US20030028664A1 - Method and system for secure distribution and utilization of data over a network - Google Patents

Method and system for secure distribution and utilization of data over a network Download PDF

Info

Publication number
US20030028664A1
US20030028664A1 US09/920,919 US92091901A US2003028664A1 US 20030028664 A1 US20030028664 A1 US 20030028664A1 US 92091901 A US92091901 A US 92091901A US 2003028664 A1 US2003028664 A1 US 2003028664A1
Authority
US
United States
Prior art keywords
client
token
data
certificate
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/920,919
Inventor
Kaijun Tan
Michael Cochran
Logan Badia
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS CPL USA Inc
Original Assignee
Rainbow Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rainbow Technologies Inc filed Critical Rainbow Technologies Inc
Priority to US09/920,919 priority Critical patent/US20030028664A1/en
Assigned to RAINBOW TECHNOLOGIES, INC. reassignment RAINBOW TECHNOLOGIES, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BADIA, LOGAN, COCHRAN, MICHAEL LLOYD, TAN, KAIJUN
Publication of US20030028664A1 publication Critical patent/US20030028664A1/en
Assigned to SAFENET, INC. reassignment SAFENET, INC. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: RAINBOW TECHNOLOGIES, INC.
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT FIRST LIEN PATENT SECURITY AGREEMENT Assignors: SAFENET, INC.
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT SECOND LIEN PATENT SECURITY AGREEMENT Assignors: SAFENET, INC.
Priority to US11/906,928 priority patent/US8055769B2/en
Priority to US11/906,887 priority patent/US8078725B2/en
Priority to US11/906,929 priority patent/US20080092220A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • the present invention relates to the field of data distribution and, in particular, to the secure distribution and utilization of data, such as, for example, confidential or proprietary documents or audio, video, multimedia or other entertainment content, over a network.
  • identifying data commonly known as a “digital watermark” and deriving its name from a traditional watermark seen on checks and other documents, may be added to data so that the owner, creator, distributor or other interested party may be identified within the data.
  • a digital watermark may communicate copyright information, such as the owner of the copyright to the data, when the data was first copyrighted, whom the recipient may contact in order to inquire about licensing rights, and the like.
  • U.S. Pat. No. 5,889,860 Encryption System With Transaction Coded Decryption Key.
  • a client who has chosen to purchase online data, such as a song, enters payment information and is assigned a password that is specific to the client and the transaction.
  • the password functions as a decryption key to enable use of the data by the client. Should the client improperly copy and redistribute the data and the decryption password, the copies can be traced back to the client based on client identifying information encoded in the password.
  • Embodiments of the present invention relate to methods and systems for the secure distribution and utilization of data over a network.
  • Methods according to embodiments of the present invention may include issuing a certificate and a private key to a client for identifying the client in a transaction.
  • the certificate and private key may be stored in a token used by the client during the transaction.
  • the client's identity may be verified using the certificate and a digital signature signed using the private key.
  • a message may be generated by a server and associated with the data being downloaded to the client and further associated with the token used by the client during the transaction. Once the client's identity has been verified and a message generated, data may be distributed to the client.
  • a client and a server may communicate over a secure network connection.
  • the server may issue the certificate and private key to the client.
  • the secure network connection may use a secure socket layer protocol or other secure protocol.
  • the server may ask the client to establish a password for the token.
  • the server may also ask the client to establish a password for a client account.
  • the token may interface to the client's computer.
  • the certificate and private key may be stored in the token by writing them to the token across the network.
  • the certificate and private key may be stored in the token by writing them to the token at the server computer.
  • a client may request data to be distributed from a server. Prior to distributing the data, the server may request that the client send the server the client's certificate. The server may also request that the client send the server a digital signature. The server may also request a distinguishing number of the token. Once the server has verified the client's identity, the server may generate a message associated with the data and the token and distribute the data to the client over a network.
  • a system for distributing data over a network may include a client computer for requesting data over a network, the client computer being interfaced to the network, a server computer for distributing requested data over a network, the server computer being interfaced to the network, and a token interfaced to the client computer.
  • the server computer may store the certificate and private key in the token.
  • the server computer may verify the identity of the client with the client's certificate in the token before distributing data to the client.
  • a system for distributing data over a network may further include a firewall interfaced to the network and a cryptographic processor interfaced to the server computer and the firewall.
  • a third party computer system may interface to the network.
  • the third party computer system may issue a certificate and a private key and stores them in the token.
  • FIG. 1 is a general system for the secure distribution and utilization of data over a network according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a general method for the secure distribution of data over a network according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for issuing a certificate and private key and storing them in a token according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a method for verifying the client's identity with the client's certificate, generating a message, and distributing data according to an embodiment of the present invention.
  • FIG. 5A is a flowchart of a method for utilizing data that has been downloaded to a client according to an embodiment of the present invention.
  • FIG. 5B is a flowchart of a method for verifying a digital message according to an embodiment of the present invention.
  • FIG. 6 is an alternative system for the secure distribution of data over a network according to an embodiment of the present invention.
  • FIG. 7 is an alternative system for the secure distribution of data over a network according to an embodiment of the present invention.
  • Embodiments of the invention are directed toward a method and system for the secure distribution and utilization of data over a network.
  • Embodiments of the present invention allow data, including, without limitation, data in the form of entertainment content such as audio and video, to be distributed over a network to consumers, companies or other individuals or entities while reducing the risk that such data is subsequently copied illegally or redistributed without authorization.
  • Embodiments of the invention may be implemented by individuals or large organizations. For example, embodiments of the invention may be implemented by entertainment content owners desirous of distributing music, movies, games, videos and other multimedia over networks such as the Internet.
  • FIG. 1 shows a general system configuration on which embodiments of the present invention may be implemented.
  • a client computer or other computing device 10 has a connection to a network 14 .
  • the client computer or other computing device 10 may contain, without limitation, a processor or processors, memory and other components as are common in the industry.
  • the network 14 may be a public network, a private network, or a combination thereof.
  • a client computer 10 may be connected via an Ethernet connection to a local area network (LAN), which, in turn, is connected to a larger public network, such as the Internet.
  • LAN local area network
  • the client computer 10 is a stand alone PC in the client's home and the network 14 is the Internet, the client may connect to the network 14 through an Internet Service Provider (ISP) using a standard modem connection.
  • ISP Internet Service Provider
  • a server 16 also connects to the network 14 such that the client computer 10 and the server 16 may communicate with each other over the network 14 .
  • the server 16 may contain, without limitation, a processor or processors, memory and other components as are common in the industry.
  • the token may be a discreet piece of hardware that interfaces in some manner to the computer or other computing device 10 .
  • the token 12 may be in the form of a smart card, a floppy disk, a CD-R, or a removable hard drive.
  • the token may be an IKEYTM hardware token, made by RAINBOW TECHNOLOGIES, Irvine, Calif.
  • the information in the token is difficult for a general user to read.
  • the token may be sealed within a security boundary, i.e., a physical boundary or border, outside of which it may be relatively easy to write information into the token but relatively difficult to read information from the token.
  • the token may physically protect information, such as private keys, such that the information never exits the token. Cryptographic operations associated with protected keys may be performed within the token itself.
  • the token 12 may interface to the computer 10 in a variety of ways.
  • the token 12 may interface to the computer 10 via a cable.
  • the token 12 may interface to the computer 10 via wireless link, such as, for example, an RF, optical or infrared link.
  • the token 12 may plug into a Universal Serial Bus (USB) port on the computer 10 .
  • USB Universal Serial Bus
  • the token 12 may come in a variety of sizes and form factors. For example, if the token 12 is an IKEYTM hardware token, the token 12 may be small enough and lightweight enough to placed on a key ring or other type of key holder. The token may be kept and guarded by the client, much in the same way the client would keep and guard credit cards, house keys, car keys and other valuables.
  • FIG. 2 shows a generalized method for secure data distribution according to an embodiment of the present invention.
  • an individual, a company, a distributor or some other entity in control of data and intending to distribute the data in a secure manner issues a certificate and a private key to a client requesting the data.
  • the certificate and private key are used to authenticate the client during a transaction in which the client requests data.
  • the data may consist of confidential or proprietary documents or, alternatively, may be entertainment content, such as, for example, music, a movie, multimedia or some other type of audio or video content.
  • a certificate and private key may be stored in a token used by the client at step 22 .
  • the token may be a discreet piece of hardware that interfaces in some manner to a computer or other computing device.
  • the client is then ready to download data.
  • the client may download data during the session in which the client's certificate and private key was stored in the token or during another session at a later time.
  • the client's identity may be verified by a server operated by the individual, company, distributor, or other entity using the client's certificate before distributing data at step 24 .
  • a server operated by the individual, company, distributor, or other entity using the client's certificate before distributing data at step 24 . For example, assume a client, at some time after receiving a certificate and private key, interfaces the token containing the certificate and private key to a computer and visits a music distribution company's web site. After perusing the music available for download, the client may request a download of a particular song in digital form. Prior to distributing the song to the client, the client's identity is authenticated with the client's certificate stored in the token, thereby ensuring that the downloading of data to the client is authorized.
  • a message may be generated by the server which is associated with the data requested by the client and the token used by the client when making the request.
  • the message in conjunction with the token in which a certificate has been stored, may be used to prevent illegal copying, theft, and/or subsequent distribution of the data downloaded by the client.
  • the encrypted data and the associated message are distributed to the client at step 28 .
  • the client is then free to use the data. For example, if a song in digital form has been distributed to the client, the client may listen to the song at any time, using an appropriate media player, by interfacing the token used during the session in which the distribution was made to the computer on which the song resides.
  • a certificate and private key may be issued in a variety of contexts.
  • a certificate and private key may be issued in the course of establishing an account between a content distributor and a consumer. Such would be the case, for example, if a consumer wanted to establish an account with a music distribution company.
  • the music distribution company would issue a certificate and a private key to the consumer and store them in a token used by the consumer.
  • FIG. 3 shows a detailed method of issuing a certificate and private key and storing them in a token according to an embodiment of the present invention in the general context of a content distribution company.
  • a content distribution company or other company provides a client, i.e., a consumer, with enough information necessary to establish an account between the company and the client.
  • the information may include, but is not limited to, providing a client with a company name and a web site address.
  • the company may provide this information in a variety of ways. For example, such information may be made available through a retail store. If a client is interested, for example, in purchasing music, movies or the like over a network such as the Internet and visits a retail store where the company's music, movie or other distribution services are advertised, the client may obtain a package at the retail store containing company information and instructions that direct the user to the company's web site. The client may then go to a computer or other device to access the company's web site, logon to the web site and begin the process of establishing an account with the company.
  • a retail store If a client is interested, for example, in purchasing music, movies or the like over a network such as the Internet and visits a retail store where the company's music, movie or other distribution services are advertised, the client may obtain a package at the retail store containing company information and instructions that direct the user to the company's web site. The client may then go to a computer or other device to access the company's web site, logon to the web site and
  • a secure connection may be established between the company server and the client.
  • the secure connection may be established in a variety of ways.
  • the widely-implemented Secure Socket Layer (SSL) protocol may be used in establishing a secure connection between the server and the client.
  • SSL Secure Socket Layer
  • other protocols may be used in establishing a secure connection between the server and the client.
  • the client may send the server a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the server.
  • the server may send the client a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the client.
  • the server sends the client its certificate and key exchange information.
  • the client sends the server verification of the server's certificate and key exchange information at step 34 .
  • the server and the client may compute a session key for the session at step 36 . After the session key has been computed, a secure connection between the server and the client will have been established.
  • the server may request and the client may send to the server a variety of information, such as, for example, a user name, a password for an account, a credit card number and any other information, such as, for example, addresses, telephone numbers and the like, which may be necessary for the client to establish an account with the company as determined by the company, all of which will have been encrypted with the session key.
  • the server may verify the client's credit card number and establish an account for the client at step 40 .
  • terms of the account may also be established.
  • the client may choose a variety of payment methods.
  • the client may choose to have his credit card charged a monthly fee for a predetermined number of downloads.
  • the client may choose to have his credit card charged per download.
  • the client and the company may establish any payment method suitable to both parties.
  • the duration for which a song may be enabled for listening may depend on the amount of money a client has paid for the song.
  • a small fee charged to the client's credit card may enable the client to listen to the song for a predetermined period of time.
  • a larger fee charged to the client's credit card may enable the client to listen to the song for an unlimited period of time.
  • the client and the company may establish any terms suitable to both parties.
  • the server may generate a private key for the client, issue a certificate for the client, encrypt both of them with the session key, and store the private key and the client certificate in the client's token at step 42 .
  • the server may store the private key and the client certificate in the client's token in a variety of ways. For example, if the chosen token is an IKEYTM hardware token, the token is lightweight and portable, and may be easily included in the package obtained by the client at a retail store.
  • the server may direct the client to insert the token into a port on the computer or other device used for the session.
  • the port may connect to a serial bus such as the USB.
  • the server may store the private key and the client certificate directly into the token by sending the private key and the client certificate in encrypted form to the token over the network.
  • the server may store the private key and the client certificate into the token at the server location.
  • the token may then be sent to the client using regular mail or delivery services.
  • the client may download a media player or other enabling player into the client computer or other device used by the client to utilize downloaded data at step 44 .
  • the client is then ready to purchase data over a network and listen to, watch, play, read or utilize in any way, as the case may be, the data downloaded from the server.
  • FIG. 4 shows a detailed method according to an embodiment of the present invention of verifying a client's identity with a certificate stored in a token; generating a message associated with data requested by the client and the token used by the client; and distributing the data and the associated message to the client in response to a request by the client to purchase data.
  • the client and the server may authenticate each other.
  • the authentication between the client and the server may be accomplished in a variety of ways.
  • a variety of protocols may be used for the authentication process.
  • the SSL protocol may be used for authentication between the server and the client.
  • the client may send the server a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the server.
  • the server may send the client a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the client.
  • the server may send a client a server certificate so that the client may verify the identity of the server at step 50 . Additionally, the server may request that the client send the client's certificate to the server so that the server may verify the identity of the client.
  • the client sends the server the client certificate that was issued to the client when the client first established an account with the content distribution company.
  • the client may also send the server a verification of the server identity with the server's certificate, thereby notifying the server that the client recognizes the identity of the server.
  • the token used by the client during the transaction may be marked with a distinguishing number.
  • the distinguishing number may be a permanent marking on the token to identify the token.
  • the distinguishing number may be assigned by the token manufacturer at the time of token fabrication. Thus, the token distinguishing number may not be modified or removed from the token and serves to identify the token during its lifetime.
  • the client may also send the token distinguishing number to the server. If desired, the server may verify the token distinguishing number sent by the client during the current session with the token distinguishing number sent by the client when the account was established, thereby giving the server a heightened sense of security in identifying and verifying the client requesting the download.
  • the server verifies identity of the client with the client certificate at step 54 .
  • a symmetrical key may be generated by the server at step 56 , thereby establishing a secure connection and allowing data to be transferred from server to client in a secure, encrypted manner.
  • the symmetrical key may be generated randomly.
  • the server computes a digital message for the data requested by the client and the client token at step 58 .
  • the digital message is, thereafter, associated with the data requested by the client and the token used during the session and serves to permanently link the data requested by the client with the token used during the session.
  • the digital message may take a variety of forms.
  • the digital message may be computed using a public key (asymmetric) cryptographic algorithm and may contain a variety of information, including, without limitation, an identification number of the data the period of time for which the data may be used by the client, the distinguishing number of the token used during the session in which the data was requested or downloaded, and the symmetrical key used to encrypt the data when sent from the server to the client over a network.
  • a public key asymmetric
  • the digital message according to an embodiment of the present invention may be in the form of:
  • D is the asymmetric cryptography decryption process using a private key
  • E is the asymmetric cryptography encryption process using a public key
  • DID is the identification number of the data
  • T is the period of time for which the data may be used by the client
  • DN is the distinguishing number of the token used during the session in which the data was requested or downloaded
  • S is the symmetrical key used to encrypt the data when sent from the server to the client over a network
  • pukc is the public key of the client
  • prkd is the private key of the server.
  • the server encrypts the data using the symmetrical key and sends it and the digital message to the client at step 60 .
  • the client then may use the data in a desired manner or store the data for use at a subsequent time.
  • FIG. 5A shows a method of using data that has been downloaded from a server according to an embodiment of the present invention.
  • the client may wish to listen to the song at some point.
  • the client may open the requisite media player and the file containing the song data and the digital message that was downloaded in digital form from the music distributor's server.
  • the media player resident in the client computer may ask the client for a token.
  • the client would then interface his token to the computer or other device currently being used. If, for example, the client is using an IKEYTM hardware token, the token may be inserted directly into a USB port of the computer or other device being used by the client.
  • the media player reads the distinguishing number (DN) of the token.
  • the media player verifies the digital message that was sent with the downloaded data, the details of which are explained below, with the public key of the distributor's server. Once the digital message has been verified, the media player plays the downloaded data.
  • the media player verifies the DN of the token with the DN that is part of the digital message. If the DN of the token matches the DN of the digital message, the media player then checks the time period associated with the data at step 74 to determine if the client is permitted to play the file according to the terms of the purchase agreement. If the client is within the allowable time period, the media player uses the private key from the token to decrypt the encrypted symmetrical key that was used to transfer data over the network between the server and the client at step 76 . The media player may read the private key from the token.
  • the media player may send the encrypted symmetrical key to the token so that it may be decrypted with the private key. Armed with the symmetrical key, the media player then decrypts the data that was downloaded at step 78 .
  • steps 72 through 78 are successful, i.e., if all compared values are equal and the encrypted symmetrical key and data can be properly decrypted, the media player may then play the file for the enjoyment of the client at step 80 .
  • the methods and systems according to embodiments of the present invention may deter illegal copying or redistribution of data in a variety of ways. If the DN of the token does not match the DN of the data, which may occur if a token has been stolen or the data has been copied and sent to another client having another token, the media player will not play the file. In addition, if the time period for which the file may be played has expired, or if the time period for which the file may be played has not yet started, such as in the case where a file is downloaded at a particular time for use at a future time, the media player will not play the file.
  • the client generally will be aware of such modification because the data, in its modified form, will not be usable to the client.
  • the client may then have the option of sending the digital message back to the server and ask the server to re-send the data to the client.
  • the server can determine what data to send back to the client by using the DID in the digital message.
  • the client may so notify the server that the token has been lost or stolen.
  • the server may then revoke the client's certificate.
  • the token which stores the client's certificate, will be rejected by the server.
  • the token storing the certificate will be essentially useless, thereby adding yet another layer of protection afforded by the methods and systems according to embodiments of the present invention.
  • use of the token by a third party who has stolen or otherwise illegally obtained the token may be further prevented by utilizing a password protection system with the token.
  • a password protection system with the token.
  • the client when a client establishes an account with a server, the client may be required to furnish to the server a password for the account. The client may also be require to enter a password for the token. If a token has been stolen by a third party, the third party will not have knowledge of the password, thereby making it difficult for the third party to use the stolen token to purchase data.
  • FIGS. 5A and 5B The method of verifying a digital message and playing a downloaded file shown in FIGS. 5A and 5B are representative embodiments of the present invention. Other information may be included in the digital message and other methods according to embodiments of the present invention may be used to verify the digital message and utilize downloaded data.
  • FIG. 6 shows an alternative system according to embodiments of the present invention.
  • a client computer or other computing device 10 connects to a network 14 .
  • Connected to the client computer or other computing device 10 is a token 12 .
  • a firewall 18 connects to the network 14 as an added layer of protection for the server 16 .
  • a cryptographic processor 15 may be connected between the firewall 18 and the server 16 .
  • the cryptographic processor 15 may handle some or all of the cryptographic and other functions performed by embodiments of the invention.
  • the cryptographic processor 15 may function as a certificate authority.
  • the cryptographic processor 15 may perform all of the functions necessary when establishing a secure connection between a server and a client, may generate digital messages and may encrypt data.
  • the server 16 may also be supplemented by a data base 17 .
  • the data base 17 may store account numbers, passwords, and any other of a variety of information required by a distributor to implement the particular embodiment of the present invention.
  • FIG. 7 shows an alternative system according to embodiments of the present invention.
  • a client computer or other computing device 10 connects to a network 14 .
  • a token 12 Connected to the client computer or other computing device 10 is a token 12 .
  • a third party certificate authority 13 is also connected to the network.
  • the third party certificate authority 13 may provide a variety of functions, including, without limitation, verifying clients, issuing client certificates, preliminarily establishing client accounts, and the like. The performance of such functions by the third party certificate authority may relieve the burden of these functions from the distributor's server, thereby allowing the server to focus its activities on downloading data requests made by clients.
  • the computer or other computing device 10 may be implemented in a variety of ways.
  • the computer or other computing device 10 may be a portable device such as a PALMTM handheld or other portable device.
  • the portable device or other handheld may have a wireless connection to a network.
  • embodiments of the present invention may by implemented on a handheld device with a wireless connection to the Internet.
  • Clients who are interested in, for example, downloading music from the Internet could interface their tokens to the handheld device and download music to the handheld device. If the handheld device is equipped with audio processing hardware, cryptographic capabilities, and an interface for the token, a media player on the handheld device could play the downloaded music file, thereby allowing the client to listen to music virtually anywhere.
  • downloaded data is not limited to entertainment content.
  • a variety of data may be downloaded according to embodiments of the present invention, including, without limitation, software, consumer information, account information, or other data.

