MXPA05012285A - Business method for pay-as-you-go computer and dynamic differential pricing - Google Patents

Abstract

A system for supplying computers with little or no upfront payment has a service provider, a computer, and an optional funding account. The computer is adapted to render itself substantially useless unless provisioned by the service provider. The service provider has a capability to collect funds from the user and to provide the data necessary for continued operation of the computer. Cryptographic means may be employed to generate and receive the data necessary for continued operation of the computer. The computer's self-imposed sanctions may include slowed operation, reduced graphics capability, limited communication, and limited access to peripherals.

Description

METHOD FOR PAYMENT ON COMPUTER AND DYNAMIC FIXING DIFFERENTIAL PRICES This application is a continuing part of the Patent Application of E. U., "Method and Apparatus for Procurement Software," filed on November 15, 2004 under file number 30835/40399. BACKGROUND Personal computers, peripherals and personal computer systems are usually sold or rented on a perpetual use basis. Specifically, when in possession of the user, the user has full access to and uses the entire product, both hardware and software. Computers can be a great benefit for people, providing access to information, educational opportunities, connection with others, shopping by comparison, etc. However, the traditional high cost of computer hardware and perpetually authorized software can limit the ownership of a personal computer to only the most affluent segments of the world's population. BRIEF DESCRIPTION OF THE INVENTION A service provider may supply a computer to a user where the computer is logically linked to the service provider. As part of a service contract, the service provider can supply the computer to make it available with a small payment or without payment in advance. The computer, however, can only operate when provisioning packets are received that represent a value of the service provider. When the value stored in the computer runs out, the computer can invoke sanctions that make it substantially useless until additional provisioning packets are received. In exchange for the provisioning packages, the service provider can collect the user's funds. By linking the computer to the service provider and invoking difficult-to-defeat sanctions, the value of the computer in stores can be substantially reduced, thus protecting the business model of the service provider. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram of a network that interconnects a plurality of computing resources. Figure 2 is a block branch of a system according to a current description mode. Figure 3 is a block diagram of a portion of the service provider of Figure 2. Figure 4 is a block drama of a computer that can be connected to the network of Figure 1. Figure 5 is a block diagram of the local provisioning mode of the computer of Figure 4; and Figure 6 is a flowchart representing a method of operation of the system of Figure 2. DETAILED DESCRIPTION OF THE INVENTION Although the following text discloses a detailed description of numerous different embodiments, it should be understood that the legal scope of the description is defined by the words of the claims set forth at the end of this description. The detailed description is to be interpreted as an example only and does not describe each possible modality since describing each possible modality would be impractical, if not impossible. Many alternative modalities could be implemented, using either current technology or technology developed after the date of filing of this patent, which would fall within the scope of the claims.

It should also be understood that, unless a term is expressly defined in this patent using the sentence "As used herein, the term '' is hereby defined by the meaning ..." or a similar sentence, not there is an intention to limit the meaning of that term, either expressly or by implication, beyond its plain or ordinary meaning and such term should not be construed as being limited in scope based on any statement made in any section of this patent (different from the language of the claims, to the extent that any term mentioned in the claims at the end of this patent is alluded to in this patent in a manner consistent with a single meaning, that is done for the sake of clarity only so as not to confuse the reader, and it is not intended that such a claim term be limited by implication or otherwise, to that single meaning. Finally, unless an element of claim mentioned is defined the word "means" and a function without mentioning any structure, it is not intended that the scope of any claim element be interpreted based on the application of the U.S.C. § 1 12, sixth paragraph. Much of the inventive functionality and many of the inventive principles are best implemented with or in programs or instructions and integrated circuits (ICs) of software such as specific application ICs. It is expected that someone of ordinary skill, despite possibly significant effort and many design choices motivated, for example, by the time available, current technology and economic considerations, when guided by the concepts and principles described in this will be able to easily generate such instructions and software programs and ICs with minimal experimentation. Therefore, in the interest of brevity and to minimize any risk of muddying the principles and concepts in accordance with the present invention, additional discussion of such software and ICs, if any, will be limited to the essentials with respect to the principles and concepts of the preferred modalities. Figure 1 illustrates a network 10 that can be used to implement a dynamic software provisioning system. The network 10 can be the Internet, a virtual private network (VPN), or any other network that