the example of FIG. 50A, the one or more control sets 188c include a number of individual controls 188 (1)... 188 (N) that are applied to the same digital property 166 or group of properties, for example. Control 188 (3) provides additional and / or different rights to all students, faculty and staff at Stanford University. In the example shown in FIG. 50A, multiple authentications may be used together to provide the requested authentication. For example, the authentications 504 (1), 504 (2), and 504A shown in the example of FIG. 50 are used together to take advantage of discounts provided to students, faculty and staff of higher education public institutions by a particular person Make it possible. For example:
Authentication 504 (1) may prove the fact that a particular person John Alexander is what he says.

  Another certification 504A may prove the fact that Stanford University is a higher education public institution.

  Another certification 504 (2) may prove the fact that John Alexander is a student at Stanford University in the current semester.

  Each of these various certificates 504 may be issued by a different certificate authority 500. For example, one certification authority 500 (eg, operated by a government entity) issues a certification 504 (1) that authenticates consumer identity, while another certification authority certifies 504 regarding student status. (2) may be issued, and a third certification authority may issue a certificate certifying the fact that Stanford is a public university (see FIG. 50).

  As a further example, the control set element 188 (1) shown in FIG. 50A may provide certain benefits for California residents. The condition may be satisfied by a consumer presenting a digital certificate 504 (3) that authenticates living (eg, with a “identity” certificate 504 (1)). The additional permission 180 (N) shown in FIG. 50A can be satisfied by presenting an authentication 504 (5) indicating that it is a US citizen. A given person has one or more jurisdictions (for example, a resident in or working in a particular city, state, country or other political unit--therefore, the unit's consumption tax, income tax or other tax Such certifications 504 (3), 504 (4), which proves that they are under (imposed or subject to certain administrative fees), are particularly useful for intra-state and / or international trade transactions. For example, the certification authority 500 may issue a certification 504 to a financial bill exchange 200 in the UK. This authentication 504 is a control set distributed by the rights and authorizations bill exchange 400 that identifies that only the rights holder and / or the UK financial bill exchange 200 is authorized to accept Pound Sterling payments. 188 may be used. If the financial bill exchange used has the proper UK certification, only consumers who wish to pay in pound sterling will be able to close the payment transaction. And, by reducing the burden of determining which transactions of the provider are subject to UK taxation and which transactions are not subject to UK taxation, the British Exchange can pay the appropriate UK tax.

  FIG. 50A also shows a further authentication 504 (4) that authenticates that one person is married to another person. In order to use authentication 504 (4), it may also be necessary to present a first authentication 504 (1) that authenticates identity. Such authentication, which establishes relationships between individual people or between people and organizations, is useful, for example, in making family members available to other family members (e.g. A person can benefit based on the authentication certificate of their spouse or their parents).

  51A-51D show examples of detailed formats for various digital certificates 504. FIG. The digital authentication 504 (1) in FIG. 51A can authenticate that a certain person is a person who identifies himself / herself. This authentication 504 (1) can include, for example:

-Field 560 (1) indicating the name of the person
-Field 560 (2) for specifying the birth date of the person
-Revocation field 560 (3) that specifies when the digital certificate expires
Public key 560 (4) corresponding to the person's public key, ID code 560 (5) (which may be a hash of the public key field 560 (4) in this example)
Checksum field 560 (6) that provides error checking capability

  In this example, the digital certificate 504 (1) is encrypted by the certificate authority 500 using the private key of the certificate authority of a public key-private key encryption system pair such as RSA or El Gamal. The public key corresponding to the authentication authority 500 may be publicized (eg, by distributing the public key in a site on the World Wide Web accessible to several publics, or in a widely distributed context). Alternatively, it can never be exposed outside the processing environment 154 that is kept secret and protected. In any case, if the digital certificate 504 (1) is successfully deciphered and the original clear text information is revealed, a high degree of assurance is given by the certificate authority 500 issuing the digital certificate (the certificate authority). 'S private key has not been compromised).

  The revocation field 560 (3) is useful because those who skip the revocation list check have at least some assurance that the authentication is good if the authentication must be updated periodically. The expiry date field 560 (3) provides additional protection by ensuring that authentication does not persist forever, and the certification authority 500 uses different encryption key pairs to provide comprehensive integration of the authentication process, for example. And be able to give credit. Changing the key pair of the certification authority 500 reduces the incentive for the opponent who breaks the given key. This is because the amount of information protected by the key is limited, but unauthorized use of a broken key is only valid for a limited time. In addition, unexpected mathematical advances (currently) will render some cryptographic algorithms not used. This is because cryptographic algorithms rely on calculations that (currently) cannot be handled theoretically. If a new algorithm is used for reissued authentication by the built-in mechanism for changing the key of the certification authority 500, the impact of such a outage is limited to a certain period. Alternatively, at the expense of additional decryption time, this risk can also be addressed by using multiple asymmetric key pairs that are generated according to different algorithms for sign and valid keys.

  51B, 51C and 51D show different types of information (eg, specialized certificate field 560 (7) for authentication 504 (5), address field information 560 (8) for authentication 504 (3), and An example of further digital authentication is shown, including a student certificate field 504 (9)) in the case of student authentication 504 (2). These authentications 504 (2), 504 (3), 504 (5) are related to the identity authentication 504 (1) via the common ID field 560 (5), and both identity authentication and independent authentication are May generally need to be presented together.

  FIG. 51E illustrates how an exemplary digital certificate issued by one certification authority can be the basis for other certification authorities to provide other certifications in conjunction with a trusted database. For example, the certain authentication authority 500A confirms the valid user identity, and creates the identity authentication 504 (1) shown in FIG. 51A. The user can submit this identity certificate 504 (1) to another certification authority 500B. Other certification authorities 500B have a people and / or organization database 554a with specific attributes. For example, the certification authority 500B can be operated by a specialized organization that maintains an internal database 554a. Since the certification authority 500B maintains the contents of the internal database 554a and keeps them correct, the certification authority 500B trusts the contents of the internal database 554a.

  By comparing the identification information in the authentication of FIG. 51A with the content of the trusted database 554a, the certification authority 500B can perform the authentication of FIG. 51B without requesting physical evidence from the owner of the authentication of FIG. 51A. Can be issued. This solves the important problem of requiring users to “face up” whenever a user needs highly trusted authentication, and allows the second authentication generation process to be automated. .

  FIG. 51E shows that the certificate 504 (2) issued by the certificate authority 500B is based on a lookup of the certificate authority 500C itself in the trusted database 554b (according to the identity certificate 504 (1)). Indicates that 500C may be a sufficient basis for issuing further authentication 504 (3).

  Another example may be a corporation that is organized in the jurisdiction of the Secretary of State and proves the identity to the Secretary of State. If the company authorizes a sample to handle hazardous materials, the company will receive a certificate 504 (1) of its identity from the Secretary of State (in this case, including certification authority 500A), May be submitted to an agent (certification authority 500B) who is currently qualified and authorized to handle the company responsible for maintaining the company database 554a. The certification authority 500B may then issue a certificate 504 (2) that proves this fact fully automated if desired.

One or more participants in a particular value chain or one or more participants with a specific relationship during authentication to authorize a participant to act as an agent for an entity The person must be approved and perform the duties of a representative of the set of participants. For example, a party may wish to work on an alliance or approval from a joint venture of which it is a member. Alternatively, all participants in a particular value chain may need to work as a whole for the value chain. Each participant who receives such approval from an entity may need to receive approval and work from that entity.

  The present invention uses any certificate that uses digital certificate 504 to enforce the same or different rights, optionally combined with any associated participant, and exercises the prescribed rights under conditions of controlled use. It provides a mechanism by which a “virtual entity” can be created. More specifically, digital authentication enforces the authority to serve as an entity for each participant of a virtual entity. The job is performed within the limits of the usage conditions and further with any results specified in the usage conditions specified by the electronic control associated with the container.

FIG. 51F shows an exemplary electronic container 152 that contains the following information. A value 564 identifying a "virtual entity", a signature 566 (1) -566 (N) (one for each member of the entity), other information 568 belonging to the entity, a digital certificate 504 (1) -504 (N ) (One for each member of the entity), as well as control information 188 and value 564 that specify authority (eg, rights or permissions) and “use conditions” provide an identifier that uniquely identifies the entity. The “other information” field 568 may provide further information about the entity (eg, the name of the entity, the name and address of each participant, the expiration date that the entity ceases to exist). Signatures 566 (1) -566 (N) are like signatures of agreement for partnership. Each member of the virtual entity agrees to be a member of that: with its “signature” and agrees to the terms given to each participant.

  The example container 152 further includes an electronic control set 188 that describes the conditions under which the authority can be exercised. Control 188 defines the authority granted to each participant. Control 188 includes conditions or restrictions for exercising these authorities (in this example). Control 188 may provide the same authority and / or usage conditions for each participant. Alternatively, control 188 may provide different privileges and / or terms of use for each participant.

  For example, control 188 grants each participant of the virtual entity the authority to serve as certification authority 500 on behalf of that entity. In this particular example, control 188 allows each participant of the virtual entity to create a certificate that represents the virtual entity. The authorization is made with the results specified in the usage conditions specified in the limits of the usage conditions and in the control. As mentioned above, the right to grant a certificate is just one example. Any type of electronic rights or authorization may be granted based on any type of electronic usage conditions.

  FIG. 51G is one exemplary process for generating the container 152 of FIG. 51F. In this example, parties to the virtual entity may negotiate control information to manage collective activity based on, for example, the electronic negotiation technique shown in Ginter et al., Patent specification FIG. 75A-76B (FIG. 51G, block 570). . The resulting control information 188 may specify “use conditions” such as the rights that can be exercised by each participant in that entity and the restrictions imposed on each of these rights (which can be defined on a per participant basis). .

  Participant Initiating Issue (actually, Protected Processing Environment 154 of the Participant's Protected Processing Environment) 154 of the digital container 152 can be selected and used as a random value as the entity identifier value 564 ( FIG. 51G, block 572). Participant PPE 154 may then create authentication information for that virtual entity by associating entity identifier value 564 with other information 568 (FIG. 51G, block 574). The participant's PPE 154 may then sign the virtual entity authentication information and indicate the participant's consent to become part of that virtual entity and the terms of use of the control information 188 (FIG. 51G, block 576).

  Participant's PPE 154 then creates an electronic container 152 in which control information 188, virtual entity authentication information 564, 566, 568 and a cryptographic key that the participant can use to exercise rights are identified. Enter the participant's own authentication 504 (FIG. 51G, block 578). The participant then determines whether the participant still needs to be added to entity authentication (FIG. 51G, block 580). If yes, the container 152 is sent to other participants in the virtual entity (FIG. 51G, block 582) and accessed and confirmed by the next participant (FIG. 51G, block 584). 586). The next participant also signs the virtual entity authentication information by adding to the list a signature 566 (2) indicating that he also agrees to participate in control 188 and its virtual entity (FIG. 51G). , Block 588). This new information is used to add to and / or exchange entity authentication information 564, 566, 568 to entity authentication information 564, 566, 568 (FIG. 51G, block 590). This next participant also adds his own authentication 504 (2) to the container 152 (FIG. 51G, block 592).

  Steps 580-592 can be repeated until container 152 is signed by each participant in the virtual entity (if no, exit decision block 580). The completed container 152 is then transmitted to all participants (FIG. 51G, block 594).

  FIG. 51H illustrates an exemplary process that a virtual entity participant may use to exercise authority on behalf of the virtual entity based on the control 188 shown in FIG. 51F. The example process of FIG. 51H is performed by the participant's protected processing environment 154 based on the request. Participant's protected processing environment 154 writes an audit record (FIG. 51H, block 594A) and evaluates the request using the usage conditions specified by control 188 (FIG. 51H, block 594B). If the request is granted by control 188 (if yes, exit block 594C in FIG. 51H), participant's protected processing environment 154 accesses virtual entity value 564 from container 152 ( FIG. 51H, block 594D), executes the request using the control information 188 associated with the usage conditions and produces an appropriate result (FIG. 51H, block 594E). In one example, the participant's protected processing environment 154 serves as the certification authority 500 on behalf of the virtual entity by issuing a digital certificate 504. Issuing the digital certificate 504 signifies the digital certificate digitally by encrypting the entity identifier value 564 with the encryption key corresponding to the participant's own authentication 504 included in the container 152, and newly Creating a digital certificate part of the issued certificate. This example then writes out further audit information 594H and reports on the actions taken.

  If the requested action is not allowed by control 188 (FIG. 51H, “No” exits decision block 594C), the example FIG. 51H process determines whether the error is fatal (decision). Block 594F). If the error is fatal (“Yes” exits decision block 594F), the process disables further use of the information in container 152 (block 594G) and writes further audit information (block 594H). ) And stop (FIG. 51H, block 594I). If the error is not fatal (“No” exits decision block 594F), the protected processing environment 154 may write out further audit information (block 594H) and terminate this task (FIG. 51H, block 594I). ).

  The processes and techniques shown in FIGS. 51F-51H have a variety of different uses. As an example, suppose a first publisher publishes a derivative work that includes its content and content provided by a second publisher. Two publishers may form a virtual entity, which allows the first publisher to serve on behalf of that entity. However, it is only subject to terms and conditions agreed and agreed by both partners. For example, the second publisher may have the first publisher re-publish the second publisher's content, and the consumer 95 will extract the content and edit the anthology (provided that the consumer is virtual Presenting the appropriate authentication 504 issued by the entity and only if the virtual entity proves that the consumer is authorized to exercise that right). For example, only special applicants with certain characteristics may be eligible to receive authentication 504. With the techniques described above, a first publisher can issue an authentication 504 to an applicant on behalf of a virtual entity that includes both a first publisher and a second publisher. The second publisher is a confident because the first publisher is negotiated by both publishers and can only issue certificates according to agreed terms of use.

  Another example is a manufacturing process that includes multiple participants. The terms of use provided by control 188 may allow participants in any value chain within the manufacturing process value chain to perform certain activities on behalf of the entire value chain. For example, material manufacturers, finished product suppliers, and shipping companies that transport materials between them may form virtual entities. The virtual entity can then submit the control set to the trading authority. The control set describes a process that states that all three participants will work together. As a simple example, for example, in a control set created according to the usage conditions applicable to their virtual entity, a unified display of material requirements, a finished appearance and a delivery schedule are allowed.

  In another example, a semiconductor company, a system integrator, and three different software providers may form a virtual entity that supports the semiconductor company's chip design, simulation, and design inspection applications. In this example, a certificate may be issued to each company that is an entity in this example and to a particular individual of each company. Rules and controls negotiated between companies specify who has access to software applications and associated databases and who can make modifications to the software and / or data. In this way, the semiconductor company can authorize access to external contractors and / or providers and specific individuals representing these external companies. These individuals may be granted sufficient access only to solve typical problems and to perform system maintenance tasks. In addition, these individuals may be granted additional rights (approvals) for a limited period of time and access for resolution to certain executables and / or data that are not included in the default permissions. Resolve specific problems that require

  The virtual entity features of the present invention present, in part, an extension built on the handling chain and control technique disclosed in Ginter et al. For example, authentication created in accordance with this aspect of the invention may take advantage of the capabilities of the VDE handling and control chain and manage the authentication chain.

Secure Directory Service FIG. 52 shows an example of a secure directory service trading utility system 600. A secure directory service securely provides electronic directory information and / or other directory information, such as name, address, public key, certificate, etc. Sending such information securely (via a virtual distributed environment (VDE) in the preferred embodiment) prevents eavesdropping, ensures confidentiality, and enables significant participant interaction effectiveness To provide critical infrastructure support.

  More particularly, the secure directory service provided in accordance with these inventions may provide the following exemplary beneficial features and functions.

  Provide directory information based on various different parameters including various classification information safely and reliably.

  Securely provide electronic addresses and / or other communication paths for consumers, content providers, bill exchanges and / or other parties based on name, function, physical location and / or other attributes sell.

  May provide public keys and / or authentication of consumers, content providers, bill exchanges and / or other parties based on, for example, name, function, physical location, and / or other attributes.

  Efficiently manage and / or automate reliable communication of requests and responses in a secure container while protecting identity-related information and hiding it where appropriate.

  Rules and controls to use secure containers and to ensure content integrity and non-reputability.

Receive approval from a safe chain of handling and control embodied in an electronic control set.
Distribution of secure directory service functions across a network or other system (eg, any consumer and / or other value chain participant node may use one or more other VDEs as described in Ginter et al. (This is a potentially distributed secure directory service that initiates direct transactions with its participants and their own secure directory service.)

  Grant authorization and service to one or more distributed secure directory service sub-bills exchanges or in cooperation with one or more distributed secure directory service sub-bills exchanges. The operation of one or more distributed secure directory service sub-bill exchanges is within the company or government agency and / or other distributed secure directory service functions across distributed senior directory service authorities and / or systems or networks. It can be located logically and / or physically anywhere, such as within one or more jurisdictions and / or within a serving subset of an entire business concentration area.

  Any consumer and / or some or all other value chain participant nodes potentially have a secure directory service authority that provides naming and related services and functions within the context of the entire naming service network. Can be supported. The context of the full naming service network includes one or more other participant internal operation nodes and all activities utilizing VDE technology where appropriate, as elsewhere in this list.

  Hierarchically organized and may represent responsibility and operation for secure directory services for all directory subsets based on name, function, physical location and / or other attributes.