Abstract

A method and system for the secure distribution and utilization of data over a network. A server computer may issue a certificate and a private key to a client for identifying the client in a transaction. The certificate and the private key may be stored in a token used by the client during a transaction. The server may verify a digital signature using the certificate stored in the token before distributing data to the client. The server may also generate a message associated with the data being downloaded to the client and associated with the token used by the client during a transaction.

Description

    BACKGROUND
  • 1. Field of the Invention [0001]
  • The present invention relates to the field of data distribution and, in particular, to the secure distribution and utilization of data, such as, for example, confidential or proprietary documents or audio, video, multimedia or other entertainment content, over a network. [0002]
  • 2. Description of Related Art [0003]
  • The ease with which data may be copied and distributed over public and private networks has been a major impediment to the widespread use of networks as a medium for the sale and distribution of data. In particular, the inability to prevent the illegal copying and/or distribution of copyrighted material or the pilfering of proprietary documents has thwarted the commercial use of networks as a viable sales and distribution channel. [0004]
  • In the area of entertainment content, copyright violations have been particularly egregious. The illegal copying and distribution of copyrighted material has gone virtually unchecked, with little recourse to the copyright owners. The recent decision of a federal court to issue an injunction shutting down the song-swapping web site NAPSTER is further indication that, up to the present time, little has be done to prevent illegal copying and distributing over public networks except to prevent use of the network for transmission of copyrighted material altogether. Thus, content owners are still not able to tap the massive markets that exist for online sale and distribution of audio, video, multimedia and other entertainment content. [0005]
  • In addition, the exchange of confidential or proprietary data over public networks such as the Internet, although being tremendously convenient and offering tremendous savings in time and money, has still not been fully embraced by businesses and other networking communities due to concerns over privacy and confidentiality. The ever-present threat of pilfering of such data has prompted many businesses and organizations to recommend that such data be exchanged by means other than an electronic network. [0006]
  • The security, privacy and confidentiality issues associated with data or content distribution over a network have been addressed by several techniques, all with limited success. For example, one of the first techniques to address the distribution of data and content over public networks involved encryption/decryption. In an effort to prevent unauthorized access to data being sent over a network, data may be encrypted in such a manner that it can be decrypted only by the recipient. While this technique may be effective to prevent hacking during transmission of the data, encryption/decryption techniques do nothing to prevent illegal copying and redistribution of the data once the data has been decrypted by the recipient. [0007]
  • Other techniques have sought to prevent illegal copying and distribution of data over networks by identifying the owner of the data within the data itself. For example, certain identifying data, commonly known as a “digital watermark” and deriving its name from a traditional watermark seen on checks and other documents, may be added to data so that the owner, creator, distributor or other interested party may be identified within the data. In addition, a digital watermark may communicate copyright information, such as the owner of the copyright to the data, when the data was first copyrighted, whom the recipient may contact in order to inquire about licensing rights, and the like. [0008]
  • Unfortunately, digital watermarking alone has been insufficient to prevent widespread illegal copying and distributing of copyrighted material. Many in the networking community simply ignore digital watermarks. Moreover, enforcement by copyright owners using digital watermarks alone is tremendously difficult. Even if an unscrupulous user of copyrighted material is aware of a digital watermark, the user can copy and redistribute the data hundreds and even thousands of times without knowledge by the copyright owner. There is little the copyright owner can do to prevent this. [0009]
  • One technique for monitoring the distribution of information that is accessible through a public network is disclosed in U.S. Pat. No. 5,889,860, Encryption System With Transaction Coded Decryption Key. According to the '860 patent, a client who has chosen to purchase online data, such as a song, enters payment information and is assigned a password that is specific to the client and the transaction. The password functions as a decryption key to enable use of the data by the client. Should the client improperly copy and redistribute the data and the decryption password, the copies can be traced back to the client based on client identifying information encoded in the password. [0010]
  • Although possibly effective for identifying clients who have copied and redistributed data, the technique of U.S. Pat. No. 5,889,860 offers no method of enforcement. Similar to the case of digital watermarking, many clients are unconcerned that information identifying them is passed along with the data to unauthorized third parties. As far as the copyright owner is concerned, it is tremendously difficult to determine that data is being copied and redistributed over a public network and, even if it were not difficult, the volume typically associated with the illegal copying and redistributing of popular data is so great that any practical attempts to enforce copyrights would currently be futile. [0011]
  • SUMMARY OF THE DISCLOSURE
  • Embodiments of the present invention relate to methods and systems for the secure distribution and utilization of data over a network. Methods according to embodiments of the present invention may include issuing a certificate and a private key to a client for identifying the client in a transaction. The certificate and private key may be stored in a token used by the client during the transaction. Before distributing data to the client, the client's identity may be verified using the certificate and a digital signature signed using the private key. [0012]
  • A message may be generated by a server and associated with the data being downloaded to the client and further associated with the token used by the client during the transaction. Once the client's identity has been verified and a message generated, data may be distributed to the client. [0013]
  • A client and a server may communicate over a secure network connection. Using the secure network connection, the server may issue the certificate and private key to the client. The secure network connection may use a secure socket layer protocol or other secure protocol. Prior to issuing a certificate and private key and storing them in the client's token, the server may ask the client to establish a password for the token. The server may also ask the client to establish a password for a client account. [0014]
  • The token may interface to the client's computer. The certificate and private key may be stored in the token by writing them to the token across the network. Alternatively, the certificate and private key may be stored in the token by writing them to the token at the server computer. [0015]
  • A client may request data to be distributed from a server. Prior to distributing the data, the server may request that the client send the server the client's certificate. The server may also request that the client send the server a digital signature. The server may also request a distinguishing number of the token. Once the server has verified the client's identity, the server may generate a message associated with the data and the token and distribute the data to the client over a network. [0016]
  • A system for distributing data over a network according to embodiments of the present invention may include a client computer for requesting data over a network, the client computer being interfaced to the network, a server computer for distributing requested data over a network, the server computer being interfaced to the network, and a token interfaced to the client computer. The server computer may store the certificate and private key in the token. Furthermore, the server computer may verify the identity of the client with the client's certificate in the token before distributing data to the client. [0017]
  • A system for distributing data over a network according to embodiments of the present invention may further include a firewall interfaced to the network and a cryptographic processor interfaced to the server computer and the firewall. [0018]
  • According to embodiments of the present invention, a third party computer system may interface to the network. The third party computer system may issue a certificate and a private key and stores them in the token. [0019]
  • These and other objects, features, and advantages of embodiments of the invention will be apparent to those skilled in the art from the following detailed description of embodiments of the invention when read with the drawings and appended claims.[0020]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a general system for the secure distribution and utilization of data over a network according to an embodiment of the present invention. [0021]
  • FIG. 2 is a flowchart of a general method for the secure distribution of data over a network according to an embodiment of the present invention. [0022]
  • FIG. 3 is a flowchart of a method for issuing a certificate and private key and storing them in a token according to an embodiment of the present invention. [0023]
  • FIG. 4 is a flowchart of a method for verifying the client's identity with the client's certificate, generating a message, and distributing data according to an embodiment of the present invention. [0024]
  • FIG. 5A is a flowchart of a method for utilizing data that has been downloaded to a client according to an embodiment of the present invention. [0025]
  • FIG. 5B is a flowchart of a method for verifying a digital message according to an embodiment of the present invention. [0026]
  • FIG. 6 is an alternative system for the secure distribution of data over a network according to an embodiment of the present invention. [0027]
  • FIG. 7 is an alternative system for the secure distribution of data over a network according to an embodiment of the present invention.[0028]
  • DETAILED DESCRIPTION
  • In the following description of preferred embodiments, reference is made to the accompanying drawings which form a part hereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is to be understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the preferred embodiments of the present invention. [0029]
  • Embodiments of the invention are directed toward a method and system for the secure distribution and utilization of data over a network. Embodiments of the present invention allow data, including, without limitation, data in the form of entertainment content such as audio and video, to be distributed over a network to consumers, companies or other individuals or entities while reducing the risk that such data is subsequently copied illegally or redistributed without authorization. Embodiments of the invention may be implemented by individuals or large organizations. For example, embodiments of the invention may be implemented by entertainment content owners desirous of distributing music, movies, games, videos and other multimedia over networks such as the Internet. [0030]
  • Embodiments of the present invention may be implemented in a variety of ways. FIG. 1 shows a general system configuration on which embodiments of the present invention may be implemented. A client computer or [0031] other computing device 10 has a connection to a network 14. The client computer or other computing device 10 may contain, without limitation, a processor or processors, memory and other components as are common in the industry.
  • The [0032] network 14 may be a public network, a private network, or a combination thereof. For example, in a typical workplace environment, a client computer 10 may be connected via an Ethernet connection to a local area network (LAN), which, in turn, is connected to a larger public network, such as the Internet. Alternatively, if the client computer 10 is a stand alone PC in the client's home and the network 14 is the Internet, the client may connect to the network 14 through an Internet Service Provider (ISP) using a standard modem connection.
  • A [0033] server 16 also connects to the network 14 such that the client computer 10 and the server 16 may communicate with each other over the network 14. The server 16 may contain, without limitation, a processor or processors, memory and other components as are common in the industry.
  • Interfaced to the client computer or [0034] other computing device 10 is a token 12. The token may be a discreet piece of hardware that interfaces in some manner to the computer or other computing device 10. For example, the token 12 may be in the form of a smart card, a floppy disk, a CD-R, or a removable hard drive. Alternatively, the token may be an IKEY™ hardware token, made by RAINBOW TECHNOLOGIES, Irvine, Calif. In one embodiment of the invention, the information in the token is difficult for a general user to read. In addition, the token may be sealed within a security boundary, i.e., a physical boundary or border, outside of which it may be relatively easy to write information into the token but relatively difficult to read information from the token. Thus, the token may physically protect information, such as private keys, such that the information never exits the token. Cryptographic operations associated with protected keys may be performed within the token itself.
  • The token [0035] 12 may interface to the computer 10 in a variety of ways. For example, the token 12 may interface to the computer 10 via a cable. Alternatively, the token 12 may interface to the computer 10 via wireless link, such as, for example, an RF, optical or infrared link. If, for example, the token 12 is an IKEY™ hardware token, the token 12 may plug into a Universal Serial Bus (USB) port on the computer 10.
  • The token [0036] 12 may come in a variety of sizes and form factors. For example, if the token 12 is an IKEY™ hardware token, the token 12 may be small enough and lightweight enough to placed on a key ring or other type of key holder. The token may be kept and guarded by the client, much in the same way the client would keep and guard credit cards, house keys, car keys and other valuables.
  • FIG. 2 shows a generalized method for secure data distribution according to an embodiment of the present invention. At [0037] step 20, an individual, a company, a distributor or some other entity in control of data and intending to distribute the data in a secure manner issues a certificate and a private key to a client requesting the data. The certificate and private key are used to authenticate the client during a transaction in which the client requests data. The data may consist of confidential or proprietary documents or, alternatively, may be entertainment content, such as, for example, music, a movie, multimedia or some other type of audio or video content.
  • Once a certificate and private key has been issued to a client at [0038] step 20, they may be stored in a token used by the client at step 22. As stated previously, the token may be a discreet piece of hardware that interfaces in some manner to a computer or other computing device.
  • Once a certificate and private key identifying a client have been stored in the token at [0039] step 22, the client is then ready to download data. The client may download data during the session in which the client's certificate and private key was stored in the token or during another session at a later time. Whenever the client is ready to download data, the client's identity may be verified by a server operated by the individual, company, distributor, or other entity using the client's certificate before distributing data at step 24. For example, assume a client, at some time after receiving a certificate and private key, interfaces the token containing the certificate and private key to a computer and visits a music distribution company's web site. After perusing the music available for download, the client may request a download of a particular song in digital form. Prior to distributing the song to the client, the client's identity is authenticated with the client's certificate stored in the token, thereby ensuring that the downloading of data to the client is authorized.
  • Once the client's identity is verified with the certificate, at step [0040] 26 a message may be generated by the server which is associated with the data requested by the client and the token used by the client when making the request. As will be explained in greater detail below, the message, in conjunction with the token in which a certificate has been stored, may be used to prevent illegal copying, theft, and/or subsequent distribution of the data downloaded by the client.
  • After the message is generated at [0041] step 26, the encrypted data and the associated message are distributed to the client at step 28. The client is then free to use the data. For example, if a song in digital form has been distributed to the client, the client may listen to the song at any time, using an appropriate media player, by interfacing the token used during the session in which the distribution was made to the computer on which the song resides.
  • A certificate and private key may be issued in a variety of contexts. For example, a certificate and private key may be issued in the course of establishing an account between a content distributor and a consumer. Such would be the case, for example, if a consumer wanted to establish an account with a music distribution company. According to an embodiment of the present invention, the music distribution company would issue a certificate and a private key to the consumer and store them in a token used by the consumer. FIG. 3 shows a detailed method of issuing a certificate and private key and storing them in a token according to an embodiment of the present invention in the general context of a content distribution company. [0042]
  • At [0043] step 30, a content distribution company or other company provides a client, i.e., a consumer, with enough information necessary to establish an account between the company and the client. The information may include, but is not limited to, providing a client with a company name and a web site address.
