WO1997021162A1 - Time-based availability of data on a storage medium - Google Patents

Time-based availability of data on a storage medium Download PDF

Info

Publication number
WO1997021162A1
WO1997021162A1 PCT/CA1996/000790 CA9600790W WO9721162A1 WO 1997021162 A1 WO1997021162 A1 WO 1997021162A1 CA 9600790 W CA9600790 W CA 9600790W WO 9721162 A1 WO9721162 A1 WO 9721162A1
Authority
WO
WIPO (PCT)
Prior art keywords
time
defining
indication
start point
point
Prior art date
Application number
PCT/CA1996/000790
Other languages
French (fr)
Inventor
Mendel Lazear Peterson
Original Assignee
Northern Telecom Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/566,664 external-priority patent/US5857020A/en
Application filed by Northern Telecom Limited filed Critical Northern Telecom Limited
Priority to AU76165/96A priority Critical patent/AU7616596A/en
Publication of WO1997021162A1 publication Critical patent/WO1997021162A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • G06F21/725Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • G06Q20/145Payments according to the detected use or quantity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2109Game systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Definitions

  • the present invention relates, generally, to distribution of prerecorded content and, in particular, to a method and an apparatus for enabling access, dependent upon timed availability, to the secured content provisioned on a storage medium.
  • Such packages generally comprise a software application in encrypted format on a CD-ROM which is distributed in advance to potential consumers who would either have none or limited use of the software application.
  • Each consumer desiring full use or access thereto typically is required to place a voice call to a 1-800 number and purchase, via credit card, from the distributor a password (decryption) key that is capable of unlocking the encrypted software.
  • a decryption utility which is supplied with the package and executed by the consumer on a personal computer prompts for the key, responsive to which the consumer enters the key and subsequently is allowed to copy the software application onto a disk.
  • the software package may execute functionality to invoke an online connection, when the computer includes a modem, with an automated authorization center from which the key may be downloaded to the computer.
  • the above distribution technique is limited in its ability to generate revenue from the software package, specifically, to receipt of a single payment for unrestricted use of the software application.
  • a CD-ROM containing an encrypted database of interest to a user is distributed typically at nominal cost or at no cost.
  • the user terminal includes a CD-ROM reader, and a remote cryptographic control unit which is provided with stored cryptographic keys needed to access to the database.
  • the amount of actual data use i.e. the retrieval and decryption of data from the CD-ROM, is metered locally and recorded as a stored data usage record.
  • the charge for data access may be either in accordance with the amount of data decrypted, or in accordance with price information recorded in the respective data headers of each individual data packet.
  • the local stored data usage record is reported by telephone modem from the remote user terminal to a cryptographic operations center.
  • Each remote cryptographic control unit has a stored user secret key, unique to that user terminal. Communication between the user terminal and the cryptographic operations center is protected by encryption under the user secret key, which is stored in a secure memory in the cryptographic control unit. The user secret key for each user is also stored in the cryptographic operations center. When a remote user terminal calls in and identifies itself, the cryptographic operations center looks up the corresponding user secret cryptographic user key, which is then used to secure the subsequent communication data exchange between the remote user terminal and the cryptographic operations center.
  • the various cryptographic keys are also stored in the cryptographic operations center.
  • the user secret key is also used to secure the delivery of secret database keys from the cryptographic operations center to the user terminal for a desired CD-ROM database.
  • the user is then billed for the actual database usage based on the content of the uploaded data usage report.
  • the user pays only for the amount of data actually used or decrypted from the CD-ROM.
  • Shear or Katznelson provide such capabilities on the basis of measuring actual use of the content. Capabilities based on timed availability to the secured content is a further alternative.
  • the invention therefore, according to a first broad aspect provides A method of controlling access to a data content of a storage medium, comprising the steps of: defining a start point in time prior to which access to the data content is to be inhibited; measuring time; enabling, responsive to the measured time effectively reaching the start point, access to the data content.
  • the invention provides an apparatus for controlling access by a user to content of a storage medium, the medium being readable by a corresponding medium reader from which the apparatus is adapted to receive the content, comprising: means for defining a start point in time prior to which access to the data content is to be inhibited; means for measuring time; means for enabling, responsive to the measured time effectively reaching the start point, access to the data content.
  • a particular embodiment includes a local secure authorization clock which is set and controlled by an authorization center having a master clock.
  • the local clock is secure in that its setting may not be altered by the consumer.
  • the invention manifests a novel service methodology based on distribution of prerecorded content, such as, movies, music, games, information and the like, whereby revenue may be generated for premier and pay-per ⁇ use access to the content.
  • a service provider for instance, locks up a movie on a video disk for which a premier event viewing date and time may be defined and which the provider may then directly distribute, in advance of the premier event, to potential consumers. Each consumer may purchase the right to view the movie once for a certain fee, for example $5.00, through online access to an authorization center, but the single viewing (i.e., unlocking) will only be allowed on or after the premier event time.
  • the consumer pays for viewing of the movie either on a pay-per-use basis or over a defined window of time, and perhaps for reduced fee such as $1.00.
  • the online authorization process makes it possible to track consumer preferences.
  • smart cards may be utilized for such.
  • This service creates premier events at a set date and time as well as for subsequent pay-per-view enjoyment of prerecorded movies, music, information, communications, and other electronic entertainment.
  • the service may employ online capabilities to create new distribution options for digital video disk (DVD) , CD-ROM, CD, multimedia games and other electronic media.
  • DVD digital video disk
  • CD-ROM compact disc-read only memory
  • CD compact disc-read only memory
  • multimedia games and other electronic media.
  • the service authorizes, controls, tracks and creates new billing options for premier events and pay-per view from the prerecorded content.
  • a particular system for carrying out the service may include a non-alterable, non-volatile read only control data recorded on the DVD, CD-ROM, CD, game cartridges and other electronic media.
  • the control data may provide a content description, start, expiration and other option control marks.
  • the control marks identify the contents and allow synchronization of event start and expiration times, and billing options.
  • a master clock is controlled by an authorization center.
  • a secure authorization clock, set and controlled by the authorization center is coupled to the consumer's DVD player, PC, CD player, game machine, external modem controller, smart card or PC card.
  • the authorization clock is password protected and not alterable by the consumer.
  • An online authorization process may be implemented which utilizes an authorization window, passwords, and the master and secure authorization clocks to set the start time for the premier event, and also set an expiration date/time if desired.
  • Locking and unlocking of content provisioned on a storage medium constitutes enabling and inhibiting access to the content in accordance with defined time based availability control conditions.
  • the content is locked through encryption for more security and unlocking requires decryption of the encrypted data content.
  • the service creates many distribution and billing options. For example, in advance of viewing premier, a movie could be distributed on a DVD disk via courier, authorized at a convenient for the consumer during the authorization window in advance of the premier event but not viewed until the date and time of the regional, national or world premier event. Another example, a music video or multimedia game could be distributed on CD or CD-ROM in advance for a world premier on the event date with the option of live online interaction. Additional post premier event viewing could be authorized, tracked and billed via a number of commercial options.
  • Content of a storage medium may be partitioned into two classes of offering, namely basic content and premier content.
  • the basic content is a global offering to which unlimited access may be allowed, for instance, on payment of a subscription fee.
  • New content may be controlled to unlock at a specific time announced or unannounced.
  • This content may also be locked back up after it has been opened so if the user does not come back on time, the content is missed.
  • the premier content is locked up and may only be accessed on a pay-per-use basis.
  • Figure 1 is a block diagram representation of a first embodiment of an apparatus for unlocking, dependent upon timed availability, a secured content provisioned on a storage medium;
  • Figure 2 is a time line chart exemplifying the methodology, in accordance with the invention, for timed availability to content provisioned on the storage medium;
  • Figure 3 is a block diagram of another embodiment of the apparatus to unlock the secured content;
  • Figure 4 illustrates yet another embodiment of apparatus that enables access to content in accordance with time based control conditions.
  • a storage medium 10 and corresponding medium reader 12 which is coupled to a controller 14.
  • an authorization center 16 Located remotely from the controller 14 is an authorization center 16 to which the controller 14 may establish a communication connection, for example, via a public switched telephone network (PSTN) 18 or other communications link.
  • PSTN public switched telephone network
  • the storage medium 10 may be provisioned with a data content which is secured in that the data may not be readily accessed or used. Access to the content is allowed according to defined time based availability conditions and, in this embodiment, prior authorization is required.
  • the reader 12 is adapted to receive the storage medium 10, the data content from which it retrieves and provides to the controller 14 which in turn functions to unlock the secured data.
  • Unlocking is enabled when the controller 14 is authorized to do so by the authorization center 16 and associated with the authorization may be a time period only during which the unlocking is effected.
  • the unlocked data from the controller 14 may be passed back to the medium reader 12 for further processing, if required, and then accessed at output 20 for utilization by a further device (not shown) .
  • the storage medium 10 contains a secured data content, it may be first distributed in bulk to potential consumers each of whom must subsequently receive authorization in order to access the secured content.
  • One such scheme is to not allow access to the secured contents of the storage medium 10, having been distributed in advance, until a predetermined date and time.
  • This scheme is otherwise referred to herein as a "premier event" type availability of the secured contents.
  • a consumer may receive the storage medium 10 at time TO after which there exists a time window WO within which the consumer may, via the controller 14 and PSTN 18 in this particular embodiment, communicate with the authorization center 16 to request and subsequently receive authorization to access the contents of the storage medium 10.
  • This process of requesting and receiving authorization is represented by the arrow at time Tl .
  • Authorization normally is granted on receiving payment from the consumer, in- this case, for the requested premier event usage.
  • T2 which is associated with the premier event.
  • a second timed availability scheme is exemplified wherein the consumer requests authorization from the center 16 and receives same m return for payment at time T3, whereby another time window Wl is initiated.
  • the payment for authorization at T3 may be less than that for the premier event made at Tl.
  • window Wl the consumer may be allowed unlimited use of the content on the storage medium 10, as represented by times T4 and T5. This authorization is terminated following expiry of window Wl and thereafter is another window W2 which is initiated by the consumer requesting and receiving authorization at T6, in order to again access the secured content, at T7.
  • a further scheme is to vary the lengths of successive windows, for instance, from one week, to one month and possibly indefinitely. Moreover, only a single use of the content may be allowed which use must occur withm the authorized window. It is also possible to implement a combination of the above timed availability schemes, such as, defining a first window during which only single usage is authorized and thereafter defining a succession of windows which begin with a specified number of allowed uses and gradually increase the allowed number over consecutive windows to eventually allow unlimited access.
  • a yet further variant is to provide an absolute expiration date, indicated at time T8, after which it will not be possible to access the secured content thereby effectively removing or withdrawing it from the commercial market. Although the consumer will still have possession of the actual storage medium, on and after time T8 unlocking of the secured content will not be authorized. Turning back to Figure 1 only, the storage medium
  • the preferred storage medium 10 is a digital video disk (DVD) which is capable of holding approximately two movie hours or five gigabytes of data on each side thereof. Moreover, the DVD standard serves as video, CD-ROM, CD and data distribution and consequently a single DVD reader may be utilized in various applications.
  • the data content, visually represented by reference 22, of the storage medium 10 may include an identifier 24 and non-secured data 26 in addition to secured data 28.
  • the identifier 24 is, for example, a serial number that may be utilized in the authorization process to identify the particular secured data 28 to which access is desired.
  • the non-secured data 24 constitutes a "free" sampling of the secured data 28 as it may be readily accessed, without authorization, by a potential consumer and is provided as a means for enticing the consumer to pay for access to the secured data content.
  • the secured data 28 may be encrypted as a measure for preventing unauthorized access thereto. Locking and unlocking of the secured data 28 may be effected through a combination of symmetric key cryptography and public key cryptography techniques which are compliant with the United States data encryption standard (DES) .
  • a characteristic of symmetric cryptography is that the same key, K, is utilized in both the encipher ent and decipherment of data.
  • the public key cryptography is applied to encrypt key K uniquely for a specific consumer under a public key associated with that consumer.
  • a preferred embodiment of the secured data 28 consists of a plurality of contiguous blocks 30, labeled Bi, B2, B3, etc., each containing data encrypted by respective keys Ki, K2, K3, etc.
  • the secured data 28 is arranged on the storage medium 10 and the reader 12 operated such that consecutive blocks 30 may be retrieved sequentially by the reader 12.
  • the controller 14 comprises a processor 32 operating in conjunction with a memory 34, keypad 36, display 38, modem 40 and a combination of a secure card 42 with a corresponding card reader/writer 44.
  • the processor 32 functions, under the control of software stored in the memory 34, to receive data from the medium reader 12 and appropriately process the received data in order to unlock the secured (i.e., encrypted) data 28, subject to authorized and timed access, which data may then be provided via the reader 12 at output 20.
  • the memory 34 includes a data block (Bi) buffer 46, a block decryption key (Ki) buffer 48 and a decryption algorithm 50.
  • the B buffer 46 stores individual encrypted data blocks 30 of the secured data 28 for the decryption process.
  • the secure card 42 and reader/writer 44 are conventional devices. Smart cards and PCMCIA cards are examples of the secure card 42 which typically contain a processor, clock circuit and non-volatile memory. Furthermore, smart cards and PCMCIA cards are known to be equipped with security features to prevent access to and tampering with data in its memory.
  • the card reader/writer 44 is adapted to removably receive the secure card 40 and enables the processor 32 to communicate therewith.
  • the secure card 42 is programmed to provide a time of day (TOD) clock 52, a consumer identifier 54, a private key 55, a list 56 of authorization records and a block decryption key (Ki) generator 58.
  • the TOD clock 52 represents means for measuring time and is a well known capability consisting of a time clock and a date calendar, the settings for which may be password protected and either set online by the authorization center 16 or preset prior to issuance of the card 40 if it includes a battery cell whereby the clock circuit is constantly powered. Hence, the TOD clock 52 may not be altered by the consumer thereby ensuring compliance with the timed availability conditions for the secured content 28.
  • the consumer identifier 54 is effectively an account number by which a particular consumer is known at the authorization center 16.
  • the private key 54 may be a RSA (i.e., Rivest, Shamir and Adleman) key that is uniquely associated with the consumer and corresponds to a public key held at the authorization center 16, but the private key 54 is not known by the authorization center 16.
  • the list of authorization records 56 contains a separate record for each secured content to which access has already been authorized by the authorization center 16.
  • Each authorization record contains: the identifier 24 of the secured content 28 on storage medium 10; a start date and time at which access thereto may be enabled; an expiration date and time after which authorization lapses or is no longer in effect; a limit for usage; and a key K on which securing of the data content 28 was based.
  • the start and expiration dates and times define the window or period of timed availability during which access to the secured content 28 may be enabled.
  • the usage limit defines the number of accesses to the secured content that may be made during the window and typically is
  • the Ki generator 56 functions to generate a block decryption key Ki that is needed to decrypt the particular data block 30 stored in the Bi buffer 50.
  • Generation of the block decryption key Ki is effected for each data block 30, represented by Bi, and is based on a proprietary algorithm which accepts as input the key K retrieved from the authorization record for that secured content 28 and another value uniquely associated with that data block 30, such as, an indication of its position in the sequence for the contiguous data blocks 30.
  • Bi denotes the initial or first block 30 of secured data 28 and its corresponding decryption key K]_ is derived by the Ki generator 56 based on key K and a sequence indicator value of 1.
  • the sequence indicator may be encoded into each data block 30 or generated by the controller 14 which has an intimate knowledge of the physical arrangement of the storage medium 10 and the partitioning for its secured content 28.
  • the use of a plurality of key Ki, derivable from a single key K, to encrypt and decrypt corresponding blocks Bi of secured content provides an extra layer of security from potential attackers.
  • Ki for decrypting the content changes frequently (Ki, K2, K3, etc.) during the decryption process, if the attackers are not able to compromise the security features of the secure card 42 to extract key K and the algorithm for Ki generator 58 therefrom then it would be necessary to convey the entire sequence of Ki keys to others in order to gain unauthorized access to the secured content 28. For example, if a new 8 byte key is supplied every millisecond over the course of a two hour movie, there is a total 55 Mbytes of keys that must be provided to the unauthorized others.
  • the authorization center 16 is embodied by an online computer server 60, a database 62 and a workstation 64.
  • the server 60 functions to automatically accept incoming calls, process authorization requests and grant authorization where appropriate, and may provide a master clock 61 based on which the TOD clock 52 of the controller 14 may be set and controlled. It maintains in the database 62 a list of identifiers which correspond to the identifiers 24 of any secured content 28 that may have been distributed. Associated with each identifier is a control record defining availability conditions for the particular secured content 28.
  • the control record may include the key K from which the sequence of decrypting keys Ki needed for decryption of the secured content 28 are derived, premier date and time values, and a window definition having parameters for specifying: a time limit (i.e., number of days and/or hours) for which granted authorization is to be effective; a usage limit indicating whether a specific number, such as one, or unlimited use is authorized over the specified number of days; and a cost for the usage.
  • a plurality of window definitions which are applicable over respective chronological time periods may be employed in order to alter the parameters, such as cost and usage limit, over time.
  • the control record may include an absolute expiration date, after which authorized use of the secure content 28 will no longer be granted.
  • the server 60 also maintains in the database 62 a directory of identifiers for consumers and corresponding account records .
  • Each consumer account record contains a public key associated with the consumer, and an amount of prepaid funds or credit limit available in the account.
  • the workstation 64 operated by an attendant, interacts with the server 60 to provide manual assistance when needed for processing of an incoming call, to update certain records in the database 64, and it captures consumer identifiers together with secure content identifiers to generate statistical data whereby consumer usage and preferences may be tracked.
  • a consumer In operation, a consumer normally receives, in advance of a predetermined premier event date, a storage medium 10 having secured content 28, for instance, a DVD disk containing a movie production which is encrypted together with non-secured (non-encrypted) data 24 including a sample trailer and audio/visual instructions explaining particulars for access to the encrypted movie.
  • the consumer would apply the medium 10 (DVD disk) to the medium reader 12 and the output 20 thereof would be connected, in this particular context, to a television set or monitor of a home theater system.
  • the processor 32 of controller 14 forwards any non-encrypted video data received from the reader 12, without any processing of the that data, back to the reader 12 which in turn processes the data stream to generate appropriate analog video signals at its output 20, thereby allowing the consumer to access and view the trailer and instructions but not the actual movie. If interested in viewing the movie production, the consumer indicates this desire to the controller 14 by depressing an appropriate key on the keypad 36 which generates a corresponding signal that is received by the processor 32. Responsive thereto, the processor 32 first determines whether an authorization record already exists in the list 56 for the identifier 24 provided on the medium 10 and received from the reader 12.
  • the processor 32 utilizes the modem 40 to establish a connection through the PSTN 18, by dialing a specific 1-800 number, with the authorization center 16 whereby online communication with the server 60 may be effected.
  • the processor 32 transmits, via the modem 40, an authorization request message to the server 60.
  • the authorization request message includes the identifier 24 of movie production and the identifier 54 of the consumer which it retrieves, via reader/writer 44, from the secure card 42.
  • the server 60 at authorization center 16 utilizes the secured content identifier and the consumer identifier included in the authorization request message to retrieve, respectively, the corresponding control record and consumer account record which are stored in the database 62.
  • the server 60 applies the amount specified for cost of usage in the control record against the consumer's account and where sufficient funds or credits are present, subsequently generates an authorization granted message which the server 60 -transmits through the PSTN 18 to the controller 14.
  • the authorization granted message indicates: the identifier 24 of the secured content 28 to which access is now authorized; the start date and time at which access to the secured content (i.e., unlocking) may be enabled; the expiration date and time after which authorization lapses; the usage limit; and the key K which is encrypted, for security, by the server 60 under the public key of the consumer.
  • the entire content of the authorization granted message may be encrypted under the consumer's public key.
  • the start date and time values are the premier date and time values taken from the control record, and the expiration date and time values may be calculated from the start values plus a time limit offset which may be a predetermined default value, for example, twenty-four hours or the limit specified in the window definition.
  • the usage limit may be any value but normally is one for a premier event.
  • the start date and time values would be those current when the authorization request message is received in order to allow immediate access to the secured content 28, the expiration date and time being calculated therefrom using the time limit specified in the window definition of the control record.
  • the usage limit would be that specified in the control record.
  • An alternative to specifying the exact date/time of expiration is to instead specify a window (i.e., period) of time, such as one day or one week, during which use is authorized and which window is effective beginning on the specified start date.
  • the TOD clock 52 may, in this context, be employed as a means to measure time by counting down the units of time in the window until it is no longer valid.
  • the processor 32 of the controller 14 utilizes the secure card 42 to store the contents of the received authorization granted message as an authorization record in the list 56.
  • the processor 32 verifies when access thereto is requested by the consumer that such access is to be enabled by comparing the current date and time, supplied by TOD clock 52, to the start and expiration dates and times specified in the authorization record. When the start date and time are later than the present parameters, then the processor 32 will not attempt to decrypt the secured content 28. When the present date and time are later than the expiration parameters, again the processor 32 will not enable access to the secured content and also it will remove, via the reader/writer 44, that authorization record from the authorized list 56.
  • the processor on board the secure card 46 may be programmed to govern issuance of the decrypting keys Ki only when warranted by verifying the requested access does comply with the conditions of the authorization record, and it may monitor for authorization records which lapse to automatically delete same.
  • the processor 32 then proceeds with the decryption process whereby the secured content 28 is unlocked.
  • decrypting keys Ki requires the secure card 42 first to decrypt encrypted key K, retrieved from the authorization record, using the private key 55.
  • the Ki generator 58 then utilizes the decrypted key K and the sequence indicator value to generate the successive decrypting keys Ki each being provided sequentially to the processor 32 as needed.
  • the processor 32 continues with the decryption process by retrieving, via the medium reader 12, each encrypted data block 30 beginning with block Bi which is stored in Bi buffer 48 and, via card the reader/write 44, each decrypting key Ki beginning with key Ki which is stored B x buffer 48. Then the processor 32 applies the decryption algorithm 46 together with the key m K x buffer 48 to the encrypted data in B x buffer 50 thereby effecting decryption of that data block and the decrypted data is provided at output 20. The processor 32 repeats these steps for each block 30 of the secured content 28.
  • Another embodiment of the apparatus, m accordance with the invention, to unlock secured data of a storage medium dependent upon timed availability is illustrated in Figure 3.
  • the content of the storage medium 70 includes, as visually represented by reference 72, control data 74 in addition to the content identifier 76, the non-secured data 78 and the secured data 79.
  • the control data 74 may comprise premier date and time values 80 with associated cost 81, window definition parameters specifying a time limit 82, usage limit 83 and cost 84 subsequent to premier event, and an absolute expiration date 85 after which access to the secured content will not be granted.
  • the secure card 88 is programmed to provide the TOD clock 90 and as well maintain an amount of funds 91 prepaid by the consumer, a list 92 of authorized access records and a decryption key 93.
  • the amount of prepaid funds 91 may be adjusted m return for receiving monetary compensation and the particular decryption key 93 updated periodically, for instance, by an authorization center (not shown) which the consumer may visit for manual updating of these values or through an automatic online process.
  • the processor 94 To unlock the secured content 88, the processor 94 provides the content identifier 76 and control data 74, via the reader/writer 89, to the secure card 88 which in turn performs authorization processing.
  • the secure card 88 first determines whether an authorization record exits in the list 92 correspondmg to the identifier 76. When an authorization record does not exist, the processor 94 then determines the start and expiration times/dates based on the TOD clock 90 which together with the usage limit 83 defined a new authorization record that is added to the list 92.
  • the prepaid funds 91 is decrement by the appropriate amount, either cost 75 or 78 as specified in the control data 74, which is applicable under the present access context.
  • the processor 94 When the TOD clock 90 indicates the current date as being subsequent to the absolute expiration date 85 specified on the storage medium 70, the processor 94 will not authorize access to the secured content 79. Following determination that an authorization record does exist or the addition of a new record if not, the secure card 88 next confirms that access to the particular secured content is valid in respect of the present date and time, responsive to which it either provides or refuses to provide the decryption key 93 to the processor 94. Upon receiving the decryption key 93 from the secure card 88, the processor 94 stores it in key buffer 95 of local memory 96 and applies it together with decryption algorithm 97 to the encrypted data received from the reader 98.
  • the decrypted data is provided to the medium reader 98 for further processing, if appropriate, and then made accessible at output 99.
  • the secure card 88 updates the authorization record upon the consumer accessing the secured data and when an authorization record is no longer valid, namely when the expiration date has passed or the usage limit has been reached, that record is deleted from the authorization list 92.
  • the system constitutes a conventional multimedia workstation comprising a personal computer 100 which is equipped with a CD-ROM reader 102 and a modem 104.
  • the computer 100 may be programmed with an appropriate content retrieval application, identified by reference 106, that is adapted to control access to the content of a CD-ROM 108 (or other electronic media) according to time based control marks also stored on the CD-ROM 108 to provide the effect of locking and unlocking the content at specific times.
  • the content of the CD-ROM 108 may be partitioned into two classes of offering, namely basic content and premier content, and time based delivery of the CD-ROM content can be implemented by utilizing the clock of the personal computer 100.
  • the basic content provided on the CD-ROM 108 may be considered a global offering to which a consumer may have unlimited access, for instance, simply for a subscription fee prior to receiving the CD-ROM 108.
  • the basic content is not necessarily encrypted.
  • the basic content may include multiple portions of data such as various segments, information or applications, which may each be associated with a start date/time and optionally an expiration date/time and to which the retrieval application 106 will enable access by the consumer at the start time and subsequently inhibit access following the termination time. This technique may be used to unlock new content on particular days or on a surprise basis thereby extending consumer interest in the CD-ROM 108.
  • new content, premier events, serials, cliffhangers, programs which branch off the prior days programs, celebrations, grand openings, prizes and birthdays may be programmed to open at specific times, announced or unannounced.
  • content forming part of the basic offering may be also locked back up once it has been unlocked so that if the consumer does not make use of the CD-ROM 108 between the start and expiration times of the particular content then it is missed.
  • An example is to unlock a clue or hint for assistance in solving a puzzle for an hour on a certain day. If the consumer is viewing the CD-ROM 108 during that hour, he/she will see the clue or otherwise it is lost.
  • the CD-ROM 108 may also offer a premium track.
  • the premium content is locked up, access thereto being controlled by the retrieval application 106 and it may be accessed on a pay-per-use basis also with time based delivery.
  • Authorization to access the premier content may be obtained via online, using modem 104, through a remote authorization center.
  • Authorization records may be stored within the personal computer 100 and securely managed by the retrieval application 106 so that the consumer may not access these records, thereby effecting a virtual smart card.
  • the virtual smart card may be characterized as a region of memory and software in the personal computer 100 which region is protected and accessed only remotely by the authorization center.
  • Authorization is granted upon the consumer paying a fee for use of the premium content.
  • the premier content is encrypted for extra security and granted authorization includes providing the user with a description key.
  • the premier content may be accessed by retrieving keys embedded in the basic offering, for example, by finding or earning keys from playing a game or puzzle.
  • the retrieval application 106 executed by the computer 100 functions to control access to the data content of the storage medium, namely CD-ROM 108.
  • the retrieval application 106 reads the indicated start time and compares it to the measured time provided by the computer's internal clock. If the measured time is earlier than the indicated start time then the retrieval application will not enable access to that data content in effect locking it from the us-er.
  • the retrieval application 106 When the measured time is subsequent to the start time, access to the data content is allowed by the retrieval application 106 whereby the data may be output to a further computer application for its use and hence the data is unlocked.
  • the retrieval application 106 will inhibit access thereto when the measured time reaches the expiration time by not providing the data to the further computer application, thereby locking the content once again.
  • a possible variant is to incorporate a single set of control data into the memory of the controller whereby the control data may be applied as the default timed availability conditions to unlocking of all secured content.
  • Another variant is to build a secure memory and secure TOD clock directly into the controller as a substitute to utilizing the combination of a secure card and card reader/writer.
  • a yet further variant is to have the consumer manually carry out the authorization request and grant process by placing a voice call to the authorization center and interact either with an automated or human attendant to obtain an authorization code, encoded into which would be the decryption key and which may then be entered manually at the controller though the keypad.

Abstract

A service methodology for time-based availability to content (28), such as, movies, music, games, information and the like, provisioned on a storage medium (10) whereby revenu may be generated for premier and pay-per-use access to the content. The service is manifested by the combination of a video disk reader (20), controller (14) and authorization center (16). A service provider, for instance, locks up a movie on a video disk for which a premier event viewing date and time may be defined and which the provider may then directly distribute, in advance of the premier event, to potential consumers. Each consumer may purchase the right to view the movie once for a certain fee, for example $5.00, through online access from the controller (14) to the authorization center (16), but the single viewing will only be allowed by the controller on or after the premier event. Thereafter, the consumer pays for viewing of the movie on a pay-per-use basis or over a defined window of time, perhaps for reduced fee, such as $1.00. Moreover, the online authorization process makes it possible to track consumer preferences at the authorization center, and as an alternative to the online payment processing, smart cards (88) may be utilized for such.