Can be organized hierarchically, for example providing a directory of directories.
The responsibility for the directory service can be distributed in different ways for different trading models and / or activities and / or value chains, and one or more parties are hierarchical, for example more than other parties in one or more examples It can be more advanced and can be organized hierarchically, peer-to-peer or in a combined manner, such that it can be hierarchically peered or lower in one or more examples. That is, the relationship between participants can be programmable and can set (and later modify) one or more desired specific directory service arrangements for a given trading activity, value chain and / or model.

  FIG. 52 shows an exemplary secure directory service 600 from a process perspective. In this example, secure directory service 600 keeps track of directory information associated with consumers, value chain participants, and / or electronic devices, and provides this information securely based on qualified requirements. It is an archive. In this example, the secure directory service 600 may provide the following functions:

・ Database management 606
Database search / readout 608
Database replication 610
Database propagation 612
Confirmation 614 and Approval 616

  The database 606 can be accessed by a search and retrieval engine 608 that uses the information to capture input information provided to the consumer as a source and retrieve the relevant records. For example, secure directory service 600 may receive individual, organization, service and / or device identity 618, electronic address 620, authentication 622, and / or key 624. This information can be stored in the database 606.

  In response to request 602, secure directory service search and retrieval engine 608 accesses database 606 and has further information (eg, an individual or institution's email address, a person's public key, an email address). The identity of a person, the identity and address of a person with a certain public key).

  Further, the secure directory service 600 can return access control, audit requirements, and the like. For example, the user may be required to present a valid certificate (eg, authentication 504) for accessing the entity's internal email address. The database 606 has a predetermined information field known to all visitors (eg, office location or specific employer, their home directory on a company server, etc.) or the physical address of the consumer. May be available to those presenting certification 504 issued by a consumer serving as his own certification authority 500, but not to others. This control may be specified in a secure container that carries information to the secure directory service 600.

  When information is provided to the requesting person, the person is required to use the information only in an approved manner. For example, the person may be able to use information to formulate an email message, but does not extract the physical address for the mailing list. This restriction may be enforced by the control 188b and the secure directory service 600 associates with the information it provides.

  As shown in FIG. 53, in addition to the secure communication facility 626, the secure directory service 600 may provide a database 606 and a search and retrieval engine 608. The architecture of the secure directory service 600 may be based on FIGS. 12 and 13 in the Ginter et al. Patent disclosure.

  FIG. 54 illustrates an exemplary secure directory service process that may be performed by the secure directory service 600. In this example, sender 95 (1) wishes to send a message to recipient 95 (2). The sender and the receiver can be an electronic device 100 owned by a consumer, bill exchange, or the like. The sender 95 (1) sends an address request 602 to the secure directory service 600 that provides some information and requests other information. In response, the secure directory service 600 provides the requested information to the sender 95 (1). The sender 95 (1) can use the information to send a message to the recipient 95 (2). In this example, both address request 602 and response information 604 are held in secure electronic container 152 to maintain the confidentiality and integrity of the request and response. Thus, for example, an outside eavesdropper cannot determine who the sender 95 (1) wants to communicate or what information is needed to communicate. Directory responses cannot be “fooled” to direct the requested message to another location. In addition, as described above, directory service 600 may include control 188 and / or requests along with its response, or request control 188 as part of its input.

Trading Authority 700
FIG. 55 shows an example of a trading authority trading utility system 700. These inventions also allow for a secure “trading authority” capability that provides the following general functions:

  • Confirmation, authentication, and / or auditing of the safety of events (eg, including approval, eg, non-repudiation purposes) in a multi-event transaction or process handling and control chain.

  Secure storage, validation, authentication, and / or distribution of control sets (eg, including authorization and non-rejection purposes) in the handling and control chain of multi-event transactions or processes.

  Issue requirements for any or all trading steps and / or process steps.

  • Participate in models that utilize mutual control methods and distributed, automated events (eg, distributed computation, process management, EDI, reference to currency, etc.) if desired Actively participate in transactions or processes (including management, oversight, mediation, arbitration, initiation).

  Can authenticate steps and / or transit paths, including authenticating proper routing of electronic information via a trading authority telecommunications switch adapted to authenticate certain information, where authentication is a required route And / or authenticate that the transmission of such electronic information was subject to certain committed rules and controls. For example, certain promised rules and controls may result in obtaining certain archived information and / or not exceeding budgets, and / or other limitations and / or restrictions, such as: The number of information containers, the value of the electronic currency contained in the currency container over a period of time, the amount of funds entrusted in the purchase order, the appropriate order authority, etc.

  A trading authority may simply be a secure, watchful bystander and certifier for electronic commerce and / or trading steps (over a series of trading steps), and the trading authority may be a secure multi-party electronic It can be a safe promoter of commerce and / or a trading authority can actively and directly participate in electronic commerce.

  More specifically, trading authorities in accordance with these inventions may provide the following advantageous features and / or functions.

  Maintain and verify event notification information that is suitable for multi-stage trading and / or chaining of handling and control processes.

  -The chain of handling and control of required transactions and / or process steps based on components representing business process elements may be strengthened in line with the requirements for their authentication or verification. Here, for example, one or more trading authorities each authenticate and / or verify one or more specific events at one or more step “positions” in a trading sequence.

  For example, an entire transaction control set may be formed from a number of separate sub-control sets that are contributed by a number of different participants.

  Utilize reciprocal methods to coordinate requested trading events, including, for example, a series of events between value chain participants.

  Receive approval from the secure chain of handling and control embodied in the electronic control set.

  Intervene to actively manage the chain of transactions and / or handling and control processes.

  • Coordinate workflow and / or chain of handling and control processes and / or other business processes.

  Trusted, including authentication and / or verification steps in distributed legitimacy, EDI, financial transactions, and / or trade system value chain activities, which greatly enhances security for distributed rights management Also, automatic and efficient management can be provided based on a secure distributed electronic trading environment. Such security can match or exceed the security that can be obtained with a centralized, online trading model.

  It may manage at least some of the transactions within and / or between value chain participants (eg, organizations, individual consumers, virtual groups).

  The status and outcome of satisfaction with atomic transactions may be identified and / or monitored, at least in part through the use of rules and controls.

  May supervise what is happening (e.g., by utilizing an inference engine and / or expert system) based on error conditions and / or transaction profile analysis.

It can provide security, routing, prioritization and confidentiality adjustments in the negotiation process that allow different distributed parties to work together efficiently through a sensitive and trusted interface .

  Provide notarization, verification, authentication and / or delivery for secure documents and / or process controls, where appropriate.

  Authenticate steps and / or transit paths, including authenticating proper routing of electronic information via a trading authority telecommunications switch adapted to authenticate certain information, where the authentication is the appropriate route and It authenticates that the transmission of such electronic information was subject to certain committed rules and controls. For example, certain promised rules and controls may not exceed the budget, or other limitations: the number of “contained” information containers in a given period, the value of electronic currency represented by currency containers over a period of time The amount of funds entrusted in the purchase order, the appropriate ordering authority, etc. are issued and meet the requirements for receiving such authentication or verification appropriate at the node receiving such routed information.

  · Distributing trading authority functions across a network or other system (eg, every consumer and / or other value chain participant's node is potentially at least partially initiating its own trading authority functions A usage clearing service, where the participant node can communicate usage information directly with one or more other participants), rules and controls, and described in Ginter et al. According to other VDE technologies that have been developed.

  • Provide electronic or other arbitration, mediation and negotiation services.

  FIG. 55 shows a specific example of a trading authority 700 from the perspective of overall functionality. Trading authority 700 provides, among other things, a safety audit facility that maintains the current state of all transactions or processes based on event notifications received from trading participants.

In this particular example, trading authority 700 performs the following functions:
・ Event notification collection 730
Effective event database management 732
・ Requirement generation 734
・ Safety verification audit 736
・ Report 738
Notification 740
・ Reply 742
Propagation 744

  In this example, trading authority 700 receives a notification that an event has occurred in the form of event notification 748. Event notification 748 may be transported to one or more secure electronic containers 152. The event notification collection process 730 may collect these event notifications 748 and store them in the valid event database 732. Trading authority 700 may generate further notification 748 ′ based on its valid event database 732 and a response indicating the current state of the transaction or process in response to request 752 and / or based on other requirements. 750 may be issued. In addition, trading authority 700 may generate and output an audit record 754 that indicates progress and status of the transaction or process based on the contents of its valid event database 732 analyzed by audit function 736. Trading authority 700 may also issue report 756 based on its reporting function 738. Valid event database 732 may be a distributed event notification database, in which case reply process 742 and propagation process 744 may be used to maintain and update data in a distributed fashion.

  Another key function of trading authority 700 in this example is to issue new or modified event requirements 758 that can be used to control or affect all processes or transactions. That is. Trading authority 700 may receive control set 188, price and authorization 188 ′, event flow requirement 760 and / or process routing requirement 762. Event flow requirement 760 and process routing requirement 762 may be specified in one or more control sets. In response to this information and the contents of valid event database 732, trading authority 700 uses its requirement generation process 734 to create a new or modified event requirement 758. Trading authority 700 may also create a new or modified control set 188 "and a new or modified price and / or authorization 188" '. Trading authority 700 may use financial statement 764 as input to its safety audit function 736.

  FIG. 56 shows an example of the architecture of trading authority 700. In this example, trading authority 700 (which may be based on the VDE Rights Operating System (ROS) architecture shown in FIGS. 12 and 13 of Ginter et al.) Includes secure communication facility 770, database and transaction processor 772, process control logic 774, routing table. 776 and an adaptive control set database 778. These functions can be performed by methods at one or more control sites). In addition, trading authority 700 may also include a document notary 780 that includes a seal generator 782, a digital time stamp generator 784 and a fingerprint / watermark generator 786.

  The secure communication facility 770 allows the trading authority 700 to communicate across the electronic network 150 in a secure manner (eg, by the secure electronic container 152). Database and transaction processor 772 performs most of the process shown in FIG. The adaptive control set database 778 may perform a valid event database function. Routing table 776 may be used as part of requirement generation function 734 to route the appropriate message to the appropriate entity.

  Process control logic 774 may include an inference engine or expert system used to handle error conditions that are not fully anticipated or specified by event flow requirements 760 and / or process routing requirements 762. Process control logic 774 may operate based on rule-based principles, fuzzy logic, neural networks, or some or all combinations thereof, or other methods of process control logic. Process control logic 774 determines the next event that will occur within the entire transaction or process.

  Document notary 780 provides document generation that is verified, for example, digital seals and / or stenographic information is written and / or attached to digital documents.

  FIG. 57 shows an example of a trading authority process. In this simplified process, trading authority 700 may be an internal company entity used to audit and oversee the entire product delivery process. In this example, the consumer 95 issues a product order 788. This order 788 is received by the order receiving department 704. The order receiving department 704 issues an order event 710 to the trading authority 700. In response to this order event 710, trading authority 700 may issue rules and / or requirements in the form of one or more control sets 188 that specify how order department 704 handles the order. These rules 188 specify the handling that oversees the activities of the chain and procurement department 709A, warehouse 709B, shipping company 726, and payment collection department 709C, for example. Rule 188 identifies the requirements for the transaction and the overall process flow that may be sent from the department that is the secure electronic container 152 to the other, and thus will occur. Each department then sends the safety control 188 to the next department by the rules themselves and / or routing supervised by the trading authority 700. Each department may also issue an event notification 748 that alerts trading authority 700 about the current status of all processes. Trading authority 700 may store this status information in its safe-valid event database 732 for auditing purposes and / or to allow the trading authority to move on to the next step in the process.

  Trading authority 700 uses, for example, the interaction model shown in FIGS. 17E-1 to 17E-4 to interact with an ongoing transaction or process. A particularly useful scenario for trading authority 700 is managing a process performed by multiple parties, such as a joint venture or a company working on other common objectives. In this type of business scenario, multiple companies may act towards a common overall goal, but for example, have their own internal purpose of protecting their own sensitive business secrets. Can have. Trading authority 700 can be used as an independent third party intermediary / mediator without requiring any company to reveal detailed process information to anyone other than trading authority 700. Coordinate activities between multiple companies.

  For example, trading authority 700 may generate a control set that identifies event flows and / or process routing requirements 758 and / or control set 188 that mean different things in different contexts. As one example, a control set issued by trading authority 700 may cause one company to perform one step and another company to perform another step. At this time, each company does not know that a particular step or series of steps is being performed by another company. As such, trading authority 700 may develop a control set 188 that may be used to provide only partial disclosure between different individuals or persons acting as companies.

  58A and 58B show examples of steps and processes performed by trading authority 700 that “atomic trades”. In this example, trading authority 700 serves something similar to a football team coach. By accepting the skill set and requirements of each individual “player” and linking them together to the overall “game plan”, trading authority 700 allows any number of overall “atomic” transactions to be Can associate value chain participants.

  In this example, each value chain participant 164 (1),..., 164 (N) of the process managed by trading authority 700 identifies the participant's own business requirements, restrictions, and processes for the transaction or It can contribute to the control set 188 (1), ..., 188 (N) to be managed (FIGS. 58A and 58B, block 750). These individual control sets 188 (1), 188 (N) specify how each individual participant plays his role. Each participant 164 (1),..., 164 (N) knows his role in the overall transaction, but cannot know what role others are playing, or others There is no clear knowledge of how to form a “team” of participants. As such, the personal control set 188 (1), 188 (N) typically only describes sub-transactions and cannot pay attention to the overall transaction.

  Trading authority 700 also receives another control set 188X that specifies how the various participant control sets are grouped together and linked to the overall trading process with requirements and limitations (FIGS. 58A and 58B). , Block 752). This overall transaction control set 188Y specifies how to resolve conflicts between sub-transaction control sets 188 (1), 188 (N) provided by individual participants (eg, Ginter, for example). The disclosure of those patents, which may relate to the electronic notary process 798 shown in FIGS. 75A-76A). Trading authority 700 combines the participant's individual control sets—connecting them with additional logic to create an overall transaction control superset 188Y (FIGS. 58A and 58B, block 752). The trading authority stores the resulting superset 188Y in the local store (FIG. 58B, block 754). This overall control superset controls how trading authority 700 processes events and conducts “atomic” transactions.

  Upon receipt of an arrival event requesting processing (FIG. 58B, block 756), trading authority 700 may activate global transaction control superset 188Y (FIG. 58B, block 758). Trading authority 700 may then communicate a corresponding mutual control set corresponding to each part of overall transaction control superset 188Y to each participant in the transaction, thereby allowing each participant to communicate with the superset. (FIG. 58B, block 760). Alternatively, each participant in this example, when giving its control set 188 (1), 188 (N) to trading authority 700, has an interactive control set that can communicate with the control set that the participant sent to trading authority 700. maintain.

  Trading authority 700 may begin monitoring events received using the activated control superset (FIG. 58B, block 762). If the arrival event is not an error condition (“N” exit of decision block 764 of FIG. 58B), then trading authority 700 determines whether the event is indicative of the completion of an atomic transaction (FIG. 58B). , Block 765). If the atomic transaction has not been completed (“N” exit of decision block 765 of FIG. 58B), control returns to block 762 to monitor the event. If the atomic transaction is complete (“Y” exit of decision block 765), trading authority 700 determines that the transaction has ended (block 774 in FIG. 58B).

  When the arrival event is an error condition (“Y” exit of decision block 764 of FIG. 58B), trading authority 700 processes the error event in control superset 188Y (FIG. 58B, block 766). If the error is not critical (FIG. 58B, decision block 767, “N” exit), then control returns to block 762 to wait for the arrival of the next event notification.

When the error is critical (FIG. 58B, decision block 767, “Y” exit), trading authority 700 may call a critical error handling routine (FIG. 58B, block 768). Severe error handling routine 768 may attempt to resolve the error based on rules in control superset 188Y and / or interface engine 774, or other process control logic. Such an interface engine or other process control logic 774 may be programmed with respect to the overall transaction business model to have sufficient information to select an appropriate action based on the error condition.

  The processes shown in FIG. 58B can be interrelated. For example, a sub-transaction defined by a single “participant” may itself be an atomic transaction based on contributions from multiple participants, all of which are the same or different transactions. Managed by authorities 700.

Security Checkpoint Trading Utility System The trading utility system 90 can include service functions that can authenticate and / or verify security services, archive services, and communicated information in a certain manner. The provision of a rejection service can be performed as a “security checkpoint system 6000” (see FIG. 58C). The security checkpoint system 6000

Providing a distributed, highly efficient and automated audit and archiving layer for electronic trading interactions; and expanding the security depth of distributed security environments such as VDE and distributed trading utility layers.
Enable.

  Thereby, the security checkpoint system 6000 can perform security and / or management functions. The capabilities of this trade security system take advantage of the positive advantages of a centralized security model (for example, the ability to have central authorities to physically control processing nodes) and achieve these capabilities with maximum efficiency and flexibility. And deployed in a distributed “user space” model that supports reliable and manageable scalability (the main weakness of a centralized system) and can provide the enhanced security benefits of multiple, independent assurance environment layers To do. The latter capability is particularly adapted for highly sensitive communications where extra security is desired. These security layers are enabled by the required involvement and security processing of the protected processing environment of one or more independent security checkpoints that enhance the underlying distributed security environment.

