Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


United States Patent [19] 

Benson et al. 


iiiiiiniyiiiiiinii 


USO05845281A 
[11] Patent Number: 
[45] Date of Patent: 


5,845,281 
Dec 1, 1998 


[54] METHOD AND SYSTEM FOR MANAGING A 
DATA OBJECT SO AS TO COMPLY WITH 
PREDETERMINED CONDITIONS FOR 
USAGE 

[75] Inventors: Greg Benson, Dalby; Gregory H. 

Urich, Lund, both of Sweden 

[73] Assignee: MediaDNA, Inc., La Jolla, Calif. 

[21] Appl. No.: 594,811 

[22] Filed: Jan. 31, 1996 

[30] Foreign Application Priority Data 

Feb. 1, 1995 [SE] Sweden 9500355-4 

[51] Int. CI. 6 G06F 17/30 

[52] U.S. CI „ 707/9; 707/10; 707/103 

[58] Field of Search 395/609, 610, 

395/614; 707/9, 10, 103 

[56] References Cited 

U.S. PATENT DOCUMENTS 

4,919,545 4/1990 Yu 3S0/25 

5,023,907 6/1991 Johnson et al 380/4 

5,103,476 4/1992 Waite et al 380/4 

5,222,134 6/1993 Waite et al » 38Q/4 


5,235,642 8/1993 Wobber et al 380/25 

5,319/705 6/1994 Halter el at 380/4 

5,321,841 6/1994 East et al 395/725 

5,375,240 12/1994 Grundy 395/700 

5,400,403 3/1995 Farm et al 38Q/21 

FOREIGN PATENT DOCUMENTS 

0367700 5/1990 European Pat. Off. . 

0567800 4/1993 European Pat. Off. . 

0653695 11/1994 European Pat. Off. . 

W096/27155 9/1996 W1PO G06F 17/30 

Primary Examiner — Maria N. Von Buhr 

Attorney, Agent, or Firm— Knobbe, Martens, Olson & Bear. 

LLP 

[57] ABSTRACT 

A method and a system for managing a data object so as to 
comply with predetermined conditions for usage of the data 
object. To control the usage of the data object, a set of 
control data, defining uses of the data object, which comply 
with the predetermined conditions, is created for the data 
object The data object is concatenated with the user set of 
control data, encrypted and transferred to the user. When the 
user wants to use the data object, a special user program 
checks whether the usage complies with the control data. If 
so, the usage is enabled. Otherwise it is disabled. 

29 Claims, 15 Drawing Sheets 


19 - 


-301 


control 
module 


302- 


303- 


packaging 
module 


user interface module 


control data 
creation module 


-304 


format modules 


-306 


security modules 


-307 


encryption module 


-305 


data packaging program 


U.S. Patent 


Dec. 1, 1998 Sheet 1 of 15 


5,845,281 


Figl 


data object 
provider 1 — 


user 2 - 


data object 

-24 

predetermined conditions 







packaging program 

i 


~ 19 


secure package 

data object 

control data 


-40 


secure package 
data object : control data 

♦ 

user program 


-40 


i 


-35 


data object in usage form 


-80 


U.S. Patent Dec. 1, 1998 Sheet 2 of 15 5,845,281 


Fig 2 


24- 


19- 


20- 


21- 


23- 


10- 


15- 


16- 


data object(s) 


data packaging 
program 


control database 


network and 
telecommunications 


OS 


-13 


cpu 


14- display 


keyboard 


printer 


network 
adapter 


~12 


bulk storage 


ROM 


17 


-18 


memory ~ 1 1 


U.S. Patent Dec. 1, 1998 Sheet 3 of 15 5,845,281 


Fig 3 


-301 

— 


302- 


user interface module 


control 
module 


packaging 
module 


303- 


control data 
creation module 


-304 


format modules 


-306 


security modules 


-307 


encryption module 


-305 


data packaging program 
19 H 


U.S. Patent 


Dec 1, 1998 


Sheet 4 of 15 


5,845,281 


Fig 4 


401- 


create data object and 
save data object to file 


402- 


I 


start packaging program 


403- 


input header information and 
usage information 


404- 


create header data 


4 q 5 _ save header data to header file 


406- 


T 


create usage data 


407- save usage data to usage file 


408- 


410- 


need data conversion? 

t. 


no 


need compression? 


412- 


i 


no 


need security treatment? 


no 


yes 


convert data object file format 


yes 


compress data object file 


yes 


perform security treatment 


-409 


-411 


-413 


4 concatenate usage data file and data object file and save as a temporary file 


4 j5_ encrypt temporary file 


T 


416- 


concatenate temporary file from previous step and header file and 
save as a single file 


U.S. Patent Dec. 1, 1998 Sheet 5 of 15 


5,845,281 


Fig 5 


file identifier 
title 

format code 
security code 


123456789 

image 

a 

b 


Fig 6 


usage element for author's phone number 


.price for single use 


...price for unlimited use 


...code for usage type approved 


...code for number of usages approved 


- identifer 
size 

L data 
r identifer 

size 
L data 
" identifer 

size 
L- data 
~ identifer 
size 

- data 
r- identifer 

size 
_ data 


1 

13 

716 381 5356 

2 

4 

.50 

3 

4 

50.00 

4 

2 

9 

5 

2 

1 


U.S. Patent Dec. 1, 1998 Sheet 6 of 15 5,845,281 


Fig 7 


42- 


predetermined 
conditions 


video 


-24 


19- 


data packaging 
program 


50- 


20- 


general 
control data 

control 
database 


video 


storage 


-24 


-17 


U.S. Patent 


Dec. 1, 1998 


Sheet 7 of 15 


5,845,281 


Fig 8a 


- object identifier 123456789 
format code 0010 

header security code 0010 

number of usage elements 2 

size of usage data 17 

- size of data object 273 
1 st usage element id 00 1 
1st usage element size 6 

1 st usage element data 1 

2nd usage element id 002 

2nd usage element size 3 
2nd usage element data 


Fig 8b 


header 


object identifier 123456790 

format code 0010 

security code 0010 

number of usage elements 2 

size of usage data 1 7 

size of data object 273 

1 st usage element id 00 1 

1st usage element size 6 

1 st usage element data 1 

2nd usage element id 002 

2nd usage element size 3 

2nd usage element data 2 


U.S. Patent 


Dec. 1, 1998 Sheet 8 of 15 


5,845,281 


Fig 9 


50- 


control data 


20- 


control 
database 


data object 24 


DBMS 


-22 


I 


19- 


data packaging 
program 


60-H 
24- 
40 H 


I 


user adapted 
control data 


data object 


secure 
data package 


user adapted |^ 
control data 


60 


control 
database 


-20 


U.S. Patent Dec. 1, 1998 Sheet 9 of 15 5,845,281 


Fig 10 


1001 

Copy general set of control data to create new control data 


I 

1002 

Apply new id to new control data 



i 

1003 

Update second control element data in new control data 



1004 

Store new control data in control database 


* 

1005 

Copy data object 



1006 

Concatenate data object and new control data 



1007 Begin security procedure corresponding to security code "00 10' 1 

1008 Encrypt data object and control data to create final data package 

* — 

1 009 Store data package or pass to network program 


U.S. Patent 


Dec. 1, 1998 


Sheet 10 of 15 


5,845,281 


Fig 11 


control data in memory 


AVI file in memory 


123456789001000102172730016100232 


RIFF0>DQAVILIST6aaDhdriavih8O0DjaDa§WOOC\A 
DODODiODDOOQQaOOQPQQ@OOa0QDQQQQOA 
^ □ O wO □ D D □ V6LrST*D D OstrlstrhSOD □ vidsc vidO Q Dec 
S 0 O D { { { hhhhhh { On— a§— <E§hm[hhhO □□*"{{ {|sd*™§ 

Chr8=+QaaaoaaaQQaDDO{ana"D'Ǥ**a(anqvd 

OOOm W l h{Dn' , §inOi>-<rSirqvd{Dn„%owmL. 