  • The company may provide this information in a variety of ways. For example, such information may be made available through a retail store. If a client is interested, for example, in purchasing music, movies or the like over a network such as the Internet and visits a retail store where the company's music, movie or other distribution services are advertised, the client may obtain a package at the retail store containing company information and instructions that direct the user to the company's web site. The client may then go to a computer or other device to access the company's web site, logon to the web site and begin the process of establishing an account with the company. [0044]
  • Once the client has logged on to the company web site, a secure connection may be established between the company server and the client. The secure connection may be established in a variety of ways. For example, the widely-implemented Secure Socket Layer (SSL) protocol may be used in establishing a secure connection between the server and the client. Alternatively, other protocols may be used in establishing a secure connection between the server and the client. When establishing a secure connection between the server and the client using SSL, the client may send the server a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the server. In turn, the server may send the client a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the client. [0045]
  • Regardless of any protocol used for the connection between the client and the server, at [0046] step 32, the server sends the client its certificate and key exchange information. In turn, the client sends the server verification of the server's certificate and key exchange information at step 34. Subsequently, the server and the client may compute a session key for the session at step 36. After the session key has been computed, a secure connection between the server and the client will have been established.
  • Once the session key has been computed and a secure connection established, at [0047] step 38 the server may request and the client may send to the server a variety of information, such as, for example, a user name, a password for an account, a credit card number and any other information, such as, for example, addresses, telephone numbers and the like, which may be necessary for the client to establish an account with the company as determined by the company, all of which will have been encrypted with the session key. Once the server has obtained the requisite information from the client, the server may verify the client's credit card number and establish an account for the client at step 40.
  • During this time, terms of the account may also be established. For example, if the company distributes music over a network, the client may choose a variety of payment methods. The client may choose to have his credit card charged a monthly fee for a predetermined number of downloads. Alternatively, the client may choose to have his credit card charged per download. The client and the company may establish any payment method suitable to both parties. [0048]
  • Other terms of the account may also be established at this time. For example, in the case of a music distribution company, the duration for which a song may be enabled for listening may depend on the amount of money a client has paid for the song. A small fee charged to the client's credit card may enable the client to listen to the song for a predetermined period of time. A larger fee charged to the client's credit card may enable the client to listen to the song for an unlimited period of time. As with the payment methods, the client and the company may establish any terms suitable to both parties. [0049]
  • Subsequent to the establishment of the account, the server may generate a private key for the client, issue a certificate for the client, encrypt both of them with the session key, and store the private key and the client certificate in the client's token at [0050] step 42. The server may store the private key and the client certificate in the client's token in a variety of ways. For example, if the chosen token is an IKEY™ hardware token, the token is lightweight and portable, and may be easily included in the package obtained by the client at a retail store. Thus, subsequent to account establishment, the server may direct the client to insert the token into a port on the computer or other device used for the session. The port may connect to a serial bus such as the USB. Thus, with the token connected to a USB port of the device being used by the client, the server may store the private key and the client certificate directly into the token by sending the private key and the client certificate in encrypted form to the token over the network.
  • Alternatively, the server may store the private key and the client certificate into the token at the server location. The token may then be sent to the client using regular mail or delivery services. [0051]
  • Once a private key and client certificate have been stored in the client's token, the client may download a media player or other enabling player into the client computer or other device used by the client to utilize downloaded data at [0052] step 44. The client is then ready to purchase data over a network and listen to, watch, play, read or utilize in any way, as the case may be, the data downloaded from the server.
  • FIG. 4 shows a detailed method according to an embodiment of the present invention of verifying a client's identity with a certificate stored in a token; generating a message associated with data requested by the client and the token used by the client; and distributing the data and the associated message to the client in response to a request by the client to purchase data. [0053]
  • Once a client has decided to purchase or lease data over a network, whether such data be in the form of entertainment content or otherwise, and has logged on to a company web site, the client and the server may authenticate each other. The authentication between the client and the server may be accomplished in a variety of ways. A variety of protocols may be used for the authentication process. As before, for example, the SSL protocol may be used for authentication between the server and the client. The client may send the server a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the server. In turn, the server may send the client a protocol version number, a session identifier, cipher settings, random numbers, and other information necessary for communicating with the client. [0054]
  • The server may send a client a server certificate so that the client may verify the identity of the server at [0055] step 50. Additionally, the server may request that the client send the client's certificate to the server so that the server may verify the identity of the client.
  • At [0056] step 52, the client sends the server the client certificate that was issued to the client when the client first established an account with the content distribution company. The client may also send the server a verification of the server identity with the server's certificate, thereby notifying the server that the client recognizes the identity of the server.
  • Also, the token used by the client during the transaction may be marked with a distinguishing number. The distinguishing number may be a permanent marking on the token to identify the token. The distinguishing number may be assigned by the token manufacturer at the time of token fabrication. Thus, the token distinguishing number may not be modified or removed from the token and serves to identify the token during its lifetime. At [0057] step 52, the client may also send the token distinguishing number to the server. If desired, the server may verify the token distinguishing number sent by the client during the current session with the token distinguishing number sent by the client when the account was established, thereby giving the server a heightened sense of security in identifying and verifying the client requesting the download.
  • Once the client sends the server the client certificate, server certificate verification and token distinguishing number, the server verifies identity of the client with the client certificate at [0058] step 54. Once the client's identity has been verified, a symmetrical key may be generated by the server at step 56, thereby establishing a secure connection and allowing data to be transferred from server to client in a secure, encrypted manner. The symmetrical key may be generated randomly.
  • Once the symmetrical key has been generated, the server computes a digital message for the data requested by the client and the client token at [0059] step 58. The digital message is, thereafter, associated with the data requested by the client and the token used during the session and serves to permanently link the data requested by the client with the token used during the session. The digital message may take a variety of forms. For example, the digital message may be computed using a public key (asymmetric) cryptographic algorithm and may contain a variety of information, including, without limitation, an identification number of the data the period of time for which the data may be used by the client, the distinguishing number of the token used during the session in which the data was requested or downloaded, and the symmetrical key used to encrypt the data when sent from the server to the client over a network. In notation form, the digital message according to an embodiment of the present invention may be in the form of:
  • D(DID+T+DN+E(S)pukc)prkd
  • where D is the asymmetric cryptography decryption process using a private key, E is the asymmetric cryptography encryption process using a public key, DID is the identification number of the data, T is the period of time for which the data may be used by the client, DN is the distinguishing number of the token used during the session in which the data was requested or downloaded, S is the symmetrical key used to encrypt the data when sent from the server to the client over a network, pukc is the public key of the client and prkd is the private key of the server. [0060]
  • Once the digital message has been computed, the server encrypts the data using the symmetrical key and sends it and the digital message to the client at step [0061] 60. The client then may use the data in a desired manner or store the data for use at a subsequent time.
  • FIG. 5A shows a method of using data that has been downloaded from a server according to an embodiment of the present invention. If, for example, the client has downloaded a song in digital form, the client may wish to listen to the song at some point. Thus, at [0062] step 64 the client may open the requisite media player and the file containing the song data and the digital message that was downloaded in digital form from the music distributor's server. At step 66, the media player resident in the client computer may ask the client for a token. Thus, the client would then interface his token to the computer or other device currently being used. If, for example, the client is using an IKEY™ hardware token, the token may be inserted directly into a USB port of the computer or other device being used by the client.
  • At [0063] step 68, the media player reads the distinguishing number (DN) of the token. Next, at step 70, the media player verifies the digital message that was sent with the downloaded data, the details of which are explained below, with the public key of the distributor's server. Once the digital message has been verified, the media player plays the downloaded data.
  • Details of the digital message verification of [0064] step 70 may be seen in FIG. 5B. According to an embodiment of the present invention, at step 72, the media player verifies the DN of the token with the DN that is part of the digital message. If the DN of the token matches the DN of the digital message, the media player then checks the time period associated with the data at step 74 to determine if the client is permitted to play the file according to the terms of the purchase agreement. If the client is within the allowable time period, the media player uses the private key from the token to decrypt the encrypted symmetrical key that was used to transfer data over the network between the server and the client at step 76. The media player may read the private key from the token. Alternatively, if the token is equipped with cryptographic processing capabilities, the media player may send the encrypted symmetrical key to the token so that it may be decrypted with the private key. Armed with the symmetrical key, the media player then decrypts the data that was downloaded at step 78.
  • If [0065] steps 72 through 78 are successful, i.e., if all compared values are equal and the encrypted symmetrical key and data can be properly decrypted, the media player may then play the file for the enjoyment of the client at step 80.
  • Thus, the methods and systems according to embodiments of the present invention may deter illegal copying or redistribution of data in a variety of ways. If the DN of the token does not match the DN of the data, which may occur if a token has been stolen or the data has been copied and sent to another client having another token, the media player will not play the file. In addition, if the time period for which the file may be played has expired, or if the time period for which the file may be played has not yet started, such as in the case where a file is downloaded at a particular time for use at a future time, the media player will not play the file. [0066]
  • If the data has been modified in any way, which may be the result of unscrupulous users attempting to circumvent the system by tampering with the data, the client generally will be aware of such modification because the data, in its modified form, will not be usable to the client. The client may then have the option of sending the digital message back to the server and ask the server to re-send the data to the client. The server can determine what data to send back to the client by using the DID in the digital message. [0067]
  • Furthermore, if downloaded data and the associated digital message is stolen from a client by an unscrupulous client having his own token, the file will still not play because only the private key from the original client's token can decrypt the encrypted symmetrical key when the symmetrical key is decrypted by the media player. In addition, the digital message cannot be forged by a third party since it was encrypted using the private key of the server. [0068]
  • According to further embodiments of the invention, if a client should lose the token or have the token stolen, the client may so notify the server that the token has been lost or stolen. The server may then revoke the client's certificate. Thus, should a third party attempt to use the token after the server has revoked the client's certificate, the token, which stores the client's certificate, will be rejected by the server. Thus, after a certificate has been revoked, the token storing the certificate will be essentially useless, thereby adding yet another layer of protection afforded by the methods and systems according to embodiments of the present invention. [0069]
  • In addition, use of the token by a third party who has stolen or otherwise illegally obtained the token may be further prevented by utilizing a password protection system with the token. As explained previously, when a client establishes an account with a server, the client may be required to furnish to the server a password for the account. The client may also be require to enter a password for the token. If a token has been stolen by a third party, the third party will not have knowledge of the password, thereby making it difficult for the third party to use the stolen token to purchase data. [0070]
  • The method of verifying a digital message and playing a downloaded file shown in FIGS. 5A and 5B are representative embodiments of the present invention. Other information may be included in the digital message and other methods according to embodiments of the present invention may be used to verify the digital message and utilize downloaded data. [0071]
  • Systems implementing embodiments of the present invention need not be limited to the system shown in FIG. 1. For example, FIG. 6 shows an alternative system according to embodiments of the present invention. A client computer or [0072] other computing device 10 connects to a network 14. Connected to the client computer or other computing device 10 is a token 12. A firewall 18 connects to the network 14 as an added layer of protection for the server 16. In addition, a cryptographic processor 15 may be connected between the firewall 18 and the server 16. The cryptographic processor 15 may handle some or all of the cryptographic and other functions performed by embodiments of the invention. For example, the cryptographic processor 15 may function as a certificate authority. In addition, the cryptographic processor 15 may perform all of the functions necessary when establishing a secure connection between a server and a client, may generate digital messages and may encrypt data.
  • The [0073] server 16 may also be supplemented by a data base 17. The data base 17 may store account numbers, passwords, and any other of a variety of information required by a distributor to implement the particular embodiment of the present invention.
  • FIG. 7 shows an alternative system according to embodiments of the present invention. A client computer or [0074] other computing device 10 connects to a network 14. Connected to the client computer or other computing device 10 is a token 12. Also connected to the network is a third party certificate authority 13. The third party certificate authority 13 may provide a variety of functions, including, without limitation, verifying clients, issuing client certificates, preliminarily establishing client accounts, and the like. The performance of such functions by the third party certificate authority may relieve the burden of these functions from the distributor's server, thereby allowing the server to focus its activities on downloading data requests made by clients.
  • The computer or [0075] other computing device 10 may be implemented in a variety of ways. For example, the computer or other computing device 10 may be a portable device such as a PALM™ handheld or other portable device. The portable device or other handheld may have a wireless connection to a network. For example, embodiments of the present invention may by implemented on a handheld device with a wireless connection to the Internet. Clients who are interested in, for example, downloading music from the Internet could interface their tokens to the handheld device and download music to the handheld device. If the handheld device is equipped with audio processing hardware, cryptographic capabilities, and an interface for the token, a media player on the handheld device could play the downloaded music file, thereby allowing the client to listen to music virtually anywhere.
  • Moreover, downloaded data is not limited to entertainment content. A variety of data may be downloaded according to embodiments of the present invention, including, without limitation, software, consumer information, account information, or other data. [0076]
  • While particular embodiments of the present invention have been shown and described, it will be obvious to those skilled in the art that the invention is not limited to the particular embodiments shown and described and that changes and modifications may be made without departing from the spirit and scope of the appended claims. [0077]