  Information passing through one or more security checkpoint systems 6000 may be sent to information recipients (e.g., parties receiving information in the container) in communication functions and / or security steps (e.g., prior to receiving the information). Can be authenticated and / or verified to confirm that a process has occurred. This authentication and / or verification may include, for example, authenticating and / or verifying the routing of appropriate communications through the required and / or authorized protected process security chuck point system 6000. Such checkpoints can be distributed throughout the telecommunications network, for example, or “localized” at the physical and / or logical location of the end user VDE node (see FIG. 58C).

  Security checkpoint system 6000 may use a telecommunications switch adapted to authenticate and / or verify certain information and processing. For example, the authentication issued by the security checkpoint system 6000 may indicate that the required routing has been followed, inspected a secure electronic container with which the required checkpoint is communicated, and / or such container or It may authenticate that the transmission of other electronic information has been performed in accordance with written rules and controls. For example, such a service may verify and / or certify that certain budgets, other limits, and / or constraints have not been breached, and / or other requirements are met. Can help prove.

  For example, the security checkpoint system 6000 may include the number of information containers “transported” within a given time period, included in (or represented by) a given container, and / or a period of time. The value of the electronic currency contained in multiple containers (very important to reduce inappropriate electronic currency activity), consigned in a buy order including when there is an appropriate ordering authority Assists in ensuring requirements on financial volumes, etc. (including that limits or other constraints are not breached). Evaluation of such requirements can be, for example, containers (or other digital information) communicated from certain logical and / or physical domains, nodes, node groups, users, or user organizations, and / or other user groups. Communication), for example, as the VDE assurance container moves through the adapted one or more telecommunications switches, the assurance node and / or individual user and / or organization and / or It is determined through referring to the area recognition information.

  These trading utility system “communication checkpoint” capabilities are provided reliably by such checkpoints, for example by providing one or more “independent” distributed security “checkpoints” along the telecommunication route and By requiring the existence of appropriate authentication and / or verification to be reliably associated with and / or inserted into the container by a process managed by the checkpoint (or group of checkpoints), It provides useful security features by substantially increasing security reliability. This presence is tested by the receiving node before proper authentication or verification, for example by rules and controls, before processing at least part of the contents of one or more classes of containers in which such receiving node has been received. May be required to exist. Such container classes may include, for example, specific individuals and / or groups and / or containers and / or container contents having one or more specific attributes.

  The security checkpoint system 6000 may be “independent” from the end user's virtual distributed environment node from a security perspective. For example, such nodes use key management to ensure that their protected processing environment for checkpoint management does not have the security branch of the end-user node directly equipped with checkpoint operation security. It can be independent from a security point of view, as it helps to maintain internal multiple assurance execution compartments and to ensure that the branch associated with the assurance execution compartment does not have such other compartments.

  The security checkpoint system 6000 may also include, for example, the intended container recipient identification information, the container information class, a verification point (checksum) used for future verification (eg, non-rejection), and / or Audit information may be collected, including searching for other information and / or archiving part or all of the contents of the container. Part of this information is at least partly one or more of the container sender, the intended and / or actual container recipient, and / or one or more of the government authorities authorized to access such information. Without cooperation, a part or many of such information can be encrypted so that it cannot be decrypted.

  58C and 58D provide “checkpoint security” that provides communication checkpoint security, non-rejection, and archiving services within the content of a telecommunications network connecting users 95 (1), 95 (2), 95 (3). An example of the configuration of the trade utility system 6000 is shown. In this example, security checkpoint system 6000 may be part of a telecommunications infrastructure. For example, the security checkpoint system 6000 can be part of one or more telecommunications switches or other devices designed to detect the secure electronic container 152 based on, for example, the header information it has.

  The security checkpoint system 6000 in this example has the assurance capability to control whether the assurance container 152 transmitted through the communication infrastructure is allowed to pass and the routing history of the containers in the communication infrastructure. In one example, a control that manipulates the protected processing environment of user 95 (1) may cause some type of container 152 (eg, a container carrying electronic currency) to appear in security checkpoint system 6000 (or a class of security checks). May include a control 404 that requests to be routed through a point system). Such a control 404 prevents the container 152 or its contents (eg, the currency it contains) from being used unless routed through the appropriate security checkpoint system 6000.

  For example, assume that user 95 (1) transmits container 152 to user 95 (2) through the telecommunications infrastructure. The infrastructure may detect that the information being sent is a container and route the container for interception by a security checkpoint system (eg, system 6000 (5)).

  The security checkpoint system 6000 (5), after intercepting the container 152, examines the control information in the container to determine whether the requirements for further communicating the container to the user 95 (2) are satisfied. . Security checkpoint system 6000 (5) may send a container to user 95 (2) only when these requirements are met. Alternatively, the container may be modified so that the user 95 (2) can open it or use the contents of the container in response to the container control 404 (the container control 404 can limit its use). The security checkpoint system 6000 may modify at least a portion of the container control 404 to add additional usage restrictions, for example.

  The example of FIG. 58C shows two “webs” of the security checkpoint system 6000. In this example, these webs are each of (1) a security checkpoint system and (2) a security checkpoint system 6000 that has been authenticated (eg, by the certification authority 500) to be a member of a particular class. Indicates a set.

  Here, in this example, “Web 1” indicates a class of authenticated security checkpoint systems 6000 (1) to 6000 (5), 6000 (7), and “Web 2” indicates an authenticated security check. The classes of the point systems 6000 (4) to 6000 (6) are shown. As an example, the “Web 1” security checkpoint system 6000 may be certified to be able to handle containers containing electronic currency 6004.

  One of the requirements identified in the control information associated with the container 152 is that the “Web 2” security checkpoint system (eg, system 6000) can be used to enable certain assurance audit functions such as, for example, credit electronic currency tracking. (5)) may have to be passed. The “Web 1” security checkpoint system (eg, system 6000 (3)) may refuse to pass the container 152 to the user 95 (2) based on these controls 404, or by the user 95 (2). Modification of the container 152 to enable use may be rejected.

  As a further example, assume that user 95 (2) wants to give container 152 to another user 95 (3). The control 404 associated with the container 152 may request that in this particular example, further communication of the container 152 must pass through the “Web 1” security checkpoint system 6000 (7). This routing requirement may exist in the control 404 provided by the user 95 (1) or may be added by the security checkpoint system 6000 (5) or the protected processing environment of the user 95 (2). .

  In the particular example shown, the control 404 is “web 1” via additional routing that does not include the security checkpoint system 6000 (eg, other types of trading utility systems and / or non-guaranteed telecommunications switches). Security checkpoint system 6000 (7) may allow container 152 to be passed to user 95 (3).

  FIG. 58D illustrates an example process performed by an example security checkpoint system. In this illustrated process, the security checkpoint system 6000 receives the container 152 (FIG. 58D, block 6002) and determines whether the requirements specified by its associated control 404 are satisfied (FIG. 58D, Decision block 6004). If the requirement is met, the security checkpoint 6000 may perform a “satisfaction requirement” procedure, for example, modifying the control 404 to satisfy the above routing requirement (FIG. 58D, block 6006). If the requirements are not met (FIG. 58D, “N” exit of decision block 6004), the security checkpoint system may perform a “requirements not satisfied” procedure (FIG. 58D, block 6008).

  Each set of procedures may include some form of assurance audit, for example. When the security checkpoint 6000 passes, for example, the container 152 containing electronic currency, the security checkpoint 6000 can record one or more of the following audit information.

• Sender identification • Sender node identification • Recipient identification • Recipient node identification • Currency based authentication • Other security checkpoints 6000 through which the currency has passed
・ Identification of the former handler of currency ・ Date and place of transmission ・ Date and place of receipt ・ Currency transfer period ・ Other warranty audit information

If the security checkpoint system 6000 refuses to pass and / or modify the container 152, for example: • Name of the sender • Nature of the defect • Expected recipient • Audit including available tracking information such as other tracking information A report can be generated. The security checkpoint system 6000 may also notify the sender, intended recipient, government authority, or other authorities. The security checkpoint system 6000 may further charge, for example, a sender with a “failed communication” overhead fee.

  Security checkpoint system 6000 may then determine whether additional communication is required (FIG. 58D, decision block 6010). If not, the process is complete. When additional communication is required (“Y” exit of decision block 6010), the security checkpoint system 6000 may send the container 152 to the next system (FIG. 58D, block 6012). The next system may be an additional security checkpoint system 6000 that performs additional processing (FIG. 58D, blocks 6016, 6004, 6006, 6008).

Example

Example—Electronic Content Distribution Value Chain FIG. 59 illustrates how the illustrated distributed trading utility 75 can be used to support the illustrated electronic content distribution value chain 162. In FIG. 59, for example, author 164 may create a valuable work such as a novel, a television program, a music song, and the like. The author provides this work 166 to publisher 168 (eg, in electronic digital form).

  The publisher distributes the work to the consumer 95 using his own brand, name recognition, and marketing efforts. Publisher 168 may also provide work 166 to content “aggregator” 170, a person who provides customers with access to a wide range of content from multiple sources. Examples of aggregators include, for example, traditional online database services and world wide websites that host content from many diverse sources. Typically, a consumer uses an aggregator service by retrieving information related to one or more topics defined by the consumer. Aggregator 170 may provide a search tool to consumers 95 making their choices.

  Aggregator 170 may distribute work 172 including some or all of original work 166 directly to consumer 95. Aggregator 170 may also distribute work 172 to “repackager” 174. The repackager 174, for example, gets content from several sources about related matters and mixes them into mixed source products such as multimedia combinations, newsletter publications, or “current awareness” packages. Can be summarized. In these services, the repackager makes content selections and organizes based on the interest expressed by the audience. The consumer 95 can subscribe to an electronic newsletter about a particular topic, or the consumer can give the repackager 174 a short list of topics of interest. The repackager 174 selects relevant information and communicates that information to the consumer. Here, the repackager makes a choice for the consumer.

  For example, the repackager 174 may be a newsletter publisher and may republish some or all of the author's work 166 in the newsletter 176. The repackager 174 may distribute the newsletter 176 directly to the consumer 95 or the newsletter may pass through other channels. The repackager 174 uses the search engine provided by the aggregator 170 to find the documents that the consumer 95 is interested in and retrieves these documents as both the brand of the aggregator 170 and the brand of the repackager 174. And then send the newsletter to the consumer 95.

The distributed trading utility 75 can support the value chain of FIG. 59 in many ways. For example,
1. Certification authority 500 can issue a certificate that allows each participant in the value chain to identify who they are and to indicate that they are part of one or more specific classes . For example, author 164 and / or publisher 168 may specify that any authorized aggregator or repackager is eligible to extract or include work 166 for selection as long as appropriate payment is made. The certification authority 500 can issue a digital certificate 504 that supports the desired business purpose, which is an aggregator that the aggregator 170 can actually trust and a repackager that the repackager 174 can actually trust. Authenticate that As long as the author 164 and / or the publisher 168 trusts the certification 504 issued by the security and certification authority 500 of the overall system 50, they will not have the work 166 by anyone other than the appropriate type of people they identify. Don't be afraid to be excerpted or put into the selection.

  In other examples, the authentication authority 500 can issue an authentication 504 to the aggregator 170 or other user. The certification authority 500 can issue this certification 504 to the author 164 or the issuer 168. Authentication 504 proves that author 164 or issuer 168 agrees that aggregator 170 or another user is authorized to modify certain permissions 404. Authors 164 or publishers 168 may have specific permissions 404 and may themselves be modified only under conditions where “authorized aggregator” certification exists.

  In another example, the certification authority 500 may allow one or more user classes to use, for example, content and / or specific portions of content, and / or modify permissions, with a possible range of (appropriate) Certification, as may be limited to specific use and / or modification by using certain VDE rules and controls appropriately given by the author or issuer or certification authority (as permitted by such rules and controls) Can be issued.

2. The rights and authorization bill exchange 400 in this particular example may register the work 166 and issue an appropriate authorization 404 consistent with the authorizations and instructions provided by each value chain participant. For example, author 164 can register work 166 with rights and authorization bill exchange 400 and identify electronic controls 404 that define the rights of all other value chain participants.

For example,
This control set 404, by way of example, specifies that publisher 168 can distribute an unlimited number of copies of work 166 as long as the publisher pays author 164 a certain amount of dollars for each copy distributed. .

    Control set 404 allows publisher 168 to allow consumer 95 to read work 166 indefinitely, but to prevent his consumer from copying or redistributing the work. It can be appreciated that additional controls are added.

    The electronic control set can move with the work 166 in the electronic container 152, but can also be provided separately. For example, the rights and authorization bill exchange 400 may provide the control set associated with the work 166 to anyone requesting the control set upon request.

  Rights and authorization bill exchange 400 can maintain different versions of control set 404 for different classes of users, for example, consumer 95 can receive one control set 404a, and aggregator 170 can receive other versions. Having received control set 404b, repackager 174 may also receive a different control set 404c. If each of these control sets is provided with a “pre-approval permission” system that makes the widespread use of work 166 extremely efficient and highly secure, such control sets are either author 164 or other Can be provided in advance by the rights holder. In addition, such control sets can be seamless and interact with VDE distributed template applications so that one or more template applications can participate in such control sets by such distributors of such control sets. (Or otherwise made available). In one particular “super-distribution” business model, work 166 is distributed as widely as possible, and rights and authorizations bill exchange 400 allows a particular value chain participant to create a work in a specific way under specific conditions. Work to provide the current control set 404 authorized to use.

3. The bill of exchange 300 in this particular example may support the value chain by collecting usage information from each value chain participant. The bill exchange 300 thereby provides a warranty audit function, for example, generating a report that tracks how many times the work 166 has been used and how it was used.

  As an example, the bill of exchange 300 analyzes usage information to determine how many consumers 95 have read the work. The bill exchange 300 can, for example, vary the consumption information, the level of detail and / or the type of specific information, and various value chain participants that match privacy issues and permissible business rights of each party. Can report. As an example, the bill exchange 300 may provide the consumer 95 with a detailed report on the use of his or her own particular work 166, while the author 164 or publisher 168, for example, Only summary report information may be provided that does not include the consumer's name, address, or other indication that identifies the information.

  As another example, the report may flow directly from repackager 174 to aggregator 170, publisher 168, and author 164. The report may be sent directly along any logical path or through any party's sequence, for each party that is acceptable to the value chain and is at least partially executable by VDE rules and controls. Any mix of information may be included.

4). The financial bill exchange 200 in this example provides a guaranteed bill exchange of the financial details of the transaction and ensures that the appropriate value chain participants compensate the other value chain participants. As an example, the financial bill exchange 200 may receive payment from the consumer 95 based on the consumer's use of the work 166 and share a portion of the payment for the author 164, the publisher 168, and other suitable values. Chain participants can be appropriately allocated by an automated and efficient process that is at least partially managed by VDE rules and controls. For example, the bill exchange 200 can intermediary with other banks or financial institutions to achieve automated payment transfers and / or manage electronic money that is maintained throughout the value chain shown. To help. The bill exchange 200 ensures that itself and other trading utility systems 90 are adequately compensated for the management and support services they provide. That is, a guaranteed VDE process operating within the trading utility system 90 can automatically ensure payment to such management and support providers.

5. The assurance directory service 600 in this example supports the illustrated value chain by facilitating electronic communication between value chain participants and / or between trading utility systems 90. For example, the guaranteed directory service 600 provides an electronic address and / or routing information that allows one value chain participant to electronically contact others upon request. As an example, assume that consumer 95 wants to obtain the latest version of work 166, but finds that the electronic address of publisher 168 has changed. The consumer 95 contacts the guaranteed directory service 600 electronically, and the guaranteed directory service 600 provides current address information. Of course, in a commercial trade system application, for example, a guaranteed directory service provides a more detailed service for identifying a desired party, such as a two-dimensional search of directory resources to identify a party based on class attributes. obtain. The warranty directory service 600 can identify content based on, for example, the type of content and / or rules and controls associated with such content (pricing, acceptable usage parameters such as redistribution rights, etc.) Services can also be provided.

6). Trading authority 700 in this example can be used to assist repackager 174 in creating newsletter 176. For example, trading authority 700 may assist in automating the process in which a number of different works generated by a number of different authors are all collected and extracted for publication in a newsletter. Trading authority 700 ensures that the current status of the entire other stage process is maintained and identifies which stage has already been performed and that stage has not yet been performed. Trading authority 700 can, for example, assist in arbitration and mediation between different participants in such other stage processes, and in some cases (e.g., new instructions or requirements based on errors or other conditions). Proactively affect or control the process).

Example-Manufacturing Chain Diagram 60 illustrates an exemplary manufacturing value chain supported by a distributed trading utility 75. In this particular example, customer 95 places an order with manufacturer 180 and receives confirmation of the order. The manufacturer may order parts and supplies from a number of other suppliers 182 (1) -182 (N). Suppliers 181 (1) -182 (N) in turn add additional orders or subassemblies to additional suppliers 182 (a1),. . . Can be ordered. Bank 184 may fund supplier 182 based on a copy of the order and a guarantee that the manufacturer will repay the loan. A freight / warehouse company 186 may provide a freight and warehouse for suppliers and / or final products.