Fig 12a 


concatenated control data 
and AVI file in memory 


123456789001000102172730016100232riito> 

DOAVELIST6Daahdrlavih8QaOjaDQ§WDaC\ADaD 

ooiODoooaooDaoPao@aoooaaaoaaoAioa 

wDOOOO V6LISTtO DO strlstrh8 □ Q Q vidscvidD 0 OoeSQ □ 
□ { { {hhhhhh ( Or>— aeS — a$hm[hhhDDD"' ( { {|sd^™S(;l 0 i^ 
8=+QQODOOOODDOOOa{OnQ M D' , § I "0{QnqvdDaO 
VMA hhh { On' '§iJ" { On-<rSj ^qvd { Oiv,Xown[ M %oWj j 

"-ceS' , §g°ij n { { ( { { (* M DDDaaimauuu , /i 


Fig 12b 


concatenated and 
encrypted control data and 
AVI file in memory 


12345678900100010217273DODaoooaoooo 
□□aooooaoaaaoaDaoaaaoaaaDaooDoaa 
oooaaaaoaDaaaDooaoDooaaaooaoooao 

ODDaaDODQaaQDaOQDaDDDDaDDDDODDDD 

aDDaaaoDDaaoaDaoaoDDDDoaDDaaoDao 
□□aaaoooooaaaaoaaaaDaaoaoaoooooo 
QODaaDDDDaaaQaaDOODaaQODaaaDaDOD 

□ □□ODODOOOQOQDODDOQDDO'/j 


U.S. Patent 


Dec. 1, 1998 


Sheet 11 of IS 


5,845,281 


Fig 13 


40- 


data package 


user program 


control database 


network and 
telecommunications 


OS 


28 


processor 


29- display 


keybd 


printer 


bulk storage 


sound sys ^32 


ROM -33 


-34 


network 
adapter 


-27 


memory -26 


U.S. Patent Dec. 1, 1998 Sheet 12 of 15 5,845,281 


Fig 14 


control 
module 


-1401 
+ 


file transfer 
program 


1402- 


user interface module 


1403- 


usage manager 
module 


-1409 


control data 
parser module 


-1404 


format modules 


-1406 


security modules 


-1407 


decryption module 


-1405 


user program 


35- 


U.S. Patent Dec. 1, 1998 Sheet 13 of 15 5,845,281 


Fig 15 


j jo ]_ receive data package 


1502- 


1503- 


store data package as file 


1504- 


start user program 35 


input usage request 


1 505~ decrypt and extract control data from data package and store control data in memory 


i 


1506- 


compare usage request to usage 
requirements in control data 


1507- usage OK? 


no 


disable usage request 


-1508 


1 509— need data conversion? 


1511- 


I 


yes 


convert data object file format 


-1510 


no 


yes 


need decompression? 

^ no" 


decompress data object file 


-1512 


151 3*- neec * secur > tv treatment? 


1515- 


yes 


perform security treatment 


H514 


no 


decrypt and extract object data 

+ 


enable requested usage 

i 


1517- 


update control data 

♦ 


1 5 1 8*- restorc data package 


U.S. Patent 


Dec. 1, 1998 Sheet 14 of 15 


5,845,281 


Fig 16 


1601 

Begin user program 


1602 

Detect usage request 

* 

1603 

Examine control data 


I 


1604 

If universal format code is "0010" then continue, else disable use and 
jump to 1699 


1605 

If universal security code is "0010" then continue, else disable use and 
jump to 1699 


1606 

Compare user type to first usage element data | 


| 1607 

If user type is same then continue, else disable use and jump to 1 699 | 


| 1608 

Check second control element for number of uses purchased | 


| 1609 

If uses is > 0 then enable use, else disable use and jump to 1699 | 


1610 

Decrement second control element data 


1611 

Repackage data object 


1699 return 


U.S. Patent Dec. 1, 1998 Sheet 15 of 15 5,845,281 


Fig 17 


control data 0 


control data'l 


control data 2 


control data 3 


object data 1 


control data 0 


control data 1 


object data 1 


data package 1 


control data 2 


object data 2 


object data 2 


object data 3 


data package 0 


data package 2 


control data 3 


object data 3 


data package 3 


data package 0 



5,845 ; 

1 

METHOD AND SYSTEM FOR MANAGING A 
DATA OBJECT SO AS TO COMPLY WITH 
PREDETERMINED CONDITIONS FOR 
USAGE 

5 

TECHNICAL FIELD 

Tbe present invention relates to data processing and more 
particularly to a method and a system for managing data 
objects so as to comply with predetermined conditions for J(J 
usage. 

BACKGROUND 

Much has been written recently regarding the puzzle of 
universal connectivity. A typical vision of the data highway 15 
has long distance high speed data carriers inter connecting 
regional networks which provide telecommunications ser- 
vices and a wide range of interactive on-line services to 
consumers. Many of the pieces are already in place, others 
are in development or testing. In fact, even though the data 20 
highway is under construction it is currently open to limited 
traffic. On-line services are springing up daily and video on 
demand services are currently being tested. 

The potential to benefit society is immense. The scope of 
information available to consumers will become truly global 25 
as the traditional barriers to entry for distribution of, and 
access to, information are lowered dramatically. This means 
that more diverse and specialized information will be made 
available just as conveniently as generic sources from major 
vendors used to be. The end result is that organizations and 30 
individuals will be empowered in ways heretofore only 
imagined. 

However, a fully functioning data highway will only be as 
valuable as the actual services which it provides. Services 
envisioned for the data highway that involve the delivery of 
data objects (e.g. books, films, video, news, music, software, 
games, etc.) will be and are currently limited by the avail- 
ability of such objects. Library and educational services arc 
similarly affected. Before owners will allow their data 
objects to be offered they must be assured of royalty 
payments and protection from piracy. 

Encryption is a key component of any solution to provide 
copy protection. But encryption alone is not enough. During 
transmission and storage the data objects will be protected 45 
by encryption, but as soon as anyone is given the key to 
decipher the content he will have unlimited control over it. 
Since the digital domain permits data objects to be repro- 
duced in unlimited quantities with no loss of quality, each 
object will need to be protected from unlimited use and 50 
unauthorized reproduction and resale. 

The protection problem must not be solved by a separate 
solution for each particular data format, because then the 
progress will indeed be slow. It is important to consider the 
effect of standardization on an industry. Consider how the 5^ 
VHS, the CD and the DAT formats, and the IBM PC 
compatibility standards have encouraged growth in their 
respective industries. However, if there is to be any type of 
standardization, the standard must provide universal adapt- 
ability to the needs of both data providers and data users. $0 

The data object owner may want to have permanent 
secure control over how, when, where, and by whom his 
property is used. Furthermore, be may want to define 
different rules of engagement for different types of users and 
different types of security depending on the value of par- 65 
ticular objects. The rules defined by him shall govern the 
automated operations enabled by data services and network- 



,281 

2 

ing. Tne owner may also want to sell composite objects with 
different rules governing each constituent object. Thus, it is 
necessary to be able to implement variable and extensible 
control. 

The user on his pan wants to be able to search for and 
purchase data objects in a convenient manner. If desired, the 
user should be able to combine or edit purchased objects (i.e. 
for creating a presentation). Furthermore, the user may want 
to protect his children from inappropriate material. A com- 
plete solution must enable these needs as well. 

What is needed is a universally adaptable system and 
method for managing the exchange and usage of data objects 
while protecting the interests of data object owners and 
users. 

PRIOR ART 

A method for enforcing payment of royalties when copy- 
ing softcopy books is described in the European patent 
application EP 0 567 800. This method protects a formatted 
text stream of a structured document which includes a 
royalty payment element having a special tag. When the 
formatted text stream is inpuued in the user's data processor, 
the text stream is searched to identify the royalty payment 
element and a flag is stored in the memory of the data 
processor. When the user for instance requests to print the 
document, the data processor requests authorization for this 
operation from a second data processor. The second data 
processor charges the user the amount indicated in the 
royalty payment element and then transmits the authoriza- 
tion to the first data processor. 

One serious limitation of this method is that it can only be 
applied to structured documents. The description of the 
above-mentioned European patent application defines a 
structured document as: a document prepared in accordance 
with an SGML compliant type definition. In other words it 
can not be applied to documents which are not SGML 
compliant and it cannot be applied to any other types of data 
objects. 

Furthermore, this method does not provide for variable 
and extensible control. Anyone can purchase a softcopy 
book on a CD, a floppy disc or the like, and the same royalty 
amount is indicated in the royalty payment element of all 
softcopy books of the same title. 

Thus, the method described in EP 0 567 800 does not 
satisfy the above-mentioned requirements for universally 
adaptable protection of data objects. 

SUMMARY OF THE INVENTION 

Accordingly, it is a first object of the invention to provide 
a method and a data processing system for managing a data 
object in a manner that is independent of the format and the 
structure thereof, so as to comply with predetermined con- 
ditions for usage control and royalty payment. 

It is a further object of the invention to provide such a 
method and system which is universally adaptable to the 
needs of both the owner and the user of the data object. 

A further object of the invention is to provide such a 
method and system which enables a data object provider to 
distribute his data object while maintaining control of the 
usage thereof. 