allows one or more computers, communication devices, databases, etc. to be connected in a communicative manner between them. The network 10 can be connected to a personal computer 12 and a computer terminal 14 via an Ethernet network 16 and a router 18, and a landline 20. On the other hand, the network 10 can be wirelessly connected to a computer 22 laptop and a personal information assistant 24 via a wireless communication station 26 and a wireless link 28. Similarly, a server 30 can be connected to the network 10 using a communication link 32 and a frame 34 can be connected to the network 10 using another communication link 36. Referring to Figure 2, a suitable system 200 is discussed and described to implement an example mode of a payment computing environment as you wish. An exemplary computer 202 may have resources 206 and 208 and a local provisioning module (LPM) 204. The LPM 204 can securely manage and store values that can be applied toward the use of one or more computer resources 206, 208 . The resources 206, 208 can be provisioned in the computer 202 at any point prior to its use, for example, during manufacturing, assembly or previous operation. The resources 206, 208 are provisioned in a way that allows the measurement or concurrence of their operation. The measurement of your operation may include monitoring an aspect of your operation, such as the number of launches, the time (duration) of use, the use in a period of time, such as a calendar month, or the use of an appearance in particular, such as saving data generated by an application program, or output, such as printing. The installation can be performed by any number of parties with physical or logical access to the computer 202, including the service provider 210 or several others not represented, such as a resource provider, a user, a manufacturer or a distributor. Service provider 210 may be coupled to computer 202 via a 212 link, preferably in real time, but off-line mechanisms work equally well. Examples of real-time connections may include dial-up access or the Internet. Offline mechanisms for link 212 may include known methods, for example, smart cards, or other removable media, or even print information encoded appropriately to ensure accuracy and authenticity. The service provider 210 uses the link 212 to send provisioning packets to add value to the computer 202, as discussed in more detail below. An additional participant may optionally be a bank or other source 218 of financing or funds. In some cases, the financing source 218 may be incorporated by the service provider 210. The financing source 218 may be coupled to the service provider 210 via the link 220. The billing or collection system 212 may be operable to process authorizations of a user of the computer 202 and to process requests for funds of interest or interest. 202 service provider. The current financing process can take advantage of any of numerous types of known accounts, for example, a normal bank checking or savings account, a prepaid account, a stored value account, a credit card account, a telephone bill payment account, etc. Provisioning System of the Service Provider Figure 3 illustrates a provisioning system 200 for providing provisioning packets for a computer device 202, wherein the computing device 202 can be any of the commonly known computing devices, such as the computer 12 desktop, laptop computer 22, PDA, 24, a cell phone or any similar devices. The provisioning system 214 can be implemented to provide provisioning packages intended for the use of an operating system, or, in an alternative implementation, the provisioning system 214 can be used to provide the use of other resources, such as software, firmware, a appearance of a computing device, etc. Similarly, although the provisioning system 214 is shown for the provision of the use of, a resource in the computing device 202 connected in a manner of communication with the network 10, may be used to implement such use in a computing device that may not be connected to the network 10, or may only be intermittently connected to the network 10. The provisioning system 214 may include a core provisioning service module 230, a distribution service module 232, a module 234 of certification service, a core 236 database and a distribution database 238. The provisioning system 214 can communicate with the billing system 218 via the billing adapter 216, while the core provisioning service module 220 can communicate with the distribution database 238 via a writer 240 of the database and the distribution database 238 communicates with the distribution service 232 via a database reader 242. The computing device 202 may include a local provisioning module (LPM) 204 that communicates with the distribution service module 232 via a network distribution service module 244. The core provisioning service 230 communicates with the billing adapter 216, which uses a network service 246 to communicate with the financing account 218. The provisioning system 214 may be placed in a server system such as the server 30, or another system connected in a manner of communication with the network 10. Similarly, the billing system 222 may also be placed in such a server system. as the server 30, or another system connected by way of communication with the network 10. In addition, one or more of the various components of the provisioning system 214 may be placed in the same server or in a number of different servers placed in different locations . For example, the core database 236 may be placed in a number of different servers of databases placed in different locations and each connected in a manner of communication with the network 10. The operation of the provisioning system 214 and its various component modules it is explained in more detail later. Although the links 212, 220 and 224 in Figure 2 can be implemented by network service interfaces, for example, the network