  In this value chain, the certification authority 500 and the trading authority 700 can assist in the secure flow of electronic orders, confirmations, delivery dates and conditions, and contracts, and each value chain participant can pass on other information It can also help to ensure that the desired degree of airtightness can be maintained while exchanging with value chain participants. Bill of exchange 300 may assist with a solid audit of the overall process, tracking of physical and electronic packages between value chain participants, and other usage related operations. The bill exchange 200 can handle financial arrangements between value chain participants and, for example, assist in coordination between the electronic network 150 world of the bank 184 and a paper-centric or other world. The rights and authorization bill exchange 400 may provide a secure archive for the electronic control 404 that defines some or all of the transaction. Trading authority 700 can also reliably monitor the overall development of transactions occurring between value chain participants and provide periodic status reports as appropriate for each value chain participant. . In addition, trading authority 700 directs or arbitrates the entire transaction to ensure that all stages and requirements are met. The assurance directory service 600 can assist in the routing of electronic information between different value chain participants. Of course, as discussed above with respect to the present invention and applied throughout the specification, the VDE chain of processing and control and other capabilities, including rules and controls and secure communication techniques, are preferably described above. Used as the basis for activities.

Example of how trading utility systems support each other FIGS. 16A-16E described above illustrate how different trading utility systems 90 support each other. More specifically, FIG. 16A shows that the bill exchange 200 is, for example, a bill exchange 300, a rights and authorization bill exchange 400, a certification authority 500, a guarantee directory service 600, a trading authority 700, and other financial bills. It is shown that the service may be provided to one or more other trading utility systems 90, including the exchange 200 '. Under such conditions, the plurality of trading utility systems constitute both a virtual bill exchange and a higher order trading utility system.

  In each example, the financial bill exchange 200 collects funds for support services and deposits these funds into at least one provider account using at least one payment method. The bill exchange 200 may also provide a VDE audit record that confirms the source and amount of funds and the provider account into which the funds were deposited by the bill exchange 200. The bill exchange 200 assists with one or more other support services to establish a provider account, and to determine the account number and period and conditions applicable to such one and / or multiple accounts. Communicate with one or more support services. Both the support service request for the bill exchange 200 and its response to the requesting support service are communicated in a VDE assurance container (as previously described) to ensure its substantial security. Utilizing confidentiality, flexible control architecture, and trust, each location can be processed by one or more VDE protected processing environments. Financial and account information can be provided in the form of a VDE control set and / or incorporated into the VDE control set by the financial bill exchange 200 and / or one or more other support services. The bill exchange 200 can provide services to each other to facilitate further operational and management efficiency. For example, a financial bill exchange 200 may provide services to counterparties in other countries or other geographic regions. In another example, one financial bill exchange 200 may provide other financial bill exchanges 200 access to one or more payment methods that are not directly supported by the second financial bill exchange 200.

  FIG. 16B shows that the bill exchange 300 may provide services to other trading utility systems 90. In some examples, the bill exchange 300 can provide raw data, distorted data, at least partially derived information, and / or reports to the financial bill exchange 200, the rights and authorization bill exchange 400, the certification authority 500. , Warranty directory service 600, trading authority 700, and other electronic trade support services such as other bill exchange 300 '. These other infrastructure services exist to resell this information for market research for their own services and / or possibly resell this information in connection with their own usage information Can be used as independent third party proof of transaction and its details. In one example, the rights and authorizations bill exchange 400 may include a report containing their own information and a combination of information from the financial bill exchange 200 and the bill of exchange 300, as well as the warranty directory service 600 and the certification authority 500. Can be sold to issuers. More specifically, the report includes a list of objects registered by the specific issuer in the Rights and Authorizations Bill Exchange 400, rights for updated or additional rights and authorizations and requests to the Authorization Bills Exchange. By the certifying authority 500 for publishers indicating that the total amount of financial bill exchange 200 for each digital property, the user has been authenticated and has obtained a valid application for the publisher's digital work The number of authentications and the number of requests to the assurance directory service 600 for information about the publisher's online website network address may be included. In each case, the support service provided information to the Rights and Authorizations Bill Exchange for binding to the publisher of this report.

Example-A Distributed Trading Utility 75 that can Support Digital Property Purchases, Licensing, and / or Lending Transactions , for example, when a customer pays for digital information, pays significant credit, security, and convenience Provide efficiency and efficiency. In addition, information creators and distributors can price this information, in fact, any digital property in any digital format, in a variety of ways and in different ways in different markets.

FIG. 61 shows an example of an information delivery service configuration 1000 where an information provider 168 provides electronic content for purchase, rental, and / or licensing. In this example, information service company 168 distributes information 166 to several global markets including individuals. Their market area includes professionals, home office users, small office markets, and customers of medium and large companies and processes. For example, the provider 168 delivers the content in electronic form to a home consumer 95 (1), a professional 95 (2) such as a lawyer, and a company or other organization 95 (3). In one example,
An individual consumer 95 (1) buys three articles 166 (1) from an online encyclopedia by applying for pricing.

  • Lawyer 95 (2) buys three chapters 166 (2) from a paper on patent law. as well as,

  • The two product marketing managers of large company 95 (3) receive exclusive market research report 166 (3).

  Prior to the information delivery transaction, customer 95 (1), expert 95 (2), and company 95 (3) obtain the network address of information provider 168 and identify the content they wish to process. The warranty directory service 600 may be used to help. Subsequently, these parties 95 may send an electronic message to the provider 168 requesting specific information that they wish to receive. Provider 168 may deliver this information 166 in VDE-guaranteed electronic container 152 in accordance with relevant rules and controls 188 that control pricing and authorization. Each party 95 has an electronic device 100 that includes a protected processing environment 154 that performs these controls 188.

Provider 168 can place different prices on information in different markets. For example,
• Expert 95 (2) and SOHO (small office / home office) pay transaction fees.
• Large company 95 (3) pays a mix of subscription and transaction fees (for example, company 95 (3) pays $ 10 per page printed or excerpted from a larger report and also pays a subscription fee. obtain). as well as,
• Individual consumer 95 (1) pays a flat-rate subscription fee.

  In each of these cases, local, state and / or federal sales taxes are included in the retail price, if appropriate. The payment method may be provided in an electronic control set 188 that is delivered with the associated content 166 and / or independently in the electronic container 152 (eg, as provided to Ginter et al.).

The bill exchange 200 ensures that the provider 168 receives payment with an approved payment method. Information delivery service 168 accepts a wide range of payment methods. Some forms of payment are more popular in some markets than others. For example,
• Credit (MasterCard and Visa) and Charge (American Express) are popular in the professional, SOHO, and consumer markets.

  Consumer 95 (1) also likes credit cards and the use of bank debit cards is increasing.

  • Large company 95 (3) pays through credit and charge cards, automated bill exchanges (ACHs), and X. Billing and payment through traditional VDE-guaranteed electronic data exchange (EDI) transactions based on the 12 protocol is also used.

The bill exchange 200 makes payments more efficient in several ways. For example, the financial bill exchange 200 provides the provider 168 with a convenient “one-stop shopping” interface to several payment methods to continue to monitor at least the account number associated with a given provider.

In this particular example, certification authority 500 may deliver a digital certificate that identifies one or more classes of consumers to each of consumers 95. For example, the certification authority 500
Certifies that consumer 95 (1) is an individual consumer applicant for information service 1000, and that the consumer is a registered college student and (for tax purposes related to transactions) in California One or more certifications 504 (1) certifying the fact of being a resident,
・ A certification 504 (2) proving the fact that expert 95 (2) is a recognized lawyer in California, and ・ A structure in which company 95 (3) is organized in accordance with the law and has a certain credit value. One or more certifications 504 (3) that prove the fact that they have
Can be delivered.

  The control set 188 may activate different payment methods based on the presence of the appropriate digital certificate 504. For example, control set 188 (1) delivered to consumer electronic device 100 (1) authorizes consumer 95 (1) to use each of the three articles 166 (1). Control set 188 (1) can be used, for example, by other party that consumer 95 (1) performs certification authority capabilities from an independent certification authority 500 (or with authorization from an information distributor or a higher-level certification authority). The consumer 95 (1) must have an authentication 504 (1) that proves that it has an unexpired application for the online encyclopedia. For example, this certification 504 (1) is a consumer 95 (1) issued by a certification authority 500 (eg, operated or authorized by the US government or other government organization) and is a US citizen, It can be used in conjunction with other certifications that prove the fact that you live in the United States and are a legitimate resident of California.

Individual consumer consumer 95 (1) pays information provider 168 for an application through a transaction sent to financial bill exchange 200 in VDE electronic container 152. A payment transaction involves, for example, sending an electronic container 152 (7) containing rules and controls 188 (4) and an audit record 302 (1) to the financial bill exchange 200 and the consumer device 100 is involved. The audit record 302 (1) is, for example,
・ Who should pay
-Volume of transactions,
-Specific payment method (eg VISA card)
-Applicant's VISA card number and expiration date-Information Applicant identifier, and-Account number of the provider to which payment is to be made,
Can be shown.

  The warranty container 152 (7) may also include rules and controls 188 (4) indicating that local, California, and United States sales taxes should be collected. The financial bill exchange 200 collects an appropriate sales tax and deposits the funds in an appropriate account. For example, some funds may be deposited in an account belonging to the appropriate California tax collection agency 1002.

  In exchange for payment, the applying customer 95 (1) may receive from the certification authority 500 an authentication 504 (1) indicating that she is actually an applicant and the expiration date of the current application.

Expert Lawyer 95 (2) in this example may be in the UK. He purchased three chapters 166 (2) from a patent paper using MasterCard, but pays in British pounds instead of dollars. To execute a purchase transaction, attorney 95 (2) may first be pre-authorized by financial authority 200 to purchase up to 500 US dollars (or equivalent pounds) each month. The pre-authorization may be sent from the financial bill exchange 200 to the lawyer's equipment 100 (2) in the form of a budget control 188 (5) in the guarantee container 152 (8). The protected processing environment 154 (2) in the lawyer's equipment 100 (3) can be open to the container 152 (8), proving that the budget control 188 (5) is authentic, Control is stored in an associated warranty database maintained by PPE 154 (2).

  Upon receipt of the beginning of each of the three chapters 166 (1), the attorney's protected processing environment 154 (2) may generate an associated audit record, and credits available in the budget record by the purchase amount. Reduce. At the end of the month or when all $ 500 pre-authorized credit is used, the lawyer's PPE 154 (2) will send all purchases, their amounts, and one of the suppliers to be paid to An assurance container 152 (9) with an audit record 302 (2) indicating one or more accounts may be sent. This supports efficient automation of the clearing process. The bill exchange 200 opens the guarantee container 152 (9), charges the attorney's credit card account, and pays the charge to the appropriate supplier account.

Prior to the company content transaction, the distributed corporation financial bill exchange 200A in the company 95 (3) operates under the authorization of the financial bill exchange 200, while the managers 95 (3) A, 95 (3) B Are each sent a warranty record 152, a budget record 188 showing their current approved monthly information and market research budget. The corporate distributed certification authority 500A (which is in the same trust hierarchy as the certification authority 500 in this example) may also issue a digital certificate 504 (not shown) to company employees.

  In this example, each product manager 95 (3) A, 95 (3) B prints a selected portion of the report and budget on his or her local device 100, and the budget is printed for each page printed. Decrease by $ 10. The protected processing environment 154 (3) in the local electronic device 100 (3) ensures that this process is performed and the appropriate digital certificate 504 issued by the certification authority 500 and / or the distributed legal certification authority 500A. Condition it to control 188 (3), which may require (3).

  Pursuant to the control 188 (3) supplied by the information provider, for example, the organization's equipment 100 (3) may have been purchased during the report at the end of the month or when using the full budget for the month. And an audit record (not shown) indicating the amount and the supplier account number for the purchase is sent to the corporate internal bill exchange 200A. The distributed local corporate financial bill exchange 200A collects the total audit records and sends at least one audit record 302 (3) in the guarantee container 152 (12) to the external financial bill exchange 200 for automated bills of exchange. The payment of the total amount can be authorized to the market research report provider via the exchange (ACH). Also, in the assurance container 152 (11), the account number of the company 95 (3) to which the funds are requested (eg, as part of the audit record 302 (3)) and the market research company to which the funds are to be paid. Account number exists. The bill exchange 200 completes the payment process via the ACH and sends a VDE guaranteed container (providing at least one audit record) back to the internal corporate bill exchange 200A as confirmation. The distributed bill exchange 200A can now send at least one confirmation audit record to each of the product managers 95 (3) A, 95 (3) B using an assurance container (not shown).

Example: A distributed trading utility 75 is an important part of electronic trading where consumers can purchase tangible items and support payment transactions are the sale, purchase, distribution management and / or management of all types of intangibles. Or with payment. Trading on intangibles (eg digital information) has many of the same safety, reliability and efficiency requirements as trading on tangibles. In order for a computer to become a true trading device, a distributed, secure, reliable rights / event management software layer (eg, a virtual distributed environment described in Ginter et al. Right to operate the system or middleware). Thus, the distributed trading utility 75 can play an important role even when tangible rather than digital assets are secure electronic trading objects.

FIG. 62 shows an example of a purchase and payment system 1010 for tangible goods. In the example of FIG. 62, a known provider of certain items used in clothing and related homes offers products beyond digital networks such as the Internet / World Wide Web, for example. L. Imagine Bean or Lands' End. In this example, the company creates:
A web catalog server 1012 that provides a line of clothing to consumers 95
A web procurement server 1014 that is an interface to the procurement function;
A third web server 1016 that serves as a secure financial exchange 200 and as an interface to several payment methods (eg, Master Card (“MC”), VISA, and American Express (“AMEX”)).

The company also creates the following in this example:
Register the service with the secure directory service provider 600, and
Establish a provider account with at least one payment method, such as a credit card, debit card and / or bank, through the financial bill exchange 200, and
• Register several transactions with Trading Authority 700.

In this example, a company registers with a trading authority 700, which can be a distributed trading authority within a company that sells goods, and an atomic transaction can include at least one electronic control set as described below, for example. Have:
Deliver orders that handle procurement for one or more organizations, such as wholesaler 1018 and logistic 1020 (which may or may not be the same company),
・ Receiving confirmation that the desired product is actually stocked,
・ Receive order confirmation
Receiving pre-payment authorization from the payment method for the particular consumer placing the order,
・ Shipping instructions for merchandise,
-Confirmation that the product was actually transported, and
• Control to complete payment transactions.

  In this example, the company also obtains at least one digital certificate 504 from a certification authority 500 that attests to at least one of the following facts.

・ The company is a legal company registered in Delaware,
The company is not bankrupt and / or the company has a certain degree of trust,
The company has a specific federal tax certification number designated, and
• The company has state tax certification numbers in each of several states, certain states and their corresponding certification numbers.

  The consumer 95 uses his electronic device 100 as a web browsing possibility for accessing the catalog server 1012 across the world wide web of the internet. The catalog server 1012 sends a web page 1022 that provides pages from the electronic catalog to the consumer 95. Web page 1022 may be sent to one or more secure electronic containers 152 (1). Consumer 95 uses his electronic device 100 to display web page 1022A and clicks on the web page section showing the male short-sleeved Oxford button-down shirt sold for $ 15.95. The current web page is replaced with web page 1022B from procurement server 1014. The second web page 1022B may be sent to the secure container 152 (2).

  The consumer electronic device 100 has a protected processing environment 154. PPE 154 opens secure container 152 and displays page 1022B on the screen. The displayed page 1022B is in a form having several fields including catalog number, shirt description and retail price. The consumer 95 fills in the fields of color, neck size, normal or tall, normal or fit, and quantity. Consumer 95 also indicates where the shirt should be delivered, the desired class of delivery service, and the consumer's address.

  For the consumer 95 who has all the required information, the electronic device 100 places the form field information 1024 in the secure container 152 (3) and places the container 152 (3) in the procurement server 1014. Send back. The procurement server 1014 opens the container 152 (3) and reads the field information 1024. Procurement server 1014 creates a VDE audit record indicating receipt of information 1024. The procurement server 1014 also creates a control set 188 and / or an event notification that initiates a purchase transaction.

  The procurement server 1014 communicates with the wholesaler 1018 directly or through the transaction authority 700. The procurement server 1014 then determines whether the requested item is stocked and can be transported. If the procurement server 1014 determines that the requested item is stocked and can be transported, and the information 1024 provided by the consumer is sufficient to be processed. If so, the procurement service sends another web page 1022C back to the consumer indicating:

・ Purchasing can be procured;
-What are the various sales taxes and delivery charges?
The address provided and the class of delivery service selected,
New fields for payment related information, and
• A question asking if the consumer wants the procedure.

  The procurement service 1014 also sends an audit record 302 (1) to the consumer's PPE 154 and to the trading authority 700 indicating what portion of the relatively large, atomic transaction being executed is being procured.

  If the consumer 95 decides that he / she does not wish to continue the transaction after he / she sees the procurement details, the consumer device 100 will procure a secure VDE container 152 (5). The service 1014 and the transaction authority 700 can be sent to indicate that the transaction is cancelled. If consumer 95 says yes, the transaction is continued and the consumer is prompted to take a payment method from the provided list. In this embodiment, the list corresponds to payment methods supported by both the merchandise provider and the financial bill exchange 200. The consumer 95 enters a credit card or charge card number, for example, a due date and an invoice address.

  Once the requested information is complete, the consumer device 100 sends the information to the financial bill exchange 200 in the secure VDE container 152 (5) using the consumer's own secure PPE. And another VDE container (not shown) can be sent to the transaction authority 700 along with an audit record.

  The bill exchange 200 obtains pre-authentication from the credit card processing company and returns the pre-authentication approval information 1026 to the procurement server 1014 using, for example, a secure VDE container 152 (6). The bill exchange 200 sends another VDE container 152 (7) to the trading authority 700 with an audit record 302 (2) indicating the completion of the pre-authentication phase.