Yet another object of the invention is to provide a method 
and system which allows a data object provider 10 select the 
level of security for his data object in a flexible way. 

Yet another object of the invention is to provide such a 
method and system which makes it possible to establish an 
audit trail for the data object. 


5,845,281 

3 4 

Yet another object is to provide such a meihod and system control data. In the latter case, the number of usages 

which makes it possible to sell and buy data objects in a requested by the user is tentatively authorized and included 

secure way. in the user set, but if the request is refused the user set is 

More particularly, a data object provider, e.g., the owner canceled or changed, 

of a data object or his agent (broker), stores the data object 5 The data package may be transferred to the user by 

in a memory device, e.g. a bulk storage device, where it is electronic means or stored on bulk storage media and 

accessible by means of the data provider's data processor. transferred to the user by mail or by any suitable transpor- 

The data object can consist of digital data, analog data or a tation means. 

combination or hybrid of analog and digital data. Once the data object has been packaged in the above - 

A general set of control data, which is based on the 10 described manner, it can only be accessed by a user program 

predetermined conditions for usage of the data object, is which has built-in usage control and means for decrypting 

created and stored in the same memory device as the data the data package. The user program will only permit usages 

object or another memory device where it is accessible by defined as acceptable in the control data. Moreover, if the 

the data provider's data processor. The predetermined con- control data comprises a security control element, the secu- 

ditions for usage may be defined by the data object owner, 15 rity procedure prescribed therein has to be complied with. In 

by the broker or by anyone else. They may differ, between one embodiment, the usage control may be performed as 

different data objects. follows. If the user decides to use a data object, the user 

The general set of control data comprises at least one or program checks the control data to see if this action is 

more usage control elements, which define usages of the authorized. More particularly, it checks that the number of 

data object which comply with the predetermined condi- 20 authorized usages of this kind is one or more. If so, the 

tions. These usages may encompass for instance the kind of action is enabled and the number of authorized usages 

user, a time limit for usage, a geographical area for usage, decremented by one. Otherwise, the action is interrupted by 

allowed operations, such as making a hard copy of the data the user program and the user may or may not be given the 

object or viewing it, and/or claim to royalty payment. The opportunity to purchase the right to complete the action, 

general set of control data may comprise other kinds of 25 After the usage, the user program repackages the data 

control elements besides the usage control element. In a object in the same manner as it was packaged before, 

preferred embodiment, the general set of control data com- When a data object is redistributed by a user or a broker, 

prises a security control element which defines a security D ew control elements are added in the control data to reflect 

procedure which has to be carried out before usage of the ^ the relation between the old user/broker and the new user/ 

data object. It also comprises an identifier, which uniquely broker. In this way, an audit trail for the data object may be 

identifies the general set of control data. created. 

The general set of control data is concatenated with a copy According to another aspect of the invention at least two 

of the data object. Thus, the control data does not reside in data packages are stored on a users data processor, which 

the data object, but outside it, which makes the control data 35 examines the usage control elements of the data packages in 

independent of the format of and the kind of data object and or d er to find a match. If a match is found, the user's data 

which allows for usage control independently of the data processor carries out an action which is specified in the user 

object format. set of control data. This method can be used for selling and 

At least the usage control elements) and the data object buying data objects, 

are encrypted, so that the user is unable to use the data object 40 BRIEF DESCRIPTION OF DRAWINGS 
without a user program which pe norms the usage control 

and which decrypts the data object. Alternatively, the whole FIG. 1 is a flow diagram showing the general data flow 

set of control data and the copy of the data object may be according to the invention. 

encrypted. FIG. 2 is a system block diagram of a data object 

A user may request authorization for usage of a data 45 provider's data processor, 

object residing at a data provider's processor via a data FIG. 3 is a block diagram showing the different modules 

network or in any other appropriate way. The authorization of a data packaging program according to the invention, 

may or may not require payment. When a request for FIG. 4 is a data flow diagram of a data packaging process, 

authorization for usage is received, a user set of control data FIG. 5 is an example of a header file, 

is created by the data provider's processor. The user set of 50 FIG. 6 is an example of a usage data file, 

control data comprises the general set of control data or a flG ? [s a da(a flow d - of loadi an objecl lQ lhc 

subset thereof including at least one of said usage control daU objec[ ovider « s dala processor . 

elements winch is relevant for the actual user It typ.cally con 

also includes a new identifier which uniquely identifies this , . , . , t ,. t . y . , , t , _ 

. , . If . . ^ , f . . object on the data object provider s data processor and for an 

set of control data. If relevant, the user set of control data 55 J , , . , . J J r . r . . 

. , r , e object ready to be transferred to a user, respectively, 

also comprises an mdicauon of the number of usages ™^ « • j a r ■ ■ 

authorized. If more than one kind of usage is authorized, the j FiG ' 9 15 a dat f *™ d,a S ram of data Packaging on the 

number of each kind of usage may be specified. Finally, the data ob J ccl P r0Vldcr s dala Processor, 

user set of control data is concatenated with a copy of the FIG - 10 15 a flow diagram of a data packaging procedure, 

data object, and at least the usage control elements and the 6 0 F,G - 11 is a ™mory image of a data object and its control 

copy of the data object are encrypted to create a secure data data. 

package ready for transfer to the user. FIG. 12a is a memory image of the concatenated control 

Before the data package is transferred to the user, it should data and data object, 

be confirmed that the request for authorization for usage has FIG. 12b is a memory image of the concatenated and 

been granted. The check is preferably carried out before the 65 encrypted control data and data object, 

user set of control data is created. However, it can also be FIG. 13 is a system block diagram of a user's data 

carried out in parallel with or after the creation of the user processor. 


5,845,281 

5 6 

FIG. 14 is a block diagram showing the different modules The Data Provider's Data Processor: 

of a user program according to the invention. FIG. 2 is a system block diagram of a data object 
FIG. 15 is a flow diagram of using a data object on the provider's data processor. As mentioned above, the data 

user's data processor. object provider may be an author of a data object, an owner 
FIG* 16 is a flow diagram of how the user program 5 of a data object, a broker of a data object or anyone else who 

operates in a specific application example. wants to distribute a data object, while retaining the control 
FIG. 17 is an example of various data package structures of its usage. The data processor is a general or special 

for composite objects. purpose processor, preferably with network capabilities. It 

DESCRIPTION OF THE BEST MODE FOR comprises a C PU 10, a memory 11 and a network adapter 12. 

CARRYING OUT INVENTION 10 af£ inlerconnecled b y a bus 13 * As shown in FIG. 2, 

other conventional means, such as a display 14, a keyboard 
General Overview 15, a printer 16. a bulk storage device 17, and a ROM 18, 
FIG. 1 is a flow diagram showing the general data flow ma y aIso be connected to the bus 13. The memory U stores 
according to the invention. The flow diagram is divided into network and telecommunications programs 21 and an oper- 
a data object provider part 1 and a user part 2. 15 alin S system (OS) 23. All the above-mentioned elements are 
In the data object provider part 1, a data object 24 is well - know£1 10 'he skilled person and commercially avail- 
created by an author. The data object can consist of digital abIe ' F ° r lhe pUrp0Se of ^ P*^ 01 the memory 
data, analog data or a combination or hybrid of analog and 11 also slores a dala Paging program 19 and, preferably, 
digital data. The primary difference between analog data a dalabase 20 intended for control data. Depending upon the 
objects and digital data objects is the means for storage, 20 CUI T ent °P erall0n > one or ™re data objects 24 can be stored 
transfer and usage. in memor v U as shown or in the bulk storage 17. The 

Tne author also determines the conditions 42 for the usage ^ g 0 *!*'? data P n rocessor * considered secure, 

of the data object 24 by a user. The data object 24 and the ™.L Da ' a ftck *f* Program: 

usage conditions 42 are input to a data packaging program ^ ? ala P acka S in S P ro S ram 19 * ^ed for creating 

19, which creates a secure data package 40 of the data object 25 conu-ol data for controlling the usage of a data object and for 

and of control data which are based on the input usage V ^£ & * g ^ ™ ,hc C ° U *° l daU im ° a 8CCUI€ 

conditions 42. Once packaged in this way, the data object P * a/ S JL„™ * cir- * ■ 

can only be accessed by a user program 35. ^ sh ° W „ n m FIG " 3 ' 11 C0 ™P™<* a program control 

- ' , . . , , , , . , , module 301, a user interface module 302, a packaeine 

The data object may be packaged together with a general ,„ ana \ ™, i a . j i y ^ 

