Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


United States Patent lis) 

Benson el al. 


ft 


II 

US005845281A 
(li] Patent Number: 
[45] Date of Patent: 


5,845,281 
Dec 1, 1998 


[54) METHOD AND SYSTEM FOR MANAGING A 
DATA OBJECT SO AS TO COMPLY WITH 
PREDETERMINED CONDITIONS FOR 
USAGE 

(75] Inventors: Greg Benson, Dalby; Gregory H. 

Urich, Lund, both of Sweden 

[73] Assignee: MedfoDNA, Inc., La JoUa, Calif. 

[21] Appl. No.: 594,811 

[22] Filed: Jan. 31, 1996 

[30] Foreign Application Priority Data 


Feb. 1, 1995 1SE] Sweden 


. 9500355-4 


[51] Int. CI. 6 G06F 17/30 

[52] US. CI 707/9; 707/10; 707/103 

[58] Field of Search 395/609, 610, 

395/614; 707/9, 10, 103 

[56] References Cited 

U.S. PATENT DOCUMENTS 

4,919,545 4 A 990 Yu . 380/25 

5,023,907 6/1991 Johnson el a). . 38CV4 

5,103,476 4/1992 Waite el al. 380/4 

5,222,134 6/1993 Wait* el al. 380/4 


5,235,642 8/1993 Wobber el al. 

5,319,705 6/1994 Halter et at 

5,321,841 6/1994 East el al. 

5,375,240 12/1994 Grundy 

5,400,403 3/1995 Fahn et a) 


38CV25 

380/4 

... 395/725 
„. 395/700 
„_. 38CV21 


FOREIGN PATENT DOCUMENTS 


0367700 5/1990 

0567800 4/1993 

0653695 11/1994 

WQ96/27155 9A996 


European PaL Off. . 
European Pat Off. . 
European Pat Off. . 
WIPO 


. G06F 17/30 


Primary Examiner— Maria N. Von Buhr 

Attorney, Agem, or Firm — Knobbe, Martens, Olson & Bear, 

LLP 


[57] 


ABSTRACT 


A method and a system for managing a data object so as to 
comply with predetermined conditions for usage of the data 
object. To control the usage of the data object, a set of 
control data, defining uses of the data object, which comply 
with the predetermined conditions, is created for the data 
object The data object is concatenated with the user se! of 
control data, encrypted and transferred to the user When the 
user wants to use the data object, a special user program 
checks whether the usage complies with toe control data. If 
so, the usage is enabled. Otherwise it is disabled. 

29 Claims, 15 Drawing Sheets 


-301 


control 
module 


— •> 

302- 


303- 


packaging 
module 


user interface module 


control data 
creation module 


-304 


format modules 


-306 


security modules 


-307 


encryption module 


-305 


data packaging program 


19- 


U.S. Patent 


Dec 1, 1998 


Sheet 1 of 15 


5,845,281 


Fig 1 


data object 
provider 1 — 


data object 

-24 

predetermined conditions 







user 2 


♦ 


packaging program 


- 19 


secure package 

data object 

control data 


-40 


1 



secure package 



data object j control data 


♦ 



user program 





data object in usage form 

-80 




U.S. Patent 


Dec 1, 1998 Sheet 2 of 15 


5,845,281 


Fig 2 


24- 


19- 


20- 


21- 


23- 


10- 


data object(s) 


data packaging 
program 


control database 


15- 


16- 


network and 
telecommunications 


OS 


-13 


cpu 


14- display 


keyboard 


printer 


network 
adapter 


-12 


bulk storage - 1 7 


ROM ~18 


memory — 1 1 


U.S. Patent Dec. l, 1998 Sheet 3 of 15 5,845,281 


Fig 3 


control 
module 


-301 





user interface module 

* 

► 

302- 


303- 


packaging 
module 


control data 
creation module 


-304 


format modules 


-306 


security modules 


-307 


encryption module 


-305 


data packaging program 


19 


• 


U.S. Patent Dec 1, 1998 Sheet 4 of 15 


5,845,281 


Fig 4 


401- 


create data object and 
save data object to file 


^Q2~ start packaging program 


T 


403 ~ 


input header information and 
usage information 


404- 


405- 


create header data 


save header data to header file 

i 


406- 


407- 


^ create usage data 


T 


408- 


save usage data to usage file 
need data conversion? 


410- 


3 


yes 


convert data object file format 


no 


need compression? 


yes 


compress data object file 


-411 


no 


4 ] 2 - nee( * ^""ty treatment? 


yes 


perform security treatment ^ j ^ 


no 


414- 


concatenate usage data file and data object file and save as a temporary file 


4 j ^ ^ encrypt temporary file 


416- 


concatenate temporary file from previous step and header file and 
save as a single file 


U.S. Patent Decl, 1998 Sheet 5 of 15 


5,845,281 


Fig 5 


file identifier 
title 

format code 
securitycode 


123456789 

image 

a 

b 


Fig 6 


usage element for author's phone number 


.price for single use 


...price for unlimited use 


...code for usage type approved 


...code for number of usages approved 


r identifer 
size 
data 
r identifer 
size 

- data 

- identifer 
size 

L data 
r identifer 
size 

- data 
r identifer 

size 
_ data 


1 

13 

716 381 5356 

2 

4 

.50 

3 

4 

50.00 

4 

2 

9 

5 

2 

1 


U.S. Patent 


Dec. 1, 1998 


Sheet 6 of 15 


5,845,281 


Fig 7 


42- 


predetermined 
conditions 


■1 f 


video 


-24 


19- 


data packaging 
program 


i r 


50- 


general 
control data 


20- 


control 
database 


video 


storage 


-24 


-17 


U.S. Patent 


Dec 1, 1998 


Sheet 7 of 15 


5,845,281 


Fig 8a 


|- object identifier 123456789 

format code 0010 

header security code 0010 

number of usage elements 2 

size of usage data 17 

- size of data object 273 

1 st usage element id 00 1 

1 st usage element size 6 

1 st usage element data I 

2nd usage element id 002 

2nd usage element size 3 
2nd usage element data 


Fig 8b 


header 


object identifier 123456790 

format code 0010 

security code 0010 

number of usage elements 2 

size of usage data ^ 

size of data object 273 

1st usage element id 001 

1st usage element size 6 

1 st usage element data 1 

2nd usage element id 002 

2nd usage element size 3 

2nd usage element data 2 


U.S. Patent 


Dec. 1, 1998 


Sheet 8 of 15 


5,845,281 


Fig 9 


50-- 


20- 



data object 


-24 


DBMS 


-22 


I 


19- 


data packaging 
program 


60- 
24- 
40- 


I 


user adapted 
control data 


data object 


secure 
data package 


user adapted , . $q 
control data 


control 
database 


-20 


U.S. Patent Dec l, 1998 Sheet 9 of 15 


5,845,281 


Fig 10 

1001 

Copy general set of control data to create new control data 





1002 

Apply new id to new control data 




♦ 



1003 

Update second control element data in new control data 





1004 

Store new control data in control database 



1005 

* 

Copy data object 

* 



1006 

Concatenate data object and new control data 




Begin security procedure corresponding to security code "0010" 
Encrypt data object an d control data to create final data package 

♦ 

1 009 Store data package or pass to network program 


1007 


I 1008 


• 


U.S. Patent 


Dec. 1, 1998 


Sheet 10 of 15 


5,845,281 


Fig 11 


control data in memory 


123456789001000102172730016100232 


AVI file in memory 


RIFF0 )□ OA \TLIST6QOOhdrkvih8 □ □ Oj O DOS WD OC\A 

DaDODiQoaaQaaDQOQPQO@aacwaaaaoDOA 

^OawDaDOOV6LISTtQOOstrlstrh8DDOvidscvidOaD(t 
SoaO{ ({hhhhhh(Ott^S--ac^(hhhQOQ^{{(|sd<r f ** 

<pi # irs &, 'OaaoaoooooaoDD(ana"o* , s - "D{OiMjvd 

QQOYMK hhh{Dn M SinOft--oeSirqv<*{On,^win| M 


Fig 12a 


concatenated control data 
and AVI file in memory 


1 23456789001 000 1 021 72730016100232riffo> 
OOAVILIST6aaahdrUivih8DODjaQaSWDDC\ADaa 

□aioooDOoaaaooPQO@QDDoaaoaaaDAiQD 

wOOaDaV6USTtOOastrlstrti8aaavidscvidaDO(rSDO 
0 { { {hhhhhh ( On— oeS— ^ShmfhhhaOO"* ( { (|sd*™Sghr 

8=+GDDDoaooDOQQaa{Ona"a ,, j i "a{anqvdoao 
^— <r$''§ci°jr{ { ( { { (-DDDmaaaOOu^ 


Fig 1 2b 


concatenated and 
encrypted control data and 
AVI file in memory 


123456789001 000 1 021 7273DDoaoaaaDaao 
□□□□□□oooaaaaooaaaQQQQQQQooQQaoo 
ooaaaaoaaoooaooaaaaaaooaooaoaaao 
ooaaaaoaaaaoDoooaaaQaoaaoaaQaaao 
oaoaaaoaoaqaaDoaaoaDOopaaoaoooao 
ODoaaaoDaooaaaoaaaDaaaoaaaDaoaoD 
oooaooDaooaQaooaooaaaoooaaaoaaao 
oaooaaaaoaaoaDOOQaaoooK 


U.S. Patent Dec 1,1998 Sheet 11 of 15 5,845,281 


Fig 13 


40- 


35- 


36- 


37- 


39- 


25- 


31- 


data package 


user program 


control database 


network and 
telecommunications 


OS 


28- 


processor 


29- display 


30- keybd 


printer 


sound sys -32 


ROM -33 


bulk storage -34 


network 
adapter 


-27 


memory —26 


U.S. Patent Dec 1, 1998 Sheet 12 of 15 5,845,281 


Fig 14 


control 
module 


I 


-1401 


1402- 


user interface module 


file transfer 
program 


1403- 


usage manager 
module 


-1409 


control data 
parser module 


-1404 


format modules 


-1406 


security modules 


-1407 


decryption module 


-1405 


user program 


35- 


U.S. Patent Decl, 1998 Sheet 13 of 15 


5,845,281 


Fig 15 


1 501- rccc ' vc data package 


1502- storc ^ ata P^age ^ ^ e 


1503- startuser P r °g ram ^5 


1504- input usa € c rc< J ucst 


1505" decrypt ^ extract control data from data package and store control data in memory 


1506~ 


1 


compare usage request to usage 
requirements in control data 


1507- 


i 


usage OK? 


3 


no 


^ disable usage request 


-1508 


yes 


1 509"" nee< * ^ ata convcrs i° n ? 


yes 


convert data object file format —1510 


r no 


yes 


1— need decompression? 

no 


decompress data object file 


M512 


1 5 1 3- nced secur * tv treatment? 


1515- 


yes 


perform security treatment 


H514 


no 


1516- 


decrypt and extract object data 


enable requested usage 

i 


1517- u P^ atc control data 


1518- 


restore data package 



U.S. Patent Dec l, 1998 Sheet 14 of 15 


Fig 16 


1601 

Begin user program 


1602 

Detect usage request 


1603 

Examine control data 


1604 

If universal format code is "0010" then continue, else disable use and 
jump to 1699 


1605 

If universal security code is "0010" then continue, else disable use and 
jump to 1699 

1 

1606 

Compare user type to first usage element data 


1607 

If user type is same then continue, else disable use and jump to 1699 


1608 

Check second control element for number of uses purchased 

i 

1609 

If uses is > 0 then enable use, else disable use and jump to 1699 


1610 

Decrement second control element data 

i 

1611 

Repackage data object 


169? return 


5,845,281 


U.S. Patent 


Dec 1, 1998 Sheet 15 of 15 

Fig 17 


5,845,281 




control data 0 



control data'l 



control data 2 



control data 3 




object data 1 




object data 2 




object data 3 


data package 0 


control data 0 


control data 1 


object data 1 


data package 1 


control data 2 


object data 2 


data package 2 


control data 3 


object data 3 


data package 3 


data package 0 


PRIOR ART 


5,845,281 

1 2 

METHOD AND SYSTEM FOR MANAGING A ing. The owner may also wim Co sell composite objects with 

DATA OBJECT SO AS TO COMPLY WITH different rules governing each constituent object Thus, il is 

PREDETERMINED CONDITIONS FOR necessary to be able to implement variable and extensible 

USAGE control. 

5 The user. on bis part wants to be. able to search for and 

TECHNICAL HELD purchase data objects in a convenient manner. If desired, the 

, j user should be able to combine or edit purchased objects (i.e. 

The present mvenUOD rcUtes to data processmg and more ^ a ^ pj^^y Furthermore, the user may want 

particularly to a method and a system for managing data ^ ^ ^ materLlL A ^.^ 

objects so as to comply wtth pred e tcrm,ned condtUons for )Q ^ ^ enabk as well. 

usa ^ e * What is needed is a universally adaptable system and 

BACKGROUND method for managing the exchange and usage of data objects 

while protecting the interests of data object owners and 

Much has been written recently regarding the puzzle of users, 
universal connectivity. A typical vision of the data highway 15 
has long distance high speed data carriers inter connecting 
regional networks which provide telecommunications ser- ^ method for enforcing payment of royalties when copy- 
vices and a wide range of interactive on-line services to m g softcopy books is described in the European patent 
consumers. Many of the pieces are already in place, others application EP 0 567 800. This method protects a formatted 
are in development or testing. In fact, even though the data 20 (cxl stream of a structured document which includes a 
highway is under construction it is currently open to limited royalty payment element having a special lag. When the 
traffic. On-line services are springing up daily and video on formatted text stream is inputted in the user's data processor, 
demand services are currently being tested. the text sire am is searched to identify the royalty payment 

The potential to benefit society is immense. The scope of element and a flag is stored in the memory of the data 

information available to consumers win become truly global 25 processor. When the user for instance requests to print the 

as the traditional barriers to entry for distribution of, and document, the data processor requests authorization for this 

access to, information are lowered dramatically. This means operation from a second data processor* The second data 

that more diverse and specialized information will be made processor charges the user the amount indicated in the 

available just as conveniently as generic sources from major royalty payment element and then transmits the authoriza- 

vendors used to be. The end result is that organizations and 30 tion to the first data processor. 

individuals will be empowered in ways heretofore only One serious limitation of this method is thai it can only be 

imagined. applied to structured documents. The description of the 

However, a rally functioning data highway will only be as above-mentioned European patent application defines a 

valuable as the actual services which it provides. Services structured document as: a document prepared in accordance 

envisioned for the data highway that involve the delivery of with an SGML compliant type definition. In other words it 

data objects (c.g. books, films, video, news, music, software, . can not be applied to documents which are not SGML 

games, etc.) will be and arc currently limited by the avail- compliant and it cannot be applied to any other types of data 

ability of such objects. Library and educational services are objects. 

similarly affected. Before owners will allow their data Furthermore, this method does not provide for variable 

objects to be offered they must be assured of royalty and extensible control. Anyone can purchase a softcopy 

payments and protection from piracy. book on a CD, a floppy disc or the like, and the same royalty 

Encryption is a key component of any solution to provide amount is indicated in the royalty payment element of all 

copy protection. But encryption alone is not enough. During softcopy books of the same title. 

transmission and storage the data objecls will be protected 45 Thus, the method described in EP 0 567 800 docs not 

by encryption, but as soon as anyone is given the key to satisfy the above-mentioned requirements for universally 

decipher the content he will have unlimited control over it. adaptable protection of data objects. 

Since the digital domain permits data objects to be repro- SUMMARY OF THE INVENTION 

duced in unlimited quantities with no loss of quality, each 

object will need to be protected from unlimited use and 50 Accordingly, h is a first object of the invention to provide 

unauthorized reproduction and resale. a method and a data processing system for managmg a data 

The protection problem must not be solved by a separate in a manncr " independent of the forma and the 
solution for each particular data format, because then the structure thereof, so as to comply with predetermined con- 
progress will indeed be stow. It is important to consider the usa g e control and royalty payment, 
effect of standardization on an industry. Consider how the 5 < 11 is a furtncr ob J cct of lbc jnvcnuon 10 P rov,de ^ 8 
VHS the CD and the DAT formats, and the IBM PC method and system which is universally adaptable to the 
compatibility standards have encouraged growth in their needs of both the owner and the user of the data object, 
respective industries. However, if there is to be any type of A further object of the invention is to provide such a 
standardization, the standard must provide universal adapt- method and system which enables a data object provider to 
ability to the needs of both data providers and data users. 60 distribute his data object while maintaining control of the 

The data object owner may want to have permanent usage thereof, 

secure control over bow, when, where, and by whom his Yel another object of the invention is to provide a method 

property is used. Furthermore, be may want to define and system which allows a data object provider to select the 

different rules of engagement for different types of users and level of security for his data object in a flexible way. 

different types of security depending on the value of par- 65 Yet another object of the invention is to provide such a 

ticular objecls. The rules defined by him shall govern the method and system which makes it possible to establish an 

automated operations enabled by data services and network- audit trail for the data object. 


5,845,281 

3 4 

Yet another object is to provide such a method and system cootrol data. In the latter case, the number of usages 

which makes it possible to sell and buy data objects in a requested by the user is tentatively authorized and included 

secure way. in the user set, but if the request is refused the user set is 

More particularly, a data object provider, e.gl, the owner canceled or changed, 

of a data object or bis agent (broker), stores the dala object 5 The data package may be transferred to the user by 

in a memory device, e.g. a bulk storage device, where it is electronic means or stored on bulk storage media and 

accessible by means of the data provider's data processor. transferred to the user by mail or by any suitable transpor- 

The data object can consist of digital data, analog data or a tation means. 

combination or hybrid of analog and digital data. Once the data object has been packaged in the above - 

A general set of control data, which is based on the 10 described manner, it can only be accessed by a user program 

predetermined conditions for usage of the data object, is which has built-in usage control and means for decrypting 

created and stored in the same memory device as the data the data package. The user program will only permit usages 

object or another memory device where it is accessible by de6ned as acceptable in the control data. Moreover, if the 

the data provider's data processor. The predetermined con- cootrol data comprises a security control element, the secu- 
ditions for usage may be denned by the data object owner, 15 rity procedure prescribed therein has to be complied with. In 

by the broker or by anyone else. They may differ, between one embodiment, the usage control may be performed as 

different data objects. follows. If the user decides to use a data object, the user 

The general set of control data comprises at least one or program checks the control data to see if this action is 

more usage control elements, which define usages of the authorized. More particularly it checks that the number of 
data object which comply with the predetermined condi- 20 authorized usages of this kind is one or more. If so, the 

tions These usages may encompass for instance the kind of action is enabled and the number of authorized usages 

user, a time limit for usage, a geographical area for usage, decremented by one. Otherwise, the acton is interrupted by 

allowed operations, such as making a hard copy of the data the user program and the user may or may not be given the 

object or viewing it, and/or claim to royalty payment. The opportunity to purchase the right to complete the action, 

general set of control data may comprise other kinds of 25 After the usage, the user program repackages the data 

control elements besides the usage control element. In a object in the same manner as it was packaged before, 

preferred embodiment, the general set of control data com- When a data object is redistributed by a user or a broker, 

prises a security cootrol element which defines a security new control elements are added in the control data to reflect 

procedure which has to be carried out before usage of the JQ the relation between the old user/broker and the new user/ 

data object. It also comprises an identifier, which uniquely .. broker. In this way, an audit trail for the data object may be 

identifies the general set of control data. created. 

The general set of cootrol data is concatenated with a copy According to another aspect of the invention at least two 

of the data object. Thus, the control data does not reside in data packages are stored on a user's data processor, which 

the data object, but outside it, which makes the control data 35 examines the usage control elements of the data packages in 

independent of the format of and the kind of data object and order to find a match. If a match is found, the user's data 

which allows for usage control independently of the data processor carries out an action which is specified in the user 

object format. set of control data. This method can be used for selling and 

At least the usage control elements) and the data object buying data objects, 

are encrypted, so that the user is unable to use the data object 40 BRIEF DESCRIPTION OF DRAWINGS 

without a user program which performs the usage control . , 

and which decrypts the data object. Alternatively, the whole FIG. 1 is a flow diagram showmg the general data flow 

set of control data and the copy of the data object may be according to the invention. 

encrypted. FIG* 2 is a system block diagram of a data object 

A user may request authorization for usage of a data 45 provider's data processor, 

object residing at a data provider's processor via a data FIG. 3 is a block diagram showing the different modules 

network or in any other appropriate way. The authorization of a data packaging program according to the invention, 

may or may not require payment. When a request for FIG. 4 is a data flow diagram of a data packaging process, 

authorization for usage is received, a user set of control data fiG. 5 is an example of a header file, 

is created by the data provider's processor. The user set of 50 6 is an example of a usage data file, 

control data comprises the general set of control data or a FJG ? is a dala flow diagram of loading an object to the 

subset thereof including at least one of said usage control daU provider's data processor, 

elements which is relevant for the actual user. It typically nGS gfl an<J gfc are cxamplcs of mTliTO i data for a data 

also includes a new identifier which uniquely identifies this ol> . 1 0Q ^ daU provider * s dala processor and for an 

set of control data. If relevant, the user set of control data 55 objcc( rcad (0 ^ transferred to a user, respectively, 

also comprises an indication of toe number o( usages ^ flow di of data ^ on thc 

authorized If more than one land of^gers authorized, the provider's data processor, 

number ofeach kind of usage may be specified. Finally, the — « * j. ^ ■ ^ 

set of control data is c^ncatenateTwith a copy of the ™. 10 is a flow diagram of a data pactogmg ; procedure 

data object, and at least the usage control elements and the 60 HG * n 15 a rocmor y ima * e of a dala md ,tS COnlrol 

copy of the data object are encrypted to create a secure data daU * 

package ready for transfer to the user. FIG- 12a is a memory image of the concatenated control 

Before the data package is transferred lo the user, il should data "id data object, 

be confirmed that the request for authorization for usage has FIG. 126 is a memory image of the concatenated and 

been granted. The check is preferably carried out before the 65 encrypted control data and data object, 

user set of control data is created. However, it can also be FIG. 13 is a system block diagram of a user's data 

carried out in parallel with or after the creation of the user processor. 


5,845,281 

5 6 

FIG. 14 is a block diagram showing the different modules The Dai a Provider's Data Processor: 

of a user program according to the invention. FIG. 2 is a system block diagram of a data object 

FIG. 15 is a flow diagram of using a data object on the provider's data processor. As mentioned above, the data 

user's data processor. object provider may be an author of a data object, an owner 

FIG 16 is a flow diagram of how the user program 5 of a data object, a broker of a data object or anyone else who 

operates in a specific application example. wants to distribute a data object, while retaining the control 

FIG 17 is an example of various data package structures of its usage. Hie data processor is a general or special 

for comoosite objects. purpose processor, preferably with network capabilities. It 

lor compos j comprises a CPU 10, a memory U and a network adapter 12, 
DESCRIPTION OF THE BEST MODE FOR 10 whicb ^ interconnected by a bus 13. As shown in FIG. 2, 

CARRYING OUT INVENTION other conventional means, such as a display 14, a keyboard 

General Overview 15, a printer 16, a bulk storage device 17, and a ROM 18, 

- . . , « , a may also be connected to the bus 13. The memory U stores 

HG. 1 is a flow mapam showing the general data flow ^ !clccommiInications ^ 2J £ m 

according to the invention The flow diagram is divided into fi (OS) ^ ^ mc a5o / c . mentioned elements are 

a data object provider part 1 and a user part 2. well-known to the skilled person and commercially avail- 

In the data object provider part 1, a data object 24 is able For mc purposc of ^ m jawa6a0t ^ memory 

created by an author. Hie data object can consist of digital n aJso £tQrcs a daU packaging program 19 ^ prcfcrab iv, 

data, analog data or a combination or hybrid of analog and a ^ ubasc 20 for daU Dcpcndmg upon ^ 

digital data, The primary difference ^ between analog data ^ operation, one or more data objects 24 can be stored 

objects and digital data objects is the means for storage, ^ mc mtmmy n ^ shown or m mc feulk &m& n ^ 

transfer and usage. < j aU provider's data processor is considered secure. 

The author also determines the conditions 42 for the usage The Data Packaging Program: 

of the data object 24 by a user The data object 24 and the ^ daU packing program 19 is used for creating 

usage conditions 42 are input to a data packaging program ^ CODtrol ^ f or controlling the usage of a data object and for 

1 9, which creates a secure data package 40 of the data object packaging the data object and the control data into a secure 

and of control data which are based od the input usage package. 

conditions 42. Once packaged in this way, the data object ^ shown m HGt 3> it comprises a program control 

can only be accessed by a user program 35. module 301, a user interface module 302, a packaging 

The data object may be packaged together with a general 30 mo dule 303, a control data creation module 304, an encryp- 

set of control data, which is the same for all users of the data uon module 305, one or more format modules 306, and one 

object; This may be the case when the data object is sent to or more security modules 307. 

a retailer or a bulletin board, wherefrom a user may obtain The control module 301 controls the execution of the 

it. The data object may also be packaged as a consequence other mo dules. The user interface module 302 handles 

of a request from a user for usage of the data object. In that 35 interaction with the data object provider. The packaging 

case, the package may include control data which is spe- module 303 packages the control data and the data object. It 

cifically adapted to thai user. This control data is called a uses lhc CO ntrol data creation module 304, the format 

user set of control data. It may for example comprise the modules 306, the security modules 307 and the encryption 

number of usages purchased by the user. Typically, the user mo dui e 305 as will be described more in detail below, 

set of control data will be created on the basis of the general ^ The format modules 306 comprise program code, whicb 

set of control data and include at least a subset thereof. A ^ required to handle the data objects in their native formal, 

user set of control data need not always be adapted for a j^ t y ^ f u ]g]j functions such as data compression and data 

specific user. Ail sets of control data which are created on the conversion. They can be implemented by any appropriate, 

basis of a general set of control data will be called a user set commercially available program, such as by means of a 

of control data. Thus, a set of control data can be a general 45 ro utine from the PKWARE Inc. Data Compression library 

set in one phase and a user set in another phase. f or v/indows and the Image Alchemy package from Hand- 

Thc above-mentioned data packaging can be carried out made Software Incorporated, respectively. They can also be 

by the author himself by means of the data packaging implemented by custom designed programs, 

program 19. As an alternative, the author may send his data The security modules 307 comprise program code 

object to a broker, who inputs the data object and the usage so required to implement security, such as more sophisticated 

conditions determined by the author to the data packaging encryption than what is provided by the encryption module 

program 19 in order to create a secure package 3, The author 305, authorization algorithms, access control and usage 

may also sell his data object to the broker. In that case, the control, above and beyond the basic security inherent in the 

broker probably wants to apply his own usage conditions to data package. 

the data packaging program. The author may also provide 55 The data packaging program 19 can contain many differ- 

tbc data object in a secure package to the broker, who e nt types of both format and security modules. The program 

repackages the data object and adds further control data control module 301. applies the format and security modules 

which is relevant to his business activities. Various combi- which are requested by the data provider, 

nations of the above alternatives arc also conceivable. The encryption module 305 may be any appropriate, 

In the user part 2 of the flow diagram, the secure package 60 commercially available module, such as "Fik Crypt" Visual 

40 is received by a user, who must use the user program 35 Basic subprogram found in Crescent Software's QuickPak 

in order to unpackage the secure package 40 and obtain the Professional for Windows — FILECRPT.BAS, or a custom 

data object in a final form 80 for usage. After usage, the data designed encryption program. 

object is repackaged into the secure package 40. The control data creation module 304 creates the control 

The different parts of the system and the different steps of 65 data for controlling the usage of the data object An example 

the method according to the invention will now be described of a control data structure will be described more in detail 

in more detail. below. 



5,& 

7 

The Control Data: 
.. The control data can be stored in a header file and a usage 
data file. In a preferred embodiment, the header file com- 
prises fields to store an object identifier, which uniquely 
identifies the control data and/or its associated data object, 
a title, a format code, and a security code. The format code 
may represent the format or position of fields in the usage 
data file. Alternatively, the format code may designate one or 
more format modules to be used by the data packaging 
program or the user program. The security code may rep- 
resent me encryption mclbod used by the encryption module 
305 or any security module to be used by the data packaging 
program and the user program. The header file fields will be 
referred to as header elements. 

The usage data file comprises at least one field for storing 15 
data which controls usage of the data object. One or more 
usage data fields which represent one condition for the usage 
of the data object will be referred to as a usage element: In 
a preferred embodiment, each usage element is defined by an 
identifier field, e.g. a serial number, a size field, which 20 
specifies the size of the usage element in bytes or in any 
other appropriate way, and a data field. 

The header elements and the usage elements are control 
elements which control all operations relating to the usage of 
the object. The number of control elements is unlimited. The 25 
data provider may define any number of control elements to 
represent his predetermined conditions of usage of the data 
object. The only restriction is that the data packaging 
program 19 and the user program 35 must have compatible 
program code to handle all the control elements. This 30 
program code resides in the packaging module and the usage 
manager module, to be described below. 

Control elements can contain data, script or program code 
which is executed by the user program 35 to control usage 
of the related data object. Script and program code can 35 
contain conditional statements and the like which are pro- 
cessed with the relevant object and system parameters on the 
user's data processor I( would also be possible to use a 
control element to specify a specific proprietary user pro- 
gram which can only be obtained from a particular broker. 40 

It is evident that the control data structure described above 
is but one example. The control data structure may be 
defined in many different ways with different control ele- 
ments. For example, the partitioning of the control data in 
header data and usage data is not mandatory. Furthermore, 45 
the control elements mentioned above are but examples. The 
control dau formal may be unique, e.g. different for different 
data providers, or defined according to a standard. 
The Operation of the Data Packaging Program 

The operation of a first embodiment of the data packaging 50 
program will now be described with reference to the block 
diagram of FIG. 3 and the flow diagram of FIG. 4. 

First a data provider creates a data object and saves it to 
a file, step 401. When the data packaging program is started, 
step 402, the user interface module 302 prompts toe data 55 
object provider to input, step 403, the header information 
consisting of e.g. an object identifier, a title of the data 
object, a format code specifying any format module to be 
used for converting the format of the data object, and a 
security code specifying any security module to be used for 60 
adding further security to the data object. Furthermore, the 
user interface module 302 prompts the data object provider 
to input usage information, e.g. his conditions for the usage 
of the data object The usage information may comprise the 
kind of user who is authorized to use the data object, the 65 
price for different usages of the object etc. The header 
information and the usage information, which may be 



15,281 

8 

entered in the form of predetermined codes, is then passed 
to the control module 301, which calls the packaging module 
303 and passes the information to it. 

The packaging module 303 calls the control data creation 
5 module 304, which first creates a header file, then creates 
header dau on the basis of the header information entered by 
the data object provider and finally stores the header data, 
step 404-405. Then a usage data file is. created, usage data 
created on the basis of the usage information entered by the 
io data provider, and finally the usage data is stored in the 
usage dau file, step 406-407. 

The packaging module 303 then applies any format and 
security modules 306, 307 specified in the header file, steps 
408-413, to the dau object. 

Next, the packaging module 303 concatenates the usage 
data file and the dau object and stores the result as a 
temporary file, step 414. The packaging module 303 calls the 
encryption module 305, which encrypts the temporary file, 
step 415. The level of security will depend somewhat on the 
quality of the encryption and key methods used. 

Finally, the packaging module 303 concatenates the 
header file and the encrypted temporary file and saves the 
result as a single file, step 416. This final file is the dau 
package which may now be distributed by file transfer over 
a network, or on storage media such as CDROM or diskette, 
or by some other means. 

EXAMPLE 1 

An example of how the daU packaging program 19 can be 
used will now be described with reference to FIGS. 5 and 6, 
In this example the daU object, provider is a computer 
graphics artist, who wants to distribute an image that can be 
used as clip art, but only in a document or file which is 
packaged according to the method of the invention and 
which has usage conditions which do not permit further 
cutting or pasting. The artist wants to provide a free preview 
of the image, but also wants to be paid on a per use basis 
unless the user is willing to pay a rather substantial fee lor 
unlimited use. The artist will handle payment and usage 
authorization on a dial-up line to bis daU processor. 

The artist uses some image creation application, such as 
Adobe's Photoshop to create his image. TTic artist then saves 
the image to file in an appropriate format for distribution, 
such as the Graphical Interchange Format (GIF). The artist 
then starts his data packaging program and enters an object 
identifier, a title, a format code and a security code, which 
in this example are "123456789", "image", "a", and "b", 
respectively. In this example, the format code "a" indicates 
that no format code need be applied, and this code is selected 
since the GIF format is appropriate and already compressed. 
Furthermore, the security code "b w indicates that no security 
module need be applied and this code is selected since the 
security achieved by the encryption performed by means of 
the encryption module 305 is considered appropriate by the 
artist. 

Then the artist enters his dial-up phone number, bis price 
for a single use of the image and for unlimited use of the data 
object, a code for usage types approved, and for number of 
usages approved. For this purpose, the user interface module 
302 may display a data entry form. 

The data packaging program 19 creates control data on 
the basis of the information entered by the artist and stores 
the data in the header file and in the usage data file as shown 
in FIGS. 5 and 6, respectively. This dau constitutes a genera] 
set- of control daU which is not specifically adapted to a 
single user, but which indicates the conditions of usage 
determined by the artist for all future users. 


5,845,281 

9 10 

Then the package program 19 concatenates the data object cated therein. The comparison may include comparing the 

and the control data in accordance with steps 414-416 of user type, the usage type, the number of usages, the price etc. 

FIG. 4 to achieve the secure package. No format module or If the requested usage complies with the predetermined 

security module is applied to the data object, since they are conditions the authorization is granted, otherwise it is 

not needed according to the data in the header file. 5 rejected. 

When the secure package has been obtained, the artist FIG. 9 is a data flow diagram of the data packaging on the 

sends it to a bulletin board, from where it can be retrieved broker's data processor, which occurs in response to a 

bv a user granted request from a user for authorization for usage of the 

video, e.g. a granted request for the purchase of two view- 
EXAMPLE 2 10 mgs 

Below, another embodiment of the data packagin g pro- In response to a granted request, the broker again applies 

gram 19 will be described with reference to FIGS. 7 -12b. In the data packaging program 19. The general set of control 

this example, the data object consists of a video film, which data 50 and the data object 24 are input to the program from 

is created by a film company and sent to a broker together the control database 20 and toe bulk storage 17, respectively, 
with the predetermined conditions 42 for usage of the video, is The program creates a user set of control data 60 on the basis 

The broker loads the video 24 to the bulk storage 17 of his of the general set of control data 50 and concatenates the 

data processor. Then, he uses his data packaging program 19 user set 60 and the data object 24 to create a secure data 

to create a general set of control data 50 based oo the package 40, which may then be transferred to the user by any 

predetermined conditions 42 for usage indicated by the film suitable means. A copy of the user set of control data is 
company. Furthermore, the address to the video in the bulk 20 preferably stored in the broker's control database. This gives 

storage 17 is stored in an address table in the control the broker a record with which to compare subsequent use, 

database 20 or somewhere else in the memory 11. It could e.g. when a dial-up is required for usage, 

also be stored in the general set of control data 50. Finally, FIG. 10 is a flow diagram of an exemplary procedure used 

the general set of control data 50 is stored in the control for creating a user set of control data and for packaging the 

database 20. It could also be stored somewhere else in the 25 user set of control data and the video into a secure package, 

memory 11. After these operations, which correspond to Here, the procedure will be described with reference to the 

steps 401-407 of FIG. 4, the data packaging program is general set of control data shown in FIG. 8a. 

exited. The user set of control data 60, i.e. a set of control data 

FIG. 8a snows the general s;et of control data for the video which is adapted to the specific user of this example, is 

according to tms example. Here the control data includes an 30 created in steps 1001-1003 of FIG. 11. First, the general set 

identifier, a format code, a security code, the number of of control data 50 stored in the control database is copied to 

usage elements, the size of the data object, the size of the create new control data, step 1001. Second, a new identifier, 

usage elements and two usage elements, each comprising an here "123456790", which uniquely identifies the user set of 

identifier field, a size field and a data field. The identifier con troldata, is stored in the identifier field of the new control 

may be a unique number in a series registered for the 35 data 60, step 1002. Third, the data field of the second usage 

particular broker. In this example, the identifier is element is updated with the usage purchased, ix. in this 

"123456789", the format code "001 0'\ which, in this example with two, since two viewings of the video were 

example, indicates the formal of a AVI video and the security purch ased, step 1 003 . 

code is "0010". Furthermore, the first usage element defines The thus-created user set of control data, which corre- 

the acceptable users for the video and the second usage 40 sponds to the general set of control data of FIG. 8a is shown 

element data defines the number of viewings of the video in FIG. &b. 

purchased by a user. The first usage element data is 1 which, The user set of control data is stored in the control 

for the purposes of this example will signify that only database 20, step 1004. Then, the video, which is stored in 

education oriented users are acceptable to the film company. the bulk storage 17, is copied, step 1005. The copy of the 

The data field of the second usage element data is empty, 45 video is concatenated with the user set of control data, step 

since at this stage no viewings of the video has been 1006. Trie security code 0010 specifies that the entire data 

purchased. package 40 is to be encrypted and that the user program 35 

Managing Object Transfer must contain a key which can be applied. Accordingly, the 

The broker wants to transfer data objects to users and whole data package is encrypted, step 1007. Finally, the 

enable controlled usage in return for payment of usage fees 50 encrypted data package is stored on a storage media or 

or royalties. Managing the brokerruser business relationship passed to a network program, step 1008, for further transfer 

and negotiating the transaction between the broker and the to the user. 

user can both be automated, and the control data structure FIG. 11 is a memory image of the video 24 and the user 

can provide unlimited support to these operations. The control data 60. The user control data and a copy of the video 

payment can be handled by transmitting credit card 55 24 are concatenated as shown in FIG. 12a. The encrypted 

information, or the user can have a debit or credit account data package 40 is shown in FIG. 126. 

with tbe broker which is password activated. Preferably, The procedure of FIG. 10 can be implemented by the data 

payment should be confirmed before the data object is packaging program of FIG. 3. As an alternative to tbe 

transferred to tbe user. procedure of FIG, 10, tbe user set of control data can be 

Data packaging: 60 created as in steps 1001-1003 and saved in a header file and 

When a user wants to use a data object, he contacts the in a usage data file, whereafter steps 408-416 of the data 

broker and requests authorization for usage of the data packaging program of FIG. 4 can be performed to create the 

object. When tbe request for authorization is received in the secure package. 

broker's data processor, a data program compares the usage Tbe above-described process for creating a user-adapted 

for which authorization is requested with the usage control 65 set of control data may also be used by a user who wants to 

elements of tbe control data of the data object to see if it redistribute a data object or by a broker wlio wants to 

complies with the predetermined conditions for usage indi- distribute the data object to other brokers. Obviously, redis- 


5,845,281 

11 12 

tribution of the data object requires that redistribution is a A password may be added in a password control element 

usage approved of in the control data of the data object. If during packaging of the data object The password is trans - 

so, the user or the broker creates a user set of control data ferred to the user by registered mail or in any other appro- 

by adding new control elements and possibly changing the pr iate way. In response to the presence of the password 
data fields of old control element lo reflect the relation 5 control element in the control data structure, the user pro- 

between the author and the current user/broker and between prompts the user to input the password. The input 

the current user/broker and the future user/broker. In this passW ord is compared with the password in the control clata, 

way an audit traflis created. and if tfacy match, the user program continues, otherwise it 

The User's Data Processor: is dhabled. 

™ C T^1£^ J0 TDeuserprogram35«nalsx,havepro^edureswhichalter 

and a network adapted?, w^ lccordni g 10 * c f™"* of the user object 41. It is 

28. As shown in FIG. 13, other conventional means, such as nnportant to mention that the user program 35 never stores 
a display 29, a keyboard 30, a printer 31, a sound system 32, m nalIVC fonnat 10 accessible storage and that 

a ROM 33, and a bulk storage device 34, may also be ™ durin g outlay of toe data object the print screen key is 
connected to the bus 28. The memory 26 stores network and trapped. 

telecommunications programs 37 and an operating system . The fi^ transfer program 1409 can transfer and receive 
(OS) 39. All the above-mentioned elements are well-known files via network to and from other data processor, 
to the skilled person and commercially available. For the Since the data object is repackaged into the secure pack- 
purpose of the present invention, the memory 26 also stores 20 age after the usage, the user program should also include 
a user program 35 and, preferably, a database 36 intended for program code for repackaging the data object The program 
the control data. Depending upon the current operation, a code could be the same as thai used in the corresponding 
data package 40 can be stored in the memory 26, as shown, data packaging program 19. It could also be a separate 
or in the bulk storage 34. program which is called from the user program. 

The User Program: 25 Operation of the User Program: 

The user program 35 controls the usage of a data object The operation of an embodiment of the user program 35 
in accordance with the control data, which is included in the will now be described with reference to the block diagram 
data package together with the data object- of FIG. 14 and the flow diagram of FIG. 15. 

As shown in FIG. 14, the user program 35 comprises a First the user receives a data package 40 via file transfer 
program control module 1401 a user interface module 1402, 50 over a network, or on a storage media such as CD-ROM or 
a usage manager module 1403, a control data parser module diskette, or by any other appropriate means, step 1501. He 
1404, a decryption module 1405, one or more format then stores the data package as a file on bis data processor, 
modules 1406, one or more security modules 1407, and a file step 1502. 

transfer program 1409. When the user wants to use the data object, be starts the 

Hie control module 1401 controls the execution of the 35 user program 35, step 1503. Then he requests usage of the 
other modules. The user interface module 1402 handles data object, step 1504. The request is received by the user 
interactions with the user. The usage manager module 1403 interface module 1402, which notifies the control module 
unpackages the secure package 40. It uses the control data 1401 of the usage request. The control module 1401 calls the 
parser module 1404, the decryption module 1405, the format usage manager module 1403 and passes the usage request, 
modules 1406, and the security modules 1407. 40 The usage manager module 1403 reads the format code 

The format modules 1406 comprise program code, which from the data package to determine the control data format, 
is necessary to handle the data objects in their native format, Then it calls the decryption module 1405 to decrypt and 
sucb as decompression and data format procedures. The extract the control data from the data package. The usage 
security modules 1407 comprises program code required to manager module 1403 applies the decryption module 1405 
implement security above the lowest level, such as access 45 incrementally lo decrypt only the control data. Finally, ii 
control, usage control and more sophisticated decryption stores the control data in memory, step 1505. 
than what is provided by the basic decryption module 1405. The usage manager module 1403 then calls the control 
The user program 35 can contain many different types of data parser module 1404 to extract the data fields from the 
both format and security modules. However, they should be usage elements. 

complementary with the format and security modules used 50 The usage manager module 1403 then compares the user 
in the corresponding data packaging program. The usage request for usage with the corresponding control data, steps 
manager module 1401 applies the format and security mod- 1506-1507. If the requested usage is not permitted in the 
ules which are necessary to use a data object and which are control data, the requested usage is disabled, step 1508. 
specified in its control data. If the proper format and security However, if the requested usage is approved of in the control 
modules are not available for a particular data object, the 55 data, the usage manager module 1403 applies any format 
usage manager module 1401 will not permit any usage. and security modules 1406, 1407 specified in the header data 

The decryption module 1405 can be the above-mentioned or usage data, steps 1509-1514, to the data package. 
FileGypt Visual Basic subprogram or some other commer- Then the usage manager module 1403 calls the decryption 
cially available decryption program. It can also be a custom module 1405, which decrypts the object data, step 1515, 
designed decryption module. The only restriction is that the 60 whereafter the requested usage is enabled, step 1516. Id 
decryption module used in the user program is complcmen- connection with the enabling of the usage, the control data 
tary with the encryption module of the data packaging may need to be updated, step 1517. The control data may for 
program. instance comprise a data field indicating a limited number of 

The control data parser module 1403 performs the reverse usages. If so, this data field is decremented by one in 
process of the control data creation module 304 in FIG. 3. 65 response to the enabling of the usage. When the user has 

The user program 35 can have code which controls use of finished usage of the data object, the user program 35 
the program by password or by any other suitable method. restores the data package in the secure form by repackaging 


5,845,281 

13 14 

it, step 1518. More particularly, the data object and the usage 307 containing a sophisticated encryption algorithm, such as 

elements are recoocatenated and reencrypted. Then the RS A, could be used. In that case the packaging module 303 

header elements are added and the thus-created package is calls the security module 307 in step 412 of the flow diagram 

stored in Ihc user's data processor. of FIG. 4. The security module encrypts the image and 

5 passes a security algorithm code to the control data creation 

Example 1 contd. module 302, which adds a control element for the security 

A specific example of bow the user program operates win module code, which will be detected by the user program 35. 

now be described with reference to FIGS. 6 and 15. The Then the data packaging continues with step 414. When the 

example is a continuation of Example 1 above, where an data package is seat to the user, the public key is mailed to 
artist created an image and sent it to a bulletin board. 1Q the user by registered mail. When the user program is 

Assume that a user has found the image at an electronic executed in response to a request for usage of this data 

bulletin board (BBS) and is interested in using it. He then ob i^ *e usage manager module will delect the security 

loads the data package 40 containing the image to his data mochile code in the control data and call we security module. 

processorandstoresitasafi^ TiE™?? ^ £ ? " " k?*? "ft? 

^ . ~ - . * . _ - Tr 1402, which requests the user to input the public key. If the 

theo executes the user program 35 and ^™**JI™™ IS kcy is correct, the user security module applies complemen- 

tbe image. Tbc user program . *»] performs steps 1505-1507 ^ d ion ^ mal k ^ ^ ^ ^ 

of the flow diagram m FIG. 15. Hie request for a preview of m c |Q mc ^ gc managcr modulc> ^ ch cnablcs lhc 

the image is compared with the data field of the usage usa g C> 

element "code for usage type approved". Id this example, As another example of improved security, a security 

the code "9" designates that previews are permitted. Thus, 20 modu ]e may implement an authorization process, according 

the requested preview is OK. Then, the user program 35 l0 ^^j, ^ ch of me data object requires a dialup to 

performs step 1509-1515 of FIG. 15. Since the formal code ^ daU processor 0 f (n c data object provider. When the 

"a" and the security code *b" of the header data indicate that corresponding security module code is detected by the user 

neither conversion, nor decompression, nor security treat- pro gram 35, the relevant security module is called. This 

ment is required, the user program only decrypts the object ^ modulc passcs a rcqucs i f or authorization to the control 

data. Hie usage manager module 1403 then displays the mo dule 1401, which calls the file transfer program 1409, 

preview on the user's data processor and passes control back which dia] lhc data ob j ecl provide dial-up number, which 

to the user interface 1402. ^ indicated j D a usage element and transfers the request for 

When the user is finished previewing the image, the user authorization of usage. Upon a granted authorization, the 

interface module 1402 displays thc costs for usage of the 30 data provider's data processor returns a usage approved 

image in accordance with the price usage data of the control message to the user security module, which forwards the 

data ("price for single use" and "price for unlimited use" in approval to the usage control modulc, which enables one 

FIG. 6) and prompts the user to enter a purchase request. Thc usage. If the user requests further usages of the data object, 

user decides to buy unlimited use of thc image, and the user mc authorization process is repeated. This procedures results 

interface modulc 1402 inputs purchase information, such as 35 m a permanent data object security, 
an identification, billing, and address for that request and 

passes the request to the control module 1401. The control bxamplc 2 contd. 

modulc calls thc file transfer program 1409, which dials thc A further specific example of bow the user program 35 

artist's dial-up number as indicated in thc usage data operates will now be described with reference to FIG. 16. 

("control element for artist's phone number" in FIG. 6) and 40 TOc example is a continuation of Example 2 above, where 

transfers the request and purchase information to a broker a user purchased two viewings of a video film from a broker, 

program on thc artist's data processor. Upon approval of the The user wants to play the video which was purchased and 

purchase, the broker program returns a file containing an transferred from the broker. The user applies the user 

update for "usage type approved" control elements. The program 35, step 1601, and requests to play the video, step 

update is "10" for the usage type approved, which in this 45 1 602. The user program 35 first examines the user set of 

example indicates that unlimited use by that user is permit- control data 60, step 1603. In this example, the user program 

ted. The file transfer program 1409 passes this update to the 35 contains only those format and security modules for 

usage managcr module 1403 which updates the control data objects with format code of 0010 and with a security code 

with toe "usage type approved" code. The user interface of 0010. Consequently, only those types of data objects may 

module 1402 then displays a confirmation message to the 50 be used. If the program encounters other codes it will not 

user. enable the usage action, step 1604-1605. 

Subsequently, the user interlace module inputs a request Next, the user program 35 compares thc first control 

to copy thc image to a file packaged according to this element data which is 1 , for educational users only, to user 

invention, on the user's machine. The usage manager mod- information entered by the user on request of the user 

ule then compares the user request control data. The usage 55 program. Since the user type entered by the user is the same 

manager module examines the data filed for "Usage type as that indicated in the first usage element the process 

approved", which now is "00". The usage manager module continues, steps 1606-1607. Then the user program checks 

copies the image to the file. the second control clement data which specifies that the 

When the user is finished with thc image, the usage number of plays purchased is 2. Consequently, the usage is 

manager module 1403 repackages the image as before 60 enabled, step 1609. The user program applies the decryption 

except with updated control data. This repackaging process module with the universal key and the AVI format video is 

is exactly like thai shown in FIG. 4, except that the header displayed on the display unit 29. Then, the second control 

and usage data already exist, so the process starts after step element data is decremented by one, step 1610, Finally, the 

406 where control data is created. video is repackaged, step 1611. 

Improved Security 65 Implementation of Variable and Extensible Object Control: 

If the data object provider wants to improve the security Object control is achieved through the interaction of the 

of a data package containing a data object, a security module data packaging program 19 and the usage program 35 with 


5,845,281 . 
15 16 

the control datt. Variation of object control can be applied to Another side of composite objects is when the user wants 
a particular object by creating a control data format with to combine data objects for some particular use. Combina- 
control elements defining the control variation and the don is a usage action that must be permitted in each 
circumstances in which the variation is applied. Program constituent data object. A new data object is created with 
procedures should then be added to program modules lo 5 control data linking the constituent data objects. Each con- 
process the control elements. For example, suppose a broker slituent data object retains its original control data which 
wants to allow students to print a particular article for free continues to control its subsequent usage, 
but require business users to pay for it. He defines control When a user requests authorization for usage of one 
elements to represent the user types student and business and constituent data object in a composite data object, a user set 
the associated costs for each. He then adds program logic to of control data is created only for that constituent data object 
examine the user type and calculate costs accordingly- and concatenated only with a copy of that constituent data 
Object control is extensible in the sense that the control data object 
format can have as many elements as there are parameters Scaleablc Implementation: 

defining the rules for object control. The flexible control data structure and modular program 

Implementation of Variable and Extensible Object Security: structure permit almost boundless extensibility with regard 
Object security is also achieved through the interaction of 15 to implementation of the owner's requirements for usage 
the data packaging program 19 and the user program 35 with control and royalty payment. The control data structure can 
the control data. Security process and cncrypUWdecryption include control elements for complex user types, usage 
algorithms can be added as program modules. Variation of types, multiple billing schemes, artistic or ownership credit 
object security can be applied lo a particular object by requirements and others. Security modules can be included 
creating a control data format with control elements defining 20 which interact with any variation of the control data struc- 
tbe security variation and the circumstances in which the ture and the control data. Security modules could require a 
variation is applied. Program procedures should be added to dial up to the brokers data processor to approve loading or 
program modules to process the control elements. For *sag* actions and to implement approval authentication 
example, suppose a broker wants to apply minimal security mechanisms, 
to his collection of current news articles but to apply tight 25 User Ac*mg as a BroKer: 

security to his encyclopedia and text books. He defines a A limited or full implementation of the broker s da a 
sccuniy iu u» u ywy m „„ m packaging program can be implemented on the user's 

control elemen for security type .He then P m ^l further distribulion or reselling. However, 

logic to apply the security algonthms accordingly. O^ect ^ £ u ^ ^ ^ ^nbex 

security is extensible m the sense that multiple levels of j^bution or nulling arc enabled in tnat way 
security can be applied. The level of security will of course 30 Rcbrokcring 

be dependent on the encryption/key method which is imple- ^ au(hor 0 f a dala object may want to allow his original 
mented in the security modules. One level of security may broker to distribute his data object to other brokers whom 
be to require on-line confirmation when loading a data ^\ also distribute his image. He then includes a control 
object to the user's data processor. This can be implemented element which enables rebrokering in the control data before 
in program code in a security module. This permits the 35 distributing the data object with its associated control data to 
broker to check that the object has not already been loaded the original broker. Upon request for rebrokering, the origi- 
as well as double check all other parameters. nal broker copies the general set of control data and updates 

It is also important to have version control with time the copy to create a user set of control data which will 
stamping between the usage program and the user's control function as the general set of control data on the subsequent 
database. Otherwise the database can be duplicated and 40 brokers dala processor. The original broker packages the 
reapplied to the user program. The user program can place data object with the user set of control data and transfers the 
a time stamp in the control database and in a bidden system package to the subsequent broker. The subsequent broker 
file each time the control database is accessed. If the time then proceeds as if he were an original broker, 
stamps are not identical, the control database has been Automated Transaction Negotiation 
tampered with and all usage is disabled. Program code for 45 This is an example of how the predetermined conditions 
handling lime stamps can reside in a security module. for usage included in the control data can be used for 

Handling Composite Objects: achieving automated transaction negotiation. 

A composite object can be handled by defining a control Suppose some company wants lo provide a computer 
data format with control elements defining relationships automated stock trading. Buy and sell orders could be 
between constituent objects and by defining a parent/child 50 implemented in the form of data packages and a user 
element and a related object id element. For example, program could process the data packages and execute trans- 
suppose a broker wants to include a video and a text book actions. Data packages could carry digital cash and manage 
in an educational package. He creates a parent object with payment based on conditions defined in the control data, 
control element referring to the video and textbook objects. In this example, the buy order is created using a data 
He also includes control elements in the control data for the 55 packaging program according to the invention on the buy- 
video object and the textbook object referring to the parent er's data processor. The sell order is created using the data 
object. Finally, he adds program procedures lo program packaging program on the seller's data processor. Both 
modules to process the control elements. orders are used by the user program on the stock trader's 

In other words, when the dala object is a composite data data processor. The usages would take the form of using a 
object including at least two constituent data objects, a 60 sell order data package to sell stock and a buy order dala 
respective general set of control data is created for each of package to buy stock. Tbe rules or conditions for buying and 
the constituent data object and the composite data object. In selling stocks could be indicated in the control data of the 
response to a request from a user, a respective user set of packages. The data object consists of digital cponey. In this 
control data is created for each of tbe constituent data objects context it is important to remember that digital money is 
as well as for the composite data object. 65 merely dala which references real money or virtual money 

Examples of various data package structures for compos- that is issued and maintained for the purpose of digital 
ite objects are given in FIG. 17. transactions. 


5,845,281 


17 


18 


In this example the buyer starts with a digital money data 
file. He uses the data packaging program to create control 
data, e.g. kind of stock, price, quan tity, for the purchase, and 
he then packages the digital money data file, and the control 
data into a secure package as described above. 

The seller starts with an empty data file. This empty file 
is analogous to the digital money data file except it is empty. 
The seller creates control data, e.g. kind of stock, price, 
quantity, and packages the empty file and the control data, 
into a secure package. 

Both the sell order package and the buy order package are 
transferred to the data processor of the stock trading 
company, where they are received and stored in the memory. 
The user program of the stock trading company examines 
the control data of the buy and sell order packages in the 
same way as has been described above and looks for a 
match. Upon identifying matched buy and sell orders the 
user program executes a transaction, whereby the digital 
money is extracted from the buy order data package and 
transferred to the sell order package. Then the control data 
of the data packages is updated to provide an audit trail. Both 
packages are repackaged in the same manner as they were 
previously packaged and then transferred back to their 
authors. 

The above described technique could be used for selling 
and buying any object as well as for automated negotiations. 
Payment may be carried out in other ways than by digital 
money. 

In the general case, the data processor of the user decrypts 
the usage control elements of the user sets of control data 
and examines the usage control elements to find a match. In 
response to the finding of a match, the user's data processor 
carries out an action which is specified in the user set of 
control data. 

We claim: 

1. A method for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising the steps of: 
storing the data object in a memory device, where it is 
accessible by means of a data object provider's data ^ 
processor; 

.providing a variable number of control conditions for 
usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said variable number 45 
of control conditions for usage, said general set of 
control data comprising at least one or more usage 
control elements defining usages of the data object 
which comply with said variable number of control 
conditions, so 

storing said general set of control data in a memory 
device, where it is accessible by said data processor; 

concatenating the general set of control data with a copy 
of the data object; and 

encrypting at least the copy of the data object and said one 

- or more usage control elements to create a secure data 
package which is ready for transfer to a user. 

2. A method as set forth in claim 1, wherein the step of 
encrypting comprises encrypting the data object and the 
general set of control data. 

3. A method as set forth in claim 1, wherein the step of 
creating control data comprises creating an identifier which 
uniquely identifies the general set of control data. 

4. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 
security control element which identifies a security process 
to be applied before usage of the data object is allowed. 


55 


60 


5. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 
format control element which identifies the format of the 
control data. 

5 6. A method as set forth io claim 1, further comprising the 
steps of receiving in said data processor a request for 
authorization for usage by a user; comparing the usage for 
which authorization is requested with said one or more 
usage control elements of the general set of control data and 
10 granting the authorization if the usage for which authoriza- 
tion is requested complies with the usages defined by said 
one or more usage control elements. 

7. A method as set forth in claim 6, further comprising the 
step of securing payment for the requested authorization for 

15 usage before granting the authorization. 