  The procurement server 1014 may send additional VDE safe containers 152 (8) to the consumer 95 with the new web page 1022D and audit record information 302 (3) shown below:

-Order processing is complete,
・ Sales are approved by payment method,
The consumer's credit card is fully charged when the goods are transported, and
A transaction confirmation number for further reference in order to be able to query procurement service 1014 and / or trading authority 700.

  Procurement service 1014 (eg, in cooperation with wholesaler 1018) wraps goods and passes them to express delivery service 1020, for example, with audit records 302 (4) and 302 (5) indicating shipping. VDE safe containers 152 (9) and 152 (10) may be sent to the financial bill exchange 200 and the trading authority 700, respectively. In this example, the express delivery service (“logistic”) 1020 sends a VDE safety container 152 (11) indicating that the express delivery service 1020 owns its packaging, the trading authority 700 and the procurement service 1014 (and If desired, also send to consumer 95).

  With respect to delivery of packaging with goods, in this example, a VDE safety container that includes an audit record 302 (7) that indicates delivery of the package that is complete to the transaction authority 700 that marks the next transaction to be completed. 152 (12) is sent by the express delivery service 1020, then the financial bill exchange 200, the express delivery service 1020, the procurement service 1014, and in some instances, the consumer 95 has additional VDE safety indicating completion Container 152 may be sent.

Example: Decentralized trading utility 75 is a prominent feature of the advanced Western economy that can support the transactions that consumers pay for services , especially the economy of the United States at the end of this century, the main manufacturing “smoke stack” "The economy is shifting from" information economy "to" service economy ". The distributed trading utility 75 can support the transaction that the consumer pays, and in many instances, the consumer or others use the service.

  FIG. 63 shows an example of the online service system 1030. In one embodiment, the online service 1032 is obtained from an authentication authority 500 that registers with the secure directory service 600 and proves that the digital certificate 504 (1) is identical to the online service. The online service also agrees to trust the certification authority 500 and the certification 504 issued by the party authorized by the certification authority 500 to issue certification for specific facts.

  For example, online service 1032 agrees to accept certification 504 (3) issued by a distributed certification authority 500A from a parent certified by certification authority 500 (through certification 504 (2)) and they are children And issue certificates that testify to the fact that these children are currently minors. Next, online service 1032 must issue another authentication testimony (eg, unconditionally or per transaction) if the adult responsible for the child witnesses his willingness to be financially responsible. For certain purchases up to a certain limit or for a certain period of time, in a certain collective level, in some cases, so many per month, children are distributed on a certain subject material distributed by online services Does not allow access, nor does it allow accepting digital signatures based on authentication for purchase transactions, these authentications 504 (2), 504 (3) are authenticated at the VDE secure container 152. It can be sent from the authority 500 to a parent and / or at least one child.

Now imagine that child 95 (2) reserves an online game called "chat". Online service 1032 has a web interface specifically designed for school-age children. This service 1032 provides a reservation that must be updated four times a year. Using an electronic device 100 such as a personal computer or television and a set-top box with two-way communication and a protected processing environment 154, the child 95 (2) uses a secure registration service 600. Locate the online service 1032 and send a message requesting a reservation. In response, the online service 1032 sends a request 1034 for payment, membership, and member information to the parent 95 (1) or guardian in the VDE secure container 152 (4). The parent or guardian and / or other paying individual 95 (1) can place his or her (or their) credit card number, due date and bill in one or more other secure containers 152 (5). The book address information 1036 is provided to the online service 1032.

  In this example, the online service 1032 provides the consumer's service account, credit card and / or other payment information 1036 to the VDE secure container 152 (6) (in this example variant, the parent 95 (1) The financial and related information may be directly communicated to the financial bill exchange using the financial bill exchange 200 in the VDE secure container 152 (5). Online service provider 1032 also provides bill exchange 200 with a bill exchange network address and provider account number. In a protected processing environment (eg, a general purpose computer locked in a physically safe safe or other secure facility), the bill exchange 200 is a secure container 152 (6 ) To retrieve the payment information 1036 and complete the payment transaction with the credit card company.

  In this example, the financial bill exchange 200 then provides the following information 1038 (this list is for illustration purposes only and any available information set may have been communicated in general) Communicate to the online service 1032 in the at least one secure VDE container 152 (7):

・ VDE audit records for this transaction ・ Transaction authority number ・ Provider account number ・ Consumer account number for the service, and
・ Payment amount

  The online service 1032 then sends the secure container 152 (8) to the consumer 95 (1) where the payment was accepted. In certain embodiments, the online service 1032 may instruct the certification authority 500 to issue a certificate 504 certifying the validity of the reservation until a specific date. Online service 1032 may also provide an audit record 302 (1) derived from information 1038 provided by financial bill exchange 200.

Each time a child 95 (2) logs on to the online information service 1032 the child's PPE 154 checks to determine if any authentication 504 exists or is known, and if so,
Whether these digital certificates will testify a reservation for an unexpired online service; and any minor child certificates are presented and valid (eg, children Has not yet expired because it has not yet reached its 18th birthday)
Check to determine.

  If it is found through these authentications 504 that the child 95 (2) is authorized to use the online service 1032 and is prohibited from accessing certain "adult" content. Online services give you selective access to the parts that are given authority.

  In the feature of this online service, multi-person interactive games are distributed. In this example, child 95 (2) plays a game with at least one other authoritative and certified minor child, adults are excluded by potential VDE rules, and In certain embodiments, it is forbidden to control this game. At least one portion of software that implements at least one portion 1040 of at least one game (e.g., executable and / or interpretable code such as Java) is at least one VDE safety container 152. (9) can be used to download from the online service 1032 to the child's information application 100 (2).

  Using the method described in Ginter et al. (Disclosure), these programs and / or program 1040 portions are determined to be reliable and unaltered. At least one key used to calculate a one-way hash function that generates a digital signature used to determine the integrity of at least one program 1040 or at least a portion of the program is The issued authentication 504 is tied to the identity of the online service 1032.

  In this example, when a child 95 (2) plays a game, at least some of his or her actions are measured according to the method disclosed in co-pending Ginter et al. The audit record 302 (2) shown is created. At some point, these audit records 302 (2) are communicated to an online service 1032 that may include the bill exchange 300 used in this embodiment. The bill exchange 300 in use may analyze these usage records 302 (2) and use the usage records 302 (2) to determine how much to charge the child 95 (2).

Example: Distributed Trading Utility 75 can be used to provide value chain disaggregation for the purchase and / or use of tangible items. The Distributed Trading Utility 75 facilitates purchases or other types of transactions related to tangible goods. Can be used to FIG. 64 shows a tangible product delivery system 1040. For example, the company 1042 places an order for office supplies using the electronic device 100 including the PPE 154. Orders are paper clip boxes, staples, pegs, 8.5 x 11 inch copy paper cases, and a dozen yellow rated size note pads. These items are manufactured by the manufacturer 1050, distributed by the distributor 1048, and sold to the company by the retail store 1046.

  In this example, the bill remittance station 200 receives payments 1052 from the company 1042 and separate payments 1052A, 1052B, and 1052C that are delivered to the retail store 1046, distributor 1048, and manufacturer 1050, respectively. Divide the payments by dividing them into

  For example, the company 1042 sends the order 1044 in the VDE electronic container 152 (1) to the retail store 1046. In this example, retail store 1046 receives order 1044 and provides a percentage of retail price received by control set 188 indicating the provider account number of distributor 1048 and / or manufacturer 1050 in response and each. Providing procurement services. If desired, the retail store 1046 may provide a different control set 188 for each item ordered (regardless of the quantity) to ensure that different dispersions of payments are implemented on a per item basis. Allow. Retail store 1046 may provide this control set 188a to company 1042.

  The control set 188a may be adjusted in the presence of one or more digital certificates 504 issued by the certification authority 500. For example, this control set 188a may require company 1042 to provide a digital certificate 504 (1) issued by certification authority 500. Authentication 504 (1) testifies that the ordering company 1042 matches. Other certifications 504 (2) may be provided in the same chain of trust as certification authority 500, which ensures that the ordering person is authorized to order to a certain spending limit. Company 1042 may provide the same or different authentication 504 (2) that also indicates that purchasing employees within the company are authorized to use the company's charge card.

  In this embodiment, the company 1042 pays with a company charge card. The bill exchange 200 initially obtains payment authorization from a credit card company before the retail store 1046 transports the goods. Upon receipt of the pre-authentication notification, the retail store 1046 may transport the item 1047 to the company 1042. Following delivery of the item 1047, the retail store 1046 creates at least one VDE audit and / or billing record 1052 in the at least one VDE secure container 152 (2) and sends the container to the financial bill exchange 200. Communicate (audit information can also or alternatively be sent to retail store 1046).

  The bill exchange 200 then assigns all payments to each involved value chain represented by a control set 188a (eg, may be received directly from the retail store 1046 and / or through the company 1042) to charge card transactions. To complete. In this manner, distributor 1048 and / or manufacturer 1050 receive payment at the same time as retail seller 1046 receives the payment. Control set information 188a may be all payment sharing and local (provided) state and federal tax provider account numbers (for example) and delivery charge account numbers (eg overnight express company). ) Is also shown.

  The example of FIG. 64 shows that the value chain distribution can determine tangible and intangible objects. If desired, similar techniques can also be used back through the manufacturer's 1050 supply chain (eg, for the metal provider from which the paper clip was manufactured).

Example: A Distributed Trading Utility 75 Helps Distribute Digital Properties by Providing Registry and Other Services, A Distributed Trading Utility 75 that Enables Electronic Society to Distribute Electronic or Digital Properties or Content Effectively To assist. For example, using the electronic device 100 provided in the protected processing unit 154, the creator or other rights holder 400 can exchange digital objects in a secure container with registered rights and authorization bills. To station 400.

  The rights and authorization bill exchange 400 opens the container to use, eg, its own VDE protection processing unit, and assigns a uniform object identifier that indicates the identity of the creator. Object types are registered and are software, video, sound, text, multimedia, etc. and digital signatures on objects. Uniform object identifiers are unique as a whole or only in the namespace domain of the creator or some other entity (such as an online service, a digital library or a particular jurisdiction such as a particular country) obtain.

  In this embodiment, using a protected processing environment, the rights and authorization bill exchange 400 uses the rights and authorization bill exchange private key to sign a digitally uniform object identifier and The identifier is returned to the person or organization registered in the VDE safety container. The rights and authorization bill exchange 400 may maintain a copy of the object or may only maintain a uniform object identifier for the object and a signature for the object and its uniform object identifier. In another example, the rights and authorization bill exchange 400 digitally signs a new object consisting of the original object and its uniform file identifier, and the new object and / or its signature is a right and authorization bill. Store in exchange 400 archive.

  The creator may also send an authorization in the VDE secure container and a pricing template 450 (see FIGS. 45A-45C) indicating that the authorization has been granted. Prices are charged based on their authorizations and, if applicable, individuals, classes and / or excercising jurisdictions to which those prices and authorizations apply. More than one authorization and pricing template 450 may be sent to one VDE safety container 152 or to another VDE safety container 152 that may be used for each authorization and pricing template.

  In this example, using the VDE secure container 152, the object is then communicated from the creator to the distributor 168 (see FIG. 16). Using authentication 504, distributor 168 really has the authority to selectively change the object's authorization and price for the VDE instance (PPE 154) interpreting the creator's control set, And you can prove to create new authorization and pricing templates. Distributor 168 sends the VDE secure container to a rights and authorization bill exchange 400 that includes a uniform object identifier with new controls. In the preferred embodiment, if the object remains unchanged, distributor 168 has the option to leave the uniform object identifier unchanged. However, if the distributor changes, perhaps to add its own brand to the object, the uniform identifier must be changed to reflect the distributor's opinion. The digital signature is recalculated using the distributor's private key. As already explained, object registration has the option of storing only the digital signature or both the signature and the actual object.

Example: As a value for added services that the distributed trading utility 75 can be used to facilitate copyright registration . The rights and authorization bill exchange 400 may provide a copyright registration service (see FIG. 43). The rights and authorization bill exchange 400 may send a copy of the object to an appropriate government agency 440 online copyright registration service (eg, a copyright office in the United States). The object and uniform object identifier can be sent into the VDE secure container with control indicating the payment mode, if registration or processing is charged.

  In this embodiment, the copyright registration service provides the financial bill exchange 200 with at least one VDE safety container with at least one audit record indicating the price to be paid, the payment method, the registered party account and the government account receiving the funds. Receive audit records that may be sent and transactions are pre-authorized within the VDE safety container (or for any reason the proposed transaction is not permitted).

  If the transaction was previously authorized by the financial bill exchange 200, in this example, the VDE-enabled computer at the U.S. Copyright Pole opens a secure container and creates a uniform object identifier. Add objects to the registration database. With a specific uniform object identifier, a specific uniform object identifier and a specific digital signature, the object is actually registered with the registration authority, and at least one person is actually the copyright owner when the object is registered A copyright registration service under a chain of trust emanating from the certification authority 500 (which in this embodiment may be operated by or on behalf of the US government) at least one digital certificate 504 certifying the fact that To submit. This authentication 504 provides copyright registration information based on the person who registered the object (and / or the person designated as the person notified) in the VDE secure container and the request in the next secure VDE container. Obtained and sent to the Bill of Exchange 400.

  The copyright registration service directs the bill exchange 200 to proceed with at least one VDE secure container by performing a pre-authorized transaction (if all necessary information is part of the pre-authorization process). ) And / or information to the bill exchange 200, along with at least one audit record that provides the bill exchange 200 with the information. Instead, the copyright registration service receives audit records from the financial bill exchange in the VDE secure container. In VDE safety containers, audit records indicate that the payment transaction has been completed and the funds have been deposited in the appropriate account or accounts, or that the payment transaction has not been completed and the payment transaction has been completed. Accuse no reason. The information provided to the bill exchange 200 can be, for example, payment amount, payment method, registration party account, account for receiving US government funds, and payment transactions that must be completed.

Example: Distributed Trading Utility 75 Can Support Authorization and Price Renewal or Change Distributed Trading Utility 75 can further support electronic and digital characteristics by providing a mechanism to regenerate expired rights and authorizations. Promote dispersion. See FIG. 42A.

  Imagine, in one example, a Fortune 1000 company employee has a set of controls for an expired digital asset, possibly a piece of software or a Java® applet. The VDE protection processing environment on the employee's computer sends the VDE secure container to the rights and authorization bill exchange 400.

  The distributed trading utility 75 may also facilitate the distribution of electronic and digital characteristics by providing a mechanism for distributing rights, authorizations and prices that are modified by one or more parties in the distribution chain. In one embodiment, imagine that a consumer has digital objects in a VDE control set distributed by her hard disk and publisher. Authorization and price originally indicated the payment per model that the user pays 10 cents for each operation on the object, such as printing or viewing.

  To determine if new rights and prices are now available, the protected processing environment on the consumer's PC is the network address obtained from the control set along with the MIME-enabled email. The VDE secure container is sent to the rights and authorization bill exchange 400 while using. The consumer obtained the rights and authorized bill exchange address from the secure directory service 600. Directory service 600, for example, sends a query at the VDE secure container and receives a response at the VDE secure container.

  The VDE secure container sent to the authorized bill exchange 400 includes the object identifier in addition to the request for current control including rights and price. In the Rights and Authorizations Bill Exchange 400 server, the protected processing environment opens the VDE secure container, pulls most current control sets from the control database, and others via the reply email with the desired control. Send to VDE safety container. The consumer's protected processing environment opens this container and replaces and / or augments expired controls with new controls. The consumer can now use the content according to the rules and controls specified in the control set received from the rights and authorization bill exchange and processed by the VDE instance on the local computer or other equipment. In this example, these new rules and control sets reduce the payment price per use from 10 cents per operation to 5 cents per operation.

Example: Distributed Trade Utility 75 may Support Model to Distribute New Rights Distributed Trade Utility 75 is that some or all of the rights are initially not distributed with satisfaction to the final consumer, Transactions that must be requested instead can also be supported. Imagine in one example, a lawyer trying to start a publishing business by combining her / his own paper with other materials derived from legitimate information dissemination. Legitimate information distribution has chosen the Rights and Authorizations Bill Exchange 400 to be a distributor of control set information for many characteristics. For each object, they register at the rights and authorization bill exchange 400, which also registers two control sets in the format described in the Ginter et al. Patent shown below.

One control set identifies the default controls, including prices for retail consumers, and
• The second set of controls conveys prices and rights that have little benefit to retail consumers, such as the right to authenticate. Atony Public Relations Publisher gets chapters from academic papers on patent law and other papers In addition, we hope to include 1000 words excerpted from academic papers. Having already obtained the academic paper chapter and its retail control set, the public relations publisher sends the questions in the VDE safety container to the Rights and Authorizations Bill Exchange 400 using an Internet MIME-enabled email and encloses it. Ask for excerpt rights and authorizations for chapters identified by a uniform object identifier. The lawyer uses the secure directory service 600 (alternatively, the address of the rights and authorization bill exchange 400 can be included in the original retail version received by the lawyer) and the rights and authorization bill exchange. 400 was found.

  The rights and authorization bill exchange 400 checks the object database for the control set information for the named object in the universal object identifier, and depending on the price for each, the excerpt and rights Determine both availability and authentication. The right to extract does not convey that right to modify the extracted part. If all chapters have not been edited, the authorization right is transmitted according to a control set by deducting 30% from the retail price assigned to the length of a certain excerpt.