. f , ( • • • ■ . fe x „ I 30 module 303, a control data creation module 304, an encryp- 

set of control data which is the same for all users of the data ^ module 305 one or more forma( modu , es ^ ™ 

object. This may be the case when the data object is sent to or more ^ modu]es 307 

a retailer or a bulletin board, wherefrom a user may obtain tk 0 ' j,.-,. am . i .i_ 

% i-i. j < u- . i i- i I "e control module 301 controls the execution of the 

it. The data object may also be packaged as a consequence .u , , ^ ^ , ? 

f , f f p c 7 / ^yu^Hucucc otner moc j u ,; es -t^ ^ }SCT intcr face module 302 handles 

of a request from a user for usage of the data object. In that « ^.^^..v^ «,;»v, * . u- ♦ -j -m. "<" JU1 «> 

t ? , * . . , , J . , 35 interaction with the data object provider. The packaeine 

case, the package may include contro dala which is spe- ana u ,u . ' " 

■c it j * j* , v module 303 packages the control da ta and the data ob eel It 

cifically adapted to that user. This control dala is ca ed a , Ua A . . , , fl V T T 

, * * i j # i, r , . uses lDe control data creaUon module 304, the format 

user set of control data. It may for example comprise the _ . in< „ . . . " .7* lujm 

u r u j L iL . ~ UIV modules 306, the security modules 307 and the encryption 

number of usages purchased by the user. Tvpi call v, the user ^^ n i_ j . . , «iu wv vuujivuuu 

. r . i J i # -n u . j 7 L *f r * , module 305 as will be described more in detail below, 

set of control data will be created on the basis of the general , n tk. fw™,. in* « - ^ ' . L 

. r i j i j - i j , , . n 40 J ne tormat modules 306 comprise program code, which 

set of control data and inc ude at least a subset thereof A . u t . , . . . '/^ 

, r , ,,,, , , . _ is required to handle the data objects in their native format 

user set of control data need not always be adapted for a Th*« M « f»ifin u j . • 

specific user. All se te of control data which are cJ.edon the ^ '"^^v "X " dil '^ reSSi0D and dala 

basis of a general set of control data will be called a user set C Z"?Z^U?1 lmp,eraen,e< ! b y appropnate, 

( * i j « tu . r i ^ , , commercially available program, such as by means of a 

of control data. Thus, a se, of control data can be a general 45 rouline fron / lhe pKWA ^ E \^ ^ Compression TibrarJ 

set ,n one phase and a user se, ,n another phase. fof windows and , he , M J ^ ^ 

The above-mentioned data packaging can be earned out made Soflware incorporated, respectively. They can also be 

by the author himself by means of the dala packaging implemented by custom designed programs 

programs As an alternative, the author may send his data The secu rity modules 307 comprise program code 
object to a broker, who inputs the data object and the usage so required t0 implement security, such as more sophisticated 

conditions determined by the author to the data packaging encryption than what is provided by the encryption module 

program 19 in. order to create a secure package 3. The author 3 05, authorization algorithms, access control and usage 

may also sell h« data object to the broker. In that case, the conlrol> above and beyond tne basic securi fc ^ 

broker probably wants to apply his own usage conditions to data package 

the data packaging program. The author may also provide 5S ^ data packaging program 19 can contain many differ- 

the data object in a secure package to the broker, who e nt types of both format and security modules. The program 

repackages the data object and adds further control data control module 301. applies the format and security modules 

which is relevant to his business activities. Various combi- wnich ^ reqU ested by the data provider, 

nations of the above alternatives are also conceivable. ^ enC ry p tion module 305 may be any appropriate, 
In the user part 2 of the flow diagram, the secure package 6 o commercially available module, such as "FileCrypt" Visual 

40 is received by a user, who must use the user program 35 Basic subprogram found in Crescent Software's QuickPak 

in order to unpackage the secure package 40 and obtain the Professional for Windows— FILECRPT.BAS, or a custom 

daia object in a final form 80 for usage. After usage, the data designed encryption program. 

object is repackaged into the secure package 40. The control data creation module 304 creates the control 
The different parts of the system and the different steps of 65 data for controlling the usage of the data object. An example 

the method according to the invention will now be described of a control data structure will be described more in detail 

in more detail. below. 


5,845,281 

7 8 

The Control Data: entered in the form of predetermined codes, is then passed 

The control data can be stored in a header file and a usage to the control module 301 , which calls the packaging module 

data file. In a preferred embodiment, the header file com- 303 and passes the information to it. 

prises fields to store an object identifier, which uniquely The packaging module 303 calls the control data creation 

identifies the control data and/or its associated data object, 5 module 304, which first creates a header file, then creates 

a title, a format code, and a security code. The format code header data on the basis of the header information entered by 

may represent the format or position of fields in the usage the data object provider and finally stores the header data, 

data file. Alternatively, the format code may designate one or step 404-405. Then a usage data file is created, usage data 

more format modules to be used by the data packaging created on the basis of the usage information entered by the 

program or the user program. The security code may rep- 10 data provider, and finally the usage data is stored in the 

resent the encryption method used by the encryption module usage data file, step 406-407. 

305 or any security module to be used by the data packaging The packaging module 303 then applies any format and 

program and the user program. The header file fields will be security modules 306, 307 specified in the header file, steps 

referred to as header elements. 408-413, to the data object. 

The usage data file comprises at least one field for storing 15 Next, the packaging module 303 concatenates the usage 

data which controls usage of the data object. One or more data file and the data object and stores the result as a 

usage data fields which represent one condition for the usage temporary file, step 414. The packaging module 303 calls the 

of the data object will be referred to as a usage element. In encryption module 305, which encrypts the temporary file, 

a preferred embodiment, each usage element is defined by an step 415. The level of security will depend somewhat on the 

identifier field, e.g. a serial number, a size field, which 20 quality of the encryption and key methods used, 

specifies the size of the usage element in bytes or in any Finally, the packaging module 303 concatenates the 

other appropriate way, and a data field. header file and the encrypted temporary file and saves the 

The header elements and the usage elements are control result as a single file, step 416. This final file is the data 

elements which control all operations relating to the usage of package which may now be distributed by file transfer over 

the object. The number of control elements is unlimited. The 25 a network, or on storage media such as CDROM or diskette, 

data provider may define any number of control elements to or by some other means, 

represent his predetermined conditions of usage of the data FXAMPI F 
object. The only restriction is that the data packaging 

program 19 and the user program 35 must have compatible ^ exa mple of how the data packaging program 19 can be 

program code to handle all the control elements. This 30 used will now be described with reference to FIGS. 5 and 6. 

program code resides in the packaging module and the usage * n ^is example the data object provider is a computer 

manager module, to be described below. graphics artist, who wants to distribute an image that can be 

Control elements can contain data, script or program code used as cli P art > Dul onlv in a document or file which is 

which is executed by the user program 35 to control usage packaged according to the method of the invention and 

of the related data object. Script and program code can 35 wm fh has usage conditions which do not permit further 

contain conditional statements and the like which are pro- cutting or pasting. The artist wants to provide a free preview 

cessed with the relevant object and system parameters on the of tDe image, but also wants to be paid on a per use basis 

user's data processor. It would also be possible to use a unless the user is willing to pay a rather substantial fee for 

control element to specify a specific proprietary user pro- unlimited use. The artist will handle payment and usage 

gram which can only be obtained from a particular broker. 40 authorization on a dial-up line to his data processor. 

It is evident that the control data structure described above Th c artist uses some image creation application, such as 

is but one example. The control data structure may be Adobe '$ Photoshop to create his image. The artist then saves 

defined in many different ways with different control ele- mc image to file in an appropriate format for distribution, 

ments. For example, the partitioning of the control data in such as tnc Graphical Interchange Format (GIF). The artist 

header data and usage data is not mandatory. Furthermore, 45 then starts his data packaging program and enters an object 

the control elements mentioned above are but examples. The identifier, a title, a format code and a security code, which 

control daia format may be unique, e.g. different for different m this example are * ; 123456789", "image", "a", and "b", 

data providers, or defined according to a standard. respectively. In this example, the format code "a" indicates 

The Operation of the Data Packaging Program that no format code need be applied, and this code is selected 

The operation of a first embodiment of the data packaging 50 since the GIF format is appropriate and already compressed, 

program will now be described with reference to the block Furthermore, the security code "b" indicates that no security 

diagram of FIG. 3 and the flow diagram of FIG. 4. module need be applied and this code is selected since the 

First a data provider creates a data object and saves it to security achieved by the encryption performed by means of 

a file, step 401. When the data packaging program is started, the encryption module 305 is considered appropriate by the 

step 402, the user interface module 302 prompts the data 55 artist. 

object provider to input, step 403, the header information Then the artist enters his dial-up phone number, his price 

consisting of e.g. an object identifier, a title of the data for a single use of the image and for unlimited use of the data 

object, a format code specifying any format module to be object, a code for usage types approved, and for number of 

used for converting the format of the data object, and a usages approved. For this purpose, the user interface module 

security code specifying any security module to be used for 60 302 may display a data entry form, 

adding further security to the data object. Furthermore, the The data packaging program 19 creates control data on 

user interface module 302 prompts the data object provider the basis of the information entered by the artist and stores 

to input usage information, e.g. his conditions for the usage the data in the header file and in the usage data file as shown 

of the data object. The usage information may comprise the in FIGS. 5 and 6, respectively. This data constitutes a general 

kind of user who is authorized to use the data object, the 65 set of control data which is not specifically adapted to a 

price for different usages of the object etc. The header single user, but which indicates the conditions of usage 

information and the usage information, which may be determined by the artist for all future users. 