Claims (32)

What is claimed is:
1. A method for distributing data over a network comprising:
issuing a certificate and a private key to a client for identifying the client in a transaction;
storing the certificate and the private key in a token used by the client during a transaction;
verifying a digital signature using the certificate stored in the token before distributing data to the client;
generating a message associated with the data being downloaded to the client and associated with the token used by the client during a transaction; and
distributing the data and the associated message to the client.
2. The method of claim 1, further comprising providing the client with information necessary for establishing an account.
3. The method of claim 2, further comprising providing the client with the token.
4. A method for distributing data over a network comprising:
establishing a secure connection between a client and a server;
issuing a certificate and a private key to the client for identifying the client in a transaction; and
storing the certificate and the private key in a token used by the client during a transaction.
5. The method of claim 4, further comprising distributing data to the client.
6. The method of claim 5, further comprising requesting information from the client for establishing an account.
7. The method of claim 4, wherein establishing a secure connection comprises establishing a secure connection using a security protocol.
8. The method of claim 7, wherein the security protocol is the secure socket layer protocol.
9. The method of claim 6, wherein requesting information comprises requesting a credit card number.
10. The method of claim 6, wherein requesting information comprises requesting a password.
11. The method of claim 4, wherein storing the certificate comprises:
interfacing the token to a client computer; and
writing the certificate and the private key to the token across the network.
12. The method of claim 4, wherein storing the certificate comprises:
interfacing the token to a server computer; and
writing the certificate to the token at the server computer.
13. The method of claim 5, wherein distributing data to the client comprises distributing a media player.
14. A method for distributing data over a network comprising:
establishing a secure connection between a client and a server;
receiving a request from the client for data to be downloaded;
generating a message associated with the data being downloaded to the client and associated with a token used by the client; and
distributing the data and the associated message to the client.
15. The method of claim 14, wherein establishing a secure connection comprises establishing a secure connection using a security protocol.
16. The method of claim 15, wherein the security protocol is the secure socket layer protocol.
17. The method of claim 14, wherein establishing a secure connection comprises
requesting authentication information from the client; and
sending authentication information from the server.
18. The method of claim 17, wherein requesting authentication information from the client comprises
requesting a certificate from the client; and
requesting a digital signature from the client.
19. The method of claim 17, wherein sending authentication information from the server comprises
sending a certificate from the server; and
sending a digital signature from the server.
20. The method of claim 18, wherein requesting a certificate comprises reading the certificate from the token used by the client.
21. The method of claim 14, wherein generating a message further comprises:
including in the message a data identification number;
including in the message a period of time for which the data may be used by the client;
including in the message a distinguishing number of the token used by the client when requesting data;
including in the message a symmetrical key used to encrypt the data when distributing data from the server to the client over the network.
22. The method of claim 14, wherein generating a message further comprises generating a message using a public key (asymmetric) cryptographic algorithm.
23. A method of securely utilizing downloaded data comprising:
opening a media player;
opening a data file;
requesting a token from a client;
reading a distinguishing number from the token;
verifying a digital message associated with the data file and the token using the media player, the distinguishing number, and a private key in the token.
24. The method of claim 23, wherein in verifying a digital message, the media player reads the private key from the token to decrypt the digital message.
25. The method of claim 23, wherein in verifying a digital message, the media player sends the digital message to the token.
26. The method of claim 25, wherein the token decrypts an encrypted symmetric key using the private key.
27. The method of claim 22, wherein verifying a digital message comprises
verifying the distinguishing number read from the token;
verifying a time period associated with the data file;
decrypting an encrypted symmetrical key using the private key from the token;
decrypting the data file using the symmetrical key.
28. A system for distributing data over a network comprising:
a client computer for requesting data over a network, the client computer being interfaced to the network;
a server computer for distributing requested data over a network, the server computer being interfaced to the network; and
a token interfaced to the client computer,
wherein the server computer stores a certificate and a private key in the token.
29. The system of claim 28, wherein the server computer verifies an identity of the client with the certificate in the token before distributing data to the client.
30. The system of claim 28, further comprising
a firewall interfaced to the network; and
a cryptographic processor interfaced to the server computer and the firewall.
31. A system for distributing data over a network comprising:
a client computer for requesting data over a network, the client computer interfaced to the network;
a server computer for distributing requested data over a network, the server computer interfaced to the network;
a token interfaced to the client computer; and
a third party computer system interfaced to the network,
wherein the third party computer system issues a certificate and stores the certificate in the token.
32. The method of claim 31, wherein the third party computer system issues a private key and stores the private key in the token.
US09/920,919 2001-08-02 2001-08-02 Method and system for secure distribution and utilization of data over a network Abandoned US20030028664A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US09/920,919 US20030028664A1 (en) 2001-08-02 2001-08-02 Method and system for secure distribution and utilization of data over a network
US11/906,928 US8055769B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,887 US8078725B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,929 US20080092220A1 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/920,919 US20030028664A1 (en) 2001-08-02 2001-08-02 Method and system for secure distribution and utilization of data over a network

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US11/906,929 Division US20080092220A1 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,928 Division US8055769B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,887 Division US8078725B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network

Publications (1)

Publication Number Publication Date
US20030028664A1 true US20030028664A1 (en) 2003-02-06

Family

ID=25444614

Family Applications (4)

Application Number Title Priority Date Filing Date
US09/920,919 Abandoned US20030028664A1 (en) 2001-08-02 2001-08-02 Method and system for secure distribution and utilization of data over a network
US11/906,929 Abandoned US20080092220A1 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,928 Expired - Lifetime US8055769B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,887 Expired - Fee Related US8078725B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network

Family Applications After (3)

Application Number Title Priority Date Filing Date
US11/906,929 Abandoned US20080092220A1 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,928 Expired - Lifetime US8055769B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network
US11/906,887 Expired - Fee Related US8078725B2 (en) 2001-08-02 2007-10-04 Method and system for secure distribution and utilization of data over a network

Country Status (1)

Country Link
US (4) US20030028664A1 (en)

Cited By (78)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004098079A1 (en) * 2003-04-25 2004-11-11 Apple Computer Inc. Media player system
US20040250076A1 (en) * 2003-05-23 2004-12-09 Hsiang-Tsung Kung Personal authentication device and system and method thereof
US20050102652A1 (en) * 2003-11-07 2005-05-12 Sony Corporation System and method for building software suite
US20050120216A1 (en) * 2003-12-01 2005-06-02 Samsung Electronics Co., Ltd. System and method for building home domain using smart card which contains information of home network member device
US20050135628A1 (en) * 2003-11-17 2005-06-23 Sony Corporation System and method for authenticating components in wireless home entertainment system
US20050138360A1 (en) * 2003-12-23 2005-06-23 Kamalakantha Chandra H. Encryption/decryption pay per use web service
US20050188202A1 (en) * 2004-02-23 2005-08-25 Nicolas Popp Token provisioning
US20050240705A1 (en) * 2004-04-27 2005-10-27 Novotney Donald J Connector interface system for a multi-communication device
EP1610200A3 (en) * 2004-06-21 2006-01-11 Lg Electronics Inc. Method of downloading contents and system thereof
US20060156415A1 (en) * 2005-01-07 2006-07-13 Rubinstein Jonathan J Accessory authentication for electronic devices
JP2007042112A (en) * 2005-08-04 2007-02-15 Toshiba Corp Electronic document sharing system, method and program
US20070192488A1 (en) * 2006-02-14 2007-08-16 Dacosta Behram M System and method for authenticating components in wireless home entertainment system
US20070232098A1 (en) * 2006-03-30 2007-10-04 Apple Computer, Inc. Interface connector between media player and computer
US20070234420A1 (en) * 2004-04-27 2007-10-04 Novotney Donald J Method and system for authenticating an accessory
US20070288747A1 (en) * 2006-06-07 2007-12-13 Nang Kon Kwan Methods and systems for managing identity management security domains
US20070300155A1 (en) * 2004-04-27 2007-12-27 Laefer Jay S Method and system for controlling video selection and playback in a portable media player
US20080005339A1 (en) * 2006-06-07 2008-01-03 Nang Kon Kwan Guided enrollment and login for token users
US20080022086A1 (en) * 2006-06-06 2008-01-24 Red. Hat, Inc. Methods and system for a key recovery plan
US20080022122A1 (en) * 2006-06-07 2008-01-24 Steven William Parkinson Methods and systems for entropy collection for server-side key generation
US20080022121A1 (en) * 2006-06-06 2008-01-24 Red Hat, Inc. Methods and systems for server-side key generation
US20080025172A1 (en) * 2004-04-27 2008-01-31 Apple Inc. Method and System For Allowing A Media Player To Transfer Digital Audio To An Accessory
US20080056496A1 (en) * 2006-08-31 2008-03-06 Parkinson Steven W Method and system for issuing a kill sequence for a token
US20080059790A1 (en) * 2006-08-31 2008-03-06 Steven William Parkinson Methods, apparatus and systems for smartcard factory
US20080059793A1 (en) * 2006-08-31 2008-03-06 Lord Robert B Methods and systems for phone home token registration
US20080069338A1 (en) * 2006-08-31 2008-03-20 Robert Relyea Methods and systems for verifying a location factor associated with a token
US20080069341A1 (en) * 2006-08-23 2008-03-20 Robert Relyea Methods and systems for strong encryption
CN100384128C (en) * 2006-01-13 2008-04-23 华为技术有限公司 Data downloading system and method for controlling downloading business effectiveness
US20080133514A1 (en) * 2006-12-04 2008-06-05 Robert Relyea Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects
US20080189543A1 (en) * 2007-02-02 2008-08-07 Steven William Parkinson Method and system for reducing a size of a security-related data object stored on a token
US20080209225A1 (en) * 2007-02-28 2008-08-28 Robert Lord Methods and systems for assigning roles on a token
US20080229401A1 (en) * 2007-03-13 2008-09-18 John Magne Methods and systems for configurable smartcard
US7464089B2 (en) 2002-04-25 2008-12-09 Connect Technologies Corporation System and method for processing a data stream to determine presence of search terms
US7486673B2 (en) 2005-08-29 2009-02-03 Connect Technologies Corporation Method and system for reassembling packets prior to searching
US20090125134A1 (en) * 2004-04-27 2009-05-14 Apple Inc. Method and system for controlling an accessory having a tuner
US7540788B2 (en) 2007-01-05 2009-06-02 Apple Inc. Backward compatible connector system
US20090198361A1 (en) * 2004-04-27 2009-08-06 Apple Inc. Communication between an accessory and a media player with multiple lingoes
US20090204738A1 (en) * 2004-04-27 2009-08-13 Apple Inc. Communication between an accessory and a media player with multiple protocol versions
US20090221404A1 (en) * 2008-02-29 2009-09-03 Apple Inc. Interfacing portable media devices and sports equipment
US20090249101A1 (en) * 2006-09-11 2009-10-01 Apple Inc. Method and system for controlling power provided to an accessory
WO2009123630A1 (en) * 2008-04-02 2009-10-08 Hewlett-Packard Development Company, L.P. Disk drive data encryption
US20100075604A1 (en) * 2008-09-08 2010-03-25 Apple Inc. Accessory device authentication
US20100173673A1 (en) * 2008-09-08 2010-07-08 Apple Inc. Cross-transport authentication
US7779185B2 (en) 2004-04-27 2010-08-17 Apple Inc. Communication between a media player and an accessory using a protocol with multiple lingoes
US7797471B2 (en) 2004-04-27 2010-09-14 Apple Inc. Method and system for transferring album artwork between a media player and an accessory
US7822209B2 (en) 2006-06-06 2010-10-26 Red Hat, Inc. Methods and systems for key recovery for a token
US20100271396A1 (en) * 2009-04-24 2010-10-28 Disney Enterprises, Inc. System and method for selective viewing of a hidden presentation within a displayed presentation
US20100327664A1 (en) * 2005-01-07 2010-12-30 Apple Inc. Portable power source to provide power to an electronic device via an interface
US7895378B2 (en) 2004-04-27 2011-02-22 Apple Inc. Method and system for allowing a media player to transfer digital audio to an accessory
US20110122152A1 (en) * 2009-04-24 2011-05-26 Pixar Animation Studios System and method for steganographic image display
US20110162050A1 (en) * 2009-12-30 2011-06-30 Intergraph Technologies Company System and Method for Transmission of Files Within a Secured Network
US7992203B2 (en) 2006-05-24 2011-08-02 Red Hat, Inc. Methods and systems for secure shared smartcard access
US8006019B2 (en) 2006-05-22 2011-08-23 Apple, Inc. Method and system for transferring stored data between a media player and an accessory
US20110219239A1 (en) * 2010-03-04 2011-09-08 Comcast Cable Communications, Llc PC Secure Video Path
US20110264922A1 (en) * 2008-12-24 2011-10-27 The Commonwealth Of Australia Digital video guard
US8095716B2 (en) 2006-06-27 2012-01-10 Apple Inc. Method and system for communicating capability information from an accessory to a media player
US8098829B2 (en) 2006-06-06 2012-01-17 Red Hat, Inc. Methods and systems for secure key delivery
US8099765B2 (en) 2006-06-07 2012-01-17 Red Hat, Inc. Methods and systems for remote password reset using an authentication credential managed by a third party
US20120095816A1 (en) * 2001-12-12 2012-04-19 Valve Corporation Method and system for granting access to system and content
US8180741B2 (en) 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
US20120185695A1 (en) * 2011-01-13 2012-07-19 Adobe Systems Incorporated Methods and Systems for Scalable Distribution of Protected Content
USRE43780E1 (en) 2003-04-30 2012-10-30 Apple Inc. Plug connector
US8332637B2 (en) 2006-06-06 2012-12-11 Red Hat, Inc. Methods and systems for nonce generation in a token
US8412927B2 (en) 2006-06-07 2013-04-02 Red Hat, Inc. Profile framework for token processing system
US20140181251A1 (en) * 2005-04-22 2014-06-26 Sony Dadc Austria Ag Method for downloading content from a server onto a recording medium as well as recording medium being suitable therefor
US8769614B1 (en) * 2009-12-29 2014-07-01 Akamai Technologies, Inc. Security framework for HTTP streaming architecture
US8806219B2 (en) 2006-08-23 2014-08-12 Red Hat, Inc. Time-based function back-off
US8832453B2 (en) 2007-02-28 2014-09-09 Red Hat, Inc. Token recycling
US9208284B1 (en) * 2014-06-27 2015-12-08 Practice Fusion, Inc. Medical professional application integration into electronic health record system
US20160321638A1 (en) * 2013-12-10 2016-11-03 China Unionpay Co., Ltd. Secure network accessing method for pos terminal, and system thereof
US20180032542A1 (en) * 2008-07-11 2018-02-01 Avere Systems, Inc. File Storage System, Cache Appliance, and Method
US10027489B2 (en) * 2004-03-31 2018-07-17 Rockwell Automation Technologies, Inc. Digital rights management system and method
US10135771B2 (en) * 2002-01-08 2018-11-20 Seven Networks, Llc Secure end-to-end transport through intermediary nodes
US10158623B2 (en) * 2015-09-30 2018-12-18 International Business Machines Corporation Data theft deterrence
US10338853B2 (en) 2008-07-11 2019-07-02 Avere Systems, Inc. Media aware distributed data layout
US10356053B1 (en) * 2014-12-12 2019-07-16 Charles Schwab & Co., Inc. System and method for allowing access to an application or features thereof on each of one or more user devices
US20190239079A1 (en) * 2014-06-02 2019-08-01 Schlage Lock Company Llc Electronic credential management system
CN111556046A (en) * 2020-04-24 2020-08-18 广东纬德信息科技股份有限公司 Message issuing and uploading method and processing system based on electric power distribution data
US11363009B2 (en) * 2020-02-26 2022-06-14 Keeper Security, Inc. System and method for providing secure cloud-based single sign-on connections using a security service provider having zero-knowledge architecture

