SYSTEM FOR DELIVERING CUSTOMIZED INFORMATION
Eric L. Schwartz
Daniel M. Schwartz
BACKGROUND OF THE INVENTION Field of the Invention
The present invention relates generally to global- area computer networks and, more particularly, to delivering information over global-area computer networks.
Related Art
Current methods of delivering user-specific information present several limitations. For example, in the doctor-patient context, health care information is delivered mainly by the physician communicating orally with the patient. Usually, this occurs during an office visit and is sometimes supplemented by a phone conversation. Because of the ongoing daily requirements necessary to manage a chronic disease such as asthma or diabetes, more frequent and customized patient education is desirable to ensure patients optimally manage their condition (s) .
To manage a chronic disease such as diabetes mellitus patients must understand the multiple components of daily care of this condition. These would include blood sugar monitoring, nutrition, exercise, and foot inspection, for example. Unfortunately, most patients with diabetes have an incomplete understanding of how to manage the disease and thus succumb unnecessarily to disabling diabetic complications .
While instructions for daily care are often imparted during physician visits, a substantial number
of patients have trouble retaining these patient care instructions. In addition, some patients are reluctant to ask the physician questions even though they may not have completely understood the physician' s instructions .
Furthermore, patient care instructions are often given all at once and do not necessarily address the real-time medical needs of each patient as they arise. Therefore, it would be desirable to be able to deliver patient care information to patients that is based on their real-time medical needs and that is conveniently accessible by the patient.
The Internet provides an ideal medium for delivering information on an (almost) continuously and easily accessible platform. Computer applications for delivering medical information over the Internet have been developed. For example, websites such as WebMD (http://www.webmd.com) and Dr. Koop (http://www.drkoop.com) provide general healthcare related information to healthcare professionals, as well as consumers. These websites allow consumers to obtain information about various diseases and recommended therapies to treat the diseases. In addition, these websites provide links to related e- commerce sites such as physician referral services, online drugstores, pharmacies, healthcare clinics and similar organizations. Finally, consumers can enter an electronic health profile that allows them to track their own healthcare data and transmit it electronically to healthcare professionals subscribing to .a related service .
However, none of these websites allows for physician-directed real-time delivery of patient specific information. As a result, these websites do
not provide a convenient platform for ongoing care for chronic disease patients. In addition, these websites require the patient to select which information he/she wants to access. Thus, if the patient is not aware of the availability of a certain piece of information on one of these websites, or more commonly, does not know exactly which information to access at the site, it is unlikely that the patient would be able to gain access to such information. Furthermore, patients are sometimes reluctant to search for medical information on the Internet due to security concerns. This is due to the fact that a computer' s IP address can be easily used to remotely gain access to the file system of that computer. This is of particular concern for patients suffering from ailments that they do not wish to disclose to the public. In addition, several Internet sites currently keep track of visitors to their sites and later use that data for marketing purposes. As a result, patients are often concerned that using the Internet to research their ailments may result in the involuntary disclosure of confidential medical information.
The need for customized information also arises in the context of providing technical support to consumers. The increasing complexity of computers, and even consumer electronics, is making it increasingly- difficult for consumers to correctly operate or repair their computers/appliances. Manufacturers typically provide technical support in the form of a telephone customer service line. This approach has the significant shortcoming that the consumer must verbally describe to the technical support representative the problem the user is trying to solve. Furthermore, the consumer may have difficulty following the technical
support representative's directions, adding further complexity to the process. Since consumers typically lack trie expertise to analyze the operation of their computer/appliance, this process is difficult. Manufacturers may also provide technical assistance through websites. The problem with this approach is that while multimedia content can be delivered to the user's computer, no human interaction is provided through the website. At best, the consumer may be able to send an email message to the technical support center's staff and wait for a reply.
Yet another potential application that requires secure delivery of customized information over a computer network is the protection of intellectual property rights in music recordings transferred over the Internet. While existing technology allows the transfer of digitally encoded sound recordings (e.g. MP3 files) among computers connected to the Internet, record companies are extremely concerned with the ease with which these recordings can be illegally copied over such medium.
There is thus a need for an improved method for delivering information that overcomes the limitations of the prior art discussed above. SUMMARY OF THE INVENTION
The system and method of the present invention allow convenient and easy yet secure access to customized information. Examples of customized information are patient care information tailored to individual patients' medical records and treatment plans, technical support information based on diagnostic data obtained from the user computer and
digitally encoded sound recordings encrypted using the user' s key.