5,845,281 

9 10 

Then the package program 19 concatenates the data object cated therein. The comparison may include comparing the 

and the control data in accordance with steps 414-416 of user type, the usage type, the number of usages, the price etc. 

FIG. 4 to achieve the secure package. No format module or If the requested usage complies with the predetermined 

security module is applied to the data object, since they are conditions the authorization is granted, otherwise it is 

not needed according to the data in the header file. 5 rejected. 

When the secure package has been obtained, the artist F*G. 9 is a data flow diagram of the data packaging on the 

sends it to a bulletin board, from where it can be retrieved broker's data processor, which occurs in response to a 

by a user. granted request from a user for authorization for usage of the 

EXAMPLE 2 video, e.g. a granted request for the purchase of two view- 

io ings. 

Bc lT' m??*" cmbodimcnt of lfac dala Packaging pro- i n response to a granted request, the broker again applies 

gram 19 will be described with reference to FIGS. 7-12i>. In the data packaging program 19. The general set of control 

this example, the data object consists of a video film, which data 50 and the data object 24 are input to the program from 

is created by a film company and sent to a broker together the control database 20 and the bulk storage 17, respectively, 

with the predetermined conditions 42 for usage of the video. 15 The program creates a user set of control data 60 on the basis 

The broker loads the video 24 to the bulk storage 17 of his of the general set of control dala 50 and concatenates the 

data processor. Then, he uses his data packaging program 19 u Ser set 60 and the data object 24 to create a secure data 

to create a general set of control data 50 based on the package 40, which may then be transferred to the user by any 

predetermined conditions 42 for usage indicated by the film suitable means. A copy of the user set of control data is 

company. Furthermore, the address to the video in the bulk 20 preferably stored in the broker's control database This gives 

storage 17 is stored m an address table in the control the broker a record with which to compare subsequent use 

database 20 or somewhere else in the memory 11. It could e.g. when a dial-up is required for usage 
also be stored in the general set of control data 50. Finally, FIG. 10 is a flow diagram of an exemplary procedure used 

the general set of control data 50 is stored in the control for creating a user set of control data and for packaging the 

database 20. It could also be stored somewhere else in the 25 user set of control data and the video into a secure package 

memory 11. After these operations, which correspond to Here, the procedure will be described with reference to the 

steps 401-407 of FIG. 4, the data packaging program is general set of control data shown in FIG. $a. 
exitcd The user set of control data 60, i.e. a set of control data 

FIG. Sa shows the general set of control data for the video which is adapted to the specific user of this example, is 

according to this example. Here the control data includes an 30 created in steps 1001-1003 of FIG. 11. First, the general set 

identifier, a format code, a security code, the number of of control data 50 stored in the control database is copied to 

usage elements, the size of the data object, the size of the create new control data, step 1001. Second, a new identifier, 

usage elements and two usage elements, each comprising an here "123456790", which uniquely identifies the user set of 

identifier field, a size field and a data field. The identifier control data, is stored in the identifier field of the new control 

may be a unique number in a series registered for the 35 dala 60, step 1002. Third, the dala field of the second usage 

particular broker. In this example, the identifier is element is updated with the usage purchased, i.e. in this 

"123456789", the format code "0010", which, in this example with two ; since two viewings of the' video were 

example, indicates the format of a AVI video and the security purchased, step 1003. 

code is "0010". Furthermore, the first usage element defines The thus-created user set of control data, which corre- 

the acceptable users for the video and the second usage 40 sponds to the general set of control data of FIG. 8a is shown 

element data defines the number of viewings of the video in FIG. &b. 

purchased by a user. The first usage element data is 1 which, The user set of control data is stored in the control 

for the purposes of this example will signify that only database 20, step 1004. Then, the video, which is stored in 

education oriented users are acceptable to the film company. the bulk storage 17, is copied, step 1005. The copy of the 

The data field of the second usage element data is empty, 45 video is concatenated with the user set of control data, step 

since at this stage no viewings of the video has been 1006. The security code 0010 specifies that the entire data 

purchased. package 40 is to be encrypted and that the user program 35 

Managing Object Transfer: must contain a key which can be applied. Accordingly, the 

The broker wants to transfer data objects to users and whole data package is encrypted, step 1007. Finally,' the 

enable controlled usage in return for payment of usage fees 50 encrypted data package is stored on a storage media or 

or royalties. Managing the broker-user business relationship passed to a network program, step 1008, for further transfer 

and negotiating the transaction between the broker and the to the user. 

user can both be automated, and the control dala structure FIG. 11 is a memory image of the video 24 and the user 

can provide unlimited support to these operations. The control data 60. The user control data and a copy of the video 

payment can be handled by transmitting credit card 55 24 are concatenated as shown in FIG. 12a. The encrypted 

information, or the user can have a debit or credit account data package 40 is shown in FIG. 12fc. 
with the broker which is password activated. Preferably, The procedure of FIG. 10 can be implemented by the data 

payment should be confirmed before the data object is packaging program of FIG. 3. As an alternative to the 

transferred to the user. procedure of FIG. 10, the user set of control data can be 

Data packaging: 60 created as in steps 1001-1003 and saved in a header file and 

When a user wants to use a data object, he contacts the in a usage dala file, whereafter steps 408-416 of the data 

broker and requests authorization for usage of the data packaging program of FIG. 4 can be performed to create the 

object. When the request for authorization is received in the secure package. 

broker's data processor, a data program compares the usage The above -described process for creating a user-adapted 

for which authorization is requested with the usage control 65 sei of control data may also be used by a user who wants to 

elements of the control dala of the dala object to see if it redistribute a dala object or by a broker who wants to 

complies with the predetermined conditions for usage indi- distribute the data object to other brokers. Obviously, redis- 


a 


5,845,281 

11 12 

tribution of the data object requires that redistribution is a A password may be added in a password control element 

usage approved of in the control data of the data object. If during packaging of the data object. The password is trans - 

so, the user or the broker creates a user set of control data ferred to the user by registered mail or in any other appro- 

by adding new control elements and possibly changing the pr iate way. In response to the presence of the password 

data fields of old control element to reflect the relation 5 control element in the control data structure, the user pro- 

between the author and the current user/broker and between gram prompts & t ^ Xo m me passwonl ^ ^ t 

the current user/broker and the future user/broker. In this passW0 rd is compared with the password in the control data 

^ZZ^Z^S?' f-jf K match ' lbe ^ program conlinues ' otherwise il 

network capabilities. It comprises a CPU 25, a memory 26, me be J havl0r of ** V T0 &* m < c * f 0Vlde ^Hers for children) 

and a network adapter 27, which are interconnected by a bus according to the control data of the user object 41. It is 

28. As shown in FIG. 13, other conventional means, such as important to mention that the user program 35 never stores 

a display 29, a keyboard 30, a printer 31, a sound system 32, ^ ob i ccl ™ nalive formal in ^ accessible storage and that 

a ROM 33, and a bulk storage device 34, may also be * 5 display of the data object the print screen key is 

connected to the bus 28. The memory 26 stores network and trapped. 

telecommunications programs 37 and an operating system The file transfer program 1409 can transfer and receive 
(OS) 39. All the above-mentioned elements are well-known files via network to and from other data processor, 
to the skilled person and commercially available. For the Since the data object is repackaged into the secure pack- 
purpose of the present invention, the memory 26 also stores 20 age after the usage, the user program should also include 
a user program 35 and, preferably, a database 36 intended for program code for repackaging the data object. The program 
the control data. Depending upon the current operation, a code could be the same as that used in the corresponding 
data package 40 can be stored in the memory 26, as shown, data packaging program 19. It could also be a separate 
or in the bulk storage 34. program which is called from the user program. 
The User Program: 25 Operation of the User Program: 

The user program 35 controls the usage of a data object The operation of an embodiment of the user program 35 

in accordance with the control data, which is included in the will now be described with reference to the block diagram 

data package together with the data object. of FIG. 14 and the flow diagram of FIG. 15. 