Description

Time-Based availability of data on a storage medium
Background Of The Invention The present invention relates, generally, to distribution of prerecorded content and, in particular, to a method and an apparatus for enabling access, dependent upon timed availability, to the secured content provisioned on a storage medium.
It is known to distribute in bulk (i.e., mass distribution) software packages. Such packages generally comprise a software application in encrypted format on a CD-ROM which is distributed in advance to potential consumers who would either have none or limited use of the software application. Each consumer desiring full use or access thereto typically is required to place a voice call to a 1-800 number and purchase, via credit card, from the distributor a password (decryption) key that is capable of unlocking the encrypted software. A decryption utility which is supplied with the package and executed by the consumer on a personal computer prompts for the key, responsive to which the consumer enters the key and subsequently is allowed to copy the software application onto a disk. Alternatively, the software package may execute functionality to invoke an online connection, when the computer includes a modem, with an automated authorization center from which the key may be downloaded to the computer.
The above distribution technique is limited in its ability to generate revenue from the software package, specifically, to receipt of a single payment for unrestricted use of the software application.
In United States patents Nos. 4,827,508 to Shear and 5,010,571 to Katznelson, systems for metering access to encrypted data in the form of a database provisioned on a CD-ROM are disclosed. Briefly, in Shear or Katznelson, a CD-ROM containing an encrypted database of interest to a user is distributed typically at nominal cost or at no cost. The user terminal includes a CD-ROM reader, and a remote cryptographic control unit which is provided with stored cryptographic keys needed to access to the database. The amount of actual data use, i.e. the retrieval and decryption of data from the CD-ROM, is metered locally and recorded as a stored data usage record. The charge for data access may be either in accordance with the amount of data decrypted, or in accordance with price information recorded in the respective data headers of each individual data packet.
The local stored data usage record is reported by telephone modem from the remote user terminal to a cryptographic operations center. Each remote cryptographic control unit has a stored user secret key, unique to that user terminal. Communication between the user terminal and the cryptographic operations center is protected by encryption under the user secret key, which is stored in a secure memory in the cryptographic control unit. The user secret key for each user is also stored in the cryptographic operations center. When a remote user terminal calls in and identifies itself, the cryptographic operations center looks up the corresponding user secret cryptographic user key, which is then used to secure the subsequent communication data exchange between the remote user terminal and the cryptographic operations center.
Also stored in the cryptographic operations center are the various cryptographic keys corresponding to the available CD-ROM database titles. The user secret key is also used to secure the delivery of secret database keys from the cryptographic operations center to the user terminal for a desired CD-ROM database. After the data usage report is successfully uploaded to the cryptographic operations center, the user is then billed for the actual database usage based on the content of the uploaded data usage report. Thus, rather than being required to purchase an entire CD-ROM database, the user pays only for the amount of data actually used or decrypted from the CD-ROM. It is, therefore, apparent that more flexible and alternative capabilities to unlock secured prerecorded content whereby revenue generation from distribution thereof is expanded are desirable. Shear or Katznelson provide such capabilities on the basis of measuring actual use of the content. Capabilities based on timed availability to the secured content is a further alternative.
Summary Of The Invention It is an object of the present invention to provide a new and improved method and apparatus for enabling access, dependent upon timed availability, to content provisioned on a storage medium.
The invention, therefore, according to a first broad aspect provides A method of controlling access to a data content of a storage medium, comprising the steps of: defining a start point in time prior to which access to the data content is to be inhibited; measuring time; enabling, responsive to the measured time effectively reaching the start point, access to the data content.
In accordance with a second broad aspect, the invention provides an apparatus for controlling access by a user to content of a storage medium, the medium being readable by a corresponding medium reader from which the apparatus is adapted to receive the content, comprising: means for defining a start point in time prior to which access to the data content is to be inhibited; means for measuring time; means for enabling, responsive to the measured time effectively reaching the start point, access to the data content.
A particular embodiment includes a local secure authorization clock which is set and controlled by an authorization center having a master clock. The local clock is secure in that its setting may not be altered by the consumer.
The invention manifests a novel service methodology based on distribution of prerecorded content, such as, movies, music, games, information and the like, whereby revenue may be generated for premier and pay-per¬ use access to the content. A service provider, for instance, locks up a movie on a video disk for which a premier event viewing date and time may be defined and which the provider may then directly distribute, in advance of the premier event, to potential consumers. Each consumer may purchase the right to view the movie once for a certain fee, for example $5.00, through online access to an authorization center, but the single viewing (i.e., unlocking) will only be allowed on or after the premier event time. Thereafter, the consumer pays for viewing of the movie either on a pay-per-use basis or over a defined window of time, and perhaps for reduced fee such as $1.00. Moreover, the online authorization process makes it possible to track consumer preferences. As an alternative to the online payment processing, smart cards may be utilized for such.
This service creates premier events at a set date and time as well as for subsequent pay-per-view enjoyment of prerecorded movies, music, information, communications, and other electronic entertainment. The service may employ online capabilities to create new distribution options for digital video disk (DVD) , CD-ROM, CD, multimedia games and other electronic media. Also, the service authorizes, controls, tracks and creates new billing options for premier events and pay-per view from the prerecorded content.
A particular system for carrying out the service may include a non-alterable, non-volatile read only control data recorded on the DVD, CD-ROM, CD, game cartridges and other electronic media. The control data may provide a content description, start, expiration and other option control marks. The control marks identify the contents and allow synchronization of event start and expiration times, and billing options. A master clock is controlled by an authorization center. A secure authorization clock, set and controlled by the authorization center, is coupled to the consumer's DVD player, PC, CD player, game machine, external modem controller, smart card or PC card. The authorization clock is password protected and not alterable by the consumer. An online authorization process may be implemented which utilizes an authorization window, passwords, and the master and secure authorization clocks to set the start time for the premier event, and also set an expiration date/time if desired. Locking and unlocking of content provisioned on a storage medium, in its simplest form, constitutes enabling and inhibiting access to the content in accordance with defined time based availability control conditions. Preferably, the content is locked through encryption for more security and unlocking requires decryption of the encrypted data content.
Furthermore, the service creates many distribution and billing options. For example, in advance of viewing premier, a movie could be distributed on a DVD disk via courier, authorized at a convenient for the consumer during the authorization window in advance of the premier event but not viewed until the date and time of the regional, national or world premier event. Another example, a music video or multimedia game could be distributed on CD or CD-ROM in advance for a world premier on the event date with the option of live online interaction. Additional post premier event viewing could be authorized, tracked and billed via a number of commercial options. Content of a storage medium may be partitioned into two classes of offering, namely basic content and premier content. The basic content is a global offering to which unlimited access may be allowed, for instance, on payment of a subscription fee. To maintain interest of users in the basic content, a technique is to unlock new content each day or on a surprise basis. New content, premier events, serials, cliffhangers, programs which branch off of the prior days programs, celebrations, grand openings, prizes and birthdays, all may be controlled to unlock at a specific time announced or unannounced. This content may also be locked back up after it has been opened so if the user does not come back on time, the content is missed. The premier content is locked up and may only be accessed on a pay-per-use basis.
Brief Description Of The Drawings The invention will be better understood from the following description in conjunction with reference to the accompanying drawings, in which:
Figure 1 is a block diagram representation of a first embodiment of an apparatus for unlocking, dependent upon timed availability, a secured content provisioned on a storage medium;
Figure 2 is a time line chart exemplifying the methodology, in accordance with the invention, for timed availability to content provisioned on the storage medium; Figure 3 is a block diagram of another embodiment of the apparatus to unlock the secured content; and
Figure 4 illustrates yet another embodiment of apparatus that enables access to content in accordance with time based control conditions.
Detailed Description Referring to Figure 1, depicted for illustration of one embodiment of the present invention is a storage medium 10 and corresponding medium reader 12 which is coupled to a controller 14. Located remotely from the controller 14 is an authorization center 16 to which the controller 14 may establish a communication connection, for example, via a public switched telephone network (PSTN) 18 or other communications link. The storage medium 10 may be provisioned with a data content which is secured in that the data may not be readily accessed or used. Access to the content is allowed according to defined time based availability conditions and, in this embodiment, prior authorization is required. The reader 12 is adapted to receive the storage medium 10, the data content from which it retrieves and provides to the controller 14 which in turn functions to unlock the secured data. Unlocking is enabled when the controller 14 is authorized to do so by the authorization center 16 and associated with the authorization may be a time period only during which the unlocking is effected. The unlocked data from the controller 14 may be passed back to the medium reader 12 for further processing, if required, and then accessed at output 20 for utilization by a further device (not shown) . As the storage medium 10 contains a secured data content, it may be first distributed in bulk to potential consumers each of whom must subsequently receive authorization in order to access the secured content. Now having regard to Figures 1 and 2 together, illustrated in Figure 2 is a time line chart to exemplify various timed availability schemes, in accordance with the present invention, that may be implemented by the apparatus of Figure 1. One such scheme is to not allow access to the secured contents of the storage medium 10, having been distributed in advance, until a predetermined date and time. This scheme is otherwise referred to herein as a "premier event" type availability of the secured contents. For instance, a consumer may receive the storage medium 10 at time TO after which there exists a time window WO within which the consumer may, via the controller 14 and PSTN 18 in this particular embodiment, communicate with the authorization center 16 to request and subsequently receive authorization to access the contents of the storage medium 10. This process of requesting and receiving authorization is represented by the arrow at time Tl . Authorization normally is granted on receiving payment from the consumer, in- this case, for the requested premier event usage. The controller 14, however, will not enable access to the secured content until the date and time, represented by T2, which is associated with the premier event. Following time T2, a second timed availability scheme is exemplified wherein the consumer requests authorization from the center 16 and receives same m return for payment at time T3, whereby another time window Wl is initiated. The payment for authorization at T3 may be less than that for the premier event made at Tl. During window Wl, the consumer may be allowed unlimited use of the content on the storage medium 10, as represented by times T4 and T5. This authorization is terminated following expiry of window Wl and thereafter is another window W2 which is initiated by the consumer requesting and receiving authorization at T6, in order to again access the secured content, at T7. A further scheme is to vary the lengths of successive windows, for instance, from one week, to one month and possibly indefinitely. Moreover, only a single use of the content may be allowed which use must occur withm the authorized window. It is also possible to implement a combination of the above timed availability schemes, such as, defining a first window during which only single usage is authorized and thereafter defining a succession of windows which begin with a specified number of allowed uses and gradually increase the allowed number over consecutive windows to eventually allow unlimited access. A yet further variant is to provide an absolute expiration date, indicated at time T8, after which it will not be possible to access the secured content thereby effectively removing or withdrawing it from the commercial market. Although the consumer will still have possession of the actual storage medium, on and after time T8 unlocking of the secured content will not be authorized. Turning back to Figure 1 only, the storage medium
10 and its data content are intended to be representative of conventional electronic media and content, for example, a compact disk (CD) encoded with a musical data content, a CD-ROM holding computer usable data, a cartridge having video game data, and the like. The preferred storage medium 10 is a digital video disk (DVD) which is capable of holding approximately two movie hours or five gigabytes of data on each side thereof. Moreover, the DVD standard serves as video, CD-ROM, CD and data distribution and consequently a single DVD reader may be utilized in various applications. The data content, visually represented by reference 22, of the storage medium 10 may include an identifier 24 and non-secured data 26 in addition to secured data 28. The identifier 24 is, for example, a serial number that may be utilized in the authorization process to identify the particular secured data 28 to which access is desired. The non-secured data 24 constitutes a "free" sampling of the secured data 28 as it may be readily accessed, without authorization, by a potential consumer and is provided as a means for enticing the consumer to pay for access to the secured data content.
The secured data 28 may be encrypted as a measure for preventing unauthorized access thereto. Locking and unlocking of the secured data 28 may be effected through a combination of symmetric key cryptography and public key cryptography techniques which are compliant with the United States data encryption standard (DES) . A characteristic of symmetric cryptography is that the same key, K, is utilized in both the encipher ent and decipherment of data. The public key cryptography is applied to encrypt key K uniquely for a specific consumer under a public key associated with that consumer. A preferred embodiment of the secured data 28 consists of a plurality of contiguous blocks 30, labeled Bi, B2, B3, etc., each containing data encrypted by respective keys Ki, K2, K3, etc. The secured data 28 is arranged on the storage medium 10 and the reader 12 operated such that consecutive blocks 30 may be retrieved sequentially by the reader 12. The application of- combined symmetric key and public key cryptography to the present invention is described in more detail below. The controller 14 comprises a processor 32 operating in conjunction with a memory 34, keypad 36, display 38, modem 40 and a combination of a secure card 42 with a corresponding card reader/writer 44. The processor 32 functions, under the control of software stored in the memory 34, to receive data from the medium reader 12 and appropriately process the received data in order to unlock the secured (i.e., encrypted) data 28, subject to authorized and timed access, which data may then be provided via the reader 12 at output 20. The memory 34 includes a data block (Bi) buffer 46, a block decryption key (Ki) buffer 48 and a decryption algorithm 50. The B buffer 46 stores individual encrypted data blocks 30 of the secured data 28 for the decryption process. The Ki buffer
48 stores a respective symmetric key which corresponds to a particular data block 30 in the Bi buffer 46 and is applied with algorithm 50 by processor 32 to decrypt (i.e., unlock) that encrypted data block. The keypad 36 and the display 38 constitute means by which a user may interact with the controller 14, and the modem 40 provides an interface to the PSTN 18 whereby the processor 32 may communicate with the authorization center 16. The secure card 42 and reader/writer 44 are conventional devices. Smart cards and PCMCIA cards are examples of the secure card 42 which typically contain a processor, clock circuit and non-volatile memory. Furthermore, smart cards and PCMCIA cards are known to be equipped with security features to prevent access to and tampering with data in its memory. The card reader/writer 44 is adapted to removably receive the secure card 40 and enables the processor 32 to communicate therewith.
In this particular embodiment of the controller 14, the secure card 42 is programmed to provide a time of day (TOD) clock 52, a consumer identifier 54, a private key 55, a list 56 of authorization records and a block decryption key (Ki) generator 58. The TOD clock 52 represents means for measuring time and is a well known capability consisting of a time clock and a date calendar, the settings for which may be password protected and either set online by the authorization center 16 or preset prior to issuance of the card 40 if it includes a battery cell whereby the clock circuit is constantly powered. Hence, the TOD clock 52 may not be altered by the consumer thereby ensuring compliance with the timed availability conditions for the secured content 28. The consumer identifier 54 is effectively an account number by which a particular consumer is known at the authorization center 16. The private key 54 may be a RSA (i.e., Rivest, Shamir and Adleman) key that is uniquely associated with the consumer and corresponds to a public key held at the authorization center 16, but the private key 54 is not known by the authorization center 16. The list of authorization records 56 contains a separate record for each secured content to which access has already been authorized by the authorization center 16. Each authorization record contains: the identifier 24 of the secured content 28 on storage medium 10; a start date and time at which access thereto may be enabled; an expiration date and time after which authorization lapses or is no longer in effect; a limit for usage; and a key K on which securing of the data content 28 was based. The start and expiration dates and times define the window or period of timed availability during which access to the secured content 28 may be enabled. The usage limit defines the number of accesses to the secured content that may be made during the window and typically is either one or unlimited.