This is accomplished by storing user-specific information on a server computer connected to a global- area computer network and allowing users (e.g., patients and/or healthcare professionals) to access the user's information on-line through a client computer also connected to the global-area computer network. To facilitate secure personalized and efficient delivery of this information, a support library is supplied to individual users on a computer-readable storage medium such as a CD-ROM or DVD. The information retrieved from the server computer, in such cases, is processed to display instructional materials to the user by employing the support library stored on the computer- readable storage medium. As a result, the amount of information transferred over the global-area network is drastically reduced, allowing for optimal performance even over a low bandwidth network connection. In some embodiments, the user specific information includes references to graphic illustrations and/or animations as instructional materials (e.g., treatment procedures) . To safeguard the privacy- of the user's information (e.g., patients' medical records), the information stored on the server computer is protected by encryption and by security identification and access procedures to provide access only to authorized users of the computer system.
This approach overcomes the limitations of the prior art described above. For example, in the case of medical information the most relevant information concerning the patient's condition is made easily accessible to the patient since the information is delivered based on the patient's own data. In
addition, the encryption identification and access scheme ensures the confidentiality of the patient' s information. In the case of technical support, the user is provided with technical assistance based on diagnostic information obtained directly from the user's computer, eliminating the need for the user to describe the technical problem he/she is experiencing. In the case of digitally encoded sound recordings, intellectual property rights are protected by allowing only authorized users to access recordings transferred over the Internet and by embedding user-identifying information into the recording itself.
Finally, some embodiments provide additional features such as anonymous directed advertising and anonymous Internet Service Provider (ISP) services. These features allow patients to use the Internet to obtain information about their illnesses without risking unauthorized disclosure of confidential medical information. BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a computer system, in accordance with an embodiment of the invention.
FIG. 2A is a block diagram of the hardware/software structure of the client computers of FIG. 1.
FIG. 2B is a block diagram of the hardware/software structure of the server computer of FIG. 1.
FIG. 3A is a flow diagram of the operation of a client computer of FIG. 1, in accordance with an embodiment of the invention.
FIG. 3B is a flow diagram of the operation of the server computer of FIG. 1, in accordance with an embodiment of the invention.
FIG. 4A shows a window displayed on a screen of a client computer of FIG. 1, according to an embodiment of the invention.
FIGS. 4B-4E are frames captured during replay of an animated demonstration, in accordance with an embodiment of the invention. FIG. 5A shows a user interface that allows a physician to enter new diagnoses and other exam information.
FIG. 5B shows the user interface of FIG. 5A after the existing patient information has been combined with the new diagnoses and other exam information.
FIG. 5C shows customized educational materials generated from the combined information of FIG. 5B.
FIG. 6A shows an email message received by a patient . FIGS. 6B-D show customized educational materials displayed on a patient's computer screen.
FIG. 7 is a block diagram of a remote technical support system, in accordance with an embodiment of the invention. FIG. 8 is a block diagram of an anonymous ISP system, in accordance with an embodiment of the invention. —
FIGS. 9A-9B are flow diagrams of the operation of server and client computers for secure delivery of digitally encoded sound recording, in accordance with an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
A computer system 100, according to an embodiment of the invention is shown in FIG. 1. Computer system 100 includes a server computer 110 and a plurality of client computers 120n (where n = A, B, C, D, etc.) connected via global-area network (e.g., the Internet) 130.