  Using the VDE aware page composition application, a public relations publisher combines several jobs, including 1000 word excerpts, to form a new job. The publisher registers the new object with the control set at the rights and authorization bill exchange. Public relations publishers also register new objects using the copyright registration function, for example, with the US Patent and Copyright Office. A public relations publisher distributes new work in the VDE safety container. The VDE safety container also has a control set for each of the different edited jobs, and also completes publicity for all. According to the control applied to the respective control of the part where the composite object and another rule exist, the local VDE protection processing environment for the used device maintains the use of the track. Sometimes the VDE instance sends audit records to the bill exchange 300 and the bill exchange 200 that it uses.

Example: Distributed Trading Utility 75 Can Support Electronic Rights Negotiation Distributed Trading Utility 75 can support electronic rights negotiation. In one example, imagine that a professor creates a course pack. In this example, many different tasks used by students in a particular course last only for one semester. In this example, the professor sends the VDE safe container with the question to the appropriate rights and authorization bill exchange 400 and returns a control set for the digital characteristics listed in the question. By reviewing licenses and prices, the professor has a book chapter with a large enough price to make the full price of the course pack higher than the highest price she / he desires. I notice that.

  Using the negotiation mechanism disclosed in Ginter et al. (See, eg, FIGS. 75A-76B), the professor attempts to negotiate with the Rights and Authorization Bill Exchange 400. The rights and authorization bill exchange 400 then automatically determines that it lacks permission to negotiate and is changing to negotiating with the publisher.

  Since the appropriate certification 504 was obtained from the certification authority 500 by providing a qualification that indicates membership in a “high education” class, the protected processing environment of the publisher's web server is responsible for assets that target this professor. Provide a new, modified control set. The control has a discounted price, the control requires a copy printed on the VDE to enable an authorized printer that keeps track of the number of copies to be printed, and the control is VDE technology Report back to various parties for transactions using. If he is still not satisfied with the price, the professor will send a VDE negotiation reverse offer in the safe container to the publisher. The publisher's VDE instance negotiates with the professor's negotiated reverse offer control set, the agreement is achieved, and a new agreed price, duration and new control with conditions for the professor who continues to manufacture course packs Provide set. The rights and authorization bill exchange 400 tries to accept a price that has been lowered to some extent. Because in this example, the professor will provide a digital certificate to testify to the fact that she has a full-time contract with the University of California, Los Angeles, and has a certain minimum number of students using the material. Because you can. This authentication meets the requirements set forth by the publisher in the Rights and Authorizations Bill Exchange 400.

Example: A valuable use of a certifying authority 500 that can be implemented is for the issuance of digital certificates for government interests. In addition to issuing certificates that testify to identity, legal status, etc., the government certification authority 500 issues certificates, eg, load modules, that authenticate that it can be performed. For example, the government certification authority 500 at all levels certifies an implementable set that represents the laws and trade practices of the administrative district. For example, Saudi Arabia strongly believes in their administrative control that every device has a government-approved load module that examines the attributes of containers and ensures that only appropriate content is released. Insist. California authenticates load modules that calculate state taxes and the like.

Example—Entertainment Distribution Distribution Trading Utility 75 can be used to effectively and flexibly support a model for movie distribution for the consumer market. For example, a movie and entertainment company such as Disney wants to provide an electronic distributed trading utility 75 to support the distribution of movies to consumers 95. Disney may open the trading utility system 90 itself, or may contract with a neutral third party to provide the trading utility system 90 for profit. In this embodiment, the purpose of the trading utility system 90 is to support secure pay-per-use / per-use payments, rentals, leases and other movie decentralized transactions for consumers.

  The movie itself can be distributed in digitized form, for example, digital versatile disc (DVD) or other high capacity media. Such media stores, in addition to the movie itself, one or more secure containers that include a control set for controlling the use of the movie. A consumer 95 may play a movie using a media player 104 (see FIG. 1) that has a network 150 connection or other “back channel” (eg, the ability to read or write from something like a smart card). .

  The media player 104 has a protected processing environment 154 such as a secure processing unit for use in managing rights and operating the electronic container. The storage medium may also be played by a personal computer 124 provided with a protected processing environment and network connection.

  The set top box 104 may be controlled by electronic control distributed over the media and / or through the back channel. Control requires the set top box 104 to record consumer usage and payment information for each property that the consumer decides to view. For example, the consumer 95 places media such as a DVD optical disc on the media player 104 and presses the “play” button. The consumer media player 104 displays a message (e.g., to the TV set 102) that tells the consumer how much it will cost to watch a particular movie (e.g., $ 2.95) and so on. Ask the consumer if they want to proceed. If the consumer answers “yes”, the media player 104 plays the movie on the consumer's television set 102 and records the usage and payment information for reporting to the consumer utility system 90. A protected processing environment 154 within the media player 104 ensures consumer payment to watch the movie under secure control by one or more associated electronic control sets delivered to the media player 104; And monitor and collect information that can ultimately be used to provide a secure usage audit. Safe use audits include, for example, Disney, movie actors, directors, and others involved in producing movies, how many consumers watched the movie (and demographic information for promotional purposes, etc.) It can also be used to allow it to be safely verified (potentially providing). For example, the protected processing environment of the media player 104 may securely collect and record the information shown below in, for example, meters, bills and / or budget audit trails associated with a particular control.

-Movie title-Movie digital descriptor-Played time and date properties-Played time properties-Who played the property

  In one embodiment, the consumer 95 needs to have a digital certificate 122 issued by an appropriate certificate authority that testifies of a fact. Such a digital certificate 122 can be used to provide a context for an electronic control set delivered to the media player 104. Such authentication allows the consumer to play the movie and / or prevent the movie from playing under certain conditions and / or affect the controls applied when the movie is played. It may be required to be present before being done.

  For example, the parent could obtain a digital certificate 122 indicating that the household has children. This “children's parent” digital certificate 122 could be used to prevent the media player 104 from playing any movie other than movies with a rating of “G” and “PG”. Such a certificate 122 could be issued by the same organization providing other management and support for services associated with this embodiment, if desired.

  Electronic controls provided for specific movies on media such as optical discs may also identify special value chain disaggregation to be applied in connection with payment preparation. For example, the media player 104 should receive a specific percentage of the movie distributor, studio, and distributed trading utility 75 of the usage fee of 2.95 $, and the state authorities will be in the form of sales tax or VAT. “Know” from the electronic rules and controls delivered to the media player 104 that a certain tax payment must be received. Because this information is maintained within the media player's protected processing environment 154, the consumer 95 is never exposed to the payment deaggregation scheme and / or its details. (Typically, consumers do not care that the distributor's “cut” is in conflict with the studio's revenue. The protected processing environment within the media player 104 may be local or distributed as described above. (This payment disaggregation may be provided through an automated or centralized financial bill exchange 200.)

  The media player 104 can report usage containment information collected on a real-time (online) and / or periodic event-driven basis. In one embodiment, the media player reports information collected in the previous month at the end of each month. The media player may report the collected payment information (including the disaggregation data provided by the control set) to the financial bill exchange 200 implemented by Disney) (or such information directly, for example) The bill exchange 200 can be used to verify that the consumer's account is properly charged and that various payers (eg Disney, movie distributors and others in the value chain) Ensuring that an appropriate “split” of consumer payments is received, the bill exchange 200 also provides consumer deposit checks and authorizations to ensure that consumers do not accumulate unpaid accounts To help.

  The media player 104 may report usage information and collect it at the bill exchange 300, which is operated by an independent auditor (the movie producer and actor are not For example, such information may be reported to Disney and / or the bill exchange 200. Rules and controls require other value chain party rights and Disney to ensure that such information cannot be verified, modified and / or deleted, for example, due to VDE protection mechanisms. If so, certain such information will be hidden from Disney. The bill exchange 300 analyzes the data used and submits a report indicating the total number of times it has been viewed, market share, etc. The bill exchange 300 in use also further analyzes the information and provides demographic information and / or market research information. This type of information can be very helpful to advertisers and marketers.

  Disney may also operate the rights and authorization bill exchange 400. In this embodiment, even though authorizations are distributed in the optical media, the rights and authorizations bill exchange 400 can provide supplemental control sets for a variety of reasons. For example, a control set distributed in media expires on a particular date. The rights and authorization bill exchange 400 may submit a new control set in place of the expired one. The rights and authorization bill exchange 400 also submits authorizations to provide “sale” and / or to change other prices (eg, lower the price of the ordered movie). Rights and Authorizations Bill Exchange 400 also submits special authorizations (eg, excerpts or edits of rights that may have been requested by multimedia developers or advertisers, and / or, for example, for printing purposes, Mickey Redistribution rights to certain screens, such as an approved image of a mouse). Disney “pre-authorized” these special authorizations, and the Rights and Authorizations Bill Exchange could automatically provide them as needed. The digital certificate 122 is used to authorize and thereby allow users who receive the control set to use it.

Example—Distributed Trade Utility 75 Can Support Collecting, Analyzing, and Repurposed Usage Information Prior to the invention disclosed in Ginter et al.'S specification, the electronic community was a local computer or Lack of general purpose, reusable, distributed, peer-to-peer technology that can monitor and measure use in a protected processing environment efficiently and effectively. Usage data collection, analysis and reporting provide significant value to rights holders and other distributed chain participants, infrastructure distributed trading utilities 75, consumers, and other parties of interest. Understanding what has happened can often be the basic determinant or contributor to what may or must have happened. In addition, the information being used can be repurposed to support a wide range of other commercial activities, including advertising and buying and selling models.

  In this embodiment, each of several companies having an information device 100 such as a personal computer having a VDE protected processing environment (PPE) 154 described in Ginter et al. thing. In this example for a period of time, perhaps for a month, the VDE keeps track of detailed usage information and this information is logically extended in each computer and under the control of each computer PPE. Imagine continuing to store in an encrypted database on each hard disk. Each of these consumers typically purchases different combinations of information and entertainment from different sources. Each instance of a VDE keeps track of usage information according to what was purchased or otherwise used and / or controls related to the service.

  At the beginning of each month and / or in any other required (allowed, if supported) reporting period, each instance of the VDE is assigned to each of the digital characteristics used in the previous month. The usage record is communicated to the bill of exchange 300 according to the associated control. Next, for any use of the property during the previous month or other reporting period (eg, daily, weekly, seasonal, yearly), the bill exchange 300 will report to each of the rights holders. I will provide a.

  In one embodiment, these reports include information identifying both individual consumers and the companies that hire them. In another embodiment, the report includes detailed usage information, but individual consumer confirmations are removed by the bill of exchange 300. Alternatively, both individual consumer and legal entity confirmations can be removed. Instead, usage information may be collected by any one or more certain classifications such as industry, geography, and / or by country and / or other useful classifications.

  In another useful embodiment, a particular company or individual consumer may not have authorized VDEs (of course, subject to this right available through appropriate rules and controls), and firstly their information Confirmation information may be communicated from the device to the bill exchange 300. The user may establish VDE control that prohibits disclosure of such confirmation information. In another embodiment, the user may use the convention mechanism disclosed in the Ginter et al. Application, and at the required level with various control sets related to information purchased or used by each consumer. Other levels of privacy and confidentiality may be negotiated. That is, the electronic agreement process generates modified or new rules and control sets that reflect additional levels of privacy and confidentiality. In yet another embodiment, the rights holder, rights and authorized bill exchange 400 or bill of exchange 300 or others may be using the same arrangement mechanism, with VDE rules instead of privacy and confidentiality and Arrangements may be made through the use of control sets.

  As shown in FIG. 11 and FIGS. 33-39, confirmation information is removed, data is collected, data is analyzed, reports are generated, and / or those reports are transferred to rights holders and other interested parties. The function of a bill of exchange that can be transmitted can be in one or more logical and physical locations. For example, a distributed bill exchange 300 that operates a local computer (or other information device) performs the functions of any or all of these bill exchanges. One or more bills of exchange may exist within a given company or within a given group company, including vertical industries such as, for example, health care, business associations or groups of companies (“affiliates”). Similarly, the functions of these bills exchanges can be performed by bills exchanges in each country or other jurisdiction, or can be defined by any other classification and / or geographical variability.

  Bill of exchange 300 may also provide raw data, collected data, and / or customized reports to rights holders, distribution chain participants, and / or other interested parties. These organizations include, for example, content creators, publishers, repackers, repurposers, advertising agencies and their clients, business partners, market research and consultancy companies, distribution audits and audience surveys. Includes advertising functions of companies, sales, market transactions, and companies interested in one or more markets, and government agencies.

  In another embodiment, the bill exchange 300 may also be an advertising agency that handles specific advertisements and / or advertisements by individual consumers within the company and / or group companies, markets, and / or other analytic groupings and categories. You may sell information to the classification.

Example: Secure Directory Service that Protects Confidentiality and Privacy Personal and work confidentiality and privacy are often an essential aspect of modern experience. Individuals do not need to know who they are related to. In many aspects of work, companies do not have to try to communicate, influence, or reveal their interests in conducting work with others. In today's Internet, for example, it is possible for a person with some kind of access to determine the characteristics of a query between a given person and a directory service. Such information can provide important clues about work arrangements that exist or are about to occur and have not been publicly announced (eg, absorption or merger).

  The VDE secure container provides one standard for secure directory service 600 where confidentiality and privacy are preserved. In one embodiment, the Corporation Counsel in a Fortune 100 company in Fortune seeks the email address of an in-house investment bank employee handling the proposed acquisition. But I don't reveal my concerns to anyone else. The legal representative sends a query in the VDE secure container to the name of the person he wants to contact and the company's secure directory service 600. The secure directory service then sends a response in another VDE secure container back to the legal representative. Both referrals and responses utilize certificates issued by a certification authority 500 that authenticates both the legal representative and the secure directory service 600. Payments for inquiries are handled by the financial bill exchange 200 that deposits payments in the deposit account of the provider of the secure directory service 600 while debiting the deposit account of the company that employs the legal representative.

  Because these transactions are conducted using VDE and VDE secure containers, those who observe communications only confirm the fact that they are communicating at most. Securities analysts are developing technologies for “trading analysis”. Here, communication frequencies between two or more organizations are observed, and changes in communication frequencies correlate with other information and make inferences about these content and / or purpose.

  However, using VDE and VDE safety containers it is possible to invalidate trading analysis at some additional cost. In this one embodiment, the company sends the VDE container to the secure directory service 600 with an empty or “null” query that generates a return message in the VDE container with a null response in the average amount of elapsed time. In the case of a VDE on a statutory agent's computer, it generates a transaction for payments that are owned by the financial bill exchange, but collects these payment records with others, Eliminate the correlation between. Although not effective from a trade perspective, this method of using VDE and VDE safety containers to negate trade analysis attacks is, in principle, the safe and reliable method disclosed in the Ginter et al. Application. It is used among multiple organizations that want to hide communication patterns while taking advantage of efficient distributed trading capabilities.

Example: Cooperation between the inside and outside of a bill exchange for an organization Various trading utility systems 90 may vary in degree and combination as illustrated in FIGS. 2A-2E and 3A-3C. Can be dispersed. In one embodiment shown in FIG. 65, an American Fortune 100 company 1070 having operations in several countries and countries in many countries, ie, many locations within each country (eg, USA, Japan, and Europe) We have found it desirable to distribute the VDE distributed trading utility 75 internationally. In order to improve the efficiency of purchasing external information and to make the best use of the information provider and its information, company 1070 is responsible for all purchases made within the United States and within the US dollar distribution range. We have chosen to negotiate with some providers on agreements dealing with. In this example, the company 1070 maintains its own global intranet 1072. Intranet 1072 refers to headquarters 1074HQ (shown here as being in the United States) company America (company US) employee electronics (1074US (1), ..., 1074US (N)), company Japan (company Japan). Connect with employee electronics (1074JP (1), ..., 1074JP (N)), and company Europe employee electronics (1074EU (1), ..., 1074EU (N)). Intranet 1072 also allows each of these employees 1074 to communicate with each other. VDE-based transactions between company 1070 and its information provider also route the Internet from one or another company America gateway.

  In order to provide efficient administrative and support services, the company 1070 distributes at least one distributed financial bill exchange 200 and at least one distributed use bill exchange 300 in each country. For example, company 1070 operates financial bill exchange 200A and bill of exchange 300A in the United States, financial bill exchange 200B and bill of exchange 300B in Japan, and financial bill exchange 200C and bill of exchange 300C in Western Europe. Can be. Some of these distributed bill exchanges may exist in countries with multiple sites and in the United States. In addition to negotiating agreements with information providers, company 1070 is also negotiating agreements with large trade bill exchange 300 and major financial bill exchange 200. These centralized bill exchanges can be located anywhere and can communicate with the company 1070 via the Internet and the intranet 1072 within the organization. None of these bill exchanges 200, 300 are affiliated with a company 1070 that does not go through this business agreement. Each of the distributed bill exchanges within company 1070 operates under the simultaneous authority of both the company and the external bill exchange where the company has a business agreement.