As shown in FIG. 14, the user program 35 comprises a First the user receives a data package 40 via file transfer 

program control module 1401 a user interface module 1402, 30 over a network, or on a storage media such as CD-ROM or 

a usage manager module 1403, a control data parser module diskette, or by any other appropriate means, step 1501. He 

1404, a decryption module 1405, one or more format then stores the data package as a file on his data processor, 

modules 1406, one or more security modules 1407, and a file step 1502. 

transfer program 1409. When the user wants to use the data object, he starts the 

The control module 1401 controls the execution of the 35 user program 35, step 1503. Then he requests usage of the 

other modules. The user interface module 1402 handles data object, step 1504. The request is received by the user 

interactions with the user. The usage manager module 1403 interface module 1402, which notifies the control module 

unpackages the secure package 40. It uses the control data 1401 of the usage request. The control module 1401 calls the 

parser module 1404, the decryption module 1405, the formal usage manager module 1403 and passes the usage request, 

modules 1406, and the security modules 1407. 40 The usage manager module 1403 reads the formal code 

The format modules 1406 comprise program code, which from the data package to determine the control data format, 

is necessary to handle the data objects in their native format, Then it calls the decryption module 1405 to decrypt and 

such as decompression and data format procedures. The extract the control data from the data package. The usage 

security modules 1407 comprises program code required to manager module 1403 applies the decryption module 1405 

implement security above the lowest level, such as access 45 incrementally to decrypt only the control data. Finally, it 

control, usage control and more sophisticated decryption stores the control data in memory, step 1505. 

than what is provided by the basic decryption module 1405. The usage manager module 1403 then calls the control 

The user program 35 can contain many different types of data parser module 1404 to extract the data fields from the 

both format and security modules. However, they should be usage elements. 

complementary with the format and security modules used 50 The usage manager module 1403 then compares the user 

in the corresponding data packaging program. The usage request for usage with the corresponding control data, steps 

manager module 1401 applies the format and security mod- 1506-1507. If the requested usage is not permitted in the 

ules which are necessary to use a data object and which are control data, the requested usage is disabled, step 1508. 

specified in its control data. If the proper format and security However, if the requested usage is approved of in the control 

modules are not available for a particular data object, the 55 data, the usage manager module 1403 applies any format 

usage manager module 1401 will not permit any usage. and security modules 1406, 1407 specified in the header data 

The decryption module 1405 can be the above-mentioned or usage data, steps 1509-1514, to the data package. 

FileCrypt Visual Basic subprogram or some other commer- Then the usage manager module 1403 calls the decryption 

cially available decryption program. It can also be a custom module 1405, which decrypts the object data, step 1515, 

designed decryption module. The only restriction is that the 60 whereafter the requested usage is enabled, step 1516. In 

decryption module used in the user program is complemen- connection with the enabling of the usage, the control data 

tary with the encryption module of the data packaging may need to be updated, step 1517. The control data may for 

program. instance comprise a data field indicating a limited number of 

The control data parser module 1403 performs the reverse usages. If so, this data field is decremented by one in 

process of the control data creation module 304 in FIG. 3. 65 response to the enabling of the usage. When the user has 

The user program 35 can have code which controls use of finished usage of the data object, the user program 35 

the program by password or by any other suitable method. restores the data package in the secure form by repackaging 


5,8' 

13 

it. step 1518. More particularly, ihe data object and the usage 
elements are recoocatenated and reencrypted. Then the 
header elements are added and the thus -created package is 
stored in the user's data processor. 

Example 1 contd. 

A specific example of how the user program operates wiU 
now be described with reference to FIGS. 6 and 15. The 
example is a continuation of Example 1 above, where an 
artist created an image and sent it to a bulletin board. 

Assume that a user has found the image at an electronic 
bulletin board (BBS) and is interested in using it. He then 
loads the data package 40 containing the image to his data 
processor and stores it as a file in the bulk storage. The user 
then executes the user program 35 and requests to preview 
the image. The user program then performs steps 1505-1507 
of the flow diagram in FIG. 15. The request for a preview of 
the image is compared with the data field of the usage 
element "code for usage type approved". In this example, 
the code "9" designates that previews are permitted. Thus, 
the requested preview is OK. Then, the user program 35 
performs step 1509-1515 of FIG. 15. Since the format code 
"a" and the security code "b" of the header data indicate that 
neither conversion, nor decompression, nor security treat- 
ment is required, the user program only decrypts the object 
data. The usage manager module 1403 then displays the 
preview on the user's data processor and passes control back 
to the user interface 1402. 

When the user is finished previewing the image, the user 
interface module 1402 displays the costs for usage of the 
image in accordance with the price usage data of the control 
data ("price for single use" and "price for unlimited use" in 
FIG. 6) and prompts the user to enter a purchase request. The 
user decides to buy unlimited use of the image, and the user 
interface module 1402 inputs purchase information, such as 
an identification, billing, and address for that request and 
passes the request to the control module 1401. The control 
module calls the file transfer program 1409, which dials the 
artist's dial-up number as indicated in the usage data 
("control element for artist's phone number" in FIG. 6) and 
transfers the request and purchase information to a broker 
program on the artist's data processor. Upon approval of the 
purchase, the broker program returns a file containing an 
update for "usage type approved" control elements. The 
update is "10" for the usage type approved, which in this 
example indicates that unlimited use by that user is permit- 
ted. The file transfer program 1409 passes this update to the 
usage manager module 1403 which updates the control data 
with the "usage type approved" code. The user interface 
module 1402 then displays a confirmation message to the 
user. 

Subsequently, the user interlace module inputs a request 
to copy the image to a file packaged according to this 
invention, on the user's machine. The usage manager mod- 
ule then compares the user request control data. The usage 
manager module examines the data filed for "Usage type 
approved", which now is "00". The usage manager module 
copies the image to the file. 

When the user is finished with the image, the usage 
manager module 1403 repackages the image as before 
except with updated control data. This repackaging process 
is exactly like that shown in FIG. 4, except that the header 
and usage data already exist, so the process starts after step 
406 where control data is created. 
Improved Security 

If the data object provider wants to improve the security 
of a data package containing a data object, a security module 


45,281 

14 

307 containing a sophisticated encryption algorithm, such as 
RSA, could be used. In that case the packaging module 303 
calls the security module 307 in step 412 of the flow diagram 
of FIG. 4. The security module encrypts the image and 

5 passes a security algorithm code to the control data creation 
module 302, which adds a control element for the security 
module code, which will be detected by the user program 35. 
Then the data packaging continues with step 414. When the 
data package is sent to the user, the public key is mailed to 
the user by registered mail. When the user program is 
executed in response to a request for usage of this data 
object, the usage manager module will detect the security 
module code in the control data and call the security module. 
This module passes control to the user interface module 
1402, which requests the user to input the public key. If the 

15 key is correct, the user security module applies complemen- 
tary decryption using that key and passes a usage approved 
message to the usage manager module, which enables the 
usage. 

As another example of improved security, a security 

20 module may implement an authorization process, according 
to which each usage of the data object requires a dialup to 
the data processor of the data object provider. When the 
corresponding security module code is detected by the user 
program 35, the relevant security module is called. This 

25 module passes a request for authorization to the control 
module 1401, which calls the file transfer program 1409. 
which dial the data object provider's dial-up number, which 
is indicated in a usage element and transfers the request for 
authorization of usage. Upon a granted authorization, the 

30 data provider's data processor returns a usage approved 
message to the user security module, which forwards the 
approval to the usage control module, which enables one 
usage. If the user requests further usages of the data object, 
the authorization process is repeated. This procedures results 

35 in a permanent data object security. 

Example 2 contd. 

A further specific example of how the user program 35 
operates will now be described with reference to FIG. 16. 

40 The example is a continuation of Example 2 above, where 
a user purchased two viewings of a video film from a broker. 

The user wants to play the video which was purchased and 
transferred from the broker. The user applies the user 
program 35, step 1601, and requests to play the video, step 

45 1602. The user program 35 first examines the user set of 
control data 60, step 1 603. In this example, the user program 
35 contains only those format and security modules for 
objects with format code of 0010 and with a security code 
of 0010. Consequently, only those types of data objects may 

50 be used. If the program encounters other codes it will not 
enable the usage action, step 1604—1605. 