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7930546B2 (en) * 1996-05-16 2011-04-19 Digimarc Corporation Methods, systems, and sub-combinations useful in media identification
US7610390B2 (en) * 2001-12-04 2009-10-27 Sun Microsystems, Inc. Distributed network identity
EP1788773A1 (en) * 2005-11-18 2007-05-23 Alcatel Lucent Method and apparatuses to request delivery of a media asset and to establish a token in advance
US9054860B1 (en) * 2008-01-02 2015-06-09 Srr Patent Holdings, Llc Digital verified identification system and method
JP5042109B2 (en) * 2008-04-17 2012-10-03 株式会社リコー Electronic certificate issuing system, electronic certificate issuing method, and electronic certificate issuing program
US8850544B1 (en) * 2008-04-23 2014-09-30 Ravi Ganesan User centered privacy built on MashSSL
KR101014788B1 (en) * 2008-12-11 2011-02-14 삼성전자주식회사 Mobile system, service system and service providing method for securely transmitting private information for use in service
US8452982B2 (en) 2010-10-29 2013-05-28 Adobe Systems Incorporated Methods and systems for migrating content licenses
US9049025B1 (en) * 2011-06-20 2015-06-02 Cellco Partnership Method of decrypting encrypted information for unsecure phone
US11133999B1 (en) * 2019-10-04 2021-09-28 Rapid7, Inc. Network sensor deployment for deep packet inspection

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5754656A (en) * 1995-08-04 1998-05-19 Hitachi, Ltd. Electronic shopping method, electronic shopping system and document authenticating method relating thereto
US5809144A (en) * 1995-08-24 1998-09-15 Carnegie Mellon University Method and apparatus for purchasing and delivering digital goods over a network
US5889860A (en) * 1996-11-08 1999-03-30 Sunhawk Corporation, Inc. Encryption system with transaction coded decryption key
US5983273A (en) * 1997-09-16 1999-11-09 Webtv Networks, Inc. Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences
US5987140A (en) * 1996-04-26 1999-11-16 Verifone, Inc. System, method and article of manufacture for secure network electronic payment and credit collection
US6111956A (en) * 1997-10-23 2000-08-29 Signals, Inc. Method for secure key distribution over a nonsecure communications network
US6233682B1 (en) * 1999-01-22 2001-05-15 Bernhard Fritsch Distribution of musical products by a web site vendor over the internet
US6246996B1 (en) * 1994-09-16 2001-06-12 Messagemedia, Inc. Computerized system for facilitating transactions between parties on the internet using e-mail
US20010051996A1 (en) * 2000-02-18 2001-12-13 Cooper Robin Ross Network-based content distribution system
US20020002541A1 (en) * 2000-06-30 2002-01-03 Williams Eddie H. Online digital content library
US20020004902A1 (en) * 2000-07-07 2002-01-10 Eng-Whatt Toh Secure and reliable document delivery
US20020029350A1 (en) * 2000-02-11 2002-03-07 Cooper Robin Ross Web based human services conferencing network
US6385596B1 (en) * 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US20030163787A1 (en) * 1999-12-24 2003-08-28 Hay Brian Robert Virtual token
US6742023B1 (en) * 2000-04-28 2004-05-25 Roxio, Inc. Use-sensitive distribution of data files between users
US6779115B1 (en) * 2000-02-18 2004-08-17 Digital5, Inc. Portable device using a smart card to receive and decrypt digital data
US20050149759A1 (en) * 2000-06-15 2005-07-07 Movemoney, Inc. User/product authentication and piracy management system

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19625635C1 (en) * 1996-06-26 1997-12-04 Fraunhofer Ges Forschung Encryption and decryption of multimedia data
AU6758898A (en) 1997-03-12 1998-09-29 Visa International Secure electronic commerce employing integrated circuit cards
US6490680B1 (en) * 1997-12-04 2002-12-03 Tecsec Incorporated Access control and authorization system
US6460138B1 (en) * 1998-10-05 2002-10-01 Flashpoint Technology, Inc. User authentication for portable electronic devices using asymmetrical cryptography
JP2000236325A (en) * 1999-02-09 2000-08-29 Lg Electronics Inc Device and method for enciphering digital data file
DE19906432C1 (en) * 1999-02-16 2000-06-21 Fraunhofer Ges Forschung Second data stream generation method from first stream including start and functional audiovisual, data blocks, involves insertion of origination information
US6367019B1 (en) * 1999-03-26 2002-04-02 Liquid Audio, Inc. Copy security for portable music players
US6831982B1 (en) * 1999-11-19 2004-12-14 Storage Technology Corporation Encryption key management system using multiple smart cards
GB0009634D0 (en) * 2000-04-19 2000-06-07 Infoclear Nv The info2clear system for on-line copyright management
US7280984B2 (en) * 2000-05-08 2007-10-09 Phelan Iii Frank Money card system, method and apparatus
ATE418110T1 (en) * 2000-05-10 2009-01-15 Schlumberger Technology Corp APPLICATION SERVICE PROVIDER, METHOD AND APPARATUS
EP2955652A1 (en) * 2000-06-16 2015-12-16 MIH Technology Holdings BV Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (drm)
US7174568B2 (en) * 2001-01-31 2007-02-06 Sony Computer Entertainment America Inc. Method and system for securely distributing computer software products
US7016496B2 (en) * 2001-03-26 2006-03-21 Sun Microsystems, Inc. System and method for storing and accessing digital media content using smart card technology
JP4399773B2 (en) * 2003-11-19 2010-01-20 横河電機株式会社 Control system

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6246996B1 (en) * 1994-09-16 2001-06-12 Messagemedia, Inc. Computerized system for facilitating transactions between parties on the internet using e-mail
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5754656A (en) * 1995-08-04 1998-05-19 Hitachi, Ltd. Electronic shopping method, electronic shopping system and document authenticating method relating thereto
US5995626A (en) * 1995-08-04 1999-11-30 Hitachi, Ltd. Electronic shopping method, electronic shopping system and document authenticating method relating thereto
US5809144A (en) * 1995-08-24 1998-09-15 Carnegie Mellon University Method and apparatus for purchasing and delivering digital goods over a network
US5987140A (en) * 1996-04-26 1999-11-16 Verifone, Inc. System, method and article of manufacture for secure network electronic payment and credit collection
US5889860A (en) * 1996-11-08 1999-03-30 Sunhawk Corporation, Inc. Encryption system with transaction coded decryption key
US5983273A (en) * 1997-09-16 1999-11-09 Webtv Networks, Inc. Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences
US6111956A (en) * 1997-10-23 2000-08-29 Signals, Inc. Method for secure key distribution over a nonsecure communications network
US6385596B1 (en) * 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US6233682B1 (en) * 1999-01-22 2001-05-15 Bernhard Fritsch Distribution of musical products by a web site vendor over the internet
US20030163787A1 (en) * 1999-12-24 2003-08-28 Hay Brian Robert Virtual token
US20020029350A1 (en) * 2000-02-11 2002-03-07 Cooper Robin Ross Web based human services conferencing network
US20010051996A1 (en) * 2000-02-18 2001-12-13 Cooper Robin Ross Network-based content distribution system
US6779115B1 (en) * 2000-02-18 2004-08-17 Digital5, Inc. Portable device using a smart card to receive and decrypt digital data
US6742023B1 (en) * 2000-04-28 2004-05-25 Roxio, Inc. Use-sensitive distribution of data files between users
US20050149759A1 (en) * 2000-06-15 2005-07-07 Movemoney, Inc. User/product authentication and piracy management system
US20020002541A1 (en) * 2000-06-30 2002-01-03 Williams Eddie H. Online digital content library
US20020004902A1 (en) * 2000-07-07 2002-01-10 Eng-Whatt Toh Secure and reliable document delivery