FIG. 2A illustrates the hardware/software structure of a client computer 12On. During operation of computer system 100, a client computer program 210 is executed on top of operating system 220, which in turn controls hardware layer 230. Hardware layer 230, in turn, provides a physical connection to global-area network 130. FIG. 2B illustrates the hardware/software structure of server computer 110. During operation of computer system 100, server computer program 240 is executed on top of operating system 250, which in turn controls hardware layer 260. Hardware layer 260, in turn, provides a physical connection to global-area network 130. Server computer program 240 also stores and retrieves information in database 270 via operating system 250. Database 270 stores patients' medical records, as well as treatment procedures and educational materials tailored to individual patients' needs. A treating physician may include individualized instructions for specific patients that are added to existing educational materials. Alternatively, the physician may specify an entirely new course of treatment uniquely tailored to a specific patient's requirements. This allows for very specific information to be made available to patients in an easily accessible form that can be consulted at will by
the patient. For example, the patient may want to review an educational video or animation of how to perform a treatment procedure to guide him through the process. Rather than having to rely on his/her own recollection of the physician's instructions conveyed during an office visit, or on a standardized instructions sheet, the patient, using the system of the present invention, is able to access on-line a comprehensive set of educational materials that are tailored to his/her specific treatment options. To improve speed, in some embodiments, a library of educational materials is provided to the user in the form of a computer-readable storage medium such as a CD-ROM or DVD. In such embodiments, rather than delivering all the educational materials from the server, only a set of instructions is accessed on-line. These instructions reference specific educational materials that are then generated and displayed from the support library stored on the patient's computer- readable storage medium. As a result, the amount of information that needs to be retrieved on-line is greatly reduced, and the ability to provide customized user instruction is preserved.
FIG. 3A is a flow diagram of the operation of a client computer 120n, in accordance with an embodiment of the invention. First, in stage 305, client computer 12On requests patient information from server computer 110 in response to input from a user. In stage 310, the client computer receives encrypted patient information from server computer 110. This information may include the patient's medical history, a last visit report or physician's care instructions, for example. Information transmitted from* the physician' s office to server computer 110 is encrypted using a physician's
key, while information transmitted from server computer 110 to a client computer 12On is encrypted using a patient' s key, so as to ensure the confidentiality of the information transmitted over global-area computer network 130. In some embodiments, server computer 110 decrypts information received from the physician' s office and re-encrypts this information with the patient's key. The encrypted information is then decrypted in stage 315. In stage 320, a client computer program executed on client computer 12On generates patient care educational materials based on the patient information received from server computer 110. Finally, in stage 325, the educational materials are presented to the user. In some embodiments, these materials are presented to the user by a graphical display such as the one shown in FIG. 4, as described below.
FIG. 3B is a flow diagram of the operation of server computer 110, in accordance with an embodiment of the invention. First, in stage 350, server computer 110 receives a request for patient information from a client computer 120n. In stage 355, server computer 110 queries database 270 to retrieve patient information for the requested patient (e.g. a list of instructional materials customized for the patient' s condition) . Stage 360 then determines whether matching records are found in database 270. If no matching records are found in database 270, an appropriate error code is transmitted to client computer 12On, in stage 365. As those skilled in the art understand that error-handling operations can be performed using a variety of techniques known in the art, these techniques are not further described herein. In optional stage 370, the patient information is
encrypted to ensure the confidentiality of the patient information transmitted over global-area computer network 130. However, in embodiments that do not require a secure communication link, stage 370 may be dispensed with altogether. Finally, the encrypted patient information is transmitted to client computer 12On via global-area computer network 130, in stage 375.
As those skilled in the art will readily realize, standard communications protocols are followed to ensure completion of the data transmission operations described above. For example, a send/acknowledge mechanism can be employed to detect failures in the communications link and retransmit the data in case of data loss. Of course, other techniques known in the art can be used in accordance with the principles of the invention.
FIG. 4A depicts a window 400 shown on a screen of a client computer 120n. Window 400, in turn, comprises a patient specific content pane 410, a reminders pane 420, a play demonstrations pane 430, advertisement messages 440n (where n = A, B, C, ...) and a measurements pane 450. Patient specific content pane 410 includes educational sections 415n (where n = A, B, C, ...). Each educational section contains treatment educational materials for a specific procedure or set of procedures to be performed for the patient . Reminders pane 420 contains fields summarizing upcoming appointments, lab test and prescriptions for the patient. The patient may be able to book, confirm or change appointments by following appropriate links in reminders pane 420. Play demonstrations pane 430 contains animation buttons 435n and a demonstration window 438. When the patient selects an animation
button 435n, a corresponding animation is played in animation window 438. Advertisement messages 440n, in turn, contain advertising information generated based on the patient's information. Finally, measurements pane 450 allows the user to enter measurements obtained as a result of the procedures illustrated by the educational materials. Exemplary measurements may include: body readings such as pulse reading or weight, state of being such as how a patient is feeling, exercise or smoking counts (.e.g. how many minutes did you exercise today, how many cigarettes did you smoke today) or answers to education test questions , such as tests that measure how well a patient knows how to take care of him/herself. These measurements allow educational materials to be interactive and the education programs to be responsive to patient input.
