WO1995022796A1 - Method and apparatus for retrieving secure information from a cd-rom database - Google Patents

Method and apparatus for retrieving secure information from a cd-rom database Download PDF

Info

Publication number
WO1995022796A1
WO1995022796A1 PCT/US1995/002072 US9502072W WO9522796A1 WO 1995022796 A1 WO1995022796 A1 WO 1995022796A1 US 9502072 W US9502072 W US 9502072W WO 9522796 A1 WO9522796 A1 WO 9522796A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
bus
decryption controller
decryption
host computer
Prior art date
Application number
PCT/US1995/002072
Other languages
French (fr)
Inventor
Robert Nagel
Thomas H. Lipscomb
Original Assignee
Infosafe Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infosafe Systems, Inc. filed Critical Infosafe Systems, Inc.
Priority to AU19236/95A priority Critical patent/AU1923695A/en
Publication of WO1995022796A1 publication Critical patent/WO1995022796A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the present invention relates to a system (method and apparatus) for retrieving secure information from a CD-ROM database for temporary storage and usage by an information user-
  • secure information is intended to mean information (alphanumeric data, graphics and the like) which is either encrypted or otherwise protected to prevent access thereto except by an authorized user.
  • Such systems have been proposed and are employed both for the case where the information source (database) is centralized, and for the case where the information source has been distributed to multiple users. In the latter case, CD-ROMs have been used to export databases to multiple users so that information storage and retrieval takes place at the user site.
  • a principal object of the present invention is to provide a method and apparatus for retrieving secure information from a CD-ROM database at a user site which is not susceptible to attack or compromise by a user.
  • Fig. 1 is a representative diagram of a workstation comprising a personal computer (PC) , a CD-ROM reader and a decryption controller all arranged on an SCSI bus.
  • PC personal computer
  • CD-ROM reader CD-ROM reader
  • decryption controller all arranged on an SCSI bus.
  • Fig. 2 is a block diagram of a decryption controller for use in the system of Fig. 1.
  • Fig. 3 is a flow chart showing the general operation of the decryption controller of Fig. 2.
  • Fig. 4 is a flow chart showing the general operation of the decryption controller of Fig. 2 in response to an SCSI command from the host computer.
  • Fig. 5 is a flow chart showing the general operation of the decryption controller in response to an SCSI command to retrieve an item of information.
  • Fig. 6 is a flow chart showing the operation of the decryption controller in decrypting data.
  • Fig. 7 is a flow chart showing the operation of the decryption controller in creating a decryption key.
  • Fig. 1 illustrates the general nature of the system according to the present invention. As shown here, the system involves a digital computer workstation which is capable of retrieving secure data from a database stored on one or more CD-ROMs.
  • information packets are encrypted prior to storage on a CD-ROM.
  • Some of the information packets may also be stored in decrypted (cleartext) form on a CD-ROM and can be retrieved by any workstation user by means of a CD- ROM reader. However, only an authorized user with a proper validated code is allowed to decrypt the encrypted information packets.
  • a workstation comprising a personal computer (PC) 10, a CD-ROM reader 12 and a decryption controller 14.
  • SCSI Small Computer System Interface
  • the personal computer 10 and the CD-ROM reader 12 are conventional devices which are available commercially.
  • the decryption controller is a special purpose device which operates to receive encrypted data from the CD-ROM reader, decrypt this data if authorized to do so, and transport the decrypted data to the host computer 10 for storage either in its active memory (RAM) or hard disk drive.
  • the decryption controller also keeps a running account of the identity of, and charge for each information packet which is decrypted for later transmission, e.g. by telephone line, to a central billing facility at a remote site.
  • a monitoring facility of this type is known from the aforementioned U.S. Patents Nos. 5,010,571; 4,827,5089 and 5,247,575.
  • the workstation user can display it on the computer screen, print out a hard copy and/or transmit a copy by LAN or modem to another workstation.
  • the SCSI bus extends no more than twenty-six feet in length from end to end and is provided with terminating impedances at each end.
  • Each unit arranged on the bus is provided with a unique address from a maximum of eight addresses (zero to seven) .
  • the computer is usually given the address number seven; the addresses of the other devices on the bus may be selected from zero to seven with a manual switch arranged on each device.
  • the decryption controller 14 is disposed in its own enclosure, separate and apart from the personal computer 10 and possibly also the CD-ROM reader 12.
  • the decryption controller may be provided with light-sensitive, erasable memory circuits so that the contents of memory are erased if and when the enclosure is opened.
  • Fig. 2 shows a preferred embodiment of the decryption controller.