  In this embodiment, product market transaction manager 1074JP (1) hired by this company 1070 in Japan gets a market research report 166 from an American distributor 1076. Reports and associated controls are sent from the US distributor 1076 to this employee 1074JP (1) in the VDE safety container 152a. An example of a VDE on the administrator's device 1074JP (1) keeps a trace of usage and keeps paying the information provider. Periodically, these audit records 302 (1), 302 (2) are stored in the VDE safe containers 1052b, 1052c in the distributed bill exchange (private bill exchange) 300B and in the internal financial bill exchange 200B. Sent. Both of them are located in Japan on a private organization network (or intranet) 1072 within the company. In this embodiment, from time to time, due to VDE control associated with purchased content, the private bill exchange 300B removes individual identification information according to VDE rules and controls that manage the protected processing environment process, and VDE The audit record 302 (3) is sent to the external bill exchange 300 in the safety container. All of the distributed use bill exchanges 300A, 300B, 300C in the company send periodic communications to the trade use bill exchange 300 in the VDE safety container 152. Next, the main bill exchange 300 creates reports and sells reports, licenses, and / or distributes to report holders or other organizations. Other parts, such as a third part that has a trade interest in obtaining information, have the personal identifier removed. In many situations, company names have also been removed in accordance with VDE rules and controls.

  From time to time, due to the VDE control 188a associated with the purchased content 166, a copy of the complete usage record (with employee identification information) is also sent to the company's main bill exchange 300HQ (which may be located at the headquarters). Sent. Similarly, audit records are sent to all of the company's distributed bill exchanges 300A, 300B, 300C. These are then collected and combined for further analysis, reporting, and auditing.

  Internal distributed financial bill exchanges 200A, 200B, 200C also receive audit records 302 in the VDE secure container 152 to them from the VDE protected processing environment 1074 according to the VDE control set for purchase information. Each internal distributed financial exchange 200A, 200B, 200C collects payments and sometimes sends a VDE secure container 152 with an audit record 302 indicating the total collected that is transferred to the information provider as a result of the transaction. The company may also provide updated information regarding the deposit account where the company's funds are transferred and / or the provider's deposit account such that the funds are received. The external primary financial bill exchange 200 then closes these payment transactions and returns an audit report to the company 1070 and the information provider confirming the payment transaction. In a preferred embodiment, these movements occur safely under the control of a distributed VDE node and are at least partially automated by the use of VDE containers and controls that manage a series of handling and multi-node, multi-organization sequencing processes. . As in an alternative embodiment, payment calculation and payment transaction completion is performed at an external primary financial bill exchange 200 from usage information received from the bill exchange 300. Needless to say, if the bill of exchange 300 and the bill of exchange 200 are in the same organization, the bill of exchange has already received such information. In this example, the external and internal finances then compare the payment information.

  This embodiment does not depend on the range in which the administrative service and the support service are dispersed. In a related embodiment, as illustrated in FIGS. 2A-2E and FIGS. 3A-3C, the functions of used bill exchanges and financial bill exchanges are distributed in each VDE-aware protected processing environment 1074. In this example, each protected processing environment 1074 may report directly to the main external bill exchange 200, 300, to the distributed external bill exchange, and / or to the function of the internal bill exchange. These bill exchanges are organized differently than described above, for example, by continent (North America, South America and Central America, Australia, Europe, etc.) rather than by country and company 1070 locations.

In one further embodiment, the headquarters 1074HQ and its associated headquarters-based bill exchange 200HQ, 300HQ provide a centralized bill exchange system through which all usage and financial information must flow. In particular, in a more centralized embodiment, all user equipment 1074 reports their usage and financial transactions to the head office bill exchanges 200HQ, 300HQ in the secure container 152 across the intranet 1072. The head office financial bill exchange 200HQ interfaces directly to a VDE compliant multi-purpose payment system. These multi-purpose payment systems are designed to ensure the implementation of automated secure financial transaction implementations according to rules and controls governing payments related to variables such as payment volume, organization, location, timing, and / or other conditions. Directly support the use of the VDE chain of handling and control. Next, these head office bill exchanges 200HQ, 300HQ (single integrated trading utility system) have properly collected and / or other audit trails and payment information in each country Communicate to the individual bill exchanges 200A, 200B, 200C, 300A, 300B, 300C. Although less efficient than the lower example embodiment above, this configuration can be achieved by acting as a central administrator for deposits and / or electronic currency preparations for decentralized internal financial bill exchanges and information. You can appeal to large companies that want to exercise centralized control over usage and financial information by efficiently managing the in-house collection of transactions related to.

Example: Trading Authority Available Within and Between Organizations Figure 66 illustrates an exemplary use of a trading authority 700 for intra-organizational communication and inter-organizational communication. FIG. 66 shows an organization A (left side of the drawing) having an “intranet” (private data network within a particular organization) 5100A. Intranet 5100A may be, for example, a local and / or wide area network. User electronic devices 100 (A) (1),. . . , 100 (A) (N) (eg, employees of organization A) communicate with each other over intranet 5100A.

  FIG. 66 also shows its own intranet 5100B, user electronics 100 (B) (1),. . . , 100 (B) (N), and another organization B that may have a private trading authority 700B. Further, FIG. 66 shows a public data network 5104 (such as the Internet) and a public trading authority 700 (C). FIG. 66 shows that in this example, organizations A and B communicate with the outside world through trusted trading authorities 700 (A), 700 (B). Trading authorities may also include “gateways”, “firewalls”, and other related communication components, if desired. In other embodiments, trusted trading authorities 700 (A), 700 (B) communicate over the Internet 5104 instead of requiring an actual “gateway”, “firewall” to / from the Internet 5104. Can operate across each organization A, B, potentially creating an electronic container 302 to do so.

  In the present embodiment, the processing environment 100 (A) (1),. . . , 100 (A) (N) each have an example of a processing environment in which a virtual distributed environment is protected and may communicate with each other over an intranet 5100 (A) via a secure electronic container 302. Similarly, the electronic device 100 (B) (1),. . . , 100 (B) (N) each have an example of a processing environment in which a virtual distributed environment is protected and may communicate with each other over an intranet 5100 (B) via a secure electronic container 302. Further, organization A and organization B may communicate with each other over the Internet 5104 via secure electronic container 302.

  Trading authority 700 (A) whose organization A's private is trusted may be used to facilitate organization A's internal communications and processes. Private protected trading authority 700 (A) may be used, for example, to carefully track items sent from one user to another user in organization A. Meanwhile, Public Trading Authority 700 (C) is used to coordinate between Organization A and Organization B without revealing confidentiality information from one organization to another. obtain. The following is a more detailed example. The configuration of FIG. 66 can be usefully used to conduct business transactions.

A copy for the user 100 (A) (1), 100 (A) (3) and 100 (A) (5) (they cannot change notes after all three have signed off), and to anyone else Users 100 (A) (2), 100 (A) (7) -100 (A) (10), and 100 (A) (12) who have a copy that is not against (no one can change the memo Before being distributed to each of the users 100 (A) (1), 100 (A) (3) and 100 (A) (5) (each may modify the memo) Suppose it does not need to be approved by Private trading authority 700 (A) may maintain a set of rules that identify these requirements. Trading Authority 700 (A)
Send a memo (within a safety container) to each of the users 100 (A) (1), 100 (A) (3) and 100 (A) (5) for approval in a “brute force” manner obtain.
If any one of these users changes the note, trading authority 700 (A) may circulate the note to the other two for additional comments and corrections.

  -Once all three of users 100 (A) (1), 100 (A) (3) and 100 (A) (5) approve the memo, trading authority 700 (A) is authorized. , Each of their digital and / or handwritten signatures or initials is placed on the memo, the memo is read out, and the users 100 (A) (1) -100 (A) (3), 100 (A) (5), 100 (A) (7) -100 (A) (10), and 100 (A) (12) with one or more safety containers having a control set that specifies that they are only read. Put.

-Next, trading authority 700 (A) may send a copy of the note in the container to each of these users. Alternatively, the same container can be requested and circulated from one person to another.
The trading authority 700 may request electronic control and maintain a trail of safety audits indicating where the container was, who opened the container, who accessed the notes held by the container, and when. Accordingly, trading authority 700 (A) can increase personal accountability accounting responsibilities by proving whether, when, and for how long a particular person has viewed a particular document.

  Organization A's intranet 5104 may also be used to exchange and / or distribute sensitive design specifications. For example, trading authority 700 (A) may maintain a detailed record of the person who accepted the design specification in digital form. Therefore, we take on accountability for personal accountability and provide a high degree of efficiency.

  As discussed above, private trading authorities 700 (A), 700 (B) may also provide a “firewall” function to prevent confidential information from leaking outside their respective organizations A, B. For example, assuming that organization A is an integrated circuit designer, organization B is an integrated circuit manufacturer. Organization A creates a “tape out” that designs and identifies the circuit layout of the chip and sends it to Organization B. Organization B manufactures an integrated circuit based on “tape-out” and delivers chips to organization A.

Trading authority 700 may be used to facilitate the business transactions described above while maintaining the confidentiality within each of organizations A and B. For example,
• Organization A's private trading authority 700 (A) oversees the overall design and specification design efforts within Organization A. All communications occur in secure container 302 across organization A's intranet 5100 (A) to maintain confidentiality. Trading authority 700 (A) may maintain a historical record of historical design documents, work in progress, and safety records of specification versions as the design process progresses.

  • Organization A's private trading authority 700 (A) may manage the development of the final design specification while ensuring that all conditions required to facilitate the design specification are observed.

  Once the design specifications are completed, trading authority 700 (A) may move the design specifications in security container 152 to those individuals in organization A that require “sign-off”. . Their respective devices 100 (A) (1),. . . , 100 (A) (k) attaches and / or embeds a digital signature, handwritten signature, seal, and / or fingerprint as described above to indicate specification approval.

  If satisfied that the specification has been “signed off” by the appropriate people, trading authority 700 (A) may send it over public Internet 700 in secure container 302 to public trading authority 700 (C). Public trading authority 700 (C) may be a trading authority held by organizations A and B to act as a liaison between them. Organization A's private trading authority 700 (A) may filter (or protect) all information it sends to public trading authority 700 (C), and only access information intended for organization B You can contract. For example, private trading authority 700 (A) may provide additional electronic control within the container, preventing organization B from seeing any detailed audit information that indicates where the specification is in organization A. Can do.

• The Public Trading Authority 700 (C) is independent while acknowledging and / or authenticating the design specs against the latter evidence that Organization A has delivered it in accordance with the contract and with specific data and time. Can act as a trusted third party.
The public trading authority 700 (C) then advances the design specification across the Internet 5104 (still in the safety container) towards the organization B's private trading authority 700 (B).

  • Organization B's private trading authority 700 (B) copies a copy of the design specifications across Organization B's intranet 5100 (B) to the appropriate users 100 (B) (1), 100 (B) within Organization B. Automatically send to (N). No one outside Organization B needs to know who has received a copy of the specification. On the other hand, Organization A's Trading Authority 700 (A) may include electronic controls that restrict access to only certain engineers within Organization B, if desired. These safety controls are carried into the organization B and the electronic devices 100 (B) (1),. . . , 100 (B) (N). Organization B's trading authority 700 (B) may manage the chip manufacturing process, assuring that all the steps and conditions required to manufacture the chips in accordance with Organization A's design specifications will continue.

Example-Trading Authority that can Promote International Trade FIG. 67 shows an example of how trading authority 700 conducts international trade. In this particular example, trading authority 700 coordinates complex cross-border transactions between companies 1106A, 1106B, and 1106C located in their own respective countries (eg, the United States, Australia, and Europe). Company 1106A has its own bank 1108A and lawyer 1110A. Similarly, company 1106B has its own bank 1108B and lawyer 1110B, and company 1106C has its own bank 1108C and lawyer 1110C.

  Trading authority 700 assists in the formation of agreements between international bodies, for example by passing back and forth offers and counter-offers in secure containers and using contracts that form the above-mentioned technology, Establish some or all of these and provide non-repudiation. Once a contract is formed, trading authority 700 maintains a main set that specifies all the rules and control conditions that must be met for the transaction to be completed. Thus, it can provide results for different events. Alternatively, once a contract is executed, the role of trading authority can be virtual, especially in simple models, as value chain rules and controls are carried by the VDE container. VDE container rules and controls collectively specify all processes and conditions that must be met, including their operational sequence. The rules and controls provided to trading authority 700 may take into account international law with different rules that apply to different countries. The rules may take into account various import and export requirements and restrictions, international tax treaties between countries. This rule includes upfront and / or ongoing tariffs related to routing and filing requests, confirms good distribution trade authorities, and contract terms with contract or relevant national and international authorities. Assisting in filing and managing any transport or other transport request, assisting in establishing a reliable translation service for contract terms (especially standard terms and conditions), and internationally certified To control the differences in the demands and forms of the authorities, and to impose obligations to comply with the required social rules by governing the bodies effectively, govern effectively, domestically and substantively govern Collect membership tax like tax on the territory you are in. Trading authority 700 can communicate between various international organizations using secure electronic containers, and can securely verify various reliable event notifications provided by international organizations.

Example: Decentralized Trading Authority Complex work interactions under the control of trading authority 700 can also be distributed, for example, within and between organizations and / or controlled areas. Complex international real property transactions require the involvement of several functions that are not buying and selling companies (some financial institutions, insurance companies, and law firms and possibly a few government agencies) Suppose that Further, each of the organized and individual organizations for the transaction has a computer that is VDE aware and within this organization or institution this real estate under the authority authorized by the main trading authority 700. Suppose that there is at least one decentralized trading authority that services transactions.

  Each of the organizational and individual organizations for the transaction has a computer that is VDE aware. Within each organization and agency, there is at least one distributed trading authority that provides services for this real property transaction under the authority authorized by the main trading authority 700.

  In this one embodiment, each entity for a real property transaction has distributed trading rules and parameters that represent their business relationships in the form of VDE rules and controls that define the role of each entity in the overall transaction. Have. For example, an insurance company must ensure the value and cost characteristics that a buyer can accept and that are approved by a mortgage lender. Also, these negotiated VDE rules and controls have already been mutually agreed upon using the negotiation mechanism described in the Ginter et al. Application, and some negotiated with the history of negotiating these rules and controls. Assume that the rules and controls are all stored at the main trading authority for this real property transaction. The top trading authority may be the main trading authority 700 and may optionally be mutually agreed with the distributed trading authority. In this embodiment, the former is assumed. In short summary, all bodies agree on rules and controls governing transactions. The negotiation process can be simplified because trading authority 700 has distributed distributed template applications for international real estate sales. This template is based on the past experience of trading authority 700, and in particular was created by trading authority 700 for this transaction as a value-added service for its important customers.

  Each of the parties to the transaction, following the VDE control set that defines this atomic transaction, is responsible for seeing a portion of the transaction complete before closure and completion of the entire transaction. . In some cases, multiple entities are commonly responsible for completing all transaction parts. For example, buyers and sellers must agree to a purchase price. This embodiment contributes to work requirements including, for example, their price and other fluctuations. In addition, the VDE negotiation mechanism is used to reach an agreement that represents a fair balance of profits. If the electronic negotiation is unsuccessful, the organization may negotiate directly or the VDE secure container with audit records indicating failure will then notify each authorized person to participate in the entire transaction. Sent to authorities.

  If the buyer and seller agree, this one embodiment completes the negotiation (or receives a negotiation completion instruction digitally signed by both parties using VDE technology) Depending on the processing environment, a notification is then sent to the decentralized trading authorities, notifying others (including other participating trading authorities) that the price has been agreed. Based on the subtransaction VDE control, the VDE may securely notify the organization or organizations that are currently completing some other sub-transaction. In this embodiment, the title search company can now perform these tasks. Insurers can now begin negotiations with buyers for coverage using the VDE negotiation mechanism. A lawyer in a lawyer's office for the purchaser may begin negotiations with a counterparty in the sales company. Both barristers interact with their external attorneys using VDE and VDE safety containers, creating and negotiating various documents that are completed in part or in all transactions.

  In this example, each of the organizations may have one or more digital certificates issued by the authorization authority 500, authenticating each of the organizations for this transaction and its sub-transactions. The bill exchange 200 provides a means of payment communication for various value-added services (eg, those provided by the trading authority 700). Bills of exchange 300 collects audit records from time to time in the VDE safety container from each of the participating VDE's protected processing environments and provides an independent third party audit of these transactions. The secure directory service 600 helps participants locate each other's electronic addresses while maintaining confidentiality and privacy.

  As each of the sub-transactions is completed, the distributed trading authority within the organization where the sub-transaction is completed notifies the primary authority for this transaction 700 of completion of the sub-task. In accordance with previously agreed VDE rules and control sets, some or all persons participating in the transaction will also be able to receive, for example, individuals, distributed trading utility systems, distributed, It can be informed by the audit records and / or messages sent securely and authorized by including the PPE at the node to the trading authority and / or the main authority for this transaction.

  Once all the components of the entire transaction have been completed, the trading authority, in this example, the main trading authority for this real property sale, all the prerequisites are met and the entire transaction is resolved Notify each participant and each participating decentralized trading authority. Optionally, trading authorities can give sellers and get the last opportunity to proceed with completion or continue trading. This one example illustrates that a trading utility system 90 including a trading authority 700 can be distributed in an intermediate VDE protected processing environment that supports one or more trading utility systems 90.

Examples— Amortization of digital broadcast network infrastructure and other resources across many users, building critical mass faster than competitors, products most appealing to customers and Supporting the specificization of tailoring and delivering services, maximizing negotiating leverage power for purchase, building the most comprehensive infrastructure, Act as the best “one-stop” resource for work activities. These are all key concepts in successfully building a modern business. VDE and distributed trading utilities establish a fund to create a highly competitive and successful virtual space business that demonstrates these attributes. Many of these businesses reflect the characteristics of the Internet and the World Wide Web. Like VDE and distributed trading utilities, they constitute a distributed community that realizes maximum benefits through electronic trading cooperation. They provide different services layers, as well as complementary products and services, and realize the great advantage of coordinating their activities with their mutual benefits.