In one embodiment of the invention, animated demonstrations are played on play demonstrations pane 430. Computer code residing on the patient's computer (e.g., a CD-ROM library) contains complete animated demonstrations and component actions that can be used to build complete animated demonstrations. Animated demonstrations allow a patient to watch a short "movie" of an animated person performing movements related to the patient's treatment.
Complete animated demonstration's (e.g., a demonstration of a diabetic patient taking a blood sugar sample) may be provided for demonstrations that are common to a wide variety of patients. Component actions (e.g., the movement of a finger, a head tilt forward or raising both knees to the chest, for example) may be provided for demonstrations that are specific to a particular patient's treatment. The component actions can be used as building blocks to
generate complete animated demonstrations. Figs. 4b-4D illustrate an exemplary animated demonstration of how w a diabetic patient, before putting on his shoes, should check the insides of his shoes for anything that could cut his/her feet. Figs. 4B-4D represent sequentially captured frames from an AVI animation displayed using a standard multimedia player program.
The following example illustrates a complete animated demonstration and the component actions used to build the demonstration. Suppose, for example, that a patient has had pneumatic retinopexy surgery for retinal detachment. As part of the post-operative treatment, the patient must use eye drops. In addition to applying the eye drops, it is important that the patient positions his head properly to place the intravitreal gas bubble on the retinal break (s) .
The eye drop instruction is a complete animated demonstration. That is, the entire demonstration is stored on the patient's computer (e.g., on a CD-ROM) as a continuous sequence. The eye drop animation is stored as a complete demonstration because there is usually no variation in this demonstration from patient to patient or situation to situation. However, each step in the eye drop sequence can be substituted with a different component action. Thus, if there was a part of the demonstration that was patient specific, that part could be replaced by a different component action. The computer program running on the patient's computer would then play the modified version with the substituted components. For example, if the physician wanted the patient to pull his eye lid down in a particular way when inserting the eye drop, the computer program, at the direction of the physician, would (a) identify the step number in the complete
animated demonstration sequence, (b) mark that step for replacement, (c) search for the component actions of pulling down the eyelid, (d) specify the exact movement of eyelid pull, and (e) perform the substitution. The head positioning, however, is patient and/or situation specific. Thus, the head orientation needs to be specified. The physician (or a nurse, office assistant, technician) can configure the demonstration in a demonstration configuration screen by first specifying the action of a body lying down. Then the physician can specify the orientation of the head by indicating it on a clock face. If there is an aspect of timing involved in the activity, start and stop times can be indicated for any part of the demonstration, as the demonstration proceeds. Once the general head position demonstration has been configured, it is given a name that references it when the physician wants a patient to see that demonstration on his computer. Those skilled in the art realize that information can be presented to the user in a layout other than the one depicted in FIG. 4. Therefore, the appearance and organization of window 400 is merely illustrative in nature and not limiting. Different types of information can be presented to the user, in accordance with the principles and spirit of the invention, utilizing a variety of formats. As a result, the invention is not limited to any particular set of data fields presented to the user, nor to the format used to present such data to the user.
Patient Care Education Delivery
One example showing how patient care instructions are delivered to a patient is described with reference to FIGS. 5A-5C and 6A-6D. Suppose a patient, Mr. Patient, is being treated by Dr. Johnson, an ophthalmologist, for diabetic retinopathy. At the conclusion of an examination, Dr. Johnson enters the exam findings into a computer using the interface shown in FIG. 5A. A computer program running on Dr. Johnson's computer then combines the exam findings and Mr. Patient's existing medical information (Fig. 5B) . The combined information is shown in FIG. 5C. Next, the computer program uses the combined information to generate customized educational materials. Finally, the computer program encrypts the customized educational materials using Dr. Johnson's unique encryption algorithm and key and sends the encrypted information to server computer 110 (Fig. 1) where the information is stored on database 270 (Fig. 2B) .