  • This device is connected to the SCSI bus 16 via receptacles 20 and a fifty pin header 22.
  • the SCSI bus controller 18 operates in conjunction with a CPU 24 to receive requests for data from the host computer 10 and initiate requests for this data from the CD-ROM reader 12.
  • the device is provided with its own separate power supply 26 so that it operates completely independently of the host computer 10.
  • the decryption controller is also provided with a 2400 baud modem and telephone interface 28 so that it may communicate with a central billing computer at a remote site.
  • This central billing computer routinely calls the decryption controller 18 at regular intervals — for example, each night — to download the logged information concerning each information packet (IP) that was decrypted, and/or to credit the financial account maintained by the decryption controller when the workstation user makes payment.
  • IP information packet
  • the decryption controller 18 can also communicate with other devices, such as printers or the like, by means of an RS-232C transceiver 30 and an associated serial port connector 32.
  • the SCSI address is set from zero to six by a manual ID selector 34. Date and time are provided by a real time clock 36.
  • Firmware for the decryption controller is provided on two 128K flash memory chips 38; intermediate scratch pad storage is provided by a 256K dynamic RAM 40.
  • Decryption of encrypted data is effected by a Data Encryption Standard (DES) module 42 which operates in conjunction with a key code scrambler 44.
  • the key code scrambler maintains the keys used by the DES module for decryption.
  • the decryption function and/or the key code scrambler function may be implemented in software (firmware) operating in the CPU 24.
  • the system of Fig. 1 and, in particular, the decryption controller of Fig. 2 operates in the manner shown by the flow charts of Fig. 3-7.
  • the CPU 24 executes a self-test routine as is conventional in the art (Block 45 in Fig. 3) . Error messages are communicated to the host computer via the SCSI bus for display to the system user. Thereafter, the CPU enters the idle mode (Block 46) and awaits an interrupt.
  • the decryption controller receives an SCSI command from the host computer (Block 47) it processes this command (Block 48) as will be described hereinafter in connection with Fig. 4. If the decryption controller receives an incoming telephone message (Block 49) from a central billing computer, it processes this message (Block 50) before proceeding.
  • Typical telephone messages are set forth in
  • the controller either transmits information, for example to a printer, or receives a serial message of the type noted above. In this case, the serial message is processed (Block 52) and the controller returns to the idle ' state.
  • Fig. 4 illustrates how an SCSI command from the host computer is treated by the decryption controller.
  • SCSI command is received (Block 53) it is analyzed and processed (Block 54) by the decryption controller. Typical
  • Certain PC commands require the decryption controller to call the central billing computer via the telephone modem. For example, if the financial account is decremented to zero, the decryption controller will automatically call and request additional credit. In this case, the decryption controller makes the call (Block 55) and executes the call- out sequence (Block 56) . In the call-out protocol, the decryption controller dials the number of the central billing facility and transmits both its telephone and identification (ID) numbers. This simple transmission requests an immediate call-back from the central computer during which the financial account is automatically updated.
  • ID telephone and identification
  • Each telephone transaction, initiated by the central billing computer, preferably comprises three steps:
  • the financial account balance in the decryption controller can be updated by the central billing facility. It can be credited, if payment was made to the central billing facility by the user, or debited, for example if a check was returned from the bank marked "insufficient funds".
  • Each billing transaction provided to the central billing facility preferably contains, at a minimum, the following information:
  • IP Information Packet
  • IP intellectual property
  • the decryption controller When an item (IP) is purchased by a user, and the decryption controller is able to complete this transaction by decrementing the financial account and decrypting the item, this transaction is logged into the flash memory 38 of the controller. In this case, the logging operation is flagged (Block 57) and carried out (Block 58) at the completion of the transaction. Thereafter, the decryption controller returns to the idle mode (Block 59) .
  • the retrieval of an item commences with a request by the host computer 10 (Block 60) .
  • the host computer sends this request to the decryption controller 14 via the SCSI bus which processes the request and then sends the item to the host (Block 61) , as if it were the CD-ROM reader.
  • the host computer 10 thus addresses the decryption controller, rather than the CD-ROM reader; however, with the exception of this difference, the host computer operates in such a manner as if it were requesting the item of data directly from the CD-ROM reader.
  • the decryption controller is the CD-ROM reader; i.e., it is indistinguishable from, and "transparent' to the host computer.
  • the decryption controller initially queries the file directory of the CD-ROM to determine whether the item of information is encrypted (Block 62) . If not, the decryption controller initiates a data request from the CD-ROM reader 12 (Block 63) in the same manner as if it were the host computer and reads the item into its own RAM memory. Thereafter, the data item is transferred to the host computer (Block 61) .