Cited By (207)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120095816A1 (en) * 2001-12-12 2012-04-19 Valve Corporation Method and system for granting access to system and content
US8661557B2 (en) * 2001-12-12 2014-02-25 Valve Corporation Method and system for granting access to system and content
US10135771B2 (en) * 2002-01-08 2018-11-20 Seven Networks, Llc Secure end-to-end transport through intermediary nodes
US7464089B2 (en) 2002-04-25 2008-12-09 Connect Technologies Corporation System and method for processing a data stream to determine presence of search terms
US20110151724A1 (en) * 2003-04-25 2011-06-23 Apple Inc. Female receptacle connector
US8467829B2 (en) 2003-04-25 2013-06-18 Apple Inc. Wireless adapter for media player system
WO2004098079A1 (en) * 2003-04-25 2004-11-11 Apple Computer Inc. Media player system
US20080123285A1 (en) * 2003-04-25 2008-05-29 Apple, Inc. Media player system
US20080125031A1 (en) * 2003-04-25 2008-05-29 Apple Inc. Media Player System
US8165634B2 (en) 2003-04-25 2012-04-24 Apple Inc. Female receptacle connector
US8078224B2 (en) 2003-04-25 2011-12-13 Apple Inc. Male plug connector
US8050714B2 (en) 2003-04-25 2011-11-01 Apple Inc. Docking station for media player system
US20090191732A1 (en) * 2003-04-25 2009-07-30 Apple Inc. Female receptacle data pin connector
US8190205B2 (en) 2003-04-25 2012-05-29 Apple Inc. Male plug connector
US7627343B2 (en) 2003-04-25 2009-12-01 Apple Inc. Media player system
US8271038B2 (en) 2003-04-25 2012-09-18 Apple Inc. Wireless adapter for media player system
US20110151725A1 (en) * 2003-04-25 2011-06-23 Apple Inc. Male plug connector
US20100087099A1 (en) * 2003-04-25 2010-04-08 Apple Inc. Male plug connector
US7751853B2 (en) 2003-04-25 2010-07-06 Apple Inc. Female receptacle data pin connector
US7783070B2 (en) 2003-04-25 2010-08-24 Apple Inc. Cable adapter for a media player system
USRE43796E1 (en) 2003-04-30 2012-11-06 Apple Inc. Receptacle connector
USRE43780E1 (en) 2003-04-30 2012-10-30 Apple Inc. Plug connector
CN100377521C (en) * 2003-05-23 2008-03-26 财团法人工业技术研究院 Personal authentication device and method thereof
US20040250076A1 (en) * 2003-05-23 2004-12-09 Hsiang-Tsung Kung Personal authentication device and system and method thereof
US20050102652A1 (en) * 2003-11-07 2005-05-12 Sony Corporation System and method for building software suite
US20050135628A1 (en) * 2003-11-17 2005-06-23 Sony Corporation System and method for authenticating components in wireless home entertainment system
US8347076B2 (en) * 2003-12-01 2013-01-01 Samsung Electronics Co., Ltd. System and method for building home domain using smart card which contains information of home network member device
US20050120216A1 (en) * 2003-12-01 2005-06-02 Samsung Electronics Co., Ltd. System and method for building home domain using smart card which contains information of home network member device
US20050138360A1 (en) * 2003-12-23 2005-06-23 Kamalakantha Chandra H. Encryption/decryption pay per use web service
US8145898B2 (en) 2003-12-23 2012-03-27 Hewlett-Packard Development Company, L.P. Encryption/decryption pay per use web service
WO2005067202A1 (en) * 2003-12-23 2005-07-21 Electronic Data Systems Corporation Secure file transfer for web service
US8015599B2 (en) 2004-02-23 2011-09-06 Symantec Corporation Token provisioning
US20090274303A1 (en) * 2004-02-23 2009-11-05 Nicolas Popp Token provisioning
EP1719284A1 (en) * 2004-02-23 2006-11-08 Verisign, Inc. Token provisioning
US20050188202A1 (en) * 2004-02-23 2005-08-25 Nicolas Popp Token provisioning
US7548620B2 (en) 2004-02-23 2009-06-16 Verisign, Inc. Token provisioning
EP1719284A4 (en) * 2004-02-23 2008-12-17 Verisign Inc Token provisioning
US10027489B2 (en) * 2004-03-31 2018-07-17 Rockwell Automation Technologies, Inc. Digital rights management system and method
US20110066776A1 (en) * 2004-04-27 2011-03-17 Apple Inc. Communication Between a Media Player and an Accessory with an Extended Interface Mode
US7757026B2 (en) 2004-04-27 2010-07-13 Apple Inc. Techniques for transferring status information between an accessory and a multi-communication device
US8239595B2 (en) 2004-04-27 2012-08-07 Apple Inc. Communication between a media player and an accessory with an extended interface mode
US20090006700A1 (en) * 2004-04-27 2009-01-01 Apple Inc. Connector interface system for a multi-communication device
US20090006701A1 (en) * 2004-04-27 2009-01-01 Apple Inc. Techniques for transferring status information between an accessory and a multi-communication device
US20090013096A1 (en) * 2004-04-27 2009-01-08 Apple Inc. Techniques for transferring information between an accessory and a multi-communication device
US20090013110A1 (en) * 2004-04-27 2009-01-08 Apple Inc. Connector interface system for enabling data communication with a multi-communication device
US8171195B2 (en) 2004-04-27 2012-05-01 Apple Inc. Media player communication with an accessory using a display remote lingo
US20090125134A1 (en) * 2004-04-27 2009-05-14 Apple Inc. Method and system for controlling an accessory having a tuner
US8171194B2 (en) 2004-04-27 2012-05-01 Apple Inc. Accessory communication with a media player using a display remote lingo
US8135891B2 (en) 2004-04-27 2012-03-13 Apple Inc. Method and system for transferring button status information between a media player and an accessory
US8078776B2 (en) 2004-04-27 2011-12-13 Apple Inc. Electronic device having a dual key connector
US20090198361A1 (en) * 2004-04-27 2009-08-06 Apple Inc. Communication between an accessory and a media player with multiple lingoes
US20090204738A1 (en) * 2004-04-27 2009-08-13 Apple Inc. Communication between an accessory and a media player with multiple protocol versions
US20090204244A1 (en) * 2004-04-27 2009-08-13 Apple Inc. Communication between an accessory and a media player with multiple protocol versions
US8117651B2 (en) * 2004-04-27 2012-02-14 Apple Inc. Method and system for authenticating an accessory
US8271705B2 (en) 2004-04-27 2012-09-18 Apple Inc. Dual key electronic connector
US8402187B2 (en) 2004-04-27 2013-03-19 Apple Inc. Method and system for transferring button status information between a media player and an accessory
US8285901B2 (en) 2004-04-27 2012-10-09 Apple Inc. Communication between an accessory and a media player using an extended interface lingo
US20090292835A1 (en) * 2004-04-27 2009-11-26 Apple Inc. Techniques for transferring status information between an accessory and a multi-communication device
US20070234420A1 (en) * 2004-04-27 2007-10-04 Novotney Donald J Method and system for authenticating an accessory
US20070300155A1 (en) * 2004-04-27 2007-12-27 Laefer Jay S Method and system for controlling video selection and playback in a portable media player
US8386680B2 (en) 2004-04-27 2013-02-26 Apple Inc. Communication between an accessory and a media player with multiple protocol versions and extended interface lingo
US7949810B2 (en) 2004-04-27 2011-05-24 Apple Inc. Techniques for transferring data between a media player and an accessory having a tuner
US7660929B2 (en) 2004-04-27 2010-02-09 Apple Inc. Connector interface system for a multi-communication device
US7673083B2 (en) 2004-04-27 2010-03-02 Apple Inc. Method and system for controlling video selection and playback in a portable media player
US20050240705A1 (en) * 2004-04-27 2005-10-27 Novotney Donald J Connector interface system for a multi-communication device
US20110086551A1 (en) * 2004-04-27 2011-04-14 Apple Inc. Electronic device and connector
US7702833B2 (en) 2004-04-27 2010-04-20 Apple Inc. Techniques for transferring information between an accessory and a multi-communication device
US20110066775A1 (en) * 2004-04-27 2011-03-17 Apple Inc. Communication Between a Media Player and an Accessory with an Extended Interface Mode
US20080034129A1 (en) * 2004-04-27 2008-02-07 Apple Inc. Method And System For Transferring Status Information Between A Media Player And An Accessory
US7895378B2 (en) 2004-04-27 2011-02-22 Apple Inc. Method and system for allowing a media player to transfer digital audio to an accessory
US7779185B2 (en) 2004-04-27 2010-08-17 Apple Inc. Communication between a media player and an accessory using a protocol with multiple lingoes
US20080025172A1 (en) * 2004-04-27 2008-01-31 Apple Inc. Method and System For Allowing A Media Player To Transfer Digital Audio To An Accessory
US8082376B2 (en) 2004-04-27 2011-12-20 Apple Inc. Communication between an accessory and a media player with multiple protocol versions
US7797471B2 (en) 2004-04-27 2010-09-14 Apple Inc. Method and system for transferring album artwork between a media player and an accessory
US8099536B2 (en) 2004-04-27 2012-01-17 Apple Inc. Communication between an accessory and a media player with general and accessory lingoes
US7877532B2 (en) 2004-04-27 2011-01-25 Apple Inc. Communication between an accessory and a media player with multiple lingoes and lingo version information
US7853746B2 (en) 2004-04-27 2010-12-14 Apple Inc. Interface system for enabling data communication between a multi-communication device and other devices
US7826318B2 (en) 2004-04-27 2010-11-02 Apple Inc. Method and system for allowing a media player to transfer digital audio to an accessory
US20100312932A1 (en) * 2004-04-27 2010-12-09 Apple Inc. Media player communication with an accessory using a display remote lingo
US20100312931A1 (en) * 2004-04-27 2010-12-09 Apple Inc. Accessory communication with a media player using a display remote lingo
US20060021062A1 (en) * 2004-06-21 2006-01-26 Jang Hyun S Method of downloading contents and system thereof
EP1610200A3 (en) * 2004-06-21 2006-01-11 Lg Electronics Inc. Method of downloading contents and system thereof
US7921464B2 (en) 2004-06-21 2011-04-05 Lg Electronics Inc. Method of downloading contents and system thereof
US9754099B2 (en) 2005-01-07 2017-09-05 Apple Inc. Accessory authentication for electronic devices
US20060156415A1 (en) * 2005-01-07 2006-07-13 Rubinstein Jonathan J Accessory authentication for electronic devices
US20110061113A1 (en) * 2005-01-07 2011-03-10 Apple Inc. Accessory authentication for electronic devices
US8161567B2 (en) 2005-01-07 2012-04-17 Apple Inc. Accessory authentication for electronic devices
US8763079B2 (en) 2005-01-07 2014-06-24 Apple Inc. Accessory authentication for electronic devices
US7823214B2 (en) 2005-01-07 2010-10-26 Apple Inc. Accessory authentication for electronic devices
US8581449B2 (en) 2005-01-07 2013-11-12 Apple Inc. Portable power source to provide power to an electronic device via an interface
US20100327664A1 (en) * 2005-01-07 2010-12-30 Apple Inc. Portable power source to provide power to an electronic device via an interface
US10049206B2 (en) 2005-01-07 2018-08-14 Apple Inc. Accessory authentication for electronic devices
US9223958B2 (en) 2005-01-07 2015-12-29 Apple Inc. Accessory authentication for electronic devices
US20140181251A1 (en) * 2005-04-22 2014-06-26 Sony Dadc Austria Ag Method for downloading content from a server onto a recording medium as well as recording medium being suitable therefor
US9553921B2 (en) * 2005-04-22 2017-01-24 Sony Dadc Austria Ag Method for downloading content from a server onto a recording medium as well as recording medium being suitable therefor
US7784087B2 (en) 2005-08-04 2010-08-24 Toshiba Corporation System and method for securely sharing electronic documents
JP2007042112A (en) * 2005-08-04 2007-02-15 Toshiba Corp Electronic document sharing system, method and program
US7486673B2 (en) 2005-08-29 2009-02-03 Connect Technologies Corporation Method and system for reassembling packets prior to searching
US20080270578A1 (en) * 2006-01-13 2008-10-30 Huawei Technologies Co., Ltd. Method, Device And Data Download System For Controlling Effectiveness Of A Download Transaction
CN100384128C (en) * 2006-01-13 2008-04-23 华为技术有限公司 Data downloading system and method for controlling downloading business effectiveness
US7640577B2 (en) 2006-02-14 2009-12-29 Sony Corporation System and method for authenticating components in wireless home entertainment system