Encryption of the customized educational materials is necessary to protect the confidentiality of Mr. Patient's medical records. One way of- encrypting the customized educational materials, such that no patient identifying information accompanies patient data transmission, is described below. First, server computer 110 stores an identification code associated with Mr. Patient (e.g., Mr. Patient's SSN) . The identification code is stored when Mr. Patient purchases or obtains client software having a support library (described above) . Sometime thereafter, Dr. Johnson' s computer requests an identification code from server computer 110 that creates an association between Mr. Patient and the customized educational materials
that are to be sent by Dr. Johnson. To obtain the identification code from server 110, Dr. Johnson's computer generates a first random code (Rl) that is within a range of random numbers assigned to Dr. Johnson. Dr. Johnson's computer then sends Rl along with Mr. Patient's social security number (SSN) to server computer 110. Server computer 110 then checks to see if Mr. Patient's SSN is stored in database 270. If Mr. Patient's SSN is not found, server computer 110 returns an error message to Dr. Johnson's computer. If Mr. Patient's SSN is found, server 110 generates a second random code (R2) , stores an association between R2 and Mr. Patient's SSN, and returns Rl and R2 to Dr. Johnson's computer. The computer program on Dr. Johnson' s computer can now send an encrypted version of Mr. Patient's customized educational materials along with R2 to server computer 110, and server computer 110 will be able to associate R2 with Mr. Patient and Dr. Johnson. As a result, this process enables patient data to be sent without an identifying SSN. This process also verifies that the patient who is to receive the customized educational materials (e.g., Mr. Patient) has the library and decrypting software to decode the customized educational materials. Upon receipt of the encrypted version of Mr.
Patient's customized set of references to educational materials and R2, server 110 decrypts the customized educational materials using a unique decryption algorithm associated with Dr. Johnson. Server 110 can determine the unique decryption algorithm associated with Dr. Johnson from R2. Server 110 then locates the unique encryption algorithm associated with Mr. Patient (using Mr. Patient's previously established relation with R2) , encrypts the customized educational
materials, stores the encrypted customized educational materials on database 270, and sends an email message to Mr. Patient. The email message indicates that the customized educational materials, derived from clinical findings and/or explicit instructions entered by Dr. Johnson, is now available on server computer 110.
When Mr. Patient opens the email message he sees the message shown in FIG. 6A. If Mr. Patient clicks on "Doctor" symbol 610, a program running on Mr. Patient's client computer is invoked. The program then retrieves the encrypted data from server computer 110, decrypts the encrypted data , processes the data using the support library, and then presents a graphical display of the customized educational materials on Mr. Patient's computer screen as shown in FIG. 6B. The customized educational material of Fig. 6B includes both textual instructions 610 and graphical illustrations 620.
After each subsequent exam, the actions described above are performed and Mr. Patient receives an email with the message shown in FIG. 6C. The email message of FIG. 6C also includes both text 630 and graphics 64On (where n = A, B, C, etc.) .
Mr. Patient is subsequently treated. After the treatment, Dr. Johnson enters new information into his database. New customized educational material is created, the encryption scheme takes place, and an email is sent to Mr. Patient all as described above. Upon opening the email message the day after the procedure takes place, Mr. Patient would see the message shown in FIG. 6D. Fig. 6D also comprises both textual information 650 and graphical information 66On.
Confidential Directed Advertising
Advertising represents a significant source of revenue for websites. In particular, websites that attract visitors interested in subjects covered by the website are more likely to be interested in goods and/or services related to those subjects. As a result, advertisers tend to direct their ads to websites that deal with related subjects. However, confidentiality concerns render it undesirable and event potentially illegal to obtain personal medical information from users visiting a website. The present invention solves this problem by allowing advertisers to direct advertisements to patients without gaining access to the patients' confidential medical information. A confidential ad server computer acts as an intermediary between patients and advertisers . The confidential ad server communicates to the advertisers the subjects in which the user may potentially be interested, without revealing the patient's identity to the advertisers. The advertisers may, in turn, direct ads to the anonymous user through the confidential ad server .
In accordance to an embodiment of the invention, advertisers use a programmatic interface to select a target audience by selecting a number of parameters such as: demographics (e.g., age, sex, race), diagnoses, taking certain drugs, having had certain medical events (e.g., emergency room visits) . The advertiser parameter set is stored in a confidential advertiser server database along with the advertisements that the advertiser has selected for the target audience . The advertiser server then searches the database, finds all the patients who satisfy the
parameter set, and includes the advertisements in web pages to be displayed to the target audience. The advertiser server can also act as an intermediary between the person responding to the ad and the advertiser so that the responder can purchase the product without the advertiser knowing his/her identity. The advertiser server receives the purchase request, credit card number, and necessary purchaser information from the purchaser and stores these information in a database record. The advertiser server than forwards the purchase request to the advertiser using the server company name and payment information. The purchased items are sent from the advertiser to the server company. The server company then refers to the database association record and then sends the items along to the purchaser after charging the purchaser' s credit card for the cost of the entire transaction, plus an optional service fee.