  Digital Broadcasting Network (“DBN”) is truly an innovative trading business. Composed of sites and services based on many different World Wide Webs ("Webs"), DBN participants can experience market transactions and customers by experiencing maximum buying power by sharing resources Gain greater influence and operational efficiency by generating information and by supporting a rational administrative overlay that links many (often complementary) activities to each other. Overlapping the capabilities of both the architecture of the World Wide Web and VDE and distributed trading utilities, enabling the design of the underlying consistent rules, and both of these architectures, digital broadcasting networks To support a highly efficient, largely automated and distributed community that maximizes business efficiency. In a similar manner, other embodiments include other classifications of entities that function together as virtual businesses (eg, companies or other organizations). The distributed nature and trading utility system of VDEs is particularly important in providing an efficient infrastructure for these modern, potentially large, virtual space business activities.

  A digital broadcast network may function as a community of websites and, for example, a service provider with a central or local and logical (market based) group of headquarters. Alternatively, it may function as a shareholder corporation for profit in a reminiscent of the business model of a television broadcaster (eg, NBC). Or a mixture or combination of the above qualities, acting as a cooperative or virtual enterprise that employs distributed peer-to-peer, hierarchical, centralized administrative business relationships and activities obtain. In one embodiment, multiple companies are connected to each other and provide an entity that allows each participant to have some degree of expertise and an entity to coordinate each other in some manner in a “higher” level of a cooperative or company. Provides the benefits of coordination.

In one embodiment, the digital broadcast network may be a single company with many licensed franchises. Licensed franchises are responsible for geographically and / or logically specialized market areas and / or other websites in the hierarchy of distributed trading utility services and / or peer-to-peer contexts as described above A website can be configured. On behalf of itself and its franchise, this company, for example,
-Negotiate an optimal rate for exposure time with advertisers and their agents,
・ Get the lowest cost for content provided by third parties,
・ Resell market analysis and user profile information,
・ Share franchise with DBN and / or other franchise and share that income,
Provide advertisements to franchises according to franchise and / or franchise user base profiles,
Guarantee a certain number of “eyes” (exposure and / or other interactions) against the advertiser ’s material,
A secure virtual network that employs the capabilities of VDE and distributed trading utilities so that the entire organization operates in a secure and highly efficient manner, including the use of common user application tools, interfaces , and government activities Provide
・ Advertise on the network according to the profit of the network and franchise,
Purchase and / or supply content to the franchise according to the franchise needs as specified by their requirements and / or usage profile;
• Collect and analyze content (including advertisements) usage, virtual space purchases, and other data as permitted under the consent of the franchise,
• Allows franchises to perform many network functions on a local basis. The local criteria is to obtain and create available geographical and / or logical local (consistent with the focus there) content (and / or specific interest in its user base) ,
Negotiating agreement on commercial value advertising that has the physical and / or logical market focus of the franchise,
A web “broadcast” space (with at least content) that has the rest of the control by consent and is enforced by rules and controls, eg, under the control of the DBN and / or some one or more other network participants Control at least one part of the local control over some part), and
Perform other government support and / or service functions for benefits and / or networks.

In one embodiment, the DBN employs many of the security and administrative capabilities of the VDE and many of the service functions provided by the present invention to manage and automate the distributed relationships and activities that are central to the DBN business model. . For example,
Trading authority 700 may provide overall administrative content for managing the network community. For example, trading authority 700 may manage the routing of content to the appropriate franchise (by using VDE rules and controls in the preferred embodiment). It can also manage the handling and control chain for reporting usage information. Trading authority 700 may obtain and / or derive its electronic control set from a consent relationship between DBN and its franchise. Electronic negotiation can be used to create these consent relationships. Trading authority 700 may also receive controls reflecting a direct bilateral relationship or other networked relationship between the franchise and other participants.

  The rights and authorization bill exchange 400 can extend the trading rights related to the content to the network franchise. It contains content rights held by network entities themselves and available to other network entities, and acts as a repository for rights related to content supplied to customers by network entities themselves. Such content rights may include, for example, displaying, selling, redistributing, replanning, and advertising. It may provide additional rights (eg, redistribution rights or specialized replanning rights) to the request and / or automated profile based on eg usage.

The bill exchange 300 may collect usage data in market analysis, user profiles, and ad support. It can also analyze that information and the reports it retrieves. It may distribute that information internally to the DBN as appropriate and sell other usage-based information based on reporting and / or external trading opportunities.
• The bill exchange 200 undertakes appropriate compensation execution throughout the network. It can collect payments from franchises for content by DBN. It may disperse them into franchisee payments as a result of advertising and reselling usage information. It can collect payments from franchises for support of generally DBN infrastructure and services such as network advertising, for example. It connects to the infrastructure of the multipurpose financial bill exchange and sends and receives information related payments.

  The secure directory service 600 may maintain a directory service based on unique verification and / or classification characteristics. There can be a very large number of franchises overall. The directory service 600 may also maintain customer directory information, including unique identifiers and profile information. The secure directory service 600 may maintain directory information for content that is owned, managed, and / or available to the network.

  • The certification authority 500 may authenticate the roles of all participants in the network. For example, it issues a certificate to each franchise. It can also issue certificates that authenticate the trading relationships of groupings of network entities, and can promote efficient safety relationships with third parties. They can also issue certifications to customers and provide certain specialized customer rights regarding trading activities with external parties of the customer (eg, becoming a member of a discount system or a larger “DBN” community). Can be represented.

  Some or all of the specific service functions (eg, as described above) can be highly distributed, can work franchise significantly, primarily, or even more exclusively, and serve network web servers.

  Although the present invention has been described with respect to the most practical and preferred embodiments at the present time, the invention is not limited to the disclosed embodiments, but conversely, within the spirit and scope of the appended claims. It is intended to cover all modifications and equivalent arrangements.

The figure which shows an example of the distributed trading utility (Distributed Commerce Utility) which supports an example of a consumer's electronic device. FIG. 3 illustrates a protected processing environment (“PPE”) within a consumer electronic device. FIG. 3 illustrates that a distribution trading utility may include multiple examples of trading utility systems. The figure which shows a mode that management and a support service function are distributed. The figure which shows a mode that management and a support service function are distributed. The figure which shows a mode that management and a support service function are distributed. The figure which shows a mode that management and a support service function are distributed. The figure which shows a mode that management and a support service function are distributed. The figure which shows the example of a distributed trade utility system. The figure which shows the example of a distributed trade utility system. The figure which shows the example of a distributed trade utility system. The figure which shows an example of the web of a trade utility system. FIG. 2 shows an unlimited web of consumer devices and trading utility systems. The figure which shows a mode that a rights holder can select between the multiple trade utility systems connected to electronic "information highway". The figure which shows an example of a mode that a different trade utility system functions together. The figure which shows an example of a mode that multiple management and a support service function are combined and integrated in a trade utility system. The figure which shows an example of the web of a combination function trade utility system. The figure which shows the example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a multi-function trade utility system. The figure which shows an example of a financial bill exchange. The figure which shows an example of a use bill exchange place. The figure which shows an example of a right and a permit exchange bill exchange. The figure which shows an example of a certification authority. The figure which shows an example of a secure directory service. The figure which shows an example of a transaction authority. FIG. 4 illustrates that a trading utility system can support other trading utility systems. FIG. 4 illustrates that a trading utility system can support other trading utility systems. FIG. 4 illustrates that a trading utility system can support other trading utility systems. FIG. 4 illustrates that a trading utility system can support other trading utility systems. FIG. 4 illustrates that a trading utility system can support other trading utility systems. FIG. 4 illustrates that a trading utility system can support other trading utility systems. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows an example of the hierarchy of a trade utility system. The figure which shows the example of the interaction model of a trade utility system. The figure which shows an example of the structure for distributing a part of management and support service operation. The figure which shows an example of a financial bill exchange exchange trade utility system. The figure which shows an example of a structure of a financial bill exchange. The figure which shows an example of a financial bill exchange process. FIG. 4 is a diagram illustrating further examples of financial note exchange activities and processes. The figure which shows an example of value chain (payment) decomposition | disassembly (disaggregation). The figure which shows an example of a mode that the decomposition | disassembly of FIG. 21 may be implement | achieved in a financial bill exchange context. The figure which shows the example of 1 structure for implement | achieving payment decomposition | disassembly on the user's protected processing environment. The figure which shows an example of a more complicated value chain (payment) decomposition | disassembly. The figure which shows an example of a mode that decomposition | disassembly can be implement | achieved in a financial bill exchange context. The figure which shows an example of value chain decomposition which details the guarantee to a distributed trade utility. The figure which shows an example of value chain (payment) decomposition | disassembly with respect to an arbitrary number of recipients. FIG. 4 shows a further example of how value chain (payment) decomposition and redistribution can be achieved via a financial bill exchange. The figure which shows an example of the super-disaggregation payment using a financial bill exchange and a re-disassembly scenario for a financial bill exchange. The figure which shows an example of value chain (payment) decomposition | disassembly in a consumer's protected processing environment or another site. The figure which shows the example of value chain (payment) decomposition | disassembly which cross | intersects multiple transactions. The figure which shows the example of value chain (payment) decomposition | disassembly which cross | intersects multiple transactions and multiple consumers. FIG. 3 is a diagram illustrating an example of a trading utility system architecture that provides payment disassembly. The figure which shows an example of a use bill exchange office trade utility system. The figure which shows an example of a bill exchange office architecture. The figure which shows an example of a use bill exchange process. The figure which shows the further example of the use bill exchange process using a multi-use bill exchange. The figure which shows an example of the use bill exchange process using a use bill exchange and a financial bill exchange. The figure which shows an example of the media arrangement | positioning process (media placement process) of a bill exchange place. FIG. 4 is a diagram illustrating an example bill exchange process that provides discounts based on different levels of consumer usage information disclosure. The figure which shows an example of the right and permission and authorization bill exchange exchange trading utility system. 1 is a diagram illustrating an example of a rights and authorization bill exchange architecture. FIG. The figure which shows an example of the rights and authorization bill exchange process. The figure which shows an example of the control set registration process for an update. FIG. 4 is a diagram illustrating a further example of a rights and authorization bill exchange process. The figure which shows the further example of a right and authorization bill exchange. The figure which shows the example of a rights template. The figure which shows the example of a rights template. The figure which shows an example of the control set corresponding to the example of a rights template. The figure which shows another example of the rights and authorization bill exchange process. The figure which shows an example of a certification authority trade utility system. The figure which shows an example of a certification authority architecture. The figure which shows an example of an authentication process. The figure which shows an example of a distributed authentication process. FIG. 6 illustrates an example of a control set where execution and / or other results are conditional on the presence of digital certificates. The figure which shows the example of a digital authentication data structure. FIG. 3 illustrates an example of a technique for generating another digital certificate and a digital certificate based on a trusted database. The figure which shows an example of the technique which prescribes | regulates a virtual entity (virtual entity). The figure which shows an example of the technique which prescribes | regulates a virtual entity (virtual entity). The figure which shows an example of the technique which prescribes | regulates a virtual entity (virtual entity). The figure which shows an example of the secure directory service trade utility system. 1 is a diagram illustrating an example of a secure directory service architecture. FIG. The figure which shows an example of a secure directory service process. The figure which shows an example of a transaction authority trade utility system. The figure which shows an example of a trading authority architecture. The figure which shows an example of a transaction authority process. The figure which shows an example of a transaction authority producing | generating a control super set (control superset). The figure which shows the example of the step performed by the trading authority. The figure which shows an example of a safe checkpoint trade utility system. The figure which shows an example of a safe checkpoint trade utility system. The figure which shows the example of a mode that a distributed trade utility can support a different electronic value chain. The figure which shows the example of a mode that a distributed trade utility can support a different electronic value chain. The figure which shows the example of shopping, licensing (licensing), and / or rental (renting). The figure which shows an example of shopping and payment about a tangible item. It is an example of a customer who pays securely for services. The figure which shows the example of value chain decomposition | disassembly about shopping of a tangible thing. The figure which shows an example of the cooperation between the organization (organization) inside and the outside trade utility system. The figure which shows an example of the transaction authority between mechanisms and in a mechanism. The figure which shows an example of the trade between countries.

Explanation of symbols

75 Distributed Trading Utility 100 Consumer Equipment 102 Home Color TV Set 102a Television Program 104 Video Player / Recorder 106 Set Top Box 108 Handheld Remote Controller 150 Electronic Network 154 Protected Processing Environment

Claims (29)

An electronic trading and / or rights management system for performing at least one payment operation, wherein the system includes a first electronic device (100), a second electronic device (100 '), and the first electronic device (100'). And a system comprising an electronic communication network (150) that allows the second electronic device (100, 100 ′) to exchange digital signals,
The first electronic device (100) performs at least a first part of the payment operation;
Electronic trading and / or rights management system, wherein the second electronic device (100 ') executes at least a second part of the payment operation.   2. The electronic trading and / or rights management system of claim 1, further wherein the first portion of the payment operation includes at least one micro payment aggregation task, and further the second of the payment operation. The system wherein the portion includes at least one payment confirmation task.   2. The electronic trading and / or rights management system according to claim 1, wherein the first electronic device (100) further comprises a consumer device, and the second electronic device (100 ') is at least partly. A system characterized by being installed in a settlement office.   The electronic trading and / or rights management system according to claim 1, further comprising at least the first electronic device (100) including a protected processing environment (154).   The electronic trading and / or rights management system according to claim 1, further characterized in that the first part of the payment operation comprises a usage metering task (116).   The electronic trading and / or rights management system according to claim 1, further characterized in that the first part of the payment operation comprises at least one task requiring electronic authentication (504). System.   The electronic trading and / or rights management system of claim 1, further wherein the first portion of the payment operation comprises at least one rights management task.   2. The electronic trading and / or rights management system according to claim 1, further comprising the first portion of the payment operation comprising at least one electronic currency management task.   The electronic trading and / or rights management system according to claim 1, further characterized in that a majority of the payment operation is performed by the first device (100).   The electronic trading and / or rights management system according to claim 1, further characterized in that a majority of the payment operation is performed by the second device (100 ').   The electronic trading and / or rights management system according to claim 1, further comprising at least one of the first and second electrode devices (100, 100 ') via a network (150). A system comprising a connected third electronic device (100 "), wherein the third electronic device performs a third part of the payment operation.   The electronic trading and / or rights management system according to claim 1, wherein the first and second devices (100, 100 ') are respectively a financial settlement operation, a use settlement operation, a rights and permission settlement operation. , An authentication authority operation, a trading authority operation, and a secure roster service operation, and each of the operations is different between the first and second devices (100, 100 ′). A system characterized in that it can be distributed with.   2. The electronic trading and / or rights management system according to claim 1, wherein the electronic network (150) connects the first and second electronic devices (100, 100 ') to a trading utility system web. A system characterized by that.   The electronic trading and / or rights management system according to claim 1, further comprising an electronic rights holder electronically selecting between the first electronic device (100) and the second electronic device (100 '). A system characterized by being able to.   The electronic trading and / or rights management system according to claim 1, further characterized in that the first and second electronic devices (100, 100 ′) cooperate to perform a total sale settlement. System.   The electronic trading and / or rights management system according to claim 1, wherein each of the first and second devices (100, 100 ') comprises at least one financial settlement operation, at least one financial settlement operation. Performing a use payment operation, at least one rights and authorization payment operation, at least one authentication authority operation, at least one trading authority operation, and at least one secure roster service operation, respectively. system.   The electronic trading and / or rights management system according to claim 1, wherein the first electronic device (100) further comprises a plurality of trading utility systems (90 (1), ... 90 (n)). A system characterized by comprising the following hierarchy.   2. The electronic trading and / or rights management system according to claim 1, further characterized in that the first electronic device (100) is unique to an organization.   The electronic trading and / or rights management system according to claim 1, further characterized in that the first electronic device (100) is specialized vertically.   2. The electronic trading and / or rights management system according to claim 1, further characterized in that the first electronic device (100) is specialized by area and / or jurisdiction. System.   The electronic trading and / or rights management system according to claim 1, further comprising the first and second electronic devices (100, 100 ') communicating and harmonizing as peers and hierarchically. Feature system.   The electronic trading and / or rights management system of claim 1, further comprising: the payment operation includes processing payment related information and further executes at least one payment related trading. .   The electronic trading and / or rights management system of claim 1, further comprising the payment operation including processing usage related information and performing at least one usage reporting action.   The electronic trading and / or rights management system according to claim 1, further characterized in that the settlement operation receives at least one request and performs at least one related rights management transaction. system.   The electronic trading and / or rights management system according to claim 1, further characterized in that the payment operation issues at least one digital certificate.   2. The electronic trading and / or rights management system according to claim 1, wherein the payment operation further includes roster information provided in a secure manner.   The electronic trading and / or rights management system according to claim 1, further characterized in that the settlement operation includes execution of at least one process management trade.   2. The electronic trading and / or rights management system according to claim 1, wherein the first and second parts of the payment operation are mutually supportive.   2. The electronic trading and / or rights management system according to claim 1, wherein at least one of said first and second electronic devices (100, 100 ') is a set of service application components defining at least one service function. A system that includes a rights operation system to assist.

Images