service interfaces 244, 246, in an alternative mode, a user of the computing device 212 can communicate. with the distribution service module 232 and the financing account 218 via alternate modes of communication, such as by telephone, etc. For example, in a situation where it is not possible for the computing device 202 to connect to the network 10, a user of the computing device 202 can communicate via telephone and a user interface enabled for voice recognition linked to the 232 module of distribution service, via a customer service representative capable of communicating with the distribution service module 232, or manually via a smart card or other card, etc. With reference to Figure 4, the example system 200 may include a computing device, the same or similar to the computing device 202. In its most basic configuration, the computing device 400 can typically include at least a processing unit 402 and a memory 404. Depending on the exact configuration and type of computing device, the memory 404 may be volatile (such as RAM) , non-volatile (such as ROM, flash memory, etc.) or some combination of the two. Additionally, the computing device 400 may also have additional aspects / functionality. For example, the computing device 400 may also include additional storage (removibie and / or non-removable) that includes, but is not limited to, magnetic or optical discs or tape. Some examples of such additional storage are illustrated by removable storage 406 and non-removable storage 408. The computer storage means may include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storing information such as computer-readable instructions, data structures, program modules or other information. The memory 404, the store 406 remove and the store 408 non-removable are all examples of computer storage media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile discs (DVD) or other optical storage, magnetic cartridges, magnetic tape, storage of magnetic disk or other magnetic storage devices or any other means that can be used to store the desired information and which can be accessed by the computing device 400. Any such computer storage means may be part of the computing device 400.

The computing device 400 may also have device (s) 410 such as keyboard, mouse, pen, voice input device, touch input device, etc.

Output device (s) 412 such as a display, speakers, a printer, etc., can also be included. The computing device 400 may also contain connection (s) 414 for communications to allow the device to communicate with other devices. The connection (s) 414 for communications is an example of a means of communication. The communication means typically incorporates computer-readable instructions, data structures, program modules or other information into a modulated data signal such as a carrier wave or other transport mechanism and includes any means of information delivery. A "modulated data signal" may be a signal having one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and one of limitation, the communication means includes wired means such as a wired network or wired direct connection, and wireless means such as acoustic, RF, infrared and other wireless means. The computer-readable medium can include both a storage medium and a means of communication. A local provisioning module 204 (LPM) can provide part of the security base surrounding the computing device 400. The local provisioning module 204 is discussed in more detail in the following description of Figure 5. The components of the LPM 204 can be placed in non-volatile non-removable memory, as part of the system memory 404, as part of various components of the system. computer hardware 400, including processing unit 402, interface circuits (not shown) or any combination of these. The operation of LPM 204 is explained in more detail below. Figure 5 illustrates an additional block diagram in detail of LPM 204. The LPM can be part of a trusted computing base, as is known in the art, or it can be an extension of a trusted computing base. The LPM 204 is communicatively coupled with the service provider 210. The LPM 204 can perform various functions including interaction with users of the computing devices to interact with the service provider 210 via the network 10, etc. The LPM can perform the function of reinforcing a particular state in the computing device 400 by interacting with the particular input program used by the client computing device 400. In a particular implementation where the client device is using the Windows® Product Activation System (WPA) as the input or input logic 464, the LPM 204 can interact with the WPA to reinforce the particular state of the client computing device 400 . However, in an alternative implementation, the LPM 204 may interact with any other program of entry to the appropriate operating system. The implementation of LPM 204 can be a grouping of several software components compounded in software and composed as a library linked to an input program used by the WPA. However, in an alternative implementation of LPM 204, one or more of the various logic components of LPM 204 may be implemented in hardware. Specifically, the LPM 204 may include a reinforcement aggregation module 452 for reinforcing the computing device 400 to operate in a particular state, a measurement module 454 for measuring the use of a provisioned resource in the computing device 400, an engine 456 of transaction to process provisioning packets provided by the service provider 210, a secure storage administrator 458 to provide secure storage of provisioning packages, a communication module 460 for communicating with the service provider 210 and a user experience module 462 for interacting with a user. The reinforcement module 452 can be inserted into the input logic 464 of the computing device 400. When a user enters the computing device 400 using the input logic 464, or requests the use of a provisioned resource 206, 208 that can be loaded, the reinforcement module 452 can query the measurement module 454 with the balance information. If the boost module 452 determines that the computing device 400 has sufficient value for the requested activity, it can allow the computing device 400 to operate in its normal manner and allow the user to enter the computing device 400, or use the resource. 