Next, the user program 35 compares the first control 
element data which is 1. for educational users only, to user 
information entered by the user on request of the user 

55 program. Since the user type entered by the user is the same 
as that indicated in the first usage element the process 
continues, steps 1606-1607. Then the user program checks 
the second control element data which specifies that the 
number of plays purchased is 2. Consequently, the usage is 

60 enabled, step 1609. The user program applies the decryption 
module with the universal key and the AVI format video is 
displayed on the display unit 29. Then, the second control 
element data is decremented by one, step 1610. Finally, the 
video is repackaged, step 1611. 

65 Implementation of Variable and Extensible Object Control: 
Object control is achieved through the interaction of the 
data packaging program 19 and the usage program 35 with 


5,8< 

15 

the control data. Variation of object control can be applied to 
a particular object by creating a control data format with 
control elements defining the control variation and the 
circumstances in which the variation is applied. Program 
procedures should then be added to program modules to 
process the control elements. For example, suppose a broker 
wants to allow students to prim a particular article for free 
but require business users to pay for it. He defines control 
elements to represent the user types student and business and 
the associated costs for each. He then adds program logic to 
examine the user type and calculate costs accordingly. 
Object control is extensible in the sense that the control data 
format can have as many elements as there are parameters 
defining the rules for object control. 
Implementation of Variable and Extensible Object Security: 

Object security is also achieved through the interaction of 
the data packaging program 19 and the user program 35 with 
the control data. Security process and encryption/decryption 
algorithms can be added as program modules. Variation of 
object security can be applied to a particular object by 
creating a control data format with control elements defining 
the security variation and the circumstances in which the 
variation is applied. Program procedures should be added to 
program modules to process the control elements. For 
example, suppose a broker wants to apply minimal security 
to his collection of current news articles but to apply tight 
security to his encyclopedia and text books. He defines a 
control element for security type. He then adds program 
logic to apply the security algorithms accordingly. Object 
security is extensible in the sense that multiple levels of 
security can be applied. The level of security will of course 
be dependent on the encryption/key method which is imple- 
mented in the security modules. One level of security may 
be to require on-line confirmation when loading a data 
object to the user's data processor. This can be implemented 
in program code in a security module. This permits the 
broker to check that the object has not already been loaded 
as well as double check all other parameters. 

It is also important to have version control with time 
stamping between the usage program and the user s control 
database. Otherwise the database can be duplicated and 
reapplied to the user program. The user program can place 
a time stamp in the control database and in a hidden system 
file each time the control database is accessed. If the time 
stamps are not identical, the control database has been 
tampered with and all usage is disabled. Program code for 
handling time stamps can reside in a security module. 
Handling Composite Objects: 

A composite object can be handled by defining a control 
data format with control elements defining relationships 
between constituent objects and by defining a parent/child 
element and a related object id element. For example, 
suppose a broker wants to include a video and a text book 
in an educational package. He creates a parent object with 
control elements referring to the video and textbook objects. 
He also includes control elements in the control data for the 
video object and the textbook object referring to the parent 
object. Finally, he adds program procedures to program 
modules to process the control elements. 

In other words, when the data object is a composite data 
object including at least two constituent data objects, a 
respective general set of control data is created for each of 
the constituent data object and the composite data object. In 
response to a request from a user, a respective user set of 
control data is created for each of the constituent data objects 
as well as for the composite data object. 

Examples of various data package structures for compos- 
ite objects are given in FIG. 17. 


15,281 

16 

Another side of composite objects is when the user wants 
to combine data objects for some particular use. Combina- 
tion is a usage action that must be permitted in each 
constituent data object. A new data object is created with 
5 control data linking the constituent data objects. Each con- 
stituent data object retains its original control data which 
continues to control its subsequent usage. 

When a user requests authorization for usage of one 
constituent data object in a composite data object, a user set 
J0 of control data is created only for that constituent data object 
and concatenated only with a copy of that constituent data 
object. 

Scaleable Implementation: 

The flexible control data structure and modular program 
structure permit almost boundless extensibility with regard 

15 to implementation of the owner's requirements for usage 
control and royalty payment. The control data structure can 
include control elements for complex user types, usage 
types, multiple billing schemes, artistic or ownership credit 
requirements and others. Security modules can be included 

20 which interact with any variation of the control data struc- 
ture and the control data. Security modules could require a 
dial up to the brokers data processor to approve loading or 
usage actions and to implement approval authentication 
mechanisms. 

25 User Acting as a Broker: 

A limited or full implementation of the broker's data 
packaging program can be implemented on the user's 
machine to permit further distribution or reselling. However, 
only those data objects with control data permitting further 
distribution or reselling are enabled in that way. 
Rebrokering 

An author of a data object may want to allow his original 
broker to distribute his data object to other brokers whom 
will also distribute his image. He then includes a control 
element which enables rebrokering in the control data before 

35 distributing the data object with its associated control data to 
the original broker. Upon request for rebrokering, the origi- 
nal broker copies the general set of control data and updates 
the copy to create a user set of control data which will 
function as the general set of control data on the subsequent 

40 brokers data processor. The original broker packages the 
data object with the user set of control data and transfers the 
package to the subsequent broker. The subsequent broker 
then proceeds as if he were an original broker. 
Automated Transaction Negotiation 

45 This is an example of how the predetermined conditions 
for usage included in the control data can be used for 
achieving automated transaction negotiation. 

Suppose some company wants to provide a computer 
automated stock trading. Buy and sell orders could be 

50 implemented in the form of data packages and a user 
program could process the data packages and execute trans- 
actions. Data packages could carry digital cash and manage 
payment based on conditions defined in the control data. 
In this example, the buy order is created using a data 

55 packaging program according to tbe invention on the buy- 
er's data processor. The sell order is created using the data 
packaging program on the seller's data processor. Both 
orders are used by the user program on the stock trader's 
data processor. The usages would take the form of using a 

60 sell order data package to sell stock and a buy order data 
package to buy stock. The rules or conditions for buying and 
selling stocks could be indicated in the control data of the 
packages. The data object consists of digital money. In this 
context it is important to remember that digital money is 

65 merely data which references real money or virtual money 
that is issued and maintained for the purpose of digital 
transactions. 


5,845,281 


17 


In this example the buyer starts with a digital money data 
file. He uses the data packaging program to create control 
data, e.g. kind of stock, price, quantity, for the purchase, and 
he then packages the digital money data file and the control 
data into a secure package as described above. 

The seller starts with an empty data file. This empty file 
is analogous to the digital money data file except it is empty. 
The seller creates control data, e.g. kind of stock, price, 
quantity, and packages the empty file and the control data 
into a secure package. 

Both the sell order package and the buy order package are 
transferred to the data processor of the stock trading 
company, where they are received and stored in the memory. 
The user program of the slock trading company examines 
the control data of the buy and sell order packages in the 
same way as has been described above and looks for a 
match. Upon identifying matched buy and sell orders the 
user program executes a transaction, whereby the digital 
money is extracted from the buy order data package and 
transferred to the sell order package. Then the control data 
of the data packages is updated to provide an audit trail. Both 
packages are repackaged in the same manner as they were 
previously packaged and then transferred back to their 
authors. 

The above described technique could be used for selling 
and buying any object as well as for automated negotiations. 
Payment may be carried out in other ways than by digital 
money. 

In the general case, the data processor of the user decrypts 
the usage control elements of the user sets of control data 
and examines the usage control elements to find a match. In 
response to the finding of a match, the user's data processor 
carries out an action which is specified in the user set of 
control data. 

We claim: 

1. A method for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing a variable number of control conditions for 
usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said variable number 
of control conditions for usage, said general set of 
control data comprising at least one or more usage 
control elements defining usages of the data object 
which comply with said variable number of control 
conditions, 

storing said genera] set of control data in a memory 
device, where it is accessible by said data processor; 

concatenating the general set of control data with a copy 
of the data object; and 

encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer to a user. 

2. A method as set forth in claim 1, wherein the step of 
encrypting comprises encrypting the data object and the 
general set of control data. 

3. A method as set forth in claim 1, wherein the step of 
creating control data comprises creating an identifier which 
uniquely identifies the general set of control data. 

4. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 65 
security control element which identifies a security process 
to be applied before usage of the data object is allowed. 


18 


5. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 
format control element which identifies the formal of the 
control data. 