The Ki generator 56 functions to generate a block decryption key Ki that is needed to decrypt the particular data block 30 stored in the Bi buffer 50. Generation of the block decryption key Ki is effected for each data block 30, represented by Bi, and is based on a proprietary algorithm which accepts as input the key K retrieved from the authorization record for that secured content 28 and another value uniquely associated with that data block 30, such as, an indication of its position in the sequence for the contiguous data blocks 30. For example, Bi denotes the initial or first block 30 of secured data 28 and its corresponding decryption key K]_ is derived by the Ki generator 56 based on key K and a sequence indicator value of 1. The sequence indicator may be encoded into each data block 30 or generated by the controller 14 which has an intimate knowledge of the physical arrangement of the storage medium 10 and the partitioning for its secured content 28. The use of a plurality of key Ki, derivable from a single key K, to encrypt and decrypt corresponding blocks Bi of secured content provides an extra layer of security from potential attackers. As the key Ki for decrypting the content changes frequently (Ki, K2, K3, etc.) during the decryption process, if the attackers are not able to compromise the security features of the secure card 42 to extract key K and the algorithm for Ki generator 58 therefrom then it would be necessary to convey the entire sequence of Ki keys to others in order to gain unauthorized access to the secured content 28. For example, if a new 8 byte key is supplied every millisecond over the course of a two hour movie, there is a total 55 Mbytes of keys that must be provided to the unauthorized others.
The authorization center 16 is embodied by an online computer server 60, a database 62 and a workstation 64. The server 60 functions to automatically accept incoming calls, process authorization requests and grant authorization where appropriate, and may provide a master clock 61 based on which the TOD clock 52 of the controller 14 may be set and controlled. It maintains in the database 62 a list of identifiers which correspond to the identifiers 24 of any secured content 28 that may have been distributed. Associated with each identifier is a control record defining availability conditions for the particular secured content 28. The control record may include the key K from which the sequence of decrypting keys Ki needed for decryption of the secured content 28 are derived, premier date and time values, and a window definition having parameters for specifying: a time limit (i.e., number of days and/or hours) for which granted authorization is to be effective; a usage limit indicating whether a specific number, such as one, or unlimited use is authorized over the specified number of days; and a cost for the usage. Alternatively, a plurality of window definitions which are applicable over respective chronological time periods may be employed in order to alter the parameters, such as cost and usage limit, over time. Furthermore, the control record may include an absolute expiration date, after which authorized use of the secure content 28 will no longer be granted.
The server 60 also maintains in the database 62 a directory of identifiers for consumers and corresponding account records . Each consumer account record contains a public key associated with the consumer, and an amount of prepaid funds or credit limit available in the account. The workstation 64, operated by an attendant, interacts with the server 60 to provide manual assistance when needed for processing of an incoming call, to update certain records in the database 64, and it captures consumer identifiers together with secure content identifiers to generate statistical data whereby consumer usage and preferences may be tracked. In operation, a consumer normally receives, in advance of a predetermined premier event date, a storage medium 10 having secured content 28, for instance, a DVD disk containing a movie production which is encrypted together with non-secured (non-encrypted) data 24 including a sample trailer and audio/visual instructions explaining particulars for access to the encrypted movie. The consumer would apply the medium 10 (DVD disk) to the medium reader 12 and the output 20 thereof would be connected, in this particular context, to a television set or monitor of a home theater system. The processor 32 of controller 14 forwards any non-encrypted video data received from the reader 12, without any processing of the that data, back to the reader 12 which in turn processes the data stream to generate appropriate analog video signals at its output 20, thereby allowing the consumer to access and view the trailer and instructions but not the actual movie. If interested in viewing the movie production, the consumer indicates this desire to the controller 14 by depressing an appropriate key on the keypad 36 which generates a corresponding signal that is received by the processor 32. Responsive thereto, the processor 32 first determines whether an authorization record already exists in the list 56 for the identifier 24 provided on the medium 10 and received from the reader 12.
Assuming in this instance that authorized access to the secured content 28 had not been previously requested and granted, the processor 32 utilizes the modem 40 to establish a connection through the PSTN 18, by dialing a specific 1-800 number, with the authorization center 16 whereby online communication with the server 60 may be effected. The processor 32 transmits, via the modem 40, an authorization request message to the server 60. The authorization request message includes the identifier 24 of movie production and the identifier 54 of the consumer which it retrieves, via reader/writer 44, from the secure card 42. The server 60 at authorization center 16 utilizes the secured content identifier and the consumer identifier included in the authorization request message to retrieve, respectively, the corresponding control record and consumer account record which are stored in the database 62. The server 60 applies the amount specified for cost of usage in the control record against the consumer's account and where sufficient funds or credits are present, subsequently generates an authorization granted message which the server 60 -transmits through the PSTN 18 to the controller 14. The authorization granted message indicates: the identifier 24 of the secured content 28 to which access is now authorized; the start date and time at which access to the secured content (i.e., unlocking) may be enabled; the expiration date and time after which authorization lapses; the usage limit; and the key K which is encrypted, for security, by the server 60 under the public key of the consumer. Alternatively, the entire content of the authorization granted message may be encrypted under the consumer's public key. In connection with a premier event, the start date and time values are the premier date and time values taken from the control record, and the expiration date and time values may be calculated from the start values plus a time limit offset which may be a predetermined default value, for example, twenty-four hours or the limit specified in the window definition. The usage limit may be any value but normally is one for a premier event. For authorizations following the premier event, the start date and time values would be those current when the authorization request message is received in order to allow immediate access to the secured content 28, the expiration date and time being calculated therefrom using the time limit specified in the window definition of the control record. The usage limit would be that specified in the control record. An alternative to specifying the exact date/time of expiration is to instead specify a window (i.e., period) of time, such as one day or one week, during which use is authorized and which window is effective beginning on the specified start date. The TOD clock 52 may, in this context, be employed as a means to measure time by counting down the units of time in the window until it is no longer valid. The processor 32 of the controller 14 utilizes the secure card 42 to store the contents of the received authorization granted message as an authorization record in the list 56.
In respect of secured content 28 for which an authorization record does exist in the authorization list 56, the processor 32 verifies when access thereto is requested by the consumer that such access is to be enabled by comparing the current date and time, supplied by TOD clock 52, to the start and expiration dates and times specified in the authorization record. When the start date and time are later than the present parameters, then the processor 32 will not attempt to decrypt the secured content 28. When the present date and time are later than the expiration parameters, again the processor 32 will not enable access to the secured content and also it will remove, via the reader/writer 44, that authorization record from the authorized list 56. Alternatively, the processor on board the secure card 46 may be programmed to govern issuance of the decrypting keys Ki only when warranted by verifying the requested access does comply with the conditions of the authorization record, and it may monitor for authorization records which lapse to automatically delete same. When the current date and time are within the start and expiration dates and times of the authorization record, the processor 32 then proceeds with the decryption process whereby the secured content 28 is unlocked. Such involves the processor 32 providing a sequence indicator value of one to the Ki generator 58 which then initiates generation of decrypting keys Ki beginning with Ki that corresponds to the first block 30 (Bi) of secured content 28 and continuous, unless interrupted by the processor 32, to automatically generate successive keys thereafter, namely K2, K3, etc., knowing that the encrypted data blocks
30 are retrieved sequentially. The generation of decrypting keys Ki requires the secure card 42 first to decrypt encrypted key K, retrieved from the authorization record, using the private key 55. The Ki generator 58 then utilizes the decrypted key K and the sequence indicator value to generate the successive decrypting keys Ki each being provided sequentially to the processor 32 as needed.
The processor 32 continues with the decryption process by retrieving, via the medium reader 12, each encrypted data block 30 beginning with block Bi which is stored in Bi buffer 48 and, via card the reader/write 44, each decrypting key Ki beginning with key Ki which is stored Bx buffer 48. Then the processor 32 applies the decryption algorithm 46 together with the key m Kx buffer 48 to the encrypted data in Bx buffer 50 thereby effecting decryption of that data block and the decrypted data is provided at output 20. The processor 32 repeats these steps for each block 30 of the secured content 28. Another embodiment of the apparatus, m accordance with the invention, to unlock secured data of a storage medium dependent upon timed availability is illustrated in Figure 3. The content of the storage medium 70 includes, as visually represented by reference 72, control data 74 in addition to the content identifier 76, the non-secured data 78 and the secured data 79. The control data 74 may comprise premier date and time values 80 with associated cost 81, window definition parameters specifying a time limit 82, usage limit 83 and cost 84 subsequent to premier event, and an absolute expiration date 85 after which access to the secured content will not be granted. Furthermore, this embodiment of the controller 86 the secure card 88 is programmed to provide the TOD clock 90 and as well maintain an amount of funds 91 prepaid by the consumer, a list 92 of authorized access records and a decryption key 93. The amount of prepaid funds 91 may be adjusted m return for receiving monetary compensation and the particular decryption key 93 updated periodically, for instance, by an authorization center (not shown) which the consumer may visit for manual updating of these values or through an automatic online process.
To unlock the secured content 88, the processor 94 provides the content identifier 76 and control data 74, via the reader/writer 89, to the secure card 88 which in turn performs authorization processing. The secure card 88 first determines whether an authorization record exits in the list 92 correspondmg to the identifier 76. When an authorization record does not exist, the processor 94 then determines the start and expiration times/dates based on the TOD clock 90 which together with the usage limit 83 defined a new authorization record that is added to the list 92. The prepaid funds 91 is decrement by the appropriate amount, either cost 75 or 78 as specified in the control data 74, which is applicable under the present access context. When the TOD clock 90 indicates the current date as being subsequent to the absolute expiration date 85 specified on the storage medium 70, the processor 94 will not authorize access to the secured content 79. Following determination that an authorization record does exist or the addition of a new record if not, the secure card 88 next confirms that access to the particular secured content is valid in respect of the present date and time, responsive to which it either provides or refuses to provide the decryption key 93 to the processor 94. Upon receiving the decryption key 93 from the secure card 88, the processor 94 stores it in key buffer 95 of local memory 96 and applies it together with decryption algorithm 97 to the encrypted data received from the reader 98. The decrypted data is provided to the medium reader 98 for further processing, if appropriate, and then made accessible at output 99. The secure card 88 updates the authorization record upon the consumer accessing the secured data and when an authorization record is no longer valid, namely when the expiration date has passed or the usage limit has been reached, that record is deleted from the authorization list 92.
Turning now to Figure 4, illustrated is yet another embodiment for a system implementing the time based availability methodology, in accordance with the present invention, to content of a storage medium. The system constitutes a conventional multimedia workstation comprising a personal computer 100 which is equipped with a CD-ROM reader 102 and a modem 104. The computer 100 may be programmed with an appropriate content retrieval application, identified by reference 106, that is adapted to control access to the content of a CD-ROM 108 (or other electronic media) according to time based control marks also stored on the CD-ROM 108 to provide the effect of locking and unlocking the content at specific times. The content of the CD-ROM 108 may be partitioned into two classes of offering, namely basic content and premier content, and time based delivery of the CD-ROM content can be implemented by utilizing the clock of the personal computer 100.
The basic content provided on the CD-ROM 108 may be considered a global offering to which a consumer may have unlimited access, for instance, simply for a subscription fee prior to receiving the CD-ROM 108. The basic content is not necessarily encrypted. As a technique to maintain interest of the consumer in the particular CD- ROM, the basic content may include multiple portions of data such as various segments, information or applications, which may each be associated with a start date/time and optionally an expiration date/time and to which the retrieval application 106 will enable access by the consumer at the start time and subsequently inhibit access following the termination time. This technique may be used to unlock new content on particular days or on a surprise basis thereby extending consumer interest in the CD-ROM 108. For example, new content, premier events, serials, cliffhangers, programs which branch off the prior days programs, celebrations, grand openings, prizes and birthdays may be programmed to open at specific times, announced or unannounced. Furthermore, content forming part of the basic offering may be also locked back up once it has been unlocked so that if the consumer does not make use of the CD-ROM 108 between the start and expiration times of the particular content then it is missed. An example is to unlock a clue or hint for assistance in solving a puzzle for an hour on a certain day. If the consumer is viewing the CD-ROM 108 during that hour, he/she will see the clue or otherwise it is lost. While the basic offering is loaded with time based content as discussed above, the CD-ROM 108 may also offer a premium track. The premium content is locked up, access thereto being controlled by the retrieval application 106 and it may be accessed on a pay-per-use basis also with time based delivery. Authorization to access the premier content may be obtained via online, using modem 104, through a remote authorization center. Authorization records may be stored within the personal computer 100 and securely managed by the retrieval application 106 so that the consumer may not access these records, thereby effecting a virtual smart card. The virtual smart card may be characterized as a region of memory and software in the personal computer 100 which region is protected and accessed only remotely by the authorization center. Authorization is granted upon the consumer paying a fee for use of the premium content. The premier content is encrypted for extra security and granted authorization includes providing the user with a description key. Alternatively, the premier content may be accessed by retrieving keys embedded in the basic offering, for example, by finding or earning keys from playing a game or puzzle.
The retrieval application 106 executed by the computer 100 functions to control access to the data content of the storage medium, namely CD-ROM 108. For a data content having time control marks, the retrieval application 106 reads the indicated start time and compares it to the measured time provided by the computer's internal clock. If the measured time is earlier than the indicated start time then the retrieval application will not enable access to that data content in effect locking it from the us-er. When the measured time is subsequent to the start time, access to the data content is allowed by the retrieval application 106 whereby the data may be output to a further computer application for its use and hence the data is unlocked. Moreover, in instances where the data content has an expiration time indicated the retrieval application 106 will inhibit access thereto when the measured time reaches the expiration time by not providing the data to the further computer application, thereby locking the content once again.
Although the above embodiments describe attaching control conditions to a particular content, it should be apparent to a skilled artisan that a possible variant is to incorporate a single set of control data into the memory of the controller whereby the control data may be applied as the default timed availability conditions to unlocking of all secured content. Another variant is to build a secure memory and secure TOD clock directly into the controller as a substitute to utilizing the combination of a secure card and card reader/writer. A yet further variant is to have the consumer manually carry out the authorization request and grant process by placing a voice call to the authorization center and interact either with an automated or human attendant to obtain an authorization code, encoded into which would be the decryption key and which may then be entered manually at the controller though the keypad.
Those skilled in the art will recognize that these and other modifications and changes could be made to the invention without departing from the spirit and scope thereof. It should therefore be understood that the claims are not to be considered as being limited to the precise embodiments set forth above, in the absence of specific limitations directed to each embodiment.