  • the decryption controller checks the user's financial account to determine if there is a sufficient positive balance to pay for the item (Block 64) . If not, the decryption controller informs the host computer of the insufficient credit (Block 65) . If credit is sufficient, the decryption controller transmits the cost of the item to the host computer and asks the host to confirm the purchase (Block 66) by displaying the cost to the user and requesting a user response. If the user fails to accept the purchase, the transaction is terminated (Block 67) .
  • the decryption controller initiates a data request to the CD-ROM reader.
  • the item is thus caused to be read by the CD-ROM reader and it is transferred to the RAM of the decryption controller.
  • the item is decrypted using the DES module and the decryption keys (Block 68) .
  • the purchase price of the item is then debited from the user's financial account (Block 69) and the decrypted item is transferred to the host computer (Block 61) .
  • Fig. 6 illustrates the detailed operation of the decryption controller of Fig. 2 in decrypting an item of information. As such, Fig. 6 represents the operation of Block 68 in Fig. 5.
  • the controller obtains the entire item of information (in encrypted form) from the CD-ROM (Block 70) . Thereafter, the controller determines the decryption key (Block 71) for this item from key rules and key data which are available (e.g., stored) locally. Preferably, each separate item of information has a unique decryption key. The method of determining the key will be described in detail hereinafter in connection with Fig. 7. Since the DES module 42 of the decryption controller processes (decrypts) only eight bytes of data at a time, a first group of eight bytes for the information item to be decrypted is initially transferred to the DES circuit (Block 72) and decrypted (Block 73) .
  • Fig. 7 ' illustrates how the decryption key is determined from the key rules and the key data which are available locally for each separate item of information stored on the CD-ROM.
  • the key In order to determine the key, it is necessary to obtain both the key rules and the key data for the specific item of information, and then to apply the rules to this data. Examples of both rules and data are given below.
  • the key rules and the key data are preferably obtained from one or more of the following five sources:
  • Non-volatile storage of a "system message" within the decryption controller flash memory
  • a "file message” constructed from information on the file directory associated with the specific item of information (IP) to be decrypted (for example, the identity, length, location and date of the respective file) and/or the header portion of the IP itself;
  • a "current status message” obtained from some element of the decryption controller (for example, the real time clock) or the host computer.
  • a "key message” that is, the key rules and key data for generating a key — is obtained by retrieving a stored system message (Block 80) , by retrieving a stored communication message (Block 81) , by reading the media message from the CD-ROM (Block 82) , by reading the file directory and header of the selected IP from the CD-ROM (Block 83) , and by obtaining the current status of the decryption controller (Block 84) .
  • the key rules and key data are selected (Block 85) .
  • the key data is applied to the key rules (Block 86) to produce the decryption key.
  • the following key rules are suggested:

Abstract

A personal computer or 'host computer' and a CD-ROM reader are arranged on an SCSI bus. A 'decryption controller', in a separate enclosure outside of the host computer, is also arranged on the SCSI bus. This controller is addressable by the host computer as if it were the CD-ROM reader. Upon receipt of an information request, the decryption controller initiates a request to the CD-ROM reader for the desired information, retrieves this information, decrypts it (if it is encrypted) and then passes it to the host computer. The decryption controller is thus 'transparent' to the host computer.

Description

METHOD AND APPARATUS FOR RETRIEVING SECURE INFORMATION FROM A CD-ROM DATABASE
BACKGROUND OF THE INVENTION The present invention relates to a system (method and apparatus) for retrieving secure information from a CD-ROM database for temporary storage and usage by an information user- Systems for storage and retrieval of secure information are well known in the art. As used herein, the term "secure information" is intended to mean information (alphanumeric data, graphics and the like) which is either encrypted or otherwise protected to prevent access thereto except by an authorized user. Such systems have been proposed and are employed both for the case where the information source (database) is centralized, and for the case where the information source has been distributed to multiple users. In the latter case, CD-ROMs have been used to export databases to multiple users so that information storage and retrieval takes place at the user site.
In the U.S. Patent No. 5,010,571 to Ron Katznelson and the U.S. Patents Nos. 4,827,508, 4,977,594 and 5,050,213 to Victor Shear, it is proposed to provide encrypted digital information on CD-ROMs at the user site and to monitor and account for each item or "packet" of information which is retrieved and decrypted from a CD-ROM by an authorized user.
This concept of retrieving information on a "pay-as- you-go" basis is also disclosed in the U.S. Patent No. 5,247,575 of Peter J. Sprague and Thomas H. Lipscomb to include individual access to encrypted data which is "broadcast" to multiple user sites from a central source and/or to provide individual access to encrypted data stored at a central source, using conventional time sharing techniques and transmission via telephone dial-up or local area network (LAN) or wide area network (WAN) communication.
All of these prior art systems permit the user's access to the secure information to be monitored and strictly controlled. This is accomplished, in practice, by maintaining a record at each user site of each information packet which is retrieved and the cost thereof to the user, and then "polling" all user sites from a remote central site, on a regular basis, to retrieve the user data and, if necessary, disable the equipment at one or more user sites to prevent further access to the secure information at these sites.
Systems of this type require specialized electronic circuitry at each user site which operates in cooperation with a central computer at a remote site. Particularly when decryption must be effected at each user site, it is difficult to maintain the security and integrity of this electronic equipment.
Furthermore, the provision of an electronic circuit board, or the like, to a personal computer at a user workstation can (actually or apparently) compromise the integrity of this computer, thus making the system difficult to implement in practice.
SUMMARY OF THE INVENTION A principal object of the present invention is to provide a method and apparatus for retrieving secure information from a CD-ROM database at a user site which is not susceptible to attack or compromise by a user.
It is a further object of the present invention to provide a system for retrieving secure information from a CD-ROM database at a user site which does not require a reconfiguration of a personal computer at the user site.
These objects, as well as further objects which will become apparent from the discussion that follows, are achieved, in accordance with the present invention, by providing a' personal computer or "host computer" and a CD- ROM reader arranged on an SCSI bus, and providing a "decryption controller", in a separate enclosure outside of the host computer and also arranged on the SCSI bus, which is addressable by the host computer as if it were the CD-ROM reader. Upon receipt of an information request, the decryption controller initiates a request to the CD-ROM reader for the desired information, retrieves this information, decrypts it if it is encrypted, and then passes it to the host computer. The decryption controller is thus "transparent" to the host computer. For a full understanding of the present invention, reference should now be made to the following detailed description of the preferred embodiments of the invention as illustrated in the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a representative diagram of a workstation comprising a personal computer (PC) , a CD-ROM reader and a decryption controller all arranged on an SCSI bus.
Fig. 2 is a block diagram of a decryption controller for use in the system of Fig. 1.
Fig. 3 is a flow chart showing the general operation of the decryption controller of Fig. 2.
Fig. 4 is a flow chart showing the general operation of the decryption controller of Fig. 2 in response to an SCSI command from the host computer.
Fig. 5 is a flow chart showing the general operation of the decryption controller in response to an SCSI command to retrieve an item of information.
Fig. 6 is a flow chart showing the operation of the decryption controller in decrypting data.
Fig. 7 is a flow chart showing the operation of the decryption controller in creating a decryption key. DESCRIPTION OF THE PREFERRED EMBODIMENTS
The preferred embodiments of the present invention will now be described with reference to Figs. 1-7 of the drawings. Identical elements in the various figures are designated with the same reference numerals.
Fig. 1 illustrates the general nature of the system according to the present invention. As shown here, the system involves a digital computer workstation which is capable of retrieving secure data from a database stored on one or more CD-ROMs.
In order to prevent unauthorized access to the stored information, at least some of the individual items of information ("information packets") are encrypted prior to storage on a CD-ROM. Some of the information packets may also be stored in decrypted (cleartext) form on a CD-ROM and can be retrieved by any workstation user by means of a CD- ROM reader. However, only an authorized user with a proper validated code is allowed to decrypt the encrypted information packets.
Upon release of the secure and, if desired, the non- secure information to an authorized user, the user is charged a preset fee set by the information provider (copyright owner or publisher of the information) . This charge is effected automatically by debiting a financial account which has previously been established between the user and the information provider. To implement this system, there is provided a workstation comprising a personal computer (PC) 10, a CD-ROM reader 12 and a decryption controller 14. These three devices, which may be stand-alone devices each arranged in a separate enclosure or combined in one or two enclosures — e.g., the PC 10 in one enclosure and the CD-ROM reader 12 and controller 14 in another — are connected in a well- known manner to a Small Computer System Interface ("SCSI") bus 16 via a bus interface and controller 18.
The personal computer 10 and the CD-ROM reader 12 are conventional devices which are available commercially. The decryption controller is a special purpose device which operates to receive encrypted data from the CD-ROM reader, decrypt this data if authorized to do so, and transport the decrypted data to the host computer 10 for storage either in its active memory (RAM) or hard disk drive.