5 6- A method as set forth in claim 1 , further comprising the 
steps of receiving in said data processor a request for 
authorization for usage by a user; comparing the usage for 
which authorization is requested with said one or more 
usage control elements of the general set of control data and 
to granting the authorization if the usage for which authoriza- 
tion is requested complies with the usages defined by said 
one or more usage control elements. 

7. A method as set forth in claim 6, further comprising the 
step of securing payment for the requested authorization for 

15 usage before granting the authorization. 

8. A method as set forth in claim 1, comprising the further 
steps of: 

receiving the data package in a user's data processor; 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting said one or more usage control elements; 
checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
clement of the genera! set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the general set of control data, the data 
object and enabling the requested usage, otherwise 
disabling it. 

9. A method as set forth in claim 8, comprising the further 
steps of reconcatenating, after the usage of the data object, 
the data object and the one or more usage control elements, 
reencrypting at least the data object and the one or more 
usage control elements, and storing the thus-repackaged data 
package in the memory of the user's data processor. 

10. A method for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 

40 the data object, comprising the steps of: 

providing a varible number of control conditions for 

usage of the data object; 
storing a data package in a memory device, where it is 
accessible by means of a data processor of the user, said 
data package comprising the data object and control 
data, which comprises at least one usage control ele- 
ment defining a usage of the data object which com- 
plies with the variable number of control conditions, 
the data object and said at least one usage control 
50 element being encrypted; 

receiving a request by the user for usage of the data 
object; 

decrypting the control data; 

checking, in response to the request by the user for usage 
of the data object, whether the requested usage com- 
plies with the usage defined by the at least one usage 
control element of the control data; and 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the control data, the data object and enabling 
the requested usage, otherwise disabling it. 

11. A method as set forth in claim 10, wherein the usage 
control element is updated after the at least one usage of the 
data object. 

12. A method as set forth in claim 10, wherein said control 
data comprises an indication of the number of times the user 


20 


25 


30 


35 


55 


60 


19 


5,845,281 


30 


is authorized to use the data object in accordance with said 
at least one usage control element; 

wherein the requested usage of the data object is only 
enabled when said number of times is one or more; and 
wherein said number of times is decremented by one 5 
when the requested usage is enabled. 

13. A method as set forth in claim 10. wherein the control 
data comprise a security control element, and further com- 
prising the step of carrying out, before each usage of the data 
object, a security procedure defined in the security control 10 
element. 

14. A method as set forth in claim 10, wherein the step of 
checking whether the requested usage complies with the 
usage defined by the at least one usage control element 
comprises the step of checking that the user's data processor 15 
is capable of carrying out a security procedure specified in 

a security control element of the at least one usage control 
element, and if not, disabling the usage. 

15. A method as set forth in claim 10, comprising the 
further steps of reconcatenating, after the usage of the data 20 
object, the data object and the one or more usage control 
elements, reencrypting al least the data object and the one or 
more usage control elements, and storing the thus- 
repackaged data package in the memory of the user's data 
processor. 25 

16. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising 

means for providing a vanable number of control condi- 
tions; 

first means in the data object provider's data processor for 
creating a general set of control data for the data object 
based on the variable number of control conditions for 
usage, said general set of control data comprising at 35 
least one or more usage control elements defining 
usages of the data object which comply with the 
variable number of control conditions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 40 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; and 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 45 
elements to create a secure data package, which is 
ready for transfer to a user. 

17. A system as set forth in claim 16, wherein the general 
set of control data comprises a control data element which 
defines the right to further distribution of the data object by 50 
the user. 

18. A system for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 
the data object, comprising: 

means for providing variable number of control condi- 55 
tions; 

storing means for storing a data package which comprises 
a data object and a control data comprising at least one 
usage control element defying a usage of the data 60 
object which complies with the variable number of 
control conditions; 

means for decrypting the at least one usage control 
element and the data object; 

checking means for checking whether a usage requested 65 
by the user complies with the usage defined by said al 
least one usage control element; 


20 


enabling means for enabling the usage requested by the 
user when the usage complies with the usage defined by 
said at least one usage control element; and 

disabling means for disabling the usage requested by the 
user when the usage does not comply with the usage 
defined by said at least one usage control clement. 

19. A system as set forth in claim 18, further comprising 
means for repackaging the data object after usage thereof. 

20. A method for controlling the usage by a user of data 
objects so as to comply with predetermined conditions for 
usage of the data objects, comprising the steps of: 

storing at least two data packages in a memory device, 
where they are accessible by a data processor of the 
user, each said data package comprising a data object 
and a user set of control data, which comprises at least 
one usage control element defining a usage of the data 
object which complies with the predetermined 
conditions, the data object and said at least one usage 
control elements being encrypted; 

decrypting the usage control elements of the user sets of 
control data; 

examining the usage control elements of said at least two 

data packages to find a match; 
using, in response to the finding of a match, the data 

processor to carry out an action, which is specified in 

the user sets of control data. 

21. A method as set forth in claim 20, comprising the 
further steps of updating the at least one usage control 
element of each data package, concatenating after the usage 
of the data objects, each of the data objects and its at least 
one usage control element, reencrypting each of the concat- 
enated data objects and its at least one usage control element 
and transferring the repackaged data objects to their creators. 

22. A method for managing a data object so as to comply 
with predetermined conditions for usage of the data object- 
comprising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing control conditions for usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said control conditions 
for usage, said general set of control data comprising at 
least one or more usage control elements defining 
usages of the data object which comply with said 
control conditions: 

storing said general set of control data in a memory 
device, where it is accessible by said data processor; 

concatenating the general set of control data with a copy 
of the data object; 

encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer to a user; 

creating, in response to a request for authorization for 
usage of the data object by a user, a user set of control 
data, which comprises al least a subset of the general 
set of control data, including at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in said concatenating step; 

using the at least one or usage control element of the user 
set of control data instead of the one or more usage 
control elements of the general set of control data in the 
encrypting step; and 

checking, before allowing transfer of the data package to 
the user, that said request for authorization for usage of 
the data object has been granted. 


5,845 

21 

23. A method as set forth in claim 22, wherein the data 
object is composed of at least two constituent data objects 
and wherein the user set of control data, in response to a 
request for authorization for usage of one of said constituent 
data objects by a user, is created only for that constituent s 
data object and concatenated only with a copy of that 
constituent data object. 

24. A method as set forth in claim 22, wherein the data 
providers data processor is connected to a data network and 
the request for authorization is received from a data proces- 10 
sor of the user, which is also connected to the data network, 
further comprising the step of transferring the data package 
through the data network to the user's data processor. 

25. A method as set forth in claim 22, wherein the data 
object is a composite data object including at least two is 
constituent data objects and wherein the step of creating a 
general set of control data comprises the step of creating a 
respective general set of control data for each of the con- 
stituent data objects and the composite data object and 
wherein the step of creating a user set of control data 20 
comprises the step of creating a respective user set of control 
data for each of the constituent data objects and the com- 
posite data object. 

26. A method as defined in claim 22, comprising the 
further step of storing a copy of the user set of control data 25 
in the data object provider's processor. 

27. A method as defined in claim 22, comprising the 
further steps of: 

receiving the data package in a user's data processor; 

storing the data package in a memory device where it is 30 
accessible by means of the user's data processor; 

decrypting the at least one usage control element of the 
user set of control data; 

checking, in response to a request by the user for usage of 35 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the user set of control data; and 

decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 40 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it. 

28. A method as set forth in claim 22, further comprising: 
receiving the data package in a user's data processor; 45 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting the at least one usage control element of the 
user set of control data; 

50 

checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 


,281 

22 

with the usage defined by the at least one usage control 
element of the user set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it; and 

reconcatenating, after the usage of the data object, the 
data object and the one or more usage control elements 
of the user set of control data, and reencrypting at least 
the data object and the one or more usage of the user set 
of control data. 
29. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising: 

first means in the data object provider's data processor for 
creating a general set of control data for the data object 
based on the predetermined conditions for usage, said 
general set of control data comprising at least one or 
more usage control elements defining usages of the data 
object which comply with the predetermined condi- 
tions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 
elements to create a secure data package, which is 
ready for transfer to a user; 

second means in said data processor for creating, in 
response to a request for authorization for usage of the 
data object by a user, a user set of control data, which 
comprises at least a subset of the general set of control 
data, which subset comprises at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in the storing means; 

using the user set of control data instead of the general set 
of control data in the concatenating means; 

using the user set of control data instead of the general set 
of control data in the encrypting means; and 

checking means in said data processor for checking that 
said request for authorization for usage of the data 
object has been granted before allowing transfer of the 
data package to the user. 

*****