206, 208 requested. However, if the boost module 452 determines that the computing device 400 does not have sufficient available value, it denies entry or access to the requested resource and may invoke a user interface to rush the user to add value to the available balance. To carry out the reinforcement task, the reinforcement module 452 may be capable of disabling or otherwise sanctioning resources under the direct influence or control of the computing device 400. The measurement module 454 may include a balance manager 466 for reading and verifying a current balance available for entering or using the provisioned resource and for updating the current balance. The measurement module 454 may also include a configuration manager 468 for determining the valid System configuration information, such as authorized, that is, chargeable, peripherals and a reliable clock administrator 470 to maintain a monotonic timer, for example , a clock or timer that always counts in one direction and can not be reset. The measurement module 454 can provide the mechanism for monitoring how often, how much or at what period the computing device 400, or components thereof, is used. The measurement module 454 can use hooks in the operating system to count application starts, for example, when measuring usage per application. Alternatively, the measurement circuit 454 can monitor the cycles / use of the processing unit 402 to determine how much the computing device 400 or an individual application has actually been in operation. In another alternative mode, the reliable watch administrator 470 can be monitored to determine when a given period has expired for authorized use, for example, a calendar month or 30 days. The reliable clock administrator 470 can use a reliable hardware clock 472 to perform the task of keeping the timer always changing. In one mode, the time is increased, but the timer can also be designed to decrease. In any case, the monotonic operation is desired, that is, always counting in one direction. The reliable clock administrator 470 can be used to provide system time, or it can be used to provide time service only to measure usage. Both have advantages and can be used, but in any case, the measurement based on the Greenwich Mean Time (GMT) can reduce the noise problems with local time zones and the Date Line. The balance manager 466 and the reliable clock administrator 470 are very sensitive and important for the safe operation of the LPM 204, and therefore are likely to be under several security attacks during the operation of the LPM 204.

The reinforcement aggregation module 452 can function as an event dispatcher invoking the balance administrator 466 based on certain events, while the balance administrator 466 can determine what action to take when invoked in response to an event. Examples of several events that may cause the reinforcement aggregation module 452 to invoke the balance 466 manager are those system events that are covered by the usage plan normally in effect. Such events may include (1) an event to enter, (2) an event system unlocked, (3) a restoration of hibernation event, (4) an event awakening in reserve, (5) an event triggered by a user , such as a request to use a peripheral, (6) an exit event, (7) a packet download, (8) a second of the timer, etc. The balance administrator 466 can accept the event as an introduction and return a result action to the reinforcement aggregation module 452. For example, the resulting action can be either an approval or a denial. When the action is denied, sanctions may be invoked and, in some modalities, an opportunity to add provisioning packages and the user may be offered to update a balance in the balance 466 manager. The transaction engine 456 can process a provisioning packet in order to update the balance in e! balance 466 administrator. The transaction engine 456 can ensure that any provisioning package is consumed only once to update the balance. The transaction engine 456 can be designed to perform updated atomic transactions, so the balance update and the consumption of the provisioning package are always carried out together. To process provisioning packages, the transaction vote 456 may include a digital signature verification circuit 467. The digital signature verification circuit 467 may have circuits and / or software to decode the provisioning packet, if the provisioning packet is received electronically over the Internet, locally from a local area network, removable media 406, manually entered or another method of transportation. When using the traditional public key infrastructure ("PKL") the message can be decoded, if it is encrypted, and the number can be generated and verified against the digital signature to validate the integrity and authenticity of the provisioning packet. The particular coding algorithm employed, for example, RSA ™ or elliptic curve, is not significant. The digital signature technology that includes the verification of the sender and the verification of the content is well known and is not covered in detail here. The secured storage manager 458 may allow the LPM 204 to store balance data in a secure manner so that it can not be violated by a user and so that it is accessible only by the LPM 204. After a provisioning packet is downloaded through the LPM 204, it can be stored in the secured storage administrator 458. Similarly, the balance meter and the consumption meter of the package can also be stored in the secured storage manager 458. The secured storage manager 458 may also store information that is used in the assembly and operation of the local provisioning module 416. In general, this is information that, if committed, can be used to circumvent the controls for the use-by-use or prepaid operation. There may be a unique identifier between such information. The unique identifier can be a number or code that can be used to identify a computing device 400 from another. The unique identifier can also be used by the provider 21 or services to prepare digitally signed provisioning packets that can be used only by the computer 202 with the unique match identifier. The provisioning packages can be the information received that adds value to the 466 administrator of the balance. Some of the information associated with the authentication of provisioning packets can be stored in the secure storage administrator 458. For example, a transaction sequence number can be used to discourage or prevent playback attacks. In addition, a "not before" date can be extracted from the provisioning package and stored to discourage or prevent clock violation attacks. In a modality, the date not before may be the date / time the provisioning package was created. Because the use of the provisioning packet may not take place before the provisioning packet was created, nor can the watch, for example, clock 472 of reliable hardware, of the computing device 400 be set on a date or time before the last date of the last provisioning packet. State information, stored by the secure memory manager 458, can be used to indicate whether the computing device 400 is in a fully operational mode or whether the computing device 400 or an application is under some restriction or sanction. Although most software of the system memory 404 may be stored or executed there may be some executable code, for example, applications, routines or drivers that are ideally resistant to violation. For example, a routine that sets the reliable hardware clock 472 may itself need to be protected to prevent violation and fraud. The measurement or use information created or used by the measurement module 454 may need more protection than that offered by the system memo 404 and can therefore be stored in the secure storage administrator 458. The measurement or use information may include, for example, the number of remaining usage units, the maximum number of permissible usage units, a list of measured applications, or a time / date of stop. Closely related to the measurement or use information may be the usage plans. To provide flexibility, users can be allowed to select from a number of usage plans, as mentioned above. The usage plan can include both the actual use, that is, the operation time or activations of a resource. These usage plans may include limited use during a calendar time period, use for a number of hours, use per application using number of applications or use, use per input / output (network connectivity), as well as including combinations of the previous ones. The protection of usage plans can be important because it is not desirable for a user to be able to alter or create new plans that could result in fraudulent use. A certificate revocation list ("CRL") can be used to determine if the current root certificate is valid. When no real time is retrieved from a guest, the CRL can be safely stored in a safe manner to avoid the violation that can allow fraudulent use by presenting a provisioning packet signed by a compromised or unauthorized private key. Although the public keys of a root certificate are in the public domain and technically do not need protection, in the interest of the integrity of the provisioning packet verification, the root certificate can be stored in the secure storage administrator 458. In the illustrated implementation, the secured storage manager 458 can be implemented as a dynamic link library (dll) so that the user experience module 462 can access the secured storage administrator 458. To ensure that the information stored in the secured storage administrator 458 is secure, an information encoding key can be used to store the information in the secured storage administrator 458 and only a module that has an information encryption key is able to read the information of the secured storage administrator 458. Secured storage administrator 458 can communicate with a subsystem 474 of local security authority (LSA) to communicate with a 476 LSA database, a storage driver 478 for communicating with the secure hardware storage 480, and a file system driver 482 for communicating with a file 434 in the computing device 400. For added security, an alternative implementation of the secured store administrator 458 can also use multiple copies of the information stored in the secured storage administrator 458 so that each copy can be cross-referenced to ensure there is no violation in no simple copy of the information. Although the implementation of the LPM 204 discussed herein has the secured storage administrator 458 implemented in software, in an alternative implementation, the secured storage administrator 458 can be increased in hardware. The communication module 460 may include a packet / certificate request administrator 486 for requesting provisioning packets and / or certificates or for purchasing additional provisioning packets from the service provider 210, and a network service communication administrator 490 that allows the LPM 204 communicate with network 1 0. The package / certificate request administrator 486 can receive a request to download a package or certificate from the service provider 21 0. For example, the package / certificate request administrator 486 can communicate with the service provider 21 0 to receive a certificate from a known source, such as the service provider 21 0. The package / certificate request administrator 486 may also be responsible for notifying the 21 0 service provider of the successful download of a certificate or provisioning packet. The packet / certificate request administrator 486 may use a provisioning protocol to communicate with the service provider 21 0. A package downloaded by the package / certificate request administrator 486 can be stored in the secured storage administrator 458. The shopping administrator 488 may allow a user of the computing device 400 to add value to the local balance by purchasing provisioning packets by receiving the user's payment information and communicating the payment information to the service provider 21 or an account 21 8 of financing or funds. For example, the purchase of a scratch card at a local store can be used to add value to the funds account 620 that is used later to create a provisioning package that is downloaded, verified and used to update the balance in the 486 balance manager. When the package / certificate request administrator 486 as the purchasing administrator 488 can communicate with the network 1 0 using the network service communication administrator 490. The network service communication manager can use a network service administrator 492 and a network interface card (N IC) 494 to communicate with network 1 0. Note that in the present implementation, the network communication administrator 490 network service is used to communicate with the network 10, in an alternative implementation, other communication tools can be used, such as the file transfer protocol (FTP), etc. , to communicate with the network 1 0. The user experience module 462 may include an activation user interface (U l) 496 for requesting a user to enter a Clavelnic (I nitKey) that allows the administrator 486 to request package / certificate download the certificate from service provider 21 0, and a notification Ul 498 that allows LPM 204 to interact with the user. The activation Ul 496 may also invoke the purchase manager 488 to allow a user to purchase additional provisioning packages to recharge the balance. The UI 498 notification may include several user interfaces that allow the user to request current balance information, history of use, etc. The UI 498 notification can be invoked by the user or by input logic 464. In a situation where the available balance for using a provisioned resource is low, the input logic 464 may invoke the notification Ul 498 to inform the user that an additional purchase may be necessary. The notification Ul may be active constantly and may provide notification service to the user via a taskbar icon, a control panel applet, an appearance balloon, or using any other commonly known Ul method. Referring now to Figure 6, an example method for operating the system 200 may start either at 502 or 504 depending on the stage of the operation. When a user decides proactively to extend the operation of the computer 202, either initially or after a period of operation, the user can start at 502 a provisioning user interface (shown in the priority request 30,835 / 40,399 before listed) ) and make 506 contact with a service provider. The service provider 210 may typically be the operator that provided the computer, or it may be an entity contractually bound to the service provider 210. The service provider 210 may typically provide the computer and at least one usage plan to determine the operation of the computer 210. In one embodiment, the computer 210 may be provided for little or no upfront payment of money. In compensation, the service provider 210 may sell to the user provisioning packets that are added to a value balance in the balance manager 486 of the measurement circuit 454. It may be a part of the key to the business strategy of the service provider to avoid the acceptance of provisioning packets by the computer 202 of a dishonest provider (not represented). Dishonest providers may include both hackers and unauthorized service providers who act if the permission of the service provider 210 who provided it, and who may still have title to the computer 202. When the latter contacts the service provider. service provider 210, the user can identify, implicitly or explicitly, the computer 202 and its own identity. The identity of the computer may be required in order to provide a properly identified provisioning package. The identity of the user may be necessary for the separate authentication of a request for funds or financing. When the identity of the user is confirmed, the service provider 210 can make contact 508 with a funds account 218 through the billing adapter 216 and the billing or collection interface 222. A confirmation of the funds account 218 may allow the service provider to confirm that the funds are safe 510. The types and methods for financing are known. Briefly, fund accounts may include a user's bank account, a credit card company for subsequent payment operation, a scratch card issuer, in the case of prepaid operation. The use of a scratch card can allow a user without a bank or credit account to operate the computer 202 by purchasing scratch cards from a retail seller. The cards can be activated and then registered by the user for later use in the purchase of supply packages. The payment is then made by the scratch card function of the card issuer to scratch. Another type of account can be offered through a provider 210 of existing service, such as a telephone company, which already has a credit and billing system in place. A telephone company can not only provide the computer 202, but a connection to the Internet, such as a dial-up or digital subscriber line (DSL). In such a case, the service provider 210 and the funds account 218 may be the same entity. When the funds are secure at 510, the service provider 210 may prepare a provisioning packet to transfer 512 value to the computer 202. The value may be in terms of points or minutes or some other measure of use. The mechanism for creating provisioning and authentication packets can use the public key infrastructure that involves signed and authenticated messages that can include not only the transferred value, but also the computer identification information 202, the clock information, a sequence number, etc. , as discussed earlier. Although the system 200 displays network communication as the transfer mechanism for the provisioning packets, alternative methods such as prepaid cards, ie smart cards, or even a sequence of manually entered characters representing the provisioning pack may be acceptable. . The details of the public key infrastructure and its use for digital signature are known in the industry. When the provisioning packet has been received and processed and the value is stored in the balance manager 486, the computer 202 is ready for operation in accordance with the terms of the normal use plan. The user may, at that point, or when initiating a session at 504, initiate an operation that generates a service request 514. As discussed above, the event or actual operation that triggers the service request 514 may be an entry to the service. system (login). Alternatively, the service request 514 may be for the use of a specific device, such as a printer or the service request 514 may be for the use of a resource, such as information transfer via the Internet. For the purpose of this discussion, the example of an entry to the system will be used. The user can activate a login screen to the system that generates the service request 514. The system entry logic can request 516 authorization from the reinforcement module 452. The reinforcement module 452 may request authorization from the measurement module 454. The measurement module 454 can determine 51 8 that the balance of funds is sufficient based on the active service plan currently. The branch of itself of 51 8 can be followed and the authorization is granted back through the chain of the reinforcement module 452 to the logic 464 of entry into the system. The requested service, in this case entry to the system, can be activated 526 and the user can use the computer in the prescribed manner until the next event that causes a service request to be generated, 4 starting the action as described. The prescribed operation of the computer can be monitored in different ways depending on the usage plan. When the usage plan involves unlimited use over a period of time, the measurement circuit 454 may only monitor the passage of time, granting all requests of the 452 reinforcement module for service activations provided that the time period has not been exceeded. On the other hand, when the usage plan incorporates a specific use, for example, minutes of connected time, used space of the disk or a number of launches of an application, the measurement module 454 can monitor in real time the use of the computer 2. When real time usage is monitored, the measurement module 454 can send messages to the reinforcement module 452 to warn the user when the balance is close to a state in which a re-provisioning is necessary. The value of the balance is consumed according to the regime established by the use plan for the requested activation.

When the balance is insufficient, the non-branching can be followed from 51 8, the request is denied 520 and an action can be invoked depending on the business rules associated with the currently active use plan. The action taken may fluctuate from an initial warning that the funds have run out or, in an extreme circumstance, the reinforcement module 452 may invoke a sanction such as slowing the computer 202 to a virtual immobility and / or disabling all capabilities of the computer 202 except those required to make contact with the service provider 210 for provisioning. The user can be presented with an option to request 522 more provisioning packages. When accepted, the branch of itself is followed up to 506 and provisioning occurs as described above. When the user selects not to make contact with the service provider 210 for additional provisioning, the non-branching can be followed from 522 to 524, where any sanction remains activated in place until the user selects to restart at 502 or 504. It may be desirable to The user will change either or both of the usage plan or the payment method. A change in the usage plan may accommodate a different usage pattern or simply take advantage of a better price offered by the service provider 210. The payment method can be changed as dictated by a user's preferences or financial situation. The user can make contact 506 with the service provider 210 in conjunction with any entry point 504 or 502. When coupled with the service provider 21 0, a selection of usage plans and payment options may be presented. The user can select the usage plan that best suits their anticipated use. The service provider 210 may wish to provide an incentive to increase the use of the computer and to also protect the investment of the service provider in the low end of use. The pay period for a computer 202 provided at low cost can be determined almost exclusively by how much the computer 202 actually uses the user or the 208 208 resources provisioned. When a user has a very low usage profile, the payment to the service provider 210 may be unacceptably long from a financial point of view. On the other hand, extremely high usage can pay the computer quickly unexpectedly. Although not necessarily bad, high-use users may be attractive targets for the competition. Therefore, it may be useful to provide usage plans that consume more value during initial use, for example, in a month, and consume value more slowly after certain levels of use are reached. This can be done in measurement circuit 454 by a simple comparison of use over a period of time. The reinforcement module 452 can be programmed to report to a request service, for example, during step 518, that a usage trigger has been reached and the subsequent use will require less value to be deducted from the balance.