Claims

I CLAIM :
1. A method of controlling access to a data content of a storage medium, comprising the steps of: defining a start point in time prior to which access to the data content (28) is to be inhibited; measuring time (52); enabling, responsive to the measured time effectively reaching the start point, access (99) to the data content.
2. A method as claimed in claim 1, wherein the data content (28) is encrypted and enabling access to the data content includes enabling decryption (46) of the encrypted data.
3. A method as claimed in claim 2, comprising: requesting access to the encrypted data from an authorization center (16); and receiving authorization (56) which includes a key for the decryption of the encrypted data.
4. A method as claimed in claim 3, wherein the step of defining the start point includes providing an indication of the start point with the authorization (56) .
5. A method as claimed in claim 1 or 3, wherein the step of defining the start point includes providing an indication of the start point (80) on the storage medium (70) .
6.- A method as claimed in claim 1, comprising the steps of: defining an expiration point in time (82, 85) ; and inhibiting, responsive to the measured time effectively reaching the expiration point, access to the data content (79) .
7. A method as claimed in claim 6, wherein the data content (28) is encrypted, enabling access to the data content includes enabling decryption (46) of the encrypted data, and inhibiting access to the data content includes inhibiting the decryption of the encrypted data.
8. A method as claimed in claim 7, comprising the steps of: requesting access to the encrypted data from an authorization center (16) ; and receiving authorization (56) which includes a key for the decryption of the encrypted data.
9. A method as claimed in claim 8, wherein the steps of defining the start point and defining the expiration point includes providing an indication of the start point and an indication of the expiration point with the authorization (56) .
10. A method as claimed in claim 6 or 8, wherein the steps of defining the start point and defining the expiration point includes providing an indication of the start point (80) and an indication of the expiration point (82, 85) on the storage medium (72) .
11. A method as claimed in claim 6, comprising the steps of: defining a usage limit (83); metering usage of the data content (79) ; and inhibiting, responsive to the metered usage reaching the usage limit, access to the data content.
12. A method as claimed in claim 11, wherein the data content (79) is encrypted, enabling access to the data content includes enabling decryption (97) of the encrypted data, and inhibiting access to the data content includes inhibiting the decryption of the encrypted data.
13. A method as claimed in claim 12, comprising the steps of: requesting access to the encrypted data from an authorization center (16); and receiving authorization (56) which includes a key for the decryption of the encrypted data.
14. A method as claimed in claim 13, wherein the steps of defining the start point, defining the expiration point and defining the usage limit include providing an indication of the start point, an indication of the expiration point and an indication of the usage limit with the authorization (56) .
15. A method as claimed in claim 11 or 13, wherein the steps of defining the start point, defining the expiration point and defining the usage limit include providing an indication of the start point (80), an indication of the expiration point (82, 85) and an indication of the usage limit (83) on the storage medium (72) .
16. A method as claimed in claim 1, wherein the step of measuring time includes providing secure time clock means (52) for measuring the time.
17. A method as claimed in claim 16, wherein the secure time clock (52) means is password protected.
18. A method as claimed in claim 3, wherein the step of measuring time includes providing secure time clock means (52) for measuring the time.
19. A method as claimed in claim 18, comprising setting the secure time clock means (52) by the authorization center (16) .
20. A method as claimed in claim 18, wherein the secure time clock means (52) is password protected.
21. A method as claimed in claim 3, comprising providing a secure device (42) having a time clock for measuring the time and a memory in which a key for decryption of the encrypted data is stored.
22. A method as claimed in claim 21, wherein the secure device (42) is any of a smart card or a PCMCIA card.
23. A method as claimed in claim 1, wherein the data content (79) comprises multiple portions of data which are associated with respective start points in time, and enabling access to a particular portion of the data content is in response to the measured time effectively reaching the respective start point for that portion.
24. A method as claimed in claim 6, wherein the data content (79) comprises multiple portions of data which are associated with respective start points and expiration points in time, enabling access to a particular portion of the data content is in response to the measured time effectively reaching the respective start point for that portion and inhibiting access to the particular portion of the data content is in response to the measured time effectively reaching the respective expiration point for that portion.
25. A method as claimed in claim 1, wherein the storage medium (70) is any of a compact disk, CD-ROM, cartridge and digital video disk.
26. An apparatus for controlling access by a user to content of a storage medium, the medium being readable by a corresponding medium reader from which the apparatus is adapted to receive the content, comprising: means for defining a start point in time prior to which access to the data content (28) is to be inhibited; means for measuring time (52) ; means for enabling, responsive to the measured time effectively reaching the start point, access (99) to the data content.
27. An apparatus as claimed in claim 26, wherein the data content (28) is encrypted and the means for enabling access includes means for enabling decryption (46) of the encrypted data.
28. An apparatus as claimed in claim 27, comprising: means for requesting access to the encrypted data from an authorization center (16); and means for receiving authorization (56) which includes a key for the decryption of the encrypted data.
29. An apparatus as claimed in claim 28, wherein an indication of the start point is provided with the authorization and the means for defining the start point includes means for retrieving the start point indication from the authorization (56) .
30; An apparatus as claimed in claim 26 or 28, wherein an indication of the start point (80) is provided on the storage medium and the means for defining the start point includes means for retrieving the start point indication from the storage medium (70) .
31. An apparatus as claimed in claim 26, comprising: means for defining an expiration point in time
(82, 85); and means for inhibiting, responsive to the measured time effectively reaching the expiration point, access to the data content (79) .
32. An apparatus as claimed in claim 31, wherein the data content (79) is encrypted, the means for enabling access to the data content includes means for enabling decryption (97) of the encrypted data, and the means for inhibiting access to the data content includes means for inhibiting the decryption of the encrypted data.
33. An apparatus as claimed in claim 32, comprising: means for requesting access to the encrypted data from an authorization center (16) ; and means for receiving authorization (56) which includes a key for the decryption of the encrypted data.
34. An apparatus as claimed in claim 33, wherein an indication of the start point and an indication of the expiration point are provided with the authorization, the means for defining the start point includes means for retrieving the start point indication from the authorization, and the means for defining the expiration point includes means for retrieving the expiration point indication from the authorization.
35. An apparatus as claimed in claim 31 or 33, wherein an indication of the start point and an indication of -the expiration point are provided on the storage medium, the means for defining the start point includes means for retrieving the start point indication from the storage medium, and the means for defining the expiration point includes means for retrieving the expiration point indication from the storage medium.
36. An apparatus as claimed in claim 31, comprising: means for defining a usage limit (83) ; means for metering usage of the data content; and means for inhibiting, responsive to the metered usage reaching the usage limit, access to the data content (79) .
37. An apparatus as claimed in claim 36, wherein the data content (79) is encrypted, the means for enabling access includes means for enabling decryption (97) of the encrypted data, and the means for inhibiting access includes means for inhibiting the decryption of the encrypted data.
38. An apparatus as claimed in claim 37, comprising: means for requesting access to the encrypted data from an authorization center (16) ; and means for receiving authorization (56) which includes a key for the decryption of the encrypted data.
39. An apparatus as claimed in claim 38, wherein an indication of the start point, an indication of the expiration point and an indication of the usage limit are provided with the authorization (56) ; the means for defining the start point includes means for retrieving the start point indication from the authorization; the means for defining the expiration point includes means for retrieving the expiration point indication from the authorization; and the means for defining the usage limit mcludes means for retrieving the expiration point indication from the authorization.
40. An apparatus as claimed in claim 36 or 38, wherein an indication of the start point (80) , an indication of the expiration point (82, 85) and an indication of the usage limit (83) are provided on the storage medium (70) ; the means for defining the start point includes means for retrieving the start point indication from the storage medium; the means for defining the expiration point includes means for retrieving the expiration point indication from the storage medium; and the means for defining the usage limit includes means for retrieving the expiration point indication from the storage medium.
41. An apparatus as claimed in claim 26, wherein the means for measuring time includes a secure time clock (52) .
42. An apparatus as claimed in claim 41, wherein the secure time clock (52) is password protected.
43. An apparatus as claimed in claim 28, wherein the means for measuring time includes a secure time clock (52) .
44. An apparatus as claimed in claim 43, comprising means for setting the secure time clock (52) by the authorization center (16) .
45. An apparatus as claimed in claim 43, wherein the secure time clock (52) is password protected.
46. An apparatus as claimed in claim 28, comprising a secure device (42) having a time clock for measuring the time and a memory in which a key for decryption of the encrypted data is stored.
47, An apparatus as claimed in claim 46, wherein the secure device (42) is any of a smart card or a PCMCIA card.
48. An apparatus as claimed in claim 26, wherein the data content (28) of the storage medium comprises multiple portions of data which are associated with respective start points in time, and the means for enabling access operates on a particular portion of the data content in response to the measured time effectively reaching the respective start point for that portion.
49. An apparatus as claimed in claim 31, wherein the data content (79) of the storage medium comprises multiple portions of data which are associated with respective start points and expiration points in time, the means for enabling access operates on a particular portion of the data content in response to the measured time effectively reaching the respective start point for that portion, and the means for inhibiting access operates on the particular portion of the data content in response to the measured time effectively reaching the respective expiration point for that portion.
50. An apparatus as claimed in claim 26, wherein the storage medium (70) is any of a compact disk, CD-ROM, cartridge and digital video disk.
51. A method of controlling access by a user to a data content of a storage medium, the data being encrypted, comprising the steps of: defining a start point in time prior to which decryption of the encrypted data (28) is inhibited; measuring time (52) ; and enabling, responsive to the measured time effectively reaching the start point, the decryption of the encrypted data whereby the user has access (99) to the data.
52. A method as claimed in claim 51, comprising the steps of: requesting access to the encrypted data from an authorization center (16) ; and receiving authorization (56) which includes a key for the decryption of the encrypted data.
53. A method as claimed in claim 52, wherein the step of defining the start point in time comprises providing an indication of the start point with the authorization (56) .
54. A method as claimed in claim 52, wherein the step of defining the start point in time comprises providing an indication of the start point (80) on the storage medium (70) .
55. A method as claimed in claim 52, wherein the access request includes an identifier of the user and an identifier of the encrypted data, and further comprising tracking by the authorization center (16) usage of the user.
56. A method as claimed in claim 51, wherein the step of defining the start point in time comprises providing an indication of the start point (80) on the storage medium (70) .
57. A method as claimed in claim 51, comprising the steps of: defining an expiration point in time; and inhibiting, responsive to the measured time effectively reaching the expiration point, the decryption (46) of the encrypted data (28) whereby the user is prevented access to the data.
58. A method as claimed in claim 57, comprising the steps of: requesting access to the encrypted data from an authorization center (16); and receiving authorization (56) which includes a key for the decryption of the encrypted data.
59. A method as claimed in claim 58, wherein the steps of defining the start point in time and defining the expiration point in time comprise providing an indication of the start point and an indication of the expiration point with the authorization (56) .
60. A method as claimed in claim 58, wherein the steps of defining the start point in time and defining the expiration point in time comprise providing an indication of the start point (80) and an indication of the expiration point (82, 85) on the storage medium (70) .
61. A method as claimed in claim 58, wherein the access request includes an identifier of the user and an identifier (24) of the encrypted data (28), and further comprising tracking by the authorization center (16) usage of the user.
62. A method as claimed in claim 57, wherein the steps of defining the start point in time and the expiration point in time comprise providing an indication of the start (80) point and an indication of the expiration point (82, 85) on the storage medium (70) .
63. A method as claimed in claim 57, comprising the steps of: defining a usage limit (83); metering usage of the data content; and inhibiting, responsive to the metered usage reaching the usage limit, the decryption (97) of the encrypted data.
64. A method as claimed in claim 63, comprising the steps of: requesting access to the encrypted data from an authorization center (16); and receiving authorization (56) which includes a key for the decryption of the encrypted data.
65. A method as claimed in claim 64, wherein the steps of defining the start point in time, defining the expiration point in time and defining the usage limit comprise providing an indication of the start point (80) , an indication of the expiration point and an indication of the usage limit with the authorization (56) .
66. A method as claimed in claim 64, wherein the steps of defining the start point in time, defining the expiration point in time and defining the usage limit comprise providing an indication of the start point (80) , an indication of the expiration point (82, 85) and an indication of the usage limit (83) on the storage medium (70) .
67. A method as claimed in claim 64, wherein the access request includes an identifier of the user (54) and an identifier of the encrypted data, and further comprising tracking by the authorization center usage of the user.
68. A method as claimed in claim 63, wherein the steps of defining the start point in time, defining the expiration point in time and defining the usage limit comprise providing an indication of the start point (80) , an indication of the expiration point (82, 85) and an indication of the usage limit (83) on the storage medium (70) .
69. A method as claimed in claim 52, wherein the step of -measuring time includes providing secure time clock means (52) for measuring time, the time clock means being secure such that it can not be altered by the user.
70. A method as claimed m claim 69, comprising setting the secure time clock means (52) by the authorization center (16) .
71. A method as claimed in claim 70, wherein the secure time clock means is password protected.
72. A method as claimed in claim 52, comprising providing a secure device (42) having a time clock means (52) for measuring time and a memory which a key for decryption of the encrypted data is stored.
73. A method as claimed in claim 52, comprising providing non-encrypted data (26) on the storage medium, and enabling access thereto without authorization.
74. A method for controlling decryption of encrypted data, comprising the steps of: defining a start point (80) in time prior to which decryption of the encrypted data (28) is inhibited; measuring time (52) ; and enabling the decryption (46) of the encrypted data on and after the measured time effectively reaches the start point.
75. A method as claimed in claim 74, comprising the steps of: defining an expiration point in time (82, 85) ; and inhibiting the decryption of the encrypted data after the measured time effectively reaches the expiration point.
76. A method as claimed in claim 74, comprising the steps of: defining a usage limit (83); metering usage of the data content; and inhibiting the decryption of the encrypted data once the metered usage reaches the usage limit.
77. An apparatus for controlling access by a user to content of a storage medium (10), the content including encrypted data (28) and the medium being readable by a corresponding medium reader (12) from which the apparatus is adapted to receive the content, comprising: means for defining a start point in time prior to which decryption (46) of the encrypted data (28) is inhibited; means for measuring time (52) ; and means for enabling, responsive to the time clock effectively reaching the start point, the decryption of the encrypted data whereby the user has access (20) to the data.
78. An apparatus as claimed in claim 77, comprising: means for requesting access to the encrypted data from an authorization center (16) ; and means for receiving authorization (56) which includes a key for the decryption of the encrypted data.
79. An apparatus as claimed in claim 78, wherein the means for defining the start point in time comprises providing an indication of the start point with the authorization (56) .
80. An apparatus as claimed in claim 78, wherein the means for defining the start point in time comprises providing an indication of the start point (80) on the storage medium (70) .
81. An apparatus as claimed in claim 77, wherein the means for defining the start point in time comprises providing an indication of the start point (80) on the storage medium (70) .
82. An apparatus as claimed in claim 77, comprising: means for defining an expiration point in time (82, 85); and means for inhibiting, responsive to the measured time effectively reaching the expiration point, the decryption of the encrypted data (79) whereby the user is prevented access to the data.
83. An apparatus as claimed in claim 82, comprising: means for requesting access to the encrypted data from an authorization center (16); and means for receiving authorization (52) which includes a key for the decryption of the encrypted data.
84. An apparatus as claimed in claim 83, wherein the means for defining the start point in time and means for defining the expiration point in time comprise providing an indication of the start point and an indication of the expiration point with the authorization (56) .
85. An apparatus as claimed in claim 83, wherein the means for defining the start point in time and means for defining the expiration point in time comprise providing an indication of the start point (80) and an indication of the expiration point (82, 85) on the storage medium (70) .
86. An apparatus as claimed in claim 82, wherein the means for defining the start point in time and means for defining the expiration point in time comprise providing an indication of the start point (80) and an indication of the expiration point (82, 85) on the storage medium (70) .
87. An apparatus as claimed in claim 82, comprising: means for defining a usage limit (83) ; means for metering usage of the data content; and means for inhibiting, responsive to the metered usage reaching the usage limit, the decryption of the encrypted data.
PCT/CA1996/000790 1995-12-04 1996-12-02 Time-based availability of data on a storage medium WO1997021162A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU76165/96A AU7616596A (en) 1995-12-04 1996-12-02 Time-based availability of data on a storage medium