US20070192488A1 (en) * 2006-02-14 2007-08-16 Dacosta Behram M System and method for authenticating components in wireless home entertainment system
US7632114B2 (en) 2006-03-30 2009-12-15 Apple Inc. Interface connecter between media player and other electronic devices
US20070232098A1 (en) * 2006-03-30 2007-10-04 Apple Computer, Inc. Interface connector between media player and computer
US8006019B2 (en) 2006-05-22 2011-08-23 Apple, Inc. Method and system for transferring stored data between a media player and an accessory
US7992203B2 (en) 2006-05-24 2011-08-02 Red Hat, Inc. Methods and systems for secure shared smartcard access
US8332637B2 (en) 2006-06-06 2012-12-11 Red Hat, Inc. Methods and systems for nonce generation in a token
US20080022086A1 (en) * 2006-06-06 2008-01-24 Red. Hat, Inc. Methods and system for a key recovery plan
US20080022121A1 (en) * 2006-06-06 2008-01-24 Red Hat, Inc. Methods and systems for server-side key generation
US8180741B2 (en) 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
US7822209B2 (en) 2006-06-06 2010-10-26 Red Hat, Inc. Methods and systems for key recovery for a token
US8098829B2 (en) 2006-06-06 2012-01-17 Red Hat, Inc. Methods and systems for secure key delivery
US8364952B2 (en) 2006-06-06 2013-01-29 Red Hat, Inc. Methods and system for a key recovery plan
US9450763B2 (en) 2006-06-06 2016-09-20 Red Hat, Inc. Server-side key generation
US8495380B2 (en) * 2006-06-06 2013-07-23 Red Hat, Inc. Methods and systems for server-side key generation
US8762350B2 (en) 2006-06-06 2014-06-24 Red Hat, Inc. Methods and systems for providing data objects on a token
US8589695B2 (en) * 2006-06-07 2013-11-19 Red Hat, Inc. Methods and systems for entropy collection for server-side key generation
US9769158B2 (en) * 2006-06-07 2017-09-19 Red Hat, Inc. Guided enrollment and login for token users
US8412927B2 (en) 2006-06-07 2013-04-02 Red Hat, Inc. Profile framework for token processing system
US8099765B2 (en) 2006-06-07 2012-01-17 Red Hat, Inc. Methods and systems for remote password reset using an authentication credential managed by a third party
US20080005339A1 (en) * 2006-06-07 2008-01-03 Nang Kon Kwan Guided enrollment and login for token users
US20070288747A1 (en) * 2006-06-07 2007-12-13 Nang Kon Kwan Methods and systems for managing identity management security domains
US20080022122A1 (en) * 2006-06-07 2008-01-24 Steven William Parkinson Methods and systems for entropy collection for server-side key generation
US8707024B2 (en) 2006-06-07 2014-04-22 Red Hat, Inc. Methods and systems for managing identity management security domains
US8590036B2 (en) 2006-06-27 2013-11-19 Apple Inc. Method and system for authenticating an accessory
CN101479737B (en) * 2006-06-27 2012-06-13 苹果公司 Method and system for authenticating an accessory
KR101159884B1 (en) * 2006-06-27 2012-07-09 애플 인크. Method and system for authenticating an accessory
US8370555B2 (en) 2006-06-27 2013-02-05 Apple Inc. Method and system for allowing a media player to determine if it supports the capabilities of an accessory
US20140223184A1 (en) * 2006-06-27 2014-08-07 Apple Inc. Method and system for authenticating an accessory
AU2007265149B2 (en) * 2006-06-27 2011-08-25 Apple Inc. Method and system for authenticating an accessory
US8095716B2 (en) 2006-06-27 2012-01-10 Apple Inc. Method and system for communicating capability information from an accessory to a media player
US9160541B2 (en) * 2006-06-27 2015-10-13 Apple Inc. Method and system for authenticating an accessory
US20080069341A1 (en) * 2006-08-23 2008-03-20 Robert Relyea Methods and systems for strong encryption
US8787566B2 (en) 2006-08-23 2014-07-22 Red Hat, Inc. Strong encryption
US8806219B2 (en) 2006-08-23 2014-08-12 Red Hat, Inc. Time-based function back-off
US9762572B2 (en) 2006-08-31 2017-09-12 Red Hat, Inc. Smartcard formation with authentication
US20080069338A1 (en) * 2006-08-31 2008-03-20 Robert Relyea Methods and systems for verifying a location factor associated with a token
US9038154B2 (en) 2006-08-31 2015-05-19 Red Hat, Inc. Token Registration
US8977844B2 (en) 2006-08-31 2015-03-10 Red Hat, Inc. Smartcard formation with authentication keys
US8356342B2 (en) 2006-08-31 2013-01-15 Red Hat, Inc. Method and system for issuing a kill sequence for a token
US20080059793A1 (en) * 2006-08-31 2008-03-06 Lord Robert B Methods and systems for phone home token registration
US8074265B2 (en) 2006-08-31 2011-12-06 Red Hat, Inc. Methods and systems for verifying a location factor associated with a token
US20080059790A1 (en) * 2006-08-31 2008-03-06 Steven William Parkinson Methods, apparatus and systems for smartcard factory
US20080056496A1 (en) * 2006-08-31 2008-03-06 Parkinson Steven W Method and system for issuing a kill sequence for a token
US20090249101A1 (en) * 2006-09-11 2009-10-01 Apple Inc. Method and system for controlling power provided to an accessory
US8112567B2 (en) 2006-09-11 2012-02-07 Apple, Inc. Method and system for controlling power provided to an accessory
US20080133514A1 (en) * 2006-12-04 2008-06-05 Robert Relyea Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects
US8693690B2 (en) 2006-12-04 2014-04-08 Red Hat, Inc. Organizing an extensible table for storing cryptographic objects
US7540788B2 (en) 2007-01-05 2009-06-02 Apple Inc. Backward compatible connector system
US7632146B2 (en) 2007-01-05 2009-12-15 Apple Inc. Backward compatible connector system
US20080189543A1 (en) * 2007-02-02 2008-08-07 Steven William Parkinson Method and system for reducing a size of a security-related data object stored on a token
US8813243B2 (en) 2007-02-02 2014-08-19 Red Hat, Inc. Reducing a size of a security-related data object stored on a token
US8832453B2 (en) 2007-02-28 2014-09-09 Red Hat, Inc. Token recycling
US20080209225A1 (en) * 2007-02-28 2008-08-28 Robert Lord Methods and systems for assigning roles on a token
US8639940B2 (en) 2007-02-28 2014-01-28 Red Hat, Inc. Methods and systems for assigning roles on a token
US20080229401A1 (en) * 2007-03-13 2008-09-18 John Magne Methods and systems for configurable smartcard
US9081948B2 (en) 2007-03-13 2015-07-14 Red Hat, Inc. Configurable smartcard
US20090221404A1 (en) * 2008-02-29 2009-09-03 Apple Inc. Interfacing portable media devices and sports equipment
US8047966B2 (en) 2008-02-29 2011-11-01 Apple Inc. Interfacing portable media devices and sports equipment
US8317658B2 (en) 2008-02-29 2012-11-27 Apple Inc. Interfacing portable media devices and sports equipment
US8417967B2 (en) 2008-04-02 2013-04-09 Hewlett-Packard Development Company, L.P. Storage device data encryption using a binary large object (BLOB)
US20110029785A1 (en) * 2008-04-02 2011-02-03 Foster Joseph E Disk drive data encryption
WO2009123630A1 (en) * 2008-04-02 2009-10-08 Hewlett-Packard Development Company, L.P. Disk drive data encryption
US10338853B2 (en) 2008-07-11 2019-07-02 Avere Systems, Inc. Media aware distributed data layout
US10769108B2 (en) * 2008-07-11 2020-09-08 Microsoft Technology Licensing, Llc File storage system, cache appliance, and method
US20180032542A1 (en) * 2008-07-11 2018-02-01 Avere Systems, Inc. File Storage System, Cache Appliance, and Method
US10248655B2 (en) 2008-07-11 2019-04-02 Avere Systems, Inc. File storage system, cache appliance, and method
US8238811B2 (en) 2008-09-08 2012-08-07 Apple Inc. Cross-transport authentication
US8208853B2 (en) 2008-09-08 2012-06-26 Apple Inc. Accessory device authentication
US8634761B2 (en) 2008-09-08 2014-01-21 Apple Inc. Cross-transport authentication
US20100075604A1 (en) * 2008-09-08 2010-03-25 Apple Inc. Accessory device authentication
US20100173673A1 (en) * 2008-09-08 2010-07-08 Apple Inc. Cross-transport authentication
US8509691B2 (en) 2008-09-08 2013-08-13 Apple Inc. Accessory device authentication
US20110264922A1 (en) * 2008-12-24 2011-10-27 The Commonwealth Of Australia Digital video guard
US20140101782A1 (en) * 2008-12-24 2014-04-10 The Commonwealth Of Australia Digital video guard
US8572403B2 (en) * 2008-12-24 2013-10-29 The Commonwealth Of Australia Digital video guard
US20110122152A1 (en) * 2009-04-24 2011-05-26 Pixar Animation Studios System and method for steganographic image display
US8817043B2 (en) 2009-04-24 2014-08-26 Disney Enterprises, Inc. System and method for selective viewing of a hidden presentation within a displayed presentation
US8890892B2 (en) * 2009-04-24 2014-11-18 Pixar System and method for steganographic image display
US20100271396A1 (en) * 2009-04-24 2010-10-28 Disney Enterprises, Inc. System and method for selective viewing of a hidden presentation within a displayed presentation
US9485238B2 (en) * 2009-12-29 2016-11-01 Akamai Technologies, Inc. Security framework for HTTP streaming architecture
US8769614B1 (en) * 2009-12-29 2014-07-01 Akamai Technologies, Inc. Security framework for HTTP streaming architecture
US20140337958A1 (en) * 2009-12-29 2014-11-13 Akamai Technologies, Inc. Security framework for http streaming architecture
WO2011082322A3 (en) * 2009-12-30 2011-12-08 Intergraph Technologies Company A system and method for transmission of files within a secured network
WO2011082322A2 (en) * 2009-12-30 2011-07-07 Intergraph Technologies Company A system and method for transmission of files within a secured network
US20110162050A1 (en) * 2009-12-30 2011-06-30 Intergraph Technologies Company System and Method for Transmission of Files Within a Secured Network
US8739300B2 (en) 2009-12-30 2014-05-27 Intergraph Corporation System and method for transmission of files within a secured network
US10055553B2 (en) 2010-03-04 2018-08-21 Comcast Cable Communications, Llc PC secure video path
US20110219239A1 (en) * 2010-03-04 2011-09-08 Comcast Cable Communications, Llc PC Secure Video Path
US8713685B2 (en) * 2010-03-04 2014-04-29 Comcast Cable Communications, Llc PC secure video path
US20130163763A1 (en) * 2010-03-04 2013-06-27 Comcast Cable Communications, Llc PC Secure Video Path
US8424099B2 (en) * 2010-03-04 2013-04-16 Comcast Cable Communications, Llc PC secure video path
US9332320B2 (en) 2010-03-04 2016-05-03 Comcast Cable Communications, Llc PC secure video path
EP2363822A3 (en) * 2010-03-04 2012-03-14 Comcast Cable Communications, LLC PC secure video path
US8793492B2 (en) * 2011-01-13 2014-07-29 Adobe Systems Incorporated Methods and systems for scalable distribution of protected content
US20120185695A1 (en) * 2011-01-13 2012-07-19 Adobe Systems Incorporated Methods and Systems for Scalable Distribution of Protected Content
US20160321638A1 (en) * 2013-12-10 2016-11-03 China Unionpay Co., Ltd. Secure network accessing method for pos terminal, and system thereof
US11443293B2 (en) * 2013-12-10 2022-09-13 China Unionpay Co., Ltd. Secure network accessing method for POS terminal, and system thereof
US20190239079A1 (en) * 2014-06-02 2019-08-01 Schlage Lock Company Llc Electronic credential management system
US11023875B2 (en) * 2014-06-02 2021-06-01 Schlage Lock Company Llc Electronic credential management system
US9208284B1 (en) * 2014-06-27 2015-12-08 Practice Fusion, Inc. Medical professional application integration into electronic health record system
US10356053B1 (en) * 2014-12-12 2019-07-16 Charles Schwab & Co., Inc. System and method for allowing access to an application or features thereof on each of one or more user devices
US10880276B1 (en) * 2014-12-12 2020-12-29 Charles Schwab & Co., Inc. System and method for allowing access to an application or features thereof on each of one or more user devices
US11563724B1 (en) * 2014-12-12 2023-01-24 Charles Schwab & Co., Inc. System and method for allowing access to an application or features thereof on each of one or more user devices
US10158623B2 (en) * 2015-09-30 2018-12-18 International Business Machines Corporation Data theft deterrence
US11363009B2 (en) * 2020-02-26 2022-06-14 Keeper Security, Inc. System and method for providing secure cloud-based single sign-on connections using a security service provider having zero-knowledge architecture
CN111556046A (en) * 2020-04-24 2020-08-18 广东纬德信息科技股份有限公司 Message issuing and uploading method and processing system based on electric power distribution data