Claims (31)

1. CLAIMS 1. A method for managing a computer, which includes: providing a computer, the computer that comprises a resource; provide at least one plan of use; provide information to provision a balance of value that the computer; provide a use metric corresponding to the use of the resource, allowing the resource to consume the value balance according to the use plan.
2. 2. The method of claim 1, wherein the use plan comprises real use of the resource.
3. 3. The method of claim 1, wherein the use plan comprises unlimited use of the resource during a calendar time period.
4. 4. The method of claim 1, wherein the computer further comprises a base of confidence computation. The method of claim 1, further comprising receiving a payment for use of the computer, wherein the receipt of / payment for use of the computer occurs before providing information to provision the usage metric. 6. The method of claim 1, further comprising receiving a payment for use of the computer, wherein the receipt of the payment for use of the computer occurs after providing information to provision the usage metric. The method of claim 1, further comprising validating that the information is authentic. The method of claim 1, wherein providing information for provisioning the usage metric comprises one of providing a digitally signed information packet, providing a prepaid tab, and providing a digitally signed alpha-numeric sequence. The method of claim 1, wherein providing the usage plan further comprises selecting the usage plan from a plurality of usage plans. 10. The method of claim 1, wherein providing the usage plan further comprises downloading the usage plan from a host computer. eleven . The method of claim 1, wherein the consumption of the usage metric further comprises consuming the usage metric at a variable rate according to a usage pattern specified in the usage plan. The method of claim 1, wherein the resource is one of storage devices 406 408, input / output devices 41 0 412, communications 414, application programs or application information stored in memory 404, or content of media . 13. A method for enabling the use of a computer, a computer comprising a resource, a measurement module, and a communications capability to receive a provisioning packet, the method comprising: receiving a request to provide the provisioning package; confirm a payment capacity; prepare the procurement package; and send the provisioning packet to the computer. The method of claim 1, wherein the confirmation of a payment capacity further comprises confirming the ability to pay in a funds account. The method of claim 13, wherein the confirmation of a payment capability further comprises confirming the ability to pay by authenticating a code. The method of claim 1, further comprising: collecting a payment from one of a fund account and a clearing house. 1 7. A computor configured for pay-per-use operation comprising: a resource that supports a computer function; a measurement module coupled to the resource, the measurement module to monitor the use of the resource; and a circuit coupled to the measurement module and the resource, wherein the circuit limits an operation of the computer that responds to the measurement module. The computer of claim 1 7, further comprising a provisioning circuit for accepting a provisioning message to reset the measurement module. 9. The computer of claim 18, wherein the provisioning message comprises a digitally signed message. 20. The computer of claim 17, wherein the measuring module compares a current value against a limit. twenty-one . The computer of claim 1 7, further comprising: a secure memory; and a usage plan stored in the secure memory where the measurement module triggers the circuit corresponding to a measured value and the usage plan. 22. The computer of claim 21, wherein the secure memory stores a plurality of usage plans. 23. The computer of claim 21, wherein a rate of change of the measured value varies with a level of use. 24. The computer of claim 23, wherein the level of use corresponds to one of a frequency of use and a duration of use. 25. The computer of claim 1, wherein the resource comprises one of a memory, a communication device, a computing component and an expansion component. 26. A computer-readable medium that has computer executable instructions for performing steps, including: recording use of a first resource; compare the use of the first resource against a first limit; and limiting a function of a second resource when the use of the first resource reaches the first limit. 27. The computer-readable medium of claim 26, which has additional executable computer instructions wherein the first resource is the same as the second resource. 28. The computer-readable medium of claim 26, which has additional computer executable instructions for comparing the use of the first resource against a second limit. 29. The computer-readable medium of claim 26, which has additional computer executable instructions for sending a message when the use of the first resource reaches the second limit. 30. The computer-readable medium of claim 26, which has additional executable instructions for receiving a signal, the signal that re-establishes a use value of the first resource. 31 The computer-readable medium of claim 26, which has additional computer executable instructions for recording the use of the first resource to a regime established by a usage plan.