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US08/566,664 US5857020A (en) 1995-12-04 1995-12-04 Timed availability of secured content provisioned on a storage medium
US08/566,664 1995-12-04
US08/600,173 US5825876A (en) 1995-12-04 1996-02-12 Time based availability to content of a storage medium
US08/600,173 1996-02-12

Publications (1)

Publication Number Publication Date
WO1997021162A1 true WO1997021162A1 (en) 1997-06-12

Family

ID=27074247

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1996/000790 WO1997021162A1 (en) 1995-12-04 1996-12-02 Time-based availability of data on a storage medium

Country Status (3)

Country Link
US (1) US5825876A (en)
AU (1) AU7616596A (en)
WO (1) WO1997021162A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0936530A1 (en) * 1998-02-16 1999-08-18 Siemens Nixdorf Informationssysteme AG Virtual smart card
WO1999060778A1 (en) * 1998-05-21 1999-11-25 Nds Limited System for preventing playback of unauthorized digital video recordings
WO2000068800A2 (en) 1999-05-10 2000-11-16 Koninklijke Philips Electronics N.V. Method and system for processing of copy-protected data
EP1061516A1 (en) * 1999-06-08 2000-12-20 Deutsche Thomson-Brandt Gmbh Method for play back of an encrypted piece of information recorded on an information carrier and play back apparatus for use within said method
US6223288B1 (en) 1998-05-22 2001-04-24 Protexis Inc. System for persistently encrypting critical software file to prevent installation of software program on unauthorized computers
EP1046168A4 (en) * 1998-01-14 2004-01-07 Netlibrary Inc Electronic bookshelf with multi-user features
FR2845173A1 (en) * 2002-09-30 2004-04-02 St Microelectronics Sa SYSTEM FOR MANAGING TIME RIGHTS RELATED TO DIGITAL CONTENT
GB2403382A (en) * 2003-06-23 2004-12-29 Vodafone Plc Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time
US7124437B2 (en) 1996-06-28 2006-10-17 Protexis, Inc. System for dynamically encrypting information for secure internet commerce and providing embedded fulfillment software
EP1815641A2 (en) * 2004-11-15 2007-08-08 Microsoft Corporation System and method for distribution of provisioning packets
US7770230B2 (en) 2002-04-22 2010-08-03 Arvato Digital Services Canada, Inc. System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US9189605B2 (en) 2005-04-22 2015-11-17 Microsoft Technology Licensing, Llc Protected computing environment
US9224168B2 (en) 2004-11-15 2015-12-29 Microsoft Technology Licensing, Llc Tuning product policy using observed evidence of customer behavior
US9336359B2 (en) 2004-10-18 2016-05-10 Microsoft Technology Licensing, Llc Device certificate individualization
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
US9436804B2 (en) 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan

Families Citing this family (255)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08263438A (en) 1994-11-23 1996-10-11 Xerox Corp Distribution and use control system of digital work and access control method to digital work
US6963859B2 (en) 1994-11-23 2005-11-08 Contentguard Holdings, Inc. Content rendering repository
JP2991099B2 (en) * 1996-01-26 1999-12-20 富士ゼロックス株式会社 Signature device and method
US6266159B1 (en) * 1996-10-09 2001-07-24 Brother Kogyo Kabushiki Kaisha Communication device
US5915018A (en) * 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US5949877A (en) * 1997-01-30 1999-09-07 Intel Corporation Content protection for transmission systems
US6233684B1 (en) 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
EP0965199B1 (en) * 1997-03-04 2005-11-16 ATX Europe GmbH Method for inserting a service key in a terminal and devices for implementing said method
US6603857B1 (en) * 1997-07-14 2003-08-05 Entrust Technologies Limited Method and apparatus for controlling release of time sensitive information
US6223348B1 (en) * 1997-09-03 2001-04-24 Universal Electronics Inc. Universal remote control system
US6987854B2 (en) * 1997-09-25 2006-01-17 Thomson Licensing S.A. Method and apparatus for recording of encrypted digital data
US6012112A (en) * 1997-09-30 2000-01-04 Compaq Computer Corporation DVD assembly, and associated apparatus, for a convergent device
US6429879B1 (en) * 1997-09-30 2002-08-06 Compaq Computer Corporation Customization schemes for content presentation in a device with converged functionality
US6118744A (en) * 1997-09-30 2000-09-12 Compaq Computer Corporation Parental blocking system in a DVD integrated entertainment system
CA2308755A1 (en) * 1997-10-20 1999-04-29 Robert C. Ledzius Reconfigurable secure hardware apparatus and method of operation
JP3542707B2 (en) * 1997-12-05 2004-07-14 富士通株式会社 Electronic cash safe
DE19838628A1 (en) * 1998-08-26 2000-03-02 Ibm Extended smart card communication architecture and method for communication between smart card application and data carrier
IL123554A (en) * 1998-03-04 2003-01-12 Nds Ltd Key delivery in a secure broadcasting system
US8813137B2 (en) * 1998-05-08 2014-08-19 Qualcomm Incorporated Apparatus and method for decoding digital image and audio signals
US7624046B2 (en) * 1998-12-24 2009-11-24 Universal Music Group, Inc. Electronic music/media distribution system
US7209892B1 (en) 1998-12-24 2007-04-24 Universal Music Group, Inc. Electronic music/media distribution system
US7596606B2 (en) * 1999-03-11 2009-09-29 Codignotto John D Message publishing system for publishing messages from identified, authorized senders
US6223165B1 (en) 1999-03-22 2001-04-24 Keen.Com, Incorporated Method and apparatus to connect consumer to expert
US7383205B1 (en) * 1999-03-27 2008-06-03 Microsoft Corporation Structure of a digital content package
US6973444B1 (en) * 1999-03-27 2005-12-06 Microsoft Corporation Method for interdependently validating a digital content package and a corresponding digital license
US20060193606A1 (en) * 1999-04-21 2006-08-31 Interactual Technologies, Inc. Two navigation
US7346920B2 (en) 2000-07-07 2008-03-18 Sonic Solutions, A California Corporation System, method and article of manufacture for a common cross platform framework for development of DVD-Video content integrated with ROM content
US20060041639A1 (en) * 1999-04-21 2006-02-23 Interactual Technologies, Inc. Platform detection
US7178106B2 (en) * 1999-04-21 2007-02-13 Sonic Solutions, A California Corporation Presentation of media content from multiple media sources
US7448021B1 (en) 2000-07-24 2008-11-04 Sonic Solutions, A California Corporation Software engine for combining video or audio content with programmatic content
US7188193B1 (en) 2000-01-20 2007-03-06 Sonic Solutions, A California Corporation System, method and article of manufacture for a synchronizer component in a multimedia synchronization framework
US6941383B1 (en) 2000-01-20 2005-09-06 Interactual Technologies, Inc. System, method and article of manufacture for java/javascript component in a multimedia synchronization framework
US6769130B1 (en) * 2000-01-20 2004-07-27 Interactual Technologies, Inc. System, method and article of manufacture for late synchronization during the execution of a multimedia event on a plurality of client computers
US6453420B1 (en) 1999-04-21 2002-09-17 Research Investment Network, Inc. System, method and article of manufacture for authorizing the use of electronic content utilizing a laser-centric medium
US6529949B1 (en) 2000-02-07 2003-03-04 Interactual Technologies, Inc. System, method and article of manufacture for remote unlocking of local content located on a client device
JP2003529118A (en) 1999-04-21 2003-09-30 リサーチ・インベストメント・ネットワーク・インコーポレーテッド System, method, and article of manufacture for updating content stored on a portable storage medium
US20050182828A1 (en) * 1999-04-21 2005-08-18 Interactual Technologies, Inc. Platform specific execution
US7458091B1 (en) * 2000-01-20 2008-11-25 Sonic Solutions, A California Corporation System, method and article of manufacture for a business layer component in a multimedia synchronization framework
US7454018B1 (en) * 1999-05-20 2008-11-18 Lenovo (Singapore) Pte. Ltd. Transfer of DVD decode key on a window by window basis to an attached device
EP1206741A1 (en) * 1999-08-11 2002-05-22 Spinware, Inc. System and method for controlling access to data stored in a portable storage medium
US7324953B1 (en) * 1999-08-13 2008-01-29 Danny Murphy Demographic information database processor
AU6789200A (en) * 1999-08-19 2001-03-13 Suresh K. Jasrasaria System and method for secure distribution and on-line electronic usage management
US6591420B1 (en) * 1999-08-25 2003-07-08 Warner Music Group, Inc. Remote control system for audio and video content
JP4153629B2 (en) * 1999-09-29 2008-09-24 株式会社東芝 Editing audio information with still images
US7308422B1 (en) 1999-10-08 2007-12-11 Utbk, Inc. System for recording and distributing recorded information over the internet
US20020010608A1 (en) 1999-10-08 2002-01-24 Scott Faber System for provding services in real-time overthe internet
JP2001155466A (en) 1999-11-24 2001-06-08 Toshiba Corp System for recording voice information having picture
US6985589B2 (en) * 1999-12-02 2006-01-10 Qualcomm Incorporated Apparatus and method for encoding and storage of digital image and audio signals
EP1259865A2 (en) * 1999-12-16 2002-11-27 Microsoft Corporation Method of pre-releasing encrypted digital data
US7392481B2 (en) * 2001-07-02 2008-06-24 Sonic Solutions, A California Corporation Method and apparatus for providing content-owner control in a networked device
US20050251732A1 (en) * 2000-01-20 2005-11-10 Interactual Technologies, Inc. System, method and article of manufacture for executing a multimedia event on a plurality of client computers using a synchronization host engine
US6453301B1 (en) 2000-02-23 2002-09-17 Sony Corporation Method of using personal device with internal biometric in conducting transactions over a network
JP2001282730A (en) * 2000-03-30 2001-10-12 Sony Corp Information processor, server connecting method, program storage medium, and network connection system
JP2001344369A (en) * 2000-03-30 2001-12-14 Sharp Corp Delivery system for contents and its receivin device, delivery device, machine-readable medium recorded with its reception program and machine-readable medium recorded its delivery program
ATE418110T1 (en) * 2000-05-10 2009-01-15 Schlumberger Technology Corp APPLICATION SERVICE PROVIDER, METHOD AND APPARATUS
JP4774582B2 (en) * 2000-06-30 2011-09-14 ソニー株式会社 Content management apparatus, content management method, and program storage medium
US7076467B1 (en) * 2000-08-04 2006-07-11 Sony Computer Entertainment America Inc. Network-based method and system for transmitting digital data to a client computer and charging only for data that is used by the client computer user
US6865540B1 (en) 2000-08-09 2005-03-08 Ingenio, Inc. Method and apparatus for providing group calls via the internet
US7743259B2 (en) * 2000-08-28 2010-06-22 Contentguard Holdings, Inc. System and method for digital rights management using a standard rendering engine
US7913095B2 (en) 2000-08-28 2011-03-22 Contentguard Holdings, Inc. Method and apparatus for providing a specific user interface in a system for managing content
US20020128878A1 (en) * 2000-08-31 2002-09-12 Maritzen L. Michael Method and apparatus for consolidating billing information and paying suppliers on a network
US7689510B2 (en) 2000-09-07 2010-03-30 Sonic Solutions Methods and system for use in network management of content
US6636590B1 (en) 2000-10-30 2003-10-21 Ingenio, Inc. Apparatus and method for specifying and obtaining services through voice commands
US7542936B1 (en) 2000-11-02 2009-06-02 Utbk, Inc. Method, apparatus and system for marketing, delivering, and collecting payment for information
US7343324B2 (en) 2000-11-03 2008-03-11 Contentguard Holdings Inc. Method, system, and computer readable medium for automatically publishing content
US20020143567A1 (en) * 2000-11-20 2002-10-03 Maritzen L. Michael Information-based digital currency and bartering
US20020072931A1 (en) * 2000-12-07 2002-06-13 Ronald C. Card System and method to provide financial rewards and other incentives to users of personal transaction devices
US7251633B2 (en) * 2000-12-11 2007-07-31 Sony Corporation Method or system for executing deferred transactions
US20020123971A1 (en) * 2000-12-11 2002-09-05 Maritzen L. Michael Method and system of conducting network-based transactions
US7765163B2 (en) 2000-12-12 2010-07-27 Sony Corporation System and method for conducting secure transactions over a network
JP4029569B2 (en) * 2000-12-13 2008-01-09 株式会社日立製作所 Digital information recording / reproducing apparatus, recording apparatus, receiving apparatus, and transmitting apparatus
US7870592B2 (en) 2000-12-14 2011-01-11 Intertainer, Inc. Method for interactive video content programming
US20020083058A1 (en) * 2000-12-27 2002-06-27 Meng-Ling Hsiao Method, apparatus and article for reference material management
US7472280B2 (en) * 2000-12-27 2008-12-30 Proxense, Llc Digital rights management
US6973576B2 (en) * 2000-12-27 2005-12-06 Margent Development, Llc Digital content security system
US7305560B2 (en) * 2000-12-27 2007-12-04 Proxense, Llc Digital content security system
US20020080969A1 (en) * 2000-12-27 2002-06-27 Giobbi John J. Digital rights management system and method
US9613483B2 (en) * 2000-12-27 2017-04-04 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
US6912294B2 (en) 2000-12-29 2005-06-28 Contentguard Holdings, Inc. Multi-stage watermarking process and system
US7289623B2 (en) 2001-01-16 2007-10-30 Utbk, Inc. System and method for an online speaker patch-through
US7028009B2 (en) 2001-01-17 2006-04-11 Contentguardiholdings, Inc. Method and apparatus for distributing enforceable property rights
US20040039704A1 (en) * 2001-01-17 2004-02-26 Contentguard Holdings, Inc. System and method for supplying and managing usage rights of users and suppliers of items
US7774279B2 (en) 2001-05-31 2010-08-10 Contentguard Holdings, Inc. Rights offering and granting
US8069116B2 (en) 2001-01-17 2011-11-29 Contentguard Holdings, Inc. System and method for supplying and managing usage rights associated with an item repository
US6754642B2 (en) * 2001-05-31 2004-06-22 Contentguard Holdings, Inc. Method and apparatus for dynamically assigning usage rights to digital works
US7123719B2 (en) * 2001-02-16 2006-10-17 Motorola, Inc. Method and apparatus for providing authentication in a communication system
US20020124190A1 (en) 2001-03-01 2002-09-05 Brian Siegel Method and system for restricted biometric access to content of packaged media
KR100406630B1 (en) * 2001-03-13 2003-11-20 엘지전자 주식회사 Method for recording and reproducing a demo data, and medium thereof
US20020133402A1 (en) 2001-03-13 2002-09-19 Scott Faber Apparatus and method for recruiting, communicating with, and paying participants of interactive advertising
KR20020072934A (en) 2001-03-13 2002-09-19 엘지전자 주식회사 Read only optical disc recorded demo data, and method for reproducing them
US20020143782A1 (en) * 2001-03-30 2002-10-03 Intertainer, Inc. Content management system
US6925469B2 (en) 2001-03-30 2005-08-02 Intertainer, Inc. Digital entertainment service platform
US8275709B2 (en) 2001-05-31 2012-09-25 Contentguard Holdings, Inc. Digital rights management of content when content is a future live event
US8099364B2 (en) 2001-05-31 2012-01-17 Contentguard Holdings, Inc. Digital rights management of content when content is a future live event
US8001053B2 (en) 2001-05-31 2011-08-16 Contentguard Holdings, Inc. System and method for rights offering and granting using shared state variables
US6895503B2 (en) 2001-05-31 2005-05-17 Contentguard Holdings, Inc. Method and apparatus for hierarchical assignment of rights to documents and documents having such rights
US7725401B2 (en) 2001-05-31 2010-05-25 Contentguard Holdings, Inc. Method and apparatus for establishing usage rights for digital content to be created in the future
US8275716B2 (en) 2001-05-31 2012-09-25 Contentguard Holdings, Inc. Method and system for subscription digital rights management
US6876984B2 (en) 2001-05-31 2005-04-05 Contentguard Holdings, Inc. Method and apparatus for establishing usage rights for digital content to be created in the future
BR0210930A (en) 2001-06-07 2005-05-03 Contentguard Holdings Inc Method and apparatus for supporting multiple trust zones in a digital rights management system
US7774280B2 (en) 2001-06-07 2010-08-10 Contentguard Holdings, Inc. System and method for managing transfer of rights using shared state variables
US20020194128A1 (en) * 2001-06-14 2002-12-19 Michael Maritzen System and method for secure reverse payment
US20020194298A1 (en) * 2001-06-19 2002-12-19 Papsco Dulcie Elizabeth Selective narrative data base, system, and method
US8614623B2 (en) * 2008-12-01 2013-12-24 Pascal's Pocket Corporation Personal digital asset manager
US20030046243A1 (en) * 2001-08-29 2003-03-06 Papsco Dulcie Elizabeth Selective musical data base, system, and method
GB2378539B (en) * 2001-09-05 2003-07-02 Data Encryption Systems Ltd Apparatus for and method of controlling propagation of decryption keys
US6704403B2 (en) 2001-09-05 2004-03-09 Ingenio, Inc. Apparatus and method for ensuring a real-time connection between users and selected service provider using voice mail
US20030051145A1 (en) * 2001-09-07 2003-03-13 Jackson Matthew G. System for issuing and using secure cards
US7974923B2 (en) * 2001-11-20 2011-07-05 Contentguard Holdings, Inc. Extensible rights expression processing system
US7840488B2 (en) * 2001-11-20 2010-11-23 Contentguard Holdings, Inc. System and method for granting access to an item or permission to use an item based on configurable conditions
US7558759B2 (en) * 2001-11-20 2009-07-07 Contentguard Holdings, Inc. Systems and methods for creating, manipulating and processing rights and contract expressions using tokenized templates
US20030101454A1 (en) * 2001-11-21 2003-05-29 Stuart Ozer Methods and systems for planning advertising campaigns
US7136871B2 (en) * 2001-11-21 2006-11-14 Microsoft Corporation Methods and systems for selectively displaying advertisements
US7380120B1 (en) 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7562232B2 (en) 2001-12-12 2009-07-14 Patrick Zuili System and method for providing manageability to security information for secured items
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US7178033B1 (en) 2001-12-12 2007-02-13 Pss Systems, Inc. Method and apparatus for securing digital assets
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US7631184B2 (en) 2002-05-14 2009-12-08 Nicholas Ryan System and method for imposing security on copies of secured items
US7478418B2 (en) 2001-12-12 2009-01-13 Guardian Data Storage, Llc Guaranteed delivery of changes to security policies in a distributed system
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US7681034B1 (en) 2001-12-12 2010-03-16 Chang-Ping Lee Method and apparatus for securing electronic data
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7565683B1 (en) 2001-12-12 2009-07-21 Weiqing Huang Method and system for implementing changes to security policies in a distributed security system
USRE41546E1 (en) 2001-12-12 2010-08-17 Klimenty Vainstein Method and system for managing security tiers
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US7580850B2 (en) * 2001-12-14 2009-08-25 Utbk, Inc. Apparatus and method for online advice customer relationship management
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US7937439B2 (en) 2001-12-27 2011-05-03 Utbk, Inc. Apparatus and method for scheduling live advice communication with a selected service provider
JP2003223365A (en) * 2002-01-31 2003-08-08 Fujitsu Ltd Data managing mechanism and device having the same mechanism or card
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
KR20040101312A (en) * 2002-03-14 2004-12-02 콘텐트가드 홀딩즈 인코포레이티드 System and method for exprssing usage rights using modulated signals
US7805371B2 (en) * 2002-03-14 2010-09-28 Contentguard Holdings, Inc. Rights expression profile system and method
US20030187784A1 (en) * 2002-03-27 2003-10-02 Michael Maritzen System and method for mid-stream purchase of products and services
JPWO2003084222A1 (en) * 2002-04-02 2005-08-11 松下電器産業株式会社 Print control apparatus and print control method
US7890771B2 (en) * 2002-04-17 2011-02-15 Microsoft Corporation Saving and retrieving data based on public key encryption
US7748045B2 (en) 2004-03-30 2010-06-29 Michael Frederick Kenrich Method and system for providing cryptographic document retention with off-line access
US8613102B2 (en) 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
AU2003232016A1 (en) * 2002-04-29 2003-11-17 Contentguard Holdings, Inc. Rights management system using legality expression language
US20030220813A1 (en) * 2002-05-22 2003-11-27 Gurvey Amy R. Electronic system and method coupling live event ticketing with sale of event recordings
US7603321B2 (en) * 2002-05-22 2009-10-13 Gurvey Amy R Electronic system and method coupling live event ticketing and interactive entries with the sale, distribution and transmission of event recordings, mastering system and intelligent terminal designs
US7512810B1 (en) 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7020287B2 (en) 2002-09-30 2006-03-28 Sony Corporation Method and system for key insertion for stored encrypted content
US7836310B1 (en) 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
US20040103444A1 (en) * 2002-11-26 2004-05-27 Neal Weinberg Point to multi-point broadcast-quality Internet video broadcasting system with synchronized, simultaneous audience viewing and zero-latency
US7890990B1 (en) 2002-12-20 2011-02-15 Klimenty Vainstein Security system with staging capabilities
US7577838B1 (en) 2002-12-20 2009-08-18 Alain Rossmann Hybrid systems for securing digital assets
US7801820B2 (en) * 2003-01-13 2010-09-21 Sony Corporation Real-time delivery of license for previously stored encrypted content
US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US7089425B2 (en) * 2003-03-18 2006-08-08 Ci4 Technologies, Inc. Remote access authorization of local content
JP4016865B2 (en) * 2003-03-26 2007-12-05 ソニー株式会社 Content reproduction deadline management system, content reproduction deadline management method, terminal device, server device, program, and recording medium
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US7359498B2 (en) 2003-06-12 2008-04-15 Utbk, Inc. Systems and methods for arranging a call
EP1623420B1 (en) * 2003-06-18 2015-11-11 Panasonic Intellectual Property Management Co., Ltd. Playback apparatus, playback method, and program for reproducing an encrypted virtual package
US7698183B2 (en) 2003-06-18 2010-04-13 Utbk, Inc. Method and apparatus for prioritizing a listing of information providers
US7685642B2 (en) * 2003-06-26 2010-03-23 Contentguard Holdings, Inc. System and method for controlling rights expressions by stakeholders of an item
US7730543B1 (en) 2003-06-30 2010-06-01 Satyajit Nath Method and system for enabling users of a group shared across multiple file security systems to access secured files
GB2404487A (en) * 2003-07-31 2005-02-02 Sony Uk Ltd Access control for digital storage medium content
US7555558B1 (en) 2003-08-15 2009-06-30 Michael Frederick Kenrich Method and system for fault-tolerant transfer of files across a network
US7886009B2 (en) 2003-08-22 2011-02-08 Utbk, Inc. Gate keeper
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US7703140B2 (en) 2003-09-30 2010-04-20 Guardian Data Storage, Llc Method and system for securing digital assets using process-driven security policies
US8024224B2 (en) 2004-03-10 2011-09-20 Utbk, Inc. Method and apparatus to provide pay-per-call advertising and billing
US8121898B2 (en) 2003-10-06 2012-02-21 Utbk, Inc. Methods and apparatuses for geographic area selections in pay-per-call advertisement
US9984377B2 (en) 2003-10-06 2018-05-29 Yellowpages.Com Llc System and method for providing advertisement
US7120235B2 (en) 2003-10-06 2006-10-10 Ingenio, Inc. Method and apparatus to provide pay-per-call performance based advertising
US7424442B2 (en) 2004-05-04 2008-09-09 Utbk, Inc. Method and apparatus to allocate and recycle telephone numbers in a call-tracking system
US8027878B2 (en) 2003-10-06 2011-09-27 Utbk, Inc. Method and apparatus to compensate demand partners in a pay-per-call performance based advertising system
US7428497B2 (en) 2003-10-06 2008-09-23 Utbk, Inc. Methods and apparatuses for pay-per-call advertising in mobile/wireless applications
US7366683B2 (en) 2003-10-06 2008-04-29 Utbk, Inc. Methods and apparatuses for offline selection of pay-per-call advertisers
US20050097593A1 (en) * 2003-11-05 2005-05-05 Michael Raley System, method and device for selected content distribution
JP3725143B2 (en) * 2003-12-10 2005-12-07 コナミ株式会社 Card game system and cards used in the card system
US20060245593A1 (en) * 2003-12-15 2006-11-02 Ikue Nakano Secret information setting device and secret information setting method
US7116969B2 (en) * 2004-02-12 2006-10-03 Sharp Laboratories Of America, Inc. Wireless device having a secure clock authentication method and apparatus
US9020854B2 (en) 2004-03-08 2015-04-28 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
JP2005301333A (en) * 2004-04-06 2005-10-27 Hitachi Global Storage Technologies Netherlands Bv Magnetic disk drive with use time limiting function
US9219729B2 (en) * 2004-05-19 2015-12-22 Philip Drope Multimedia network system with content importation, content exportation, and integrated content management
US7707427B1 (en) 2004-07-19 2010-04-27 Michael Frederick Kenrich Multi-level file digests
JP4319118B2 (en) * 2004-09-28 2009-08-26 株式会社ソニー・コンピュータエンタテインメント Terminal device
US20060107326A1 (en) * 2004-11-12 2006-05-18 Demartini Thomas Method, system, and device for verifying authorized issuance of a rights expression
US20060106726A1 (en) * 2004-11-18 2006-05-18 Contentguard Holdings, Inc. Method, system, and device for license-centric content consumption
US8660961B2 (en) * 2004-11-18 2014-02-25 Contentguard Holdings, Inc. Method, system, and device for license-centric content consumption
US20060112015A1 (en) * 2004-11-24 2006-05-25 Contentguard Holdings, Inc. Method, system, and device for handling creation of derivative works and for adapting rights to derivative works
WO2006066052A2 (en) 2004-12-16 2006-06-22 Sonic Solutions Methods and systems for use in network management of content
AU2005319019A1 (en) 2004-12-20 2006-06-29 Proxense, Llc Biometric personal data key (PDK) authentication
KR100619981B1 (en) * 2005-01-08 2006-09-11 엘지전자 주식회사 Method for enhancing digital rights management function of mobile communication terminal
US8538768B2 (en) 2005-02-16 2013-09-17 Ingenio Llc Methods and apparatuses for delivery of advice to mobile/wireless devices
US9202219B2 (en) 2005-02-16 2015-12-01 Yellowpages.Com Llc System and method to merge pay-for-performance advertising models
US7979308B2 (en) 2005-03-03 2011-07-12 Utbk, Inc. Methods and apparatuses for sorting lists for presentation
US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
KR20080004532A (en) * 2005-03-29 2008-01-09 코닌클리케 필립스 일렉트로닉스 엔.브이. Method and device for protecting the contents of an information carrier
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US20060248573A1 (en) * 2005-04-28 2006-11-02 Content Guard Holdings, Inc. System and method for developing and using trusted policy based on a social model
US20060265758A1 (en) 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
US7565700B2 (en) * 2005-07-05 2009-07-21 International Business Machines Corporation Method for tracking the expiration of encrypted content using device relative time intervals
FR2888443A1 (en) * 2005-07-11 2007-01-12 France Telecom Data deferred disclosing method for e.g. Internet network, involves comparing data accessing request date with disclosing date, and establishing access to data, stored in database, to user if request date is posterior to disclosing date
US20070016530A1 (en) * 2005-07-15 2007-01-18 Christopher Stasi Multi-media file distribution system and method
US8599832B2 (en) 2005-09-28 2013-12-03 Ingenio Llc Methods and apparatuses to connect people for real time communications via voice over internet protocol (VOIP)
US8761154B2 (en) 2005-09-28 2014-06-24 Ebbe Altberg Methods and apparatuses to access advertisements through voice over internet protocol (VoIP) applications
KR101322515B1 (en) * 2005-09-29 2013-10-25 콘텐트가드 홀딩즈 인코포레이티드 System and method for digital rights management using advanced copy with issue rights, and managed copy tokens
US7720767B2 (en) * 2005-10-24 2010-05-18 Contentguard Holdings, Inc. Method and system to support dynamic rights and resources sharing
US8433919B2 (en) * 2005-11-30 2013-04-30 Proxense, Llc Two-level authentication for secure transactions
US11206664B2 (en) 2006-01-06 2021-12-21 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US8219129B2 (en) 2006-01-06 2012-07-10 Proxense, Llc Dynamic real-time tiered client access
US9197479B2 (en) 2006-01-10 2015-11-24 Yellowpages.Com Llc Systems and methods to manage a queue of people requesting real time communication connections
US7720091B2 (en) 2006-01-10 2010-05-18 Utbk, Inc. Systems and methods to arrange call back
US8125931B2 (en) 2006-01-10 2012-02-28 Utbk, Inc. Systems and methods to provide availability indication
US7995075B2 (en) * 2006-03-02 2011-08-09 Mediatek Inc. Display data extraction methods, devices and computer systems utilizing the same
US9317855B2 (en) 2006-10-24 2016-04-19 Yellowpages.Com Llc Systems and methods to provide voice connections via local telephone numbers
US7883003B2 (en) 2006-11-13 2011-02-08 Proxense, Llc Tracking system using personal digital key groups
US9269221B2 (en) * 2006-11-13 2016-02-23 John J. Gobbi Configuration of interfaces for a location detection system and application
US8301505B2 (en) * 2007-01-16 2012-10-30 Microsoft Corporation Integrated content viewing and payment
US8451825B2 (en) 2007-02-22 2013-05-28 Utbk, Llc Systems and methods to confirm initiation of a callback
US20080263446A1 (en) * 2007-04-20 2008-10-23 Utbk, Inc. Methods and Systems to Connect People to Services via Virtual Reality
US9277019B2 (en) * 2007-06-18 2016-03-01 Yellowpages.Com Llc Systems and methods to provide communication references to connect people for real time communications
US20090113496A1 (en) * 2007-10-31 2009-04-30 Echostar Technologies Corporation Processes and systems for pre-downloading of video event data
WO2009062194A1 (en) 2007-11-09 2009-05-14 Proxense, Llc Proximity-sensor supporting multiple application services
US20090144068A1 (en) * 2007-11-30 2009-06-04 Utbk, Inc. Methods and Apparatuses to Provide Connections for Real Time Communications
US8171528B1 (en) 2007-12-06 2012-05-01 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
WO2009079666A1 (en) 2007-12-19 2009-06-25 Proxense, Llc Security system and method for controlling access to computing resources
WO2009102979A2 (en) 2008-02-14 2009-08-20 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US20090249456A1 (en) * 2008-03-25 2009-10-01 Level 3 Communications Llc System and method for authorizing and validating user agents based on user agent location
US11120449B2 (en) 2008-04-08 2021-09-14 Proxense, Llc Automated service-based order processing
JP2011081764A (en) * 2009-09-14 2011-04-21 Panasonic Corp Content receiver, content reproducer, content reproducing system, content writing method, expiration date determining method, program, and recording medium
US20110110516A1 (en) * 2009-11-06 2011-05-12 Kensuke Satoh Content receiver, content reproducer, management server, content use system, content use method, method of write-out from content receiver, method of possible viewing time management on content reproducer, method of time limit fixation in management server, and program
US9418205B2 (en) 2010-03-15 2016-08-16 Proxense, Llc Proximity-based system for automatic application or data access and item tracking
US8918854B1 (en) 2010-07-15 2014-12-23 Proxense, Llc Proximity-based system for automatic application initialization
US8185444B1 (en) 2010-07-22 2012-05-22 Basaraba Maxim Z Interactive online reading system
US9112535B2 (en) * 2010-10-06 2015-08-18 Cleversafe, Inc. Data transmission utilizing partitioning and dispersed storage error encoding
US20120136845A1 (en) * 2010-11-30 2012-05-31 ZOO Digital Limited, a Limited Company Method and system for safeguarding digital objects consisting of digital assets
US8549595B1 (en) * 2011-01-31 2013-10-01 Emc Corporation Counting distinct occurrences of a fact using moving statistics window
US8857716B1 (en) 2011-02-21 2014-10-14 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US11206579B1 (en) * 2012-03-26 2021-12-21 Amazon Technologies, Inc. Dynamic scheduling for network data transfers
US9027102B2 (en) 2012-05-11 2015-05-05 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US20140280942A1 (en) * 2013-03-12 2014-09-18 Elwha LLC., limited liability company of the state of Delaware Acquiring open bids for one or more content access latencies and providing content accordingly
US9405898B2 (en) 2013-05-10 2016-08-02 Proxense, Llc Secure element as a digital pocket
US20140351005A1 (en) * 2013-05-24 2014-11-27 Hitachi, Ltd. Data Collection Method and Apparatus
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US10154313B2 (en) 2015-02-25 2018-12-11 DISH Technologies L.L.C. Preselecting future video content for download
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US9817992B1 (en) * 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
US10839369B1 (en) 2019-07-22 2020-11-17 Capital One Services, Llc Dynamic electronic communication with variable messages using encrypted quick response codes