Also Published As

Publication number Publication date
US8078725B2 (en) 2011-12-13
US20080092220A1 (en) 2008-04-17
US20080098223A1 (en) 2008-04-24
US20080092221A1 (en) 2008-04-17
US8055769B2 (en) 2011-11-08

Similar Documents

Publication Publication Date Title
US8055769B2 (en) Method and system for secure distribution and utilization of data over a network
US7376624B2 (en) Secure communication and real-time watermarking using mutating identifiers
US7725404B2 (en) Secure electronic commerce using mutating identifiers
US6550011B1 (en) Media content protection utilizing public key cryptography
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
EP2770455B1 (en) Method and system to exercise geographic restrictions over the distribution of content via a network
KR100467929B1 (en) System for protecting and managing digital contents
KR101315076B1 (en) Method for redistributing dram protected content
JP5330488B2 (en) Method and apparatus for safely distributing content
US7299209B2 (en) Method, apparatus and system for securely providing material to a licensee of the material
US20040133797A1 (en) Rights management enhanced storage
JP2006504176A (en) Method and apparatus for permitting content operation
AU2002351508A1 (en) Method, apparatus and system for securely providing material to a licensee of the material
JP2004193843A (en) Device, method, and program for content delivery and device, method, and program for reproducing content
AU2006201565A1 (en) Deliver-upon-request secure electronic message system
CN113706344A (en) Block chain-based digital copyright protection method
US20050010790A1 (en) Cryptographic module for the storage and playback of copy-protected electronic tone and image media which is protected in terms of use
US20030144958A1 (en) Computer network based secure peer-to-peer file distribution system
US20020083346A1 (en) Method of local data distribution preserving rights of a remote party
US20030074321A1 (en) Method and system for distribution of digital media and conduction of electronic commerce in an un-trusted environment
He et al. Digital right management model based on cryptography and digital watermarking
Campidoglio et al. Security and privacy in web-oriented watermarking protocols
Sun et al. A Trust Distributed DRM System Using Smart Cards

Legal Events

Date Code Title Description
AS Assignment

Owner name: RAINBOW TECHNOLOGIES, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TAN, KAIJUN;COCHRAN, MICHAEL LLOYD;BADIA, LOGAN;REEL/FRAME:012458/0392

Effective date: 20011019

AS Assignment

Owner name: SAFENET, INC., MARYLAND

Free format text: MERGER;ASSIGNOR:RAINBOW TECHNOLOGIES, INC.;REEL/FRAME:017227/0781

Effective date: 20040315

AS Assignment

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERA

Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SAFENET, INC.;REEL/FRAME:019161/0506

Effective date: 20070412

AS Assignment

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERA

Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SAFENET, INC.;REEL/FRAME:019181/0012

Effective date: 20070412

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION