Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


United States Patent ne] 

Benson et al. 


ilPJIE'IU'lfj 

US005845281A 
Patent Number: 
[45] Date of Patent; 


5,845,281 
Dec 1, 1998 


[54] METHOD AND SYSTEM FOR MANAGING A 
DATA OBJECT SO AS TO COMPLY WITH 
PREDETERMINED CONDITIONS FOR 
USAGE 

[75] Inventors: Greg Benson, Dalby; Gregory H. 

Uricfa, Lund, botb of Sweden 

[73] Assignee: MediaDNA, Inc., La JoUa, Calif. 

[21] Appl. No.: 594,813 

[22] Filed: Jan. 31, 1996 

[30] Foreign Application Priority Data 

Feb. 1, 1995 [SE] Sweden 9500355-4 

[51] Int. CI. 6 _ „ „ G06F 17/30 

[52] VJS. CI _ 707/9; 707/10; 707/103 

[58] Field of Search 395/609, 610, 

395/614; 707/9, 10, 103 

[56] References Cited 

U.S. PATENT DOCUMENTS 

4,919,545 4/1990 Yu „ _„.. 380/25 

5,023,907 6/1991 Johnson cl a) 380/4 

5,103,476 4/1992 Waite et al , 380/4 

5,222,134 6/1993 Waite el al 38Q/4 


5,235,642 8/1993 Wobber et al - 380/25 

5,319,705 6/1994 Halter et al _ 380/4 

5321,841 6/1994 East et a). _ „ 395/725 

5,375,240 12/1994 Grundy _ 395/700 

5,400,403 3/1995 Fahn et al _ 380/21 

FOREIGN PATENT DOCUMENTS 

0367700 5/1990 Eu,opean Pat. Off. . 

0567800 4/1993 European Pat. Off. . 

0653695 11/1994 European PaL Off. . 

W096/27155 9/1996 WIPO .„ G06F 17/30 

Primary Examiner— Mm* N. Von Buhr 

Attorney, Agent, or Fi>7n— Knobbe, Martens, Olson & Bear. 

LLP 

[57] ABSTRACT 

A method and a system for managing a data object so as to 
comply with predetermined conditions for usage of the data 
object. To control the usage of the data object, a set of 
control data, defining uses of the data object, which comply 
with the predetermined conditions, is created for the data 
object. The data object is concatenated with the user set of 
control data, encrypted and transferred to the user. When the 
user wants to use the data object, a special user program 
checks whether the usage complies with the control data. If 
so, the usage is enabled. Otherwise it is disabled. 

29 Claims, 15 Drawing Sheets 



data packaging program 


19 


U.S. Patent 


Dec. 1, 1998 Sheet 1 of 15 


5,845,281 


Figl 


data object 
provider 1 ~ 


user 2 — 


data o 

bject 

-24 

predetermined conditions 







packaging program 


i 


19 


secure package 

data object 

; control data 


-40 


1 



secure package 



data object ; control data 





user program 

-35 

♦ 



data object in usage form 





U.S. Patent Dec. 1, 1998 Sheet 2 of 15 


5,845,281 


Fig 2 





1 

24- 

data object(s) 


19- 

data packaging 
program 


20- 

control database 


21- 

network and 
telecommunications 


23- 

OS 








~13 


10- 


16- 


cpu 


1 4 - display 


1 5 ~ keyboard 


printer 


network 
adapter 


-12 


bulk storage - 1 7 


ROM 


-18 


memory - 1 1 


U.S. Patent 


Dec. 1, 1998 


Sheet 3 of 15 


5,845,281 


Fig 3 


control 
module 


-301 
► 


302- 


user interface module 


303- 


packaging 
module 


control data 
creation module 


-304 


format modules 


-306 


security modules 


-307 


encryption module 


-305 


data packaging program 


19- 


U.S. Patent Dec. 1,1998 Sheet 4 of 15 


5,845,281 


Fig 4 


401 ~ 


create data object and 
save data object to file 


402- 


I 


start packaging program 

♦ 


403- 


input header information and 
usage information 


404- 


1 


create header data 


405- 


save header data to header file 


406- 


create usage data 


T 


save usage data to usage file 

* ~ 


408- 


410- 


need data conversion? 

t. 

need compression? 


yes 


convert data object file format 


-409 


no 


1 


yes 


compress data object file 


-41 1 


no 


4 j 2 - neec * secu ri tv treatment? 


i 


yes 


perform security treatment 


-413 


no 


414- 


concatenate usage data file and data object file and save as a temporary file 


1 


415- 


encrypt temporary file 


T 


416- 


concatenate temporary file from previous step and header file and 
save as a single file 


U.S. Patent Dec. 1, 1998 Sheet 5 of 15 5,845,281 


Fig 5 


file identifier 
title 

format code 
security code 


123456789 

image 

a 

b 


Fig 6 


usage element for author's phone number 


.price for single use 


.price for unlimited use 


.code for usage type approved 


.code for number of usages approved 


identifer 

size 

data 

identifer 

size 

data 

identifer 

size 

data 

identifer 

size 

data 

identifer 

size 

data 


1 

13 

716 381 5356 

2 

4 

.50 

3 

4 

50.00 

4 

2 

9 

5 

2 

1 


U.S. Patent Dec. 1, 1998 Sheet 6 of 15 5,845,281 


42- 


predetermined 
conditions 


Fig 7 


video -24 


19- 


data packaging 
program 


50-- 


20- 


. general 
control data 

control 
database 


video " 24 


storage 


-17 


U.S. Patent 


Dec. 1, 1998 


Sheet 7 of IS 


5,845,281 


Fig 8a 


- object identifier 123456789 
format code 0010 

header security code 0010 

number of usage elements 2 

size of usage data 1 7 

- size of data object 273 
1 st usage element id 001 
1st usage element size 6 
1st usage element data 1 
2nd usage element id 002 
2nd usage element size 3 
2nd usage element data 


Fig 8b 


header 


f- object identifier 123456790 

format code 0010 

security code 0010 

number of usage elements 2 

size of usage data 1 7 

size of data object 273 

1 st usage element id 00 1 

1 st usage element size 6 

1 st usage element data 1 

2nd usage element id 002 

2nd usage element size 3 

2nd usage element data 2 


U.S. Patent 


Dec. 1, 1998 Sheet 8 of 15 


5,845,281 


Fig 9 


50-- 


control data 


20- 


control 
database 


data object 


24 


DBMS 


-22 


I 


19- 


data packaging 
program 


60- 


24- 
40 H 


I 


user adapted 
control data 


data object 


secure 
data package 


user adapted 
control data 

control 
database 


-60 


-20 


U.S. Patent Dec. 1,1998 Sheet 9 of 15 


5,845,281 


Fig 10 


1001 

Copy general set of control data to create new control data 1 



1002 

Apply new id to new control data 



* 

1003 

Update second control element data in new control data 



1004 

Store new control data in control database 



1005 

Copy data object 



1006 

Concatenate data object and new control data 



1007 Begin security procedure corresponding to security code "0010" 

1008 Encr ypt data object and control data to create final data package 

i — 

1009 Store data package or pass to network program I 


U.S. Patent 


Dec. l. 1998 


Sheet 10 of IS 


5,845,281 


Fig 11 


control data in memory 


123456789001000102172730016100232 


AVI file in memory 


RIFF0 >D OA VILISTOaODhdriavih8 □ 0 Oj 0 □ OS WOQC\A 

DQDODiaDDaoaaoaoDPoo@ooaflDoooaooA 

^□OwOODDOV6LrSTtOOQstrlstrh80DDvidscvidaaQcc 
SaOD{ { {hhhhhh{Qn— <rS— <ac$hm[hhhOOa~ { { {|sd*™S 

<pi*jr8= + aaaooooDOQaoDD(Oiia M o* > §*~D(anqvd 


Fig 12a 


concatenated control data 
and AVI file in memory 


1 23456789001 0001 021 727300 161 0023 2riffo> 

O OA VILIST6 DO Qhdrla vih8 O O Oj O O OS WD DCVADO D 
OQiOODDODDDDaOPQO@aDO0aaOOQOaAiaO 
wOOQQO V6LISTtQ O O strlstrtrt O a O vidscvidD □ OaSo D 
D ( { { hhhhhh { O r>— ac&— acShm[hhh OOD""({{ (sd^SQl'j [" 
8=+OOOOOaOOODODDO{Dna u O' , § , "D{anqvdOaa 
»/,'/,'/, hhh(On' , §i| , '{On— <ESjrqvd(On,.%«wmL%oWi! 


Fig 12b 


concatenated and 
encrypted control data and 
AVI file in memory 


1 2345678900 1 000 1 02 1 7273oooaoGooooaa 
oooaaoooooaoDaoaaoaaoQaaodoaDoaD 
□oooaaooaqaooaoooDoooaQaaaoaoooo 
DDoaaaaDQaaDoaoaaadoooQOQoaoaoQD 
ooooaaoDooaQODOOooooooaooaoQooao 

OODQQOQpDOOODOOQOOQQOQOOOOOQQOQQ 

oaaaoooDoaaaaooodoooooDDoaooaoao 
oaaaooDDaaoDaooaoaoooo , /« 


U.S. Patent Dec. 1, 1998 Sheet 11 of 15 5,845,281 


Fig 13 


40- 


35- 


36- 


37- 


39- 


25- 


29- 


30- 


31 


data package 


user program 


control database 


network and 
telecommunications 


OS 


28- 


processor 


display 


keybd 


pnnter 


bulk storage 


sound sys - 32 


ROM ~33 


-34 


network 
adapter 


-27 


memory —26 


U.S. Patent Dec. 1, ms sheet 12 of is 5,845,281 


Fig 14 


-1401 


control 
module 


I 


1402- 


user interface module 


file transfer 
program 


1403- 


usage manager 
module 


-1409 


control data 
parser module 


-1404 


format modules 


-1406 


security modules 


-1407 


decryption module 


-1405 


user program 


35- 


U.S. Patent Dec. 1, 1998 Sheet 13 of 15 


5,845,281 


Fig 15 


I5qj— receive data package 


1502- 


store data package as file 


1503~ 


I 


1504- 


start user program 35 


input usage request 

i 


1505 -Jdecrypt and extract control data from data package and store control data 

♦ 


in memory 


1506— 


compare usage request to usage 
requirements in control data 


1507- 


usage OK? 


1509- 


no 


disable usage request 


-1508 


need data conversion? 


yes 


convert data object file format _j 5 


510 


no 


yes 


]5] j- need decompression? 


1513- 


1 


decompress data object file [ -1512 


no 


1515- 


need security treatment? 


yes 


perform security treatment 


-1514 


no 


decrypt and extract object data 

i 


enable requested usage 


1 


1517- u P datc control data 

t 


1518- 


restore data package 


U.S. Patent Dec. 1,1998 Sheet 14 of 15 5,845,281 


Fig 16 


1601 

Begin user program 


1602 

Detect usage request 


1603 

Examine control data 


I 


1604 

If universal format code is "0010" then continue, else disable use and 
jump to 1699 


1605 

If universal security code is "0010" then continue, else disable use and 
jump to 1699 


1606 

Compare user type to first usage element data j 

i 

1 1607 

If user type is same then continue, else disable use and jump to 1 699 | 


| 1608 

Check second control element for number of uses purchased | 


| 1609 

If uses is > 0 then enable use, else disable use and jump to 1699 1 


1610 

Decrement second control element data 

* 

1611 

Repackage data object 


1699 return 


U.S. Patent Dec. 1,1998 sheet is of is 5,845,281 


Fig 17 


control data 0 


control data'l 


control data 2 


control data 3 


object data 1 


control data 0 


control data 1 


object data 1 


data package 1 


control data 2 


object data 2 


object data 2 


object data 3 


data package 0 


data package 2 


control data 3 


object data 3 


data package 3 


data package 0 


5,845,281 

1 2 

METHOD AND SYSTEM FOR MANAGING A ing. Tnc owner may also want to sell composite objects with 

DATA OBJECT SO AS TO COMPLY WITH different rules governing each constituent object. Thus, it is 

PREDETERMINED CONDITIONS FOR Decessary to be able to implement variable and extensible 

USAGE control. 

5 The user on his pan wants to be able to search for and 

TECHNICAL FIELD purchase data objects in a convenient manner. If desired, the 

The present invention relates to data processing and more user sho * ld bc ablc t0 combine or cdil Phased objects (i.e. 

particularly to a method and a system for managing data *>' creating • presentation). Furthermore, the user may want 

objects so as to comply witb predetermined conditions for in * P rolc ? ^ chJdrcn from inappropnatc material. A com- 

us ^ ge 10 plete solution must enable these needs as well. 

What is needed is a universally adaptable system and 
BACKGROUND method for managing the exchange and usage of data objects 

while protecting the interests of data object owners and 
Much has been written recently regarding the puzzle of users, 
universal connectivity. A typical vision of the data highway 15 

has long distance high speed data carriers inter connecting PRIOR ART 

regional networks which provide telecommunications ser- A method for enforcing payment of royalties when copy- 

vices and a wide range of interactive on-line services to j ng softcopy books is described in the European patent 
consumers. Many of the pieces are already in place, others application EP 0 567 800. This method protects a formatted 
. are in development or testing. In fact, even though the data 20 texl ^ream of a structured document which includes a 
highway is under construction it is currently open to limited royally payment element having a special tag. When the 
traffic. On-line services are springing up daily and video on formatted text stream is inputted in the user's data processor, 
demand services are currently being tested. the iext stream is searched to identify the royalty payment 

The potential to benefit society is immense. The scope of element and a flag is stored in the memory of the data 
information available to consumers will become truly global 25 processor. When the user for instance requests to print the 
as the traditional barriers to entry for distribution of, and document, the data processor requests authorization for this 
access to, information are lowered dramatically. This means operation from a second data processor. The second data 
that more diverse and specialized information will be made processor charges the user the amount indicated in the 
available just as conveniently as generic sources from major royalty payment element and then transmits the authoriza- 
vendors used to be. The end result is that organizations and 30 lion to the first data processor. 

individuals will be empowered in ways heretofore only One serious limitation of this method is that it can only be 

imagined. applied to structured documents. The description of the 

However, a fully functioning data highway will only be as above-mentioned European patent application defines a 
valuable as the actual services which it provides. Services structured document as: a document prepared in accordance 
envisioned for the data highway that involve the delivery of with an SGML compliant type definition. In other words it 
data objects (e.g. books, films, video, news, music, software, can not be applied to documents which are not SGML 
games, etc.) will be and arc currently limited by the avail- compliant and it cannot be applied to any other types of data 
ability of such objects. Library and educational services arc objects. 

similarly affected. Before owners will allow their data 4Q Furthermore, this method does not provide for variable 
objects to be offered they must bc assured of royally and extensible control. Anyone can purchase a softcopy 
payments and protection from piracy. book on a CD, a floppy disc or the like, and the same royalty 

Encryption is a key component of any solution to provide amount is indicated in the royalty payment element of all 
copy protection. But encryption alone is not enough. During softcopy books of the same title. 

transmission and storage the data objects will be protected 45 Thus, the method described in EP 0 567 800 does not 

by encryption, but as soon as anyone is given the key to satisfy the above-mentioned requirements for universally 

decipher the content he will have unlimited control over it. adaptable protection of data objects. 

Since the digital domain permits data objects to be repro- ^ .^t,~^™™ 

duced in unlimited quantities wi.h no loss of qutliiy, each SUMMARY OF THE INVENTION 

object will need to be protected from unlimited use and so Accordingly, it is a first object of the invention to provide 

unauthorized reproduction and resale. a method and a data processing system for managing a data 

The protection problem must not be solved by a separate object in a manner that is independent of the format and the 
solution for each particular data format, because then the structure thereof, so as to comply with predetermined con- 
progress will indeed be slow. It is important to consider the ditions for usage control and royalty payment, 
effect of standardization on an industry. Consider how the 55 It is a further object of the invention to provide such a 
VHS, the CD and the DAT formats, and the IBM PC method and system which is universally adaptable to the 
compatibility standards have encouraged growth in their needs of both the owner and the user of the data object, 
respective industries. However, if there is to be any type of A further object of the invention is to provide such a 

standardization, the standard must provide universal adapt- method and system which enables a data object provider to 
ability to the needs of. both data providers and data users. 6 q distribute his data object while maintaining control of the 

The data object owner may want to have permanent usage thereof, 
secure control over how, when, where, and by whom his Yet another object of the invention is to provide a method 

property is used. Furthermore, he may want to define and system which allows a data object provider to select the 
different rules of engagement for different types of users and level of security for his data object in a flexible way. 
different types of security depending on the value of par- 65 Yet another object of the invention is lo provide such a 
ticular objects. The rules defined by him shall govern the method and syslem which makes it possible to establish an 
automated operations enabled by data services and network- audit trail for the data object. 


5,845,281 

3 4 

Yet another object is to provide such a method and system control data. In the latter case, the number of usages 

which makes it possible to sell and buy data objects in a requested by the user is tentatively authorized and included 

secure way. in the user set, but if the request is refused the user set is 

More particularly, a data object provider, e.g., the owner canceled or changed, 
of a data object or his agent (broker), stores the data object 5 The data package may be transferred to the user by 

in a memory device, e.g. a bulk storage device, where it is electronic means or stored on bulk storage media and 

accessible by means of the data provider's data processor. transferred to the user by mail or by any suitable transpor- 

The data object can consist of digital data, analog data or a la lion means. 

combination or hybrid of analog and digital data. Once the data object has been packaged in the above - 

A general set of control data, which is based on the 10 described manner, it can only be accessed by a user program 

predetermined conditions for usage of the data object, is which has built-in usage control and means for decrypting 

created and stored in the same memory device as the data the data package. The user program will only permit usages 

object or another memory device where it is accessible by defined as acceptable in the control data. Moreover, if the 

the data provider's data processor The predetermined con- control data comprises a security control element, the secu- 
ditions for usage may be defined by the data object owner, 15 rity procedure prescribed therein has to be complied with. In 

by the broker or by anyone else. They may differ, between one embodiment, the usage control may be performed as 

different data objects. follows. If the user decides to use a data object, the user 

The general set of control data comprises at least one or program checks the control data to see if this action is 

more usage control elements, which define usages of the authorized. More particularly, it checks that the number of 
data object which comply with the predetermined condi- 20 authorized usages of this kind is one or more. If so, the 

lions. These usages may encompass for instance the kind of action is enabled and the number of authorized usages 

user, a time limit for usage, a geographical area for usage, decremented by one. Otherwise, the action is interrupted by 

allowed operations, such as making a hard copy of the data th e u ^er program and the user may or may not be given the 

object or viewing it, and/or claim to royalty payment. The opportunity to purchase the right to complete the actioo. 
general set of control data may comprise other kinds of 25 After the usage, the user program repackages the data 

control elements besides the usage control element. In a object in the same manner as it was packaged before, 

preferred embodiment, the general set of control data com- When a data object is redistributed by a user or a broker, 

prises a security cootrol element which defines a security ne w control elements are added in the control data to reflect 
procedure which has to be carried out before usage of the ^ the relation between the old user/broker and the new user/ 

data object. It also comprises an identifier, which uniquely broker. In this way, an audit trail for the data object may be 

identifies the general set of control data. created. 

The general set of control data is concatenated with a copy According to another aspect of the invention at least two 

of the data object. Thus, the control data does not reside in data packages are stored on a users data processor, which 
the data object, but outside it, which makes the control data 35 examines the usage control elements of the data packages in 

independent of the format of and the kind of data object and or a er to find a match. If a match is found, the user's data 

which allows for usage control independently of the data processor carries out an action which is specified in the user 

object format. se t 0 f control data. This method can be used for selling and 

At least the usage control elements) and the data object buying data objects, 

are encrypted, so that the user isunable louse the data object 40 BRIEF DESCRIPTION OF DRAWINGS 
without a user program which performs the usage control 

and which decrypts the data object. Alternatively, the whole FIG. 1 is a flow diagram showing the general data flow 

set of control data and the copy of the data object may be according to the invention. 

encrypted. FIG. 2 is a system block diagram of a data object 

A user may request authorization for usage of a data 45 provider's data processor, 

object residing at a data provider's processor via a data FIG. 3 is a block diagram showing the different modules 

network or in any other appropriate way. The authorization of a data packaging program according to the invention, 

may or may not require payment. When a request for FIG. 4 is a data flow diagram of a data packaging process, 

authorization for usage is received, a user set of control data FIG. 5 is an example of a header file, 

is created by the data provider's processor. The user set of 50 FIG. 6 is an example of a usage data file, 

control data composes the general set of control data or a FIG. 7 is a data flow diagram of loading an object to the 

subset thereof including at least one of said usage control daU ^ daU processor 

elements which is relevant for the actual user. It typically o jol 1 r .i^.r j « 

. . . , 1 -j •/ * . FIGS. Sa and 8b are examples of control da a for a data 

also includes a new identifier which uniquely identifies this ,. , , . . . „ - \ , . , , _ 

r . ~i ir ™i . .u. » - ■. r ij. object on the data object provider s data processor and for an 

set of control data. If relevant, the user set of control data 55 J. t . . , . \T At r , 

• j- . , . r object ready to be transferred to a user, respectively, 

also comprises an indication of the number of usages J „,~ , ■ r , , 3 

authorized. If more than one kind of usage is authorized, the 9 15 a dal ? ^ dia ^ fam of data Paging on the 

number of each kind of usage may be specified. Finally, the data ^ zcX P rovldcr s dala P roccssor - 

user set of control data is concatenated with a copy of the F1G - 10 15 a flow of a dala packaging procedure. 

data object, and at least the usage control elements and the 60 F1G - 11 is a memor y image of a data object and its control 

copy of the data object are encrypted to create a secure data data. 

package ready for transfer to the user. FIG. 12a is a memory image of the concatenated control 

Before the data package is transferred to the user, it should data and data object, 

be confirmed that the request for authorization for usage has FIG. 12b is a memory image of the concatenated and 

been granted. The check is preferably carried out before the 65 encrypted control data and data object, 

user set of control data is created. However, it can also be FIG. 13 is a system block diagram of a user's data 

carried out in parallel with or after the creation of the user processor. 


5,845,281 

5 6 

FIG. 34 is a block diagram showing ibe different modules The Data Provider's Data Processor 
of a user program according to the invention. FIG. 2 is a system block diagram of a data object 

FIG. 15 is a flow diagram of using a data object on the provider's data processor. As mentioned above, the data 
user's data processor. object provider may be an author of a data object, an owner 

FIG. 16 is a flow diagram of how the user program 5 of a data object, a broker of a data object or anyone else who 
operates in a specific application example. wants to distribute a data object, while retaining the control 

FIG. 17 is an example of various data package structures °f ^ usage. The data processor is a general or special 
for composite objects. purpose processor, preferably with network capabilities. It 

DESCRIPTION OF THE BEST MODE FOR comprises a CPU 10, a memory 11 and a network adapter 12 : 

CARRYING OUT INVENTION 10 are inlerconneclcd b Y a bu s 13. As shown in FIG. 2, 

other conventional means, such as a display 14, a keyboard 
General Overview 15, a printer 16. a bulk storage device 17, and a ROM 18. 

FIG. 1 is a flow diagram showing the general data flow ma y also be connected to the bus 13. The memory U stores 
according to the invention. The flow diagram is divided into network and telecommunications programs 21 and an oper- 
a data object provider part 1 and a user part 2. 15 alin S system (OS) 23. All the above-mentioned elements are 

In the data object provider part 1, a data object 24 is we »- know ° 10 «h c billed person and commercially avail- 
created by an author. The data object can consist of digital able ' For ^ P ur P<* e of the present invention, the memory 
data, analog data or a combination or hybrid of analog and 11 aIso £lores a daU P acka S in B program 19 and, preferably, 
digital data. The primary difference between analog data 3 dalabase 20 ""ended for control data. Depending upon the 
objects and digital data objects is the means for storage 20 currenl °P eraUon > one or more data objects 24 can be stored 
transfer and usage. ' m ™morY 11 35 sn ow D or in the bulk storage 17. The 

The author also determines the conditions 42 for the usage Jf^o"? ^ P[ OCeSsor « co ^ered secure, 

of the data object 24 by a user. The data object 24 and the ^ °^ Packa S m S Pro g ram - 

usage conditions 42 are input to a data packaging program ThC 1 f 13 / acka g jn e program 19 is used for creating 

1 9, which creates a secure data package 40 of the daia object 25 C °T , conlroJIm S lhe usa 6 e of a data object and for 
and of control data which are based on the input usage P acka S JD g lhe dala ob J ecl the control data into a secure 
conditions 42. Once packaged in this way, the data object pa C A age . . . . 

can only be accessed by a user program 35 ^ &h0Wn m F,G 3 > 11 "^P™^ a program control 

tu b «k;^t „ . , ~ ... , module 301, a user interface module 302, a pack a trine 

The data object may be packaged toge her with a general , n . ij. , Tv * ^ ^ e 

co. «r™ .™i Lt* ™u ~u ■ *u r 11 x- 1 V 30 module 303, a control data creation module 304, an encrvp- 

sel of control data, which is the same for all users of the data t - nwx „ rt j„i An< <■ A , ™, . yv 

object. TCS ^ be the case when the data object is sent ,o TZT^ ZZZS™" ^ "* °" 

a retailer or a bulletm board, wherefrom a user may obtain tl, , j,,,. t , 

tu j . u* » 1 . , J J« e control module 301 controls the execution of ihe 

it. The data object may also be packaged as a consequence , u ^ 1 -n. _r 

r . * ' c ,f , , : other modules. The user interface module 302 handles 

of a request from a user for usage of the data ob ect In that * . -.u .u j • - , L, nanaies 

case, tne package may include^.™! data which is spe- 35 ""^ '°° t T ^/"^^ 

cifically adapted to that use, This control data is called a m0dU ' 3 ° 3 P C .T ,he C ° mrol 11 

user Jt of control data. 1. may for example comprise the Z loTh .""T. ^ ** ^ 

u t t_ j . ' , J? . ""'v 1 *** modules 3U6, the security modules 307 and the encrvntion 

number of usages purchased by the user. Typ cally, the user ™< L „,-n ^ a u 1 * j 7 ™f™P uon 

. r . , r, .... , , ■ : , module 305 as will be described more in detail below 

set of control data will be created on the basis of the eeneral „ A t . ^ i ™* - ' 

set of control data and include a. leas, d subset thereof A <° - ^ eompnse program code, which 

user se. of control dau, need no. always be adapted for a \° ^'V^ dala ° b J' cls m na ." V£ { °™«- 

specific user. All sets of con^ol data which are creald on the "n t! T l * dala H C ° K mpreSSI ° n a " d daU 

basis of a general set of control data will be called a user set converslon ; ^ ca " be ™plemenied by any appropnate, 

of control data. Thus, a set of control daU can be a general < commer f cla,1 y avai ' a ^ P™f am . ^ * by means of a 

se, in one phase m d a user se, in another phase. 6 45 I ™ ^ 'V.H^ E ^ ^ Libra ^ 

ry» . , _ , . for Windows and the Image Alchemy package from Hand- 

The abovc-menttoncd data packaging car . be earned out made Software Incorporated, respectively. Ttey can also be 

by the author htmself by means of the data packagmg implemented by custom designed programs, 

program 19^As an alternative, the author may send his data The security modules 307 comprise program code 

object to a broker, who inputs the data object and me usage 50 required lo imp]ement se a. nl y, such as more sophisticated 

condmons determmed by the author to the data packagmg encryplion than wnat fc pmvi ^ b , he e ^ 

program 19 in order to create a secure package 3. The author 3 05, authorization algorithms, access contVo] and usage 

may also sell his data object to 0* broker. In that case, the conlrol> above and bey ^ nd , he basic ^ fa ^ 

broker probably wants to apply his own usage conditions lo data package 

the data packaging program. The author may also provide 55 ^ dala pac kaging program 19 can contain many differ- 

the data object m a secure package to the broker, who ent types of both formal and security modules. The program 

repackages the data object and adds further control data control module 30 i. applies lbe f ormat and security modules 

which is relevant to his business activmes. Various combi- which ^ requested b the daU ider y 

nations of the above alternatives are also conceivable. ^ encryption module 305 may be any appropriate 

In the user part 2 of the Bow diagram, the secure package 6 0 commercially available module, such as "FileCrypr Visual 

40 is received by a user, who must use the user program 35 Basic subprogram found in Crescent Software's QuickPak 

m order to unpackage the secure package 40 and obtain the Professional for Windows — F1LECRPT.BAS, or a custom 

data object m a final form 80 for usage. After usage, the data designed encryption program 

object is repackaged into the secure package 40. Th e control data creation module 304 creates the control 

The different parts of the system and the different steps of 65 data for controlling the usage of the data object. An example 

the method according to the invention will now be described of a control data structure will be described more in detail 

in more detail. below. 


5,845,281 

7 8 

The Control Data: entered in the form of predetermined codes, is ihen passed 

The control data can be stored in a header file and a usage to the control module 301, which calk the packaging module 

data file. In a preferred embodiment, the header file com- 303 and passes the information to it. 

prises fields to store an object identifier, which uniquely The packaging module 303 calls the control data creation 

identifies the control data and/or its associated data object, 5 module 304, which first creates a header file, then creates 

a title, a format code, and a security code. The format code header data on the basis of the header information entered by 

may represent the format or position of fields in the usage the data object provider and finally stores the header data, 

data file. Alternatively, the format code may designate one or step 404-405. Then a usage data file is created, usage data 

more format modules to be used by the data packaging created on the basis of the usage information entered by the 

program or the user program. The security code may rep- to data provider, and finally the usage data is stored in the 

resent the encryption method used by the encryption module usage data file, step 406-407. 

305 or any security module to be used by the data packaging The packaging module 303 then applies any format and 

program and the user program. The header file fields will be security modules 306, 307 specified in the header file, steps 

referred to as header elements. 408-413, to the data object. 

The usage data file comprises at least one field for storing is Next, the packaging module 303 concatenates the usage 

data which controls usage of the data object. One or more data file and the data object and stores the result as a 

usage data fields which represent one condition for the usage temporary file, step 414. The packaging module 303 calls the 

of the data object will be referred to as a usage element. In encryption module 305, which encrypts the temporary file, 

a preferred embodiment, each usage element is defined by an step 415. The level of security will depend somewhat on the 

identifier field, e.g. a serial number, a size field, which 20 quality of the encryption and key methods used, 

specifies the size of the usage element in bytes or in any Finally, the packaging module 303 concatenates the 

other appropriate way, and a data field. header file and the encrypted temporary file and saves the 

The header elements and the usage elements are control result as a single file, step 416. This final file is the data 

elements which control all operations relating to the usage of package which may now be distributed by file transfer over 
the object. The number of control elements is unlimited. The 25 a network, or on storage media such as CDROM or diskette, 

data provider may define any number of control elements to or by some other means, 

represent his predetermined conditions of usage of the data p 

object. The only restriction is that the data packaging fcAAMFLk 1 

program 19 and the user program 35 must have compatible ^ example of how the data packaging program 19 can be 
program code to handle all the control elements. This 30 used will now be described with reference to FIGS. 5 and 6. 

program code resides in the packaging module and the usage * n example the data object provider is a computer 

manager module, to be described below. graphics artist, who wants to distribute an image that can be 

Control elements can contain data, script or program code used as cli P art > ° m onlv i n a document or file which is 

which is executed by the user program 35 to control usage packaged according to the method of the invention and 
of the related data object. Script and program code can 35 wnic h his usage conditions which do not permit further 

contain conditional statements and the like which are pro- cutting or pasting. The artist wants to provide a free preview 

cessed with the relevant object and system parameters on the °* ^ e i ma £ e > DUt a lso wants to be paid on a per use basis 

user's data processor. It would also be possible to use a unless the user is willing to pay a rather substantial fee for 

control element to specify a specific proprietary user pro- unlimited use. The artist will handle payment and usage 
gram which can only be obtained from a particular broker. 40 authorization b*h a dial-up line to his data processor. 

It is evident that the control data structure described above 'The artist uses some image creation application, such as 

is but one example. The control data structure may be Adobe's Photoshop to create his image. The artist then saves 

defined in many different ways with different control ele- the image to file in an appropriate format for distribution, 

ments. For example, the partitioning of the control data in such as the Graphical Interchange Format (GIF). The artist 
header data and usage data is not mandatory. Furthermore, 45 then starts his data packaging program and enters an object 

the control elements mentioned above are but examples. The identifier, a title, a format code and a security code, which 

control data format may be unique, e.g. different for different ^ <his example are "123456789", "image", "a", and -V\ 

data providers, or defined according to a standard. respectively. In this example, the format code "a"' indicates 

The Operation of the Data Packaging Program that no format code need be applied, and this code is selected 

The operation of a first embodiment of the data packaging 50 since the GIF format is appropriate and already compressed, 

program will now be described with reference to the block Furthermore, the security code "b" indicates that no security 

diagram of FIG. 3 and the flow diagram of FIG. 4. module need be applied and this code is selected since the 

First a data provider creates a data object and saves it to security achieved by the encryption performed by means of 

a file, step 401. When the data packaging program is started, the encryption module 305 is. considered appropriate by the 
step 402, the user interface module 302 prompts the data 55 artist. 

object provider to input, step 403, the header information Then the artist enters his dial-up phone number, his price 

consisting of e.g. an object identifier, a title of the data for a single use of the image and for unlimited use of the data 

object, a format code specifying any format module to be object, a code for usage types approved, and for number of 

used for converting the format of the data object, and a usages approved. For this purpose, the user interface module 
security code specifying any security module to be used for 60 302 may display a data entry form. 

adding further security to the data object. Furthermore, the The data packaging program 19 creates control data on 

user interface module 302 prompts the data object provider the basis of the information entered by the artist and stores 

to input usage information, e.g. his conditions for the usage the data in the header file and in the usage data file as shown 

of the data object. The usage information may comprise the in Fl GS. 5 and 6, respectively. This data constitutes a genera] 

kind of user who is authorized to use the data object, the 65 set of control data which is not specifically adapted to a 

price for different usages of the object etc. The header single user, but which indicates the conditions of usage 

information and the usage information which may be determined by the artist for all future users. 


5.845,281 

9 10 

Tben the package program 19 concatenates ihe data object cated therein. The comparison may include comparing the 

and the control data in accordance with steps 414-41 6 of user type, the usage type, the number of usages, the price etc. 

FIG. 4 to achieve the secure package. No format module or If the requested usage complies with the predetermined 

security module is applied to the data object, since they are conditions the authorization is granted, otherwise it is 

not needed according to the data in the header file. 5 rejected. 

When the secure package has been obtained, the artist FIG. 9 is a data flow diagram of the data packaging on the 

sends it to a bulletin board, from where it can be retrieved broker's data processor, which occurs in response to a 

by a user. granted request from a user for authorization for usage of the 

EXAMPLE 2 video, e.g. a granted request for the purchase of two view- 

10 ings. 

Below, another embodiment of the data packaging pro- ] n response to a granted request, the brokef again applies 

gram 19 will be described with reference to FIGS. 7-126. In the data packagineVograra 19. The general set of control 

this example, the data object consists of a video film, which data 50 and the data object 24 are input to the program from 

is created by a film company and sent to a broker together the control database 20 and the bulk storage 17, respectively, 
with the predetermined conditions 42 for usage of the video. ]5 The program creates a user set of control data 60 on the basis 

The broker loads the video 24 to the bulk storage 17 of his of the general set of control data 50 and concatenates the 

data processor. Then, he uses his data packaging program 19 user set 60 and the data object 24 to create a secure data 

to create a general set of control data 50 based on the package 40, which may tben be transferred to the user by any 

predetermined conditions 42 for usage indicated by the film suitable means. A copy of the user set of control data is 
company. Furthermore, the address to the video in the bulk 2 o preferably stored in the broker's control database This gives 

storage 17 is stored in an address table in the control the broker a record with which to compare subsequent use 

database 20 or somewhere else an the memory 11. It could e .£. when a dial-up is required for usage 

also be stored in the general set of control data 50. Finally, FIG. 10 is a flow diagram of an exemplary procedure used 

the general set of control data 50 is stored in the control f or creating a user set of control data and for packaging the 
database 20. It could also be stored somewhere else in the 25 US er set of control data and the video into a secure package 

memory 11. After these operations, which correspond to Here, the procedure will be described with reference to the 

steps 401-407 of FIG. 4, the data packaging program is general set of control data shown in FIG. 8fl. 

cxited - The user set of control data 60, i.e. a set of control data 

FIG. 8a shows the general set of control data for the video which is adapted to the specific user of this example, is 
according to this example. Here the control data includes an 30 created in steps 1001-1003 of FIG. 11. First, the general set 

identifier, a format code, a security code, the number of of control data 50 stored in the control database is copied to 

usage elements, the size of the data object, the size of the create new control data, step 1001. Second, a new identifier, 

usage elements and two usage elements, each comprising an here "123456790", which uniquely identifies the user set of 

identifier field, a size field and a data field. The identifier control data, is stored in the identifier field of the new control 
may be a unique number in a series registered for the 35 data 60, step 1002. Third, the data field of the second usage 

particular broker. In this example, the identifier is element is updated with the usage purchased, i.e. in this 

"123456789" the format code "0010", which, in this example with two, since two vie wings of the video were 

example, indicates the formal of a AVI video and the security purchased, step 1003. 

code is "0010". Furthermore, the first usage element defines The thus-created user set of control data, which corre- 
the acceptable users for the video and the second usage 40 sponds to the general set of control data of FIG. 8a is shown 

element data defines the number of viewings of the video in FIG. 8b. 

purchased by a user. The first usage element data is 1 which, The user set of control data is stored in the control 

for the purposes of this example will signify that only database 20, step 1004. Then, the video, which is stored in 

education oriented users are acceptable to the film company. the bulk storage 17, is copied, step 1005. The copy of the 
The data field of the second usage element data is empty, 45 video is concatenated with the user set of control data, step 

since at this stage no viewings of the video has been 1006. The security code 0010 specifies that the en tire' da ta 

purchased. package 40 is to be encrypted and that the user program 35 

Managing Object Transfer: must contain a key which can be applied. Accordingly, the 

The broker wants to transfer data objects to users and whole data package is encrypted, step 1007. Finally, the 
enable controlled usage in return for payment of usage fees 50 encrypted data package is stored on a storage media or 

or royalties. Managing the broker-user business relationship passed to a network program, step 1008, for further transfer 

and negotiating the transaction between the broker and the to the user. 

user can both be automated, and the control data structure FIG. 11 is a memory image of the video 24 and the user 

can provide unlimited support to these operations. The control data 60. The user control data and a copy of the video 

payment can be handled by transmitting credit card 55 24 are concatenated as shown in FIG. 12a. The encrypted 

information, or the user can have a debit or credit account data package 40 is shown in FIG. 12h. 

with the broker which is password activated. Preferably, The procedure of FIG. 10 can be implemented by the data 

payment should be confirmed before the data object is packaging program of FIG. 3. As an alternative to the 

transferred to the user. procedure of FIG. 10, the user set of control data can be 

Data packaging: 60 created as in steps 1001-1003 and saved in a header file and 

When a user wants to use a data object, he contacts the in a usage data file, whereafter steps 408-416 of the data 

broker and requests authorization for usage of the data packaging program of FIG. 4 can be performed to create the 

object. When the request for authorization is received in the secure package. 

broker's data processor, a data program compares the usage The above -described process for creating a user-adapted 

for which authorization is requested with the usage control 65 set of control data may also be used by a user who wants to 

elements of the control data of the data object to see if it redistribute a data object or by a broker who wants to 

complies with the predetermined conditions for usage indi- distribute the data object to other brokers. Obviously, redis- 


5,845,281 

11 12 

tribution of the data object requires thai re distribution is a A password may be added in a password control element 

usage approved of in the control data of the data object. If during packaging of the data object. The password is trans- 

so, the user or the broker creates a user set of control data ferred to the user by registered mail or in any other appro- 

by adding new control elements and possibly changing the pr iate way. In response to the presence of the password 

data fields of old control element to reflect the relation 5 CO ntrol element in the control data structure, the user pro- 

between the author and the current user/broker and between gram prompts ^ ^ to - { ^ password . ^ j * 

the current user/broker and the future user/broker. In this password is compared with the password in the control data, 

way. an audit trail is created. r , . f . _ , £ . r v - . 

The User's Data Processor: JisaWed ^ COnUDUes ' olhc ™* « 

The user's data processor, which is shown in FIG. 13, is ^ *™ , , 
a general or special purpose processor, preferably with 10 ™ C u USCr pr0 /[ am 35 ™ n also have procedures which alter 

network capabilities. It comprises a CPU 25, a memory 26, * c behavior of lhe program (e.g. provide fillers for children) 

and a network adapter 27, which are interconnected by a bus according to the control data of the user object 41. It is 

28. As shown in FIG. 13 f other conventional means, such as important to mention thai the user program 35 never stores 

a display 29, a keyboard 30, a printer 31, a sound system 32, ^ ob i ccl ™ native forma in user accessible storage and that 
a ROM 33, and a bulk storage device 34, may also be 15 during display of the data object the print screen key is 

connected to the bus 28. The memory 26 stores network and trapped. 

telecommunications programs 37 and an operating system Tb e file transfer program 1409 can transfer and receive 

(OS) 39. AH the above-mentioned elements are well-known files via network to and from other data processor, 

to the skilled person and commercially available. For the Since the data object is repackaged into the secure pack- 
purpose of the present invenuon, the memory 26 also stores 20 age after the usage, the user program should also include 

a user program 35 and, preferably, a database 36 intended for program code for repackaging the data object. The program 

the control data. Depending upon the current operation, a code could be the same as that used in the corresponding 

daia package 40 can be stored in the memory 26, as shown, data packaging program 19. It could also be a separate 

or in the bulk storage 34. program which is called from the user program. 
The User Program: 25 Operation of the User Program: 

The user program 35 controls the usage of a data object The operation of an embodiment of the user program 35 

in accordance with the control data, which is included in the will now be described with reference to the block diagram 

data package together with the data object. of FIG. 14 and the flow diagram of FIG. 15. 

As shown in FIG. 14. the user program 35 comprises a First the user receives a data package 40 via file transfer 
program control module 1401 a user interface module 1402, 30 over a oetwork, or on a storage media such as CD-ROM or 

a usage manager module 1403, a control data parser module diskette, or by any other appropriate means, step 1501 . He 

1404, a decryption module 1405, one or more format then stores the data package as a file on his data processor, 

modules 1406, one or more security modules 1407, and a file step 1502. 

transfer program 1409. When the user wants to use the data object, he starts the 
The control module 1401 controls the execution of the 35 user program 35. step 1503. Then he requests usage of the 

other modules. The user interface module 1402 handles data object, step 1504. The request is received by the user 

interactions with the user. The usage manager module 1403 interface module 1402, which notifies the control module 

unpackages the secure package 40. It uses the control data 1401 of the usage request. The control module 1401 calls the 

parsermodule 1404, the decryption module 1405, the format usage manager module 1403 and passes the usage request, 
modules 1406, and the security modules 1407. 40 The usage manager module 1403 reads the format code 

The format modules 1406 comprise program code, which from tie data package to determine the control data format, 

is necessary to handle the data objects in their native format, Then it calls the decryption module 1405 to decrypt and 

such as decompression and data format procedures. The extract the control data from the data package. The usage 

security modules 1407 comprises program code required to manager module 1403 applies the decryption module 1405 

implement security above the lowest level, such as access 45 incrementally to decrypt only the control data. Finally, it 

control, usage control and more sophisticated decryption stores the control data in memory, step 1505. 

than what is provided by the basic decryption module 1405. The usage manager module 1403 then calls the control 

The user program 35 can contain many different types of data parser module 1404 to extract lhe data fields from the 

both format and security modules. However, they should be usage elements. 

complementary with the format and security modules used 50 The usage manager module 1403 then compares the user 

in the corresponding data packaging program. The usage request for usage with the corresponding control data, steps 

manager module 1401 applies the format and security mod- 1506-1507. If the requested usage is not permitted in the 

ules which are necessary to use a data object and which are control data, the requested usage is disabled, step 1508. 

specified in its control data. If the proper format and security However, if the requested usage is approved of in the control 

modules are not available for a particular data object, the 55 data, the usage manager module 1403 applies any format 

usage manager module 1401 will not permit any usage. and security modules 1406, 1407 specified in the header data 

The decryption module 1405 can be the above-mentioned or usage data, steps 1509-1514, to the data package. 

FileCrypt Visual Basic subprogram or some other commer- Then the usage manager module 1 403 calls the decryption 

cially available decryption program. It can also be a custom module 1405, which decrypts the object data, step 1515. 

designed decryption module. The only restriction is that the 60 whereafter the requested usage is enabled, step 1516. In 

decryption module used in the user program is complemen- connection with the enabling of the usage, the control data 

tary with the encryption module of the data packaging may need to be updated, step 1517. The control data may for 

program. instance comprise a data field indicating a limited number of 

The control data parsermodule 1403 performs the reverse usages. If so, this data field is decremented by one in 

process of the control data creation module 304 in FIG. 3. 65 response to the enabling of the usage. When the user has 

The user program 35 can have code which controls use of finished usage of the data object, the user program 35 

the program by password or by any other suitable method. restores the data package in the secure form by repackaging 


5,845,281 

13 14 

it. step 1518. More particularly, the data object and the usage 307 containing a sophisticated encryption algorithm, such as 

elements are recoocatenated and reencrypted. Then the RSA, could be used. In that case the packaging module 303 

header elements are added and the thus-created package is calls the security module 307 in step 412 of the flow diagram 

stored in the user's data processor. of FIG. 4. The security module encrypts the image and 

Example 1 contd 5 V* 55 ** a s^nty algorithm code to the control data creation 

p ' module 302, which adds a control element for the security 

A specific example of bow the user program operates will module code, which will be detected by the user program 35. 

now be described with reference to FIGS. 6 and 15. The Then the data packaging continues with step 414. When the 

example is a continuation of Example 1 above, where an data package is sent to the user, the public key is mailed to 

artist created an image and sent it to a bulletin board. J(J the user by registered mail. When the user program is 

Assume that a user has found the image at an electronic executed in response to a request for usage of this data 

bulletin board (BBS) and is interested in using it. He then oh ^ the usa & e manager module will delect the security 

loads the data package 40 containing the image to his data module code in the control data and call the security module, 

processor and stores it as a file in the bulk storage. The user ^ mo L du J e P 355 " °° ntro1 to the ^ interface module 

then executes the user program 35 and requests to preview „ , 1402 > wh,ch " quests the user to input the public key. If the 

the image. The user program then performs steps 1505-1507 15 « cori^ 0w uscr^nty module apphes complemen- 

of the flow diagram in FIG. 15. The request for a preview of ^J^Z ^ hT* V*^' 'ETT 1 

the image is compared with the data field of the usage ™* e ! ° tbc USagC maDagCr modulc > whlch cnabIcs lhc 

element "code for usage type approved". In this example, As another example of improved security, a security 

the code *9 ^designates mat pr^^^^ 20 module may implement an authorization P roc4, according 

the requested previe* [ IS OK. Then, the user program 35 l0 wnich each rf the ^ ^ ^ * 

performs step 1509-1515 of FIG 15. Since the format code me daa ^ of me da(a ^ ^ 

a and me &eCUnly ^ b 0f lhe beader dala indlcale lhal corresponding security module code is detected by the user 
neither conversion, nor decompression nor security treat- 0£ram 35> me reIevan( module js ^ ^ 

mem is required, the user program ^decrypte the object 25 mo5u , e passes a for authorization to the control 

data. The usage manager module 1403 then displays the module , 401 which calk !hfi fifc 

preview on the user s data processor and passes control back wmch dia , the da(a objec( pTOvidC i>s dial-up number, which 

to the user interlace 1402. ^ indicaled in a vsagc t \ emeTi{ and transfers the request for 
When the user is finished previewing the image, the user a uthori2ation of usage. Upon a granted authorization, the 

interface module 1402 displays the costs for usage of the 30 d ata provider's data processor returns a usage approved 

image in accordance with the price usage data of the control me ssage to the user security module, which forwards the 

data ("price for single use" and "pnee for unlimited use" m approval to the usaee control module, which enables one 

FIG. 6) and prompts the user to enter a purchase request. The usage> lf lhe user re q UeS ts further usages of the data object, 

user decides to buy unlimited use of the image, and the user ^ authorization process is repeated. This procedures results 

interface module 1402 inputs purchase information, such as 35 in a permanent data object security, 
an identification, billing, and address for that request and 

passes the request to the control module 1401. The control Example 2 contd. 

module calls the file transfer program 1409, which dials the A further specific example of how the user program 35 

artist's dial-up number as indicated in the usage data operates will now be described with reference to FIG. 16. 

("control element for artist's phone number" in FIG. 6) and 40 The example is a continuation of Example 2 above, where 

transfers the request and purchase information to a broker a user purchased two viewings of a video film from a broker, 

program on the artist's data processor. Upon approval of the The user wants to play the video which was purchased and 

purchase, the broker program returns a file containing an transferred from the broker. The user applies the user 

update for "usage type approved" control elements. The program 35, step 1601, and requests to play the video, step 

update is "10" for the usage type approved, which in this 45 1 602. The user program 35 first examines the user set of 

example indicates that unlimited use by that user is permit- control data 60, step! 603. In this example, the user program 

ted. The file transfer program 1409 passes this update to the 35 contains only those format and security modules for 

usage manager module 1403 which updates the control data objects with format code of 0010 and with a security code 

with the "usage type approved" code. The user interface of 0010. Consequently, only those types of data objects may 

module 1402 then displays a confirmation message to the 50 be used. If the program encounters other codes it will not 

user* enable the usage action, step 1604-1605. 

Subsequently, the user interlace module inputs a request Next, the user program 35' compares the first control 

to copy the image to a file packaged according to this element data which is 1, for educational users only, to user 

invention, on the user's machine. The usage manager mod- information entered by the user on request of the user 

ule then compares the user request control data. The usage 55 program. Since the user type entered by the user is the same 

manager module examines the data filed for "Usage type as that indicated in the first usage element the process 

approved", which now is "00". The usage manager module continues, steps 1606-1607. Then the user program checks 

copies the image to the file. the second control element data which specifies that the 

When the user is finished with the image, the usage number of plays purchased is 2. Consequently, the usage is 

manager module 1403 repackages the image as before 60 enabled, step 1609. The user program applies the decryption 

except with updated control dala. This repackaging process module with the universal key and the AVI format video is 

is exactly like that shown in FIG. 4, except that the header displayed on the display unit 29. Then, the second control 

and usage dala already exist, so the process starts after step element dala is decremented by one, step 1610. Finally, the 

406 where control data is created. . video is repackaged, step 1611. 

Improved Security 65 Implementation of Variable and Extensible Object Control: 

If the data object provider wants to improve the security Object control is achieved through the interaction of the 

of a data package containing a data object, a security module data packaging program 19 and the usage program 35 with 


5,845,281 


15 


the control data. Variation of object control can be applied to 
a particular object by creating a control data format with 
control elements defining the control variation and the 
circumstances in which the variation is applied. Program 
procedures should then be added to program modules to 5 
process the control elements. For example, suppose a broker 
wants to allow students to print a particular article for free 
but require business users to pay for it. He defines control 
elements to represent the user types student and business and 
the associated costs for each. He then adds program logic to 
examine the user type and calculate costs accordingly. 1 
Object control is extensible in the sense that the control data 
format can have as many elements as there are parameters 
defining the rules for object control. 
Implementation of Variable and Extensible Object Security: 

Object security is also achieved through the interaction of 15 
the data packaging program 19 and the user program 35 with 
the control data. Security process and encryption/decryption 
algorithms can be added as program modules. Variation of 
object security can be applied to a particular object by 
creating a control data format with control elements defining 
the security variation and the circumstances in which the 
variation is applied. Program procedures should be added to 
program modules to process the control elements. For 
example, suppose a broker wants to apply minimal security 
to his collection of current news articles but to apply tight 
security to his encyclopedia and text books. He defines a 
control element for security type. He then adds program 
logic to apply the security algorithms accordingly. Object 
security is extensible in the sense that multiple levels of 
security can be applied. The level of security will of course 
be dependent on the encryption/key method which is imple- 
mented in the security modules. One level of security may 
be to require on-line confirmation when loading a data 
object to the user's data processor. This can be implemented 
in program code in a security module. This permits the 
broker to check that the object has not already been loaded 
as well as double check all other parameters. 

It is also important to have version control with time 
stamping between the usage program and the user s control 
database. Otherwise the database can be duplicated and 
reapplied to the user program. The user program can place 
a time stamp in the control database and in a hidden system 
file each time the control database is accessed. If the time 
stamps are not identical, the control database has been 
tampered with and all usage is disabled. Program code for 
handling time stamps can reside in a security module. 
Handling Composite Objects: 

A composite object can be handled by defining a control 
data format with control elements defining relationships 
between constituent objects and by defining a parent/child 
element and a related object id element. For example, 
suppose a broker wants to include a video and a text book 
in an educational package. He creates a parent object with 
control elements referring to the video and textbook objects. 
He also includes control elements in the control data for the 
video object and the textbook object referring to the parent 
object. Finally, he adds program procedures to program 
modules to process the control elements. 

In other words, when the data object is a composite data 
object including at least two constituent data objects, a 
respective general set of control data is created for each of 
the constituent data object and the composite data object. In 
response to a request from a user, a respective user set of 
control data is created for each of the constituent data objects 
as well as for the composite data object. 

Examples of various data package structures for compos- 
ite objects are given in FIG. 17. 


16 


ADOtherside of composite objects is when the user wants 
to combine data objects for some particular use. Combina- 
tion is a usage action that must be permitted in each 
constituent data object. A new data object is created with 
control data linking the constituent data objects. Each con- 
stituent data object retains its original control data which 
continues to control its subsequent usage. 

When a user requests authorization for usage of one 
constituent data object in a composite data object, a user set 
of coDtrol data is created only for that constituent data object 
and concatenated only with a copy of that constituent data 
object. 

Scaleable Implementation: 

The flexible control data structure and modular program 
structure permit almost boundless extensibility with regard 
to implementation of the owner's requirements for usage 
control and royalty payment. The control data structure can 
include control elements for complex user types, usage 
types, multiple billing schemes, artistic or ownership credit 
requirements and others. Security modules can be included 
which interact with any variation of the control data struc- 
ture and the control data. Security modules could require a 
dial up to the brokers data processor to approve loading or 
usage actions and to implement approval authentication 
mechanisms. 
User Acting as a Broker: 

A limited or full implementation of the broker's data 
packaging program can be implemented on the user's 
machine to permit further distribution or reselling. However, 
only those data objects with control data permitting further 
distribution or reselling are enabled in that way. 
Rebrokering 

An author of a data object may want to allow his original 
broker to distribute his data object to other brokers whom 
will also distribute his image. He then includes a control 
element which enables rebrokering in the control data before 
distributing the data object with its associated control data to 
the original broker. Upon request for rebrokering, the origi- 
nal broker copies the general set of control data and updates 
the copy to create a user set of control data which will 
function as the general set of control data on the subsequent 
brokers data processor. The original broker packages the 
data object with the user set of control data and transfers the 
package to the subsequent broker. The subsequent broker 
then proceeds as if he were an original broker. 
Automated Transaction Negotiation 

This is an example of how the predetermined conditions 
for usage included in the control data can be used for 
achieving automated transaction negotiation. 

Suppose some company wants to provide a computer 
automated stock trading. Buy and sell orders could be 
implemented in the form of data packages and a user 
program could process the data packages and execute trans- 
actions. Data packages could carry digital cash and manage 
payment based on conditions defined in the control data. 
In this example, the buy order is created using a data 
55 packaging program according to the invention on the buy- 
er's data processor. The sell order is created using the data 
packaging program on the seller's data processor. Both 
orders are used by the user program on the stock trader's 
data processor. The usages would take the form of using a 
sell order data package to sell stock and a buy order data 
package to buy stock. The rules or conditions for buying and 
selling stocks could be indicated in the control data of the 
packages. The data object consists of digital money. In this 
context it is important to remember that digital money is 
merely data which references real money or virtual money 
that is issued and maintained for the purpose of digital 
transactions. 


20 


25 


30 


35 


45 


50 


60 


65 


5,845,281 


17 


In this example the buyer starts with a digital money data 
file. He uses the data packaging program to create control 
data, e.g. kind of stock, price, quantity, for the purchase, and 
he then packages the digital money data file and the control 
data into a secure package as described above. 

The seller starts with an empty data file. This emply file 
is analogous to the digital money data file except it is empty. 
The seller creates control data, e.g. kind of stock, price, 
quantity, and packages the empty file and the control data 
into a secure package. 

Both the sell order package and the buy order package are 
transferred to the data processor of the stock trading 
company, where they are received and stored in the memory. 
The user program of the stock trading company examines 
the control data of the buy and sell order packages in the 
same way as has been described above and looks for a 
match. Upon identifying matched buy and sell orders the 
user program executes a transaction, whereby the digital 
money is extracted from the buy order data package and 
transferred to the sell order package. Then the control data 
of the data packages is updated to provide an audi! trail. Both 
packages are repackaged in the same manner as they were 
previously packaged and then transferred back to their 
authors. 

The above described technique could be used for selling 
and buying any object as well as for automated negotiations. 
Payment may be carried out in other ways than by digital 
money. 

In the general case, the data processor of the user decrypts 
the usage control elements of the user sets of control data 
and examines the usage control elements to find a match. In 
response to the finding of a match, the user's data processor 
carries out an action which is specified in the user set of 
control data. 

We claim: 

1. A method for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing a variable number of control conditions for 
usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said variable number 
of control conditions for usage, said general set of 
control data comprising at least one or more usage 
control elements defining usages of the data object 
which comply with said variable number of control 
conditions, 

storing said general set of control data in a memory 
device, where it is accessible by said data processor; 

concatenating the general set of control data with a copy 
of the data object; and 

encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
. package which is ready for transfer to a user. 

2. A method as set forth in claim 1, wherein the step of 
encrypting comprises encrypting the data object and the 
general set of control data. 

3. A method as set forth in claim 1, wherein the step of 
creating control data comprises creating an identifier which 
uniquely identifies the general set of control data. 

4. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 
security control element which identifies a security process 
to be applied before usage of the data object is allowed. 


18 


10 


15 


20 


25 


45 


55 


65 


5. A method as set forth in claim 1, wherein the step of 
creating a general set of control data comprises creating a 
formal control element which identifies the format of the 
control data. 

6. A method as set forth in claim 1, further comprising the 
steps of receiving in said data processor a request for 
authorization for usage by a user; comparing the usage for 
which authorization is requested with said one or more 
usage control elements of the general set of control data and 
granting the authorization if the usage for which authoriza- 
tion is requested complies with the usages defined by said 
one or more usage control elements. 

7. A method as set forth in claim 6, further comprising the 
step of securing payment for the requested authorization for 
usage before granting the authorization, 

8. A method as set forth in claim 1, comprising the further 
steps of: 

receiving the data package in a user's data processor; 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting said one or more usage control elements; 
checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the general set of control data; 
decrypting, id response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the general set of control data, the data 
object and enabling the requested usage, otherwise 
disabling it. 

9. A method as set forth in claim 8, comprising the further 
steps of reconcatenating, after the usage of the data object, 
the data object and the one or more usage control elements, 
reencrypting at least the data object and the one or more 
usage control elements, and storing the thus- repackaged data 
package in the memory of the user's data processor. 

10. A method for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 
the data object, comprising the steps of: 

providing a varible number of control conditions for 
usage of the data object; 

storing a data package in a memory device, where it is 
accessible by means of a data processor of the user, said 
data package comprising the data object and control 
data, which comprises at least one usage control ele- 
ment defining a usage of the data object which com- 
plies with the variable number of control conditions, 
the data object and said at least one usage control 
element being encrypted; 

receiving a request by the user for usage of the data 
object; 

decrypting the control data; 

checking, in response to the request by the user for usage 
of the data object, whether the requested usage com- 
plies with the usage defined by the at least one usage 
control element of the control data; and 

decrypting, in response to the requested usage complying 
wiih the usage defined by the at least one usage control 
element of the control data, the data object and enabling 
the requested usage, otherwise disabling it. 

11. A method as set forth in claim 10, wherein the usage 
control element is updated after the at least one usage of the 
data object. 

12. A method as set forth in claim 10, wherein said control 
data comprises an indication of the number of times the user 


19 


5 ; 845,281 


is authorized lo use the data object in accordance with said 
at least one usage control element; 

wherein the requested usage of the data object is only 
enabled when said number of times is one or more; and 
wherein said number of times is decremented by one 5 
when the requested usage is enabled. 

13. A method as set forth in claim 10, wherein the control 
data comprise a security control element, and further com- 
prising the step of carrying out, before each usage of the data 
object, a security procedure defined in the security control 10 
element. 

14. A method as set forth in claim 10, wherein the step of 
checking whether the requested usage complies with the 
usage defined by the at least one usage control element 
comprises the slep of checking that the user's data processor 15 
is capable of carrying out a security procedure specified in 
a security control element of the at least ooe usage control 
element, and if not, disabling the usage. 

15. A method as set forth in claim 10, comprising the 
further steps of reconcatenating, after the usage of the data 20 
object, the data object and the one or more usage control 
elements, reencrypting at least the data object and the one or 
more usage control elements, and storing the thus- 
repackaged data package in the memory of the user's data 
processor. 25 

16. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising 

means for providing a vanable number of control condi- 
tions; 30 

first means in the data object provider's data processor for 
creating a general set of control data for the data object 
based on the variable number of control conditions for 
usage, said general set of control data comprising at 35 
least one or more usage control elements defining 
usages of the data object which comply with the 
variable number of control conditions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 40 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; and 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 45 
elements to create a secure data package, which is 
ready for transfer to a user. 

17. A system as set forth in claim 16, wherein the general 
set of control data comprises a control data element which 
defines the right to further distribution of the data object by 50 
the user. 

18. A system for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 
the data object, comprising: 

means for providing variable number of control condi- 55 
tions; 

storing means for storing a data package which comprises 
a data object and a control data comprising at least one 
usage control element defying a usage of the data 6Q 
object which complies with the variable number of 
control conditions; 

means for decrypting the at least one usage control 
element and the data object; 

checking means for checking whether a usage requested 65 
by the user complies with the usage defined by said at 
least one usage control element; 


20 


enabling means for enabling the usage requested by the 
user when the usage complies with the usage defined by 
said at least one usage control element; and 
disabling means for disabling the usage requested by the 
user when the usage does not comply with the usage 
defined by said at least one usage control element. 

19. A system as set forth in claim 18, further comprising 
means for repackaging the data object after usage thereof. 

20. A method for controlling the usage by a user of data 
objects so as to comply with predetermined conditions for 
usage of the data objects, comprising the steps of; 

storing at least two data packages in a memory device, 
where they are accessible by a data processor of the 
user, each said data package comprising a data object 
and a user set of control data, which comprises at least 
one usage control element defining a usage of the data 
object which complies with the predetermined 
conditions, the data object and said at least one usage 
control elements being encrypted; 
decrypting the usage control elements of the user sets of 
control data; 

examining the usage control elements of said at least two 

data packages to find a match; 
using, in response to the finding of a match, the data 
processor to carry out an action, which is specified in 
the user sets of control data. 

21. A method as set forth in claim 20, comprising the 
further steps of updating the at least one usage control 
element of each data package, concatenating after the usage 
of the data objects, each of the data objects and its at least 
one usage control element, reencrypting each of the concat- 
enated data objects and its at least one usage control element 
and transferring the repackaged data objects to their creators. 

22. A method for managing a data object so as to comply 
with predetermined conditions for usage of the data object, 
comprising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing control conditions for usage of the data object; 
creating, by said data processor, a general set of control 
data for the data object based on said control conditions 
for usage, said general set of control data comprising at 
least one or more usage control elements defining 
usages of the data object which comply with said 
control conditions; 
storing said general set of control data in a memory 
device, where it is accessible by said data processor; 
concatenating the general set of control data with a copy 

of the data object; 
encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer lo a user; 
creating, in response to a request for authorization for 
usage of the data object by a user, a user set of control 
data, which comprises at least a subset of the general 
set of control data, including at least one of said usage 
control elements; 
using the user set of control data instead of the general set 

of control data in said concatenating step; 
using the at least one or usage control element of the user 
set of control data instead of the one or more usage 
control elements of the general set of control data in the 
encrypting step; and 
checking, before allowing transfer of the data package to 
the user, that said request for authorization for usage of 
the data object has been granted. 


5,845,281 


21 


23. A method as set forth in claim 22, wherein the data 
object is composed of at leasi two constituent data objects 
and wherein the user set of control data, in response to a 
request for authorization for usage of one of said constituent 
data objects by a user, is created only for that constituent 5 
data object and concatenated only with a copy of that 
constituent data object. 

24. A method as set forth in claim 22, wherein the data 
provider's data processor is connected to a data network and 
the request for authorization is received from a data proces- 10 
sor of the user, which is also connected to the data network, 
further comprising the step of transferring the data package 
through the data network to the user's data processor. 

25. A method as set forth in claim 22, wherein the data 
object is a composite data object including at least two 15 
constituent data objects and wherein the step of creating a 
general set of control data comprises the step of creating a 
respective general set of control data for each of the con- 
stituent data objects and the composite data object and 
wherein the step of creating a user set of control data 20 
comprises the step of creating a respective user set of control 
data for each of the constituent data objects and the com- 
posite data object. 

26. A method as defined in claim 22, comprising the 
further step of storing a copy of the user set of control data 25 
in the data object provider's processor. 

27. A method as defined in claim 22, comprising the 
further steps of: 

receiving the data package in a user's data processor; 

storing the data package in a memory device where it is 30 
accessible by means of the user's data processor; 

decrypting the at least one usage control element of the 
user set of control data; 

checking, in response to a request by the user for usage of 35 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the user set of control data; and 

decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 40 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it. 

28. A method as set forth in claim 22, further comprising: 
receiving the data package in a user's data processor; 45 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting the at least one usage control element of the 

user set of control data; 

50 

checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 


22 


with the usage defined by the at least one usage control 
element of the user set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it; and 

reconcatenating, after the usage of the data object, the 
data object and the one or more usage control elements 
of the user set of control data, and reencrypting at least 
the data object and the one or more usage of the user set 
of control data. 
29. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising: 

first means in the data object provider's data processor for 
creating a general set of control data for the data object 
based on the predetermined conditions for usage, said 
general set of control data comprising at least one or 
more usage control elements defining usages of the data 
object which comply with the predetermined condi- 
tions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 
elements to create a secure data package, which is 
ready for transfer to a user; 

second means in said data processor for creating, in 
response to a request for authorization for usage of the 
data object by a user, a user set of control data, which 
comprises at least a subset of the general set of control 
data, which subset comprises at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in the storing means; 

using the user set of control data instead of the general set 
of control data in the concatenating means; 

using the user set of control data instead of the general set 
of control data in the encrypting means; and 

checking means in said data processor for checking that 
said request for authorization for usage of the data 
object has been granted before allowing transfer of the 
data package to the user.