8. A method as set forth in claim 1, comprising the further 
steps of: 

receiving the data package in a user's data processor; 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting said one or more usage control elements; 
checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the general set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the general set of control data, the data 
object and enabling the requested usage, otherwise 
disabling it. 

9. A method as set forth in claim 8, comprising the further 
steps of reconcaienating, after the usage of the data object, 
the data object and the one or more usage control elements, 
reencrypting at least the data object and the one or more 
usage control elements, and storing the thus-repackaged data 
package in the memory of the user's data processor. 

10. A method for controlling the usage -by a user of a data 
object so as to comply with control conditions for usage. of 
the data object, comprising the steps of: 

providing a varible number of control conditions for 

usage of the data object; 
storing a data package in a memory device, where it is 
accessible by means of a data processor of the user, said 
data package comprising the data object and control 
data, which comprises at least one usage control ele- 
ment defining a usage of the data object which com- 
plies with the variable number of control conditions, 
the data object and said at least one usage control 
element being encrypted; 
receiving a request by the user for usage of the data 
object; 

decrypting the control data; 

checking, in response to the request by the user for usage 
of the data object, whether the requested usage com- 
plies with the usage defined by the at least one usage 
control element of the control data; and 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the control data, the data object and enabling 
the requested usage, otherwise disabling it 

11. A method as set forth in claim 10, wherein the usage 
control element is updated after the at least ooe usage of the 
data object. 

12. A method as set forth in claim 10, wherein said control 
data comprises an indication of the number of times the user 


20 


25 


30 


35 


19 


5,845,281 


20 


is authorized to use the data object io accordance with said 
at least one usage control element; 

wherein the requested usage of the data object is only 
enabled when said number of times is one or more; and 
wherein said number of times is decremented by one 5 
when the requested usage is enabled. 

13. A method as set forth in claim 10, wherein the control 
data comprise a security control element, and further com- 
prising the step of carrying out, before each usage of the data 
object, a security procedure denned in the security control 10 
element. 

14. A method as set forth in claim 10, wherein the step of 
checking whether the requested usage complies with the 
usage defined by the at least one usage control element 
comprises the step of checking that the user's data processor 25 
is capable of carrying out a security procedure specified in 

a security control element of the at least one usage control 
element, and if not, disabling the usage. 

15. A method as set forth in claim 10, comprising the 
further steps of reconcatenating, after the usage of the data 20 
object, the data object and the one or more usage control 

'■' elements, reencrypting at least the data object and the one or 
more usage control elements, and storing the thus- 
repackaged data package in the memory of the user's data 
processor. 25 

16. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising 

means for providing a vanable number of control condi- J() 
tions; 

first means in the data object provider's data processor for 
creating a general set of control data for the data object 
based on the variable number of control conditions for 
usage, said general set of control data comprising at 35 
least one or more usage control elements defining 
usages of the data object which comply with the 
variable number of control conditions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 40 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; and 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 45 
elements to create a secure data package, which is 
ready for transfer to a user. 

17. A system as set forth in claim 16, wherein the general 
set of control data comprises a control data element which 
defines the right to further distribution of the data object by 50 
the user. 

18. A system for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 
the data object, comprising: 

means for providing variable number of control condi- 
tions; 

storing means for storing a data package which comprises 
a data object and a control data comprising at least one 
usage control element defying a usage of the data 60 
object which complies with the variable number of 
control conditions; 

means for decrypting the at least one usage control 
element and the data object; 

checking means for checking whether a usage requested 65 
by the user complies with the usage defined by said at 
least one usage control element; 


55 


enabling means for enabling the usage requested by the 
user when the usage complies with the usage defined by 
said at least one usage control clement; and 

disabling means for disabling the usage requested by the 
user when the usage docs not comply with the usage 
defined by said at least one usage control element. 

19. A system as set forth in claim 18, further comprising 
means for repackaging the data object after usage thereof. 

20. A method for controlling the usage by a user of data 
objects so as to comply with predetermined conditions for 
usage of the data objects, comprising the steps of: 

storing at least two data packages in a memory device, 
where Ihey are accessible by a data processor of the 
user, each said data package comprising a data object 
and a user set of control data, which comprises at least 
one usage control element defining a usage of the data 
object which complies with the predetermined 
conditions, the data object and said at least one usage 
control elements being encrypted; 

decrypting the usage control elements of the user sets of 
control data; 

examining the usage control elements of said at least two 

data packages to find a match; 
using, in response to the finding of a match, the data 

processor to carry out an action, which is specified in 

the user sets of control data. 

21. A method as set forth in claim 20, comprising the 
further steps of updating the at least one usage control 
element of each data package, concatenating after the usage 
of the data objects, each of the data objects and its at least 
one usage control element, reencrypting each of the concat- 
enated data objects and its at least one usage control element 
and transferring the repackaged data objects to their creators. 

22. A method for managing a data object so as to comply 
with predetermined conditions for usage of the data object, 
comprising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing control conditions for usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said control conditions 
for usage, said general set of control data comprising at 
least one or more usage control elements defining 
usages of the data object which comply with said 
control conditions; 

storing said general set of control data io a memory 
device, where it is accessible by said data processor; 

conca tenating the general set of control data with a copy 
of the data object; 

encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer to a user; 

creating, in response to a request for authorization for 
usage of the data object by a user, a user set of control 
data, which comprises at least a subset of the general 
set of control data, including at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in said concatenating step; 

using the at least one or usage control element of the user 
set of control data instead of the one or more usage 
control elements of the general set of control data in the 
encrypting step; and 
checking, before allowing transfer of the data package to 
the user, that said request for authorization for usage of 
the data object has been granted. 



5,845 : 

21 

23. A method as set forth in claim 22, wherein the data 
object is composed of at least two constituent data objects 
and wherein the user set of control data, in response to a 
request for authorization for usage of one of said constituent 
data objects by a user, is created only for that constituent 5 
data object and concatenated only with a copy of that 
constituent data object 

24. A method as set forth in claim 22, wherein the data 
provider's data processor is connected to a data network and 
the request for authorization is received from a dau proces- 10 
sot of tbe user, which is also connected to tbe data network, 
further comprising the step of transferring the data package 
through the data network to the user's data processor. 

25. A method as set forth in claim 22, wherein tbe data 
object is a composite data object including at least two is 
constituent data objects and wherein the step of creating a 
general set of control data comprises the step of creating a 
respective general set of control data for each of the con- 
stituent data objects and the composite data object and 
wherein the step of creating a user set of control data 20 
comprises the step of creating a respective user set of control 
data for each of the constituent data objects and tbe com- 
posite data object. 

26. A method as defined in claim 22, comprising the 
further step of storing a copy of the user set of control data 25 
in the data object providers processor. 

27. A method as defined in claim 22, comprising the 
further steps of: 

receiving the data package ia a user's data processor; 

storing the data package in a memory device where it is 30 
accessible by means of the user's data processor; 

decrypting the at least one usage control element of the 
user set of control data; 

checking, in response to a request by the user for usage of 35 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of tbe user set of control data; and 

decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 40 
element of tbe user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it. 

28. A method as set forth in claim 22, further comprising: 
receiving the data package ia a user's data processor; 45 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting the at least one usage control element of the 

user set of control data; s 
checking, in response to a request by the user for usage of 

the data object, whether the requested usage complies 



p 281 

22 

with the usage defined by tbe at least one usage control 
element of the user set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of tbe user set of control data, tbe data object 
and enabling the requested usage, otherwise disabling 
it; and 

reconcalcnating, after tbe usage of tbe data object, the 
data object and the one or more usage control elements 
of the user set of control data, and re encrypting at least 
the data object and the one or more usage of the user set 
of control data. 
29. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising: 

first means in tbe data object provider's data processor for 
creating a general set of control data for the data object 
based on the predetermined conditions for usage, said 
general set of control data comprising at least one or 
more usage control elements defining usages of the data 
object which comply with the predetermined condi- 
tions; 

storing means, which are accessible by means of said data 
processor, for storing tbe data object and the general set 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 
elements to create a secure data package, which is 
ready for transfer to a user; 

second means in said dau processor for creating, in 
response to a request for authorization for usage of the 
dau object by a user, a user set of control dau, which 
comprises at least a subset of the general set of control 
data, which subset comprises at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in the storing means; 

using (he user set of control data instead of the general set 
of control data in the concatenating means; 

using the user set of control data instead of the general set 
of control data in the encrypting means; and 

checking means in said data processor for checking that 
said request for authorization for usage of the data 
object has been granted before allowing transfer of the 
data package to tbe user. 

*****