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
WO1992020022A1 (en) * 1991-05-08 1992-11-12 Digital Equipment Corporation Management interface and format for license management system
EP0635790A1 (en) * 1993-07-22 1995-01-25 International Business Machines Corporation Client/server based secure timekeeping system

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5392353A (en) * 1989-08-07 1995-02-21 Tv Answer, Inc. Interactive satellite broadcast network
JPH03144823A (en) * 1989-10-31 1991-06-20 N T T Data Tsushin Kk Controller for communication between ic card and host device
IT1248151B (en) * 1990-04-27 1995-01-05 Scandic Int Pty Ltd INTELLIGENT PAPER VALIDATION DEVICE AND METHOD
US5274221A (en) * 1990-06-22 1993-12-28 Mitsubishi Denki Kabushiki Kaisha Non-contact integrated circuit card
US5343524A (en) * 1991-06-21 1994-08-30 Mu Xiao Chun Intelligent security device
JPH0591509A (en) * 1991-09-30 1993-04-09 Toshiba Corp Subscription charge collecting system for subscription broadcasting
IL103062A (en) * 1992-09-04 1996-08-04 Algorithmic Res Ltd Data processor security system
US5396558A (en) * 1992-09-18 1995-03-07 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
US5440632A (en) * 1992-12-02 1995-08-08 Scientific-Atlanta, Inc. Reprogrammable subscriber terminal
IL106746A (en) * 1993-08-19 1997-02-18 News Datacom Ltd CATV systems
US5426701A (en) * 1994-02-28 1995-06-20 General Instrument Corporation Of Delaware Cable television converter box with a smart card connector underneath
US5530230A (en) * 1994-10-20 1996-06-25 Smith; Andrew M. Variable password safety interlock system for microwave ovens and other appliances

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
WO1992020022A1 (en) * 1991-05-08 1992-11-12 Digital Equipment Corporation Management interface and format for license management system
EP0635790A1 (en) * 1993-07-22 1995-01-25 International Business Machines Corporation Client/server based secure timekeeping system

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8499356B2 (en) 1996-06-28 2013-07-30 Arvato Digital Services Canada, Inc. System for dynamically encrypting information for secure internet commerce and providing embedded fulfillment software
US7743427B2 (en) 1996-06-28 2010-06-22 Arvato Digital Services Canada, Inc. System for dynamically encrypting information for secure internet commerce and providing embedded fulfillment software
US7124437B2 (en) 1996-06-28 2006-10-17 Protexis, Inc. System for dynamically encrypting information for secure internet commerce and providing embedded fulfillment software
EP1046168A4 (en) * 1998-01-14 2004-01-07 Netlibrary Inc Electronic bookshelf with multi-user features
EP0936530A1 (en) * 1998-02-16 1999-08-18 Siemens Nixdorf Informationssysteme AG Virtual smart card
US6466670B1 (en) 1998-05-21 2002-10-15 Nds Limited System for preventing playback of unauthorized digital video recordings
WO1999060778A1 (en) * 1998-05-21 1999-11-25 Nds Limited System for preventing playback of unauthorized digital video recordings
US6223288B1 (en) 1998-05-22 2001-04-24 Protexis Inc. System for persistently encrypting critical software file to prevent installation of software program on unauthorized computers
WO2000068800A2 (en) 1999-05-10 2000-11-16 Koninklijke Philips Electronics N.V. Method and system for processing of copy-protected data
JP2002544592A (en) * 1999-05-10 2002-12-24 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ How to select copy-protected materials
WO2000068800A3 (en) * 1999-05-10 2001-07-05 Koninkl Philips Electronics Nv Method and system for processing of copy-protected data
JP2011076622A (en) * 1999-05-10 2011-04-14 Koninkl Philips Electronics Nv Method for screening copy-protected material
EP1061516A1 (en) * 1999-06-08 2000-12-20 Deutsche Thomson-Brandt Gmbh Method for play back of an encrypted piece of information recorded on an information carrier and play back apparatus for use within said method
US7770230B2 (en) 2002-04-22 2010-08-03 Arvato Digital Services Canada, Inc. System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
EP1406445A1 (en) * 2002-09-30 2004-04-07 STMicroelectronics S.A. Management system of temporal rights linked to a digital content
FR2845173A1 (en) * 2002-09-30 2004-04-02 St Microelectronics Sa SYSTEM FOR MANAGING TIME RIGHTS RELATED TO DIGITAL CONTENT
GB2403382B (en) * 2003-06-23 2006-11-29 Vodafone Plc Communication systems
GB2403382A (en) * 2003-06-23 2004-12-29 Vodafone Plc Digital Rights Management (DRM) system providing licences to use encrypted content only after a predetermined time
US9336359B2 (en) 2004-10-18 2016-05-10 Microsoft Technology Licensing, Llc Device certificate individualization
EP1815641A2 (en) * 2004-11-15 2007-08-08 Microsoft Corporation System and method for distribution of provisioning packets
EP1815641A4 (en) * 2004-11-15 2011-02-02 Microsoft Corp System and method for distribution of provisioning packets
US9224168B2 (en) 2004-11-15 2015-12-29 Microsoft Technology Licensing, Llc Tuning product policy using observed evidence of customer behavior
US9189605B2 (en) 2005-04-22 2015-11-17 Microsoft Technology Licensing, Llc Protected computing environment
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
US9436804B2 (en) 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan

Also Published As

Publication number Publication date
AU7616596A (en) 1997-06-27
US5825876A (en) 1998-10-20

Similar Documents

Publication Publication Date Title
US5825876A (en) Time based availability to content of a storage medium
US5857020A (en) Timed availability of secured content provisioned on a storage medium
EP0840194B1 (en) System and method for controlling the use of a package of distributed application software
JP3531978B2 (en) Software billing system
EP1402680B1 (en) System and method for a commercial multimedia rental and distribution system
KR100300341B1 (en) Information gathering device
US8131993B2 (en) System and method for a commercial multimedia rental and distribution system
US20070271186A1 (en) Content distribution service providing system and content distribution device and user terminal device thereof
US20040243488A1 (en) Storage medium rental system
JP2002197379A (en) Contents delivery and return system
CA2454225A1 (en) Rechargeable media distribution and play system
CA2512975A1 (en) System and method for secure data distribution and retrieval using encrypted media
US8332640B2 (en) Storage apparatus, method for validating encrypted content and terminal apparatus
JP2002010234A (en) Content distribution system and method, information providing device, information terminal, and recording medium
US7131133B1 (en) Access control method and information utilization apparatus
US20060293991A1 (en) Method and arrangement for playing back media contents
KR101042757B1 (en) Method for recording an elapsed time period in security module
KR100686064B1 (en) Charge Adjustment system and Method Using Smart Card in case of Watching Paid Broadcasting and Method of Program Class Management using The Same
JP4585736B2 (en) Server device
EP1368969B1 (en) Method for evaluating a bonus
JPH11120695A (en) Information signal reproducing method, card-shaped recording medium and decoder device
JP2002133314A (en) Rental system, rental method, recording medium stored with the program and regeneration device
JP2002269374A (en) Contents usage restricting method, contents delivery system, and mpu built-in type media
AU2002316727A1 (en) Rechargeable media distribution and play system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA CN JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 97520815

Format of ref document f/p: F

122 Ep: pct application non-entry in european phase