Similarly, when the prospective purchaser issues an information request, the server serves as an intermediary in the same way as it does with the transaction described above- so that confidentiality is preserved.
Other Applications - Technical Support Another application for the present invention is an interactive technical support system. A customized technical support system 700, in accordance with an embodiment of the present invention is shown in Fig. 7. Customized technical support system 700 allows consumers to receive customized technical support through their computers . As shown in Fig. 7 , consumer 710 would contact the technical support center by telephone (POTS 730) . A technical support
representative 720 would then be able to send the consumer a command that identifies which technical instruction stored on a computer-readable storage medium 725 (e.g. a CD-ROM) distributed with the user's computer/appliance is to be displayed on computer 715. As a result, technical information customized to the consumer's actual problem is displayed. In the event that additional information has become available after the consumer acquired his computer/appliance, this information could be transmitted to the consumer together with the command specifying which information to present to the consumer.
In addition, in the case of a computer system or other Internet-enabled device, the technical support representative would also be able to remotely connect to the computer/appliance and remotely run diagnostics to ascertain the consumer's problem.
Encryption Schemes
Several encryption schemes can be used in accordance with the principles of the invention. For example, patient information that originates from a primary care physician's (PCP) office may be encrypted using a unique physician encryption key, or it may be encrypted using one key that corresponds to the PCP and one key that corresponds to the patient. If the patient decides to change PCPs.at a certain point, a new key would be assigned to the new PCP, so that only the current PCP and the patient may have access to the patient information. Data that is sent to the patient from the server computer may be encrypted via a unique key and algorithm provided as part of a computer-readable storage medium so that only a specific patient who is
in possession of the computer-readable storage medium would be able to access the information stored on the disk and generate patient care educational materials by combining the patient' s information with the support library stored on the computer-readable object medium.
Anonymous Web-Access
As an added feature, the system of the present invention allows patients to access information over the Internet without disclosing their identities or risking inadvertent disclosure of confidential medical information using an anonymous ISP server 800, as shown in Fig. 8. To ensure patients' confidentiality, anonymous ISP server 800 allows users to anonymously access websites through the server. This is accomplished by routing packets through anonymous ISP server 800 and "masking" the IP address of the patient's computer. Thus, only the IP address (the "public" IP address) of anonymous ISP server 800 is visible to the outside world, while the IP address (the "private IP address") of patient's computer 810 is only visible to the anonymous ISP server 800.
In one embodiment of the invention, the ISP maintains a pool of IP addresses . Whenever a URL request is received by the ISP, the anonymous ISP server replaces the IP address of the sender with an IP address from the anonymous ISP server' s pool of IP addresses. The order of events is as follows.
The user sends out a URL request via his browser. The request contains the requested URL and the IP address of the machine on which the browser is running. When the request arrives at the user's ISP server, the ISP replaces the IP address of the user with one of the IP addresses from the pool. The IP address of the
requesting machine and the replacement IP address are then associated in a database record in the ISP server database. The URL request then goes out to the Internet with the replacement IP address. When the requested page comes back to the ISP, a database search is performed that locates the record that associates the replacement IP address with the user's IP address. Next, the replacement IP address is removed and the requesting machine's IP address is inserted. Next, the associating database record is deleted. Finally, the requested page is sent to the requesting machine.
Subsequent transmissions to and from the user' s machine are handled in a similar manner. As a result, the confidentiality of the user's machine IP address is preserved.
Other Applications—Music Encryption
It is important to note that the present invention is not limited to the secure transfer of patients' medical information. The present invention can be used for any application where information is securely distributed over a computer network. One such application, described below, is the distribution of music over the Internet . New digital encoding formats, such as MP3 , allow music to be easily transferred/distributed over a computer network such as the Internet. The speed of this distribution channel presents an advantage over the conventional record store model where the same music can only be obtained by physically going to a music store, purchasing the music, and then taking it home to be played. Record companies and other distributors of sound recordings, however, are concerned about the relative ease with which music can
be downloaded onto a computer, copied and distributed to others without compensating the owner of the music. Copyright law protects the owner of the music, but enforcement is difficult. As explained below with respect to Figs. 9A and 9B, the principles of the present invention can be used to address this problem. Suppose a consumer wants to purchase a record by downloading the record via the Internet. First, in stage 905, the consumer sends a request for purchase via the Internet to a server computer. The request for purchase includes an identification code e.g., the purchasing credit card number, or a unique machine id, or software identification code The server program associates the unique identification code with the consumer. The server then stores a record that includes a music identification code and the consumer' s identification code in stage 910.
Using the stored codes, music can be protected from unauthorized play using either or both of the following methods.
The simplest method for protecting the music from being mass copied does not require encryption. This method embeds the consumer's identification code and a tag in a portion of digital encoding of the sound recording that falls in the range of inaudible sounds when played by a CD player or any other device. A software program is then used to scan digitally encoded sound recordings distributed over the Internet for tags that identify purchasers. If a tag is found, the consumer's identification code is extracted and compared to the records stored in the database in stage 910. If the consumer's identification code is found in the database and the music is being played or made available on the Internet without permission from the
music' s owner, the consumer who purchased the music can be identified and prosecuted.
The second method utilizes encryption. After the server computer receives the consumer' s unique machine and/or software identification code, the music is encrypted. The server first generates an encryption/decryption algorithm that is unique to the consumer' s machine and/or software identification codes. The music may then be compressed. After compression, the music is encrypted in stage 915 using the unique machine and/or software identification code. In some embodiments, the encryption' is performed at a few select locations in the recording to reduce the amount of time required to decrypt the music. Since the music must be decrypted each time the music is played, limiting the amount of decryption necessary allows optimal playback on average and low-end computer systems. If someone were to listen to the music in its encrypted form, he/she would hear a large number (e.g., 50) of. intermittent instances of static, each lasting 1-2 seconds. The unique identification code is then embedded in the recording itself in stage 920. Optionally, the unique identification code may be embedded in the recording prior to compression, or after compression but prior to encryption. Finally, the music is downloaded to the consumer' s computer in stages 925 and 930.
When the music player software/hardware on the consumer' s computer initiates the process of playing the song, it first extracts the embedded identification code in stage 935. Stage 940 then compares the extracted identification code with the unique machine and/or software identification code embedded in the consumer's music player software/hardware. If the
identification codes are the same, the music player proceeds to decrypting (stage 955) and playing (stage 960) the recording. If the identification codes are not the same, the music player may issue a prompt in stage 945 to the consumer to input the unique machine and/or software identification code that is embedded in the music. If the consumer is unable to enter that identification code, the music player will not play the music. If the identification codes match, the music player selects the decryption algorithm referenced by the identification code number from the music player's database . This decryption algorithm mirrors the encryption algorithm that is stored on the server and referenced by the same unique machine and/or software identification code. The music player then decrypts (stage 955) the music with that algorithm. The music is then optionally decompressed.
Once decrypted and decompressed, the music is played (stage 960) . The only difference between this music and a previously unencrypted music is that this music data will contain the embedded identification code.
In the method that employs encryption, it is important to note that consumers expect to be able to play purchased music on a number of devices that they own (e.g., home stereo, home computer, car stereo). However, each of these players will have a unique machine and/or software identification code number. Thus there must be a way of enabling the music to be played on devices other than the particular one that the music was ordered on. This is accomplished by prompting the consumer for a unique identification code when the identification code embedded in the music does
not match the unique identification code embedded in the player. Once the consumer enters the original music player's unique identification code, the software will play the music. The unique identification code can then be stored on the player or player database so the consumer does not have to be prompted each time he/she wants to play the music.
Conclusion
Embodiments described above illustrate but do not limit the invention. While a patient education delivery example has been discussed above, the invention is in no way limited to delivery of patient educational information. Those skilled in the art will readily realize that the system and method of the present invention can be used to deliver information other than patient education. For example, software and hardware failure diagnosis and repair information may be distributed in computer-readable storage medium form. When a computer user experiences technical problems, he/she may contact the manufacturer's technical support center to request help in diagnosing and repairing the computer failure. The technical support center could then access the support library on the computer-readable storage medium to generate educational materials customized to address the user' s particular problem. As a result, the present invention is suitable for any application that requires on-line delivery of customized educational content to users. In addition, the present invention is especially useful in the cases where confidentiality of the transmitted data is essential - e.g., in communication of medical information.