The decryption controller also keeps a running account of the identity of, and charge for each information packet which is decrypted for later transmission, e.g. by telephone line, to a central billing facility at a remote site. A monitoring facility of this type is known from the aforementioned U.S. Patents Nos. 5,010,571; 4,827,5089 and 5,247,575.
Once an information packet is decrypted and transferred to the host computer 10, the workstation user can display it on the computer screen, print out a hard copy and/or transmit a copy by LAN or modem to another workstation.
In accordance with the SCSI standard, the SCSI bus extends no more than twenty-six feet in length from end to end and is provided with terminating impedances at each end. Each unit arranged on the bus is provided with a unique address from a maximum of eight addresses (zero to seven) . The computer is usually given the address number seven; the addresses of the other devices on the bus may be selected from zero to seven with a manual switch arranged on each device.
In the preferred embodiment of the present invention, the decryption controller 14 is disposed in its own enclosure, separate and apart from the personal computer 10 and possibly also the CD-ROM reader 12. To safeguard the firmware and codes which are used by the electronic circuitry, the decryption controller may be provided with light-sensitive, erasable memory circuits so that the contents of memory are erased if and when the enclosure is opened.
Fig. 2 shows a preferred embodiment of the decryption controller. This device is connected to the SCSI bus 16 via receptacles 20 and a fifty pin header 22. The SCSI bus controller 18 operates in conjunction with a CPU 24 to receive requests for data from the host computer 10 and initiate requests for this data from the CD-ROM reader 12. The device is provided with its own separate power supply 26 so that it operates completely independently of the host computer 10.
The decryption controller is also provided with a 2400 baud modem and telephone interface 28 so that it may communicate with a central billing computer at a remote site. This central billing computer routinely calls the decryption controller 18 at regular intervals — for example, each night — to download the logged information concerning each information packet (IP) that was decrypted, and/or to credit the financial account maintained by the decryption controller when the workstation user makes payment.
The decryption controller 18 can also communicate with other devices, such as printers or the like, by means of an RS-232C transceiver 30 and an associated serial port connector 32.
The SCSI address is set from zero to six by a manual ID selector 34. Date and time are provided by a real time clock 36.
Firmware for the decryption controller is provided on two 128K flash memory chips 38; intermediate scratch pad storage is provided by a 256K dynamic RAM 40.
Decryption of encrypted data is effected by a Data Encryption Standard (DES) module 42 which operates in conjunction with a key code scrambler 44. The key code scrambler maintains the keys used by the DES module for decryption. Alternatively, the decryption function and/or the key code scrambler function may be implemented in software (firmware) operating in the CPU 24.
All keys utilized by the system are created and maintained in the decryption controller so that neither the workstation user nor the PC 10 will have access to these keys.
All of the electronic circuit devices contained in the decryption controller of Fig. 2 are standard, commercially available devices. Part numbers are shown in Fig. 2 for the ajor components.
In a preferred embodiment of the invention, the system of Fig. 1 and, in particular, the decryption controller of Fig. 2, operates in the manner shown by the flow charts of Fig. 3-7.
When first switched on, the CPU 24 executes a self-test routine as is conventional in the art (Block 45 in Fig. 3) . Error messages are communicated to the host computer via the SCSI bus for display to the system user. Thereafter, the CPU enters the idle mode (Block 46) and awaits an interrupt.
If the decryption controller receives an SCSI command from the host computer (Block 47) it processes this command (Block 48) as will be described hereinafter in connection with Fig. 4. If the decryption controller receives an incoming telephone message (Block 49) from a central billing computer, it processes this message (Block 50) before proceeding. Typical telephone messages are set forth in
Table I:
TABLE I
Set Credit (in financial account)
Set Item Price
Set User Password
Clear Financial Account to Zero
Get Financial Account Information
Get User Information
Create User Information
Remove User Information
Send User a Message
Similarly, if an RS232 connection is established (Block 51) , permitting communication either to or from the decryption controller, the controller either transmits information, for example to a printer, or receives a serial message of the type noted above. In this case, the serial message is processed (Block 52) and the controller returns to the idle' state.
Fig. 4 illustrates how an SCSI command from the host computer is treated by the decryption controller. When an
SCSI command is received (Block 53) it is analyzed and processed (Block 54) by the decryption controller. Typical
SCSI commands are set forth in Table II:
TABLE II
Get Financial Account Information
Get Purchased Item Information
Assent/Don't Assent to Purchase Item
Log In
Log Out
Poll for an Asynchronous Event (such as an "on sale" notice) Set User's Default Billing Reference (e.g. , last billing reference number used)
Purchase Item
Get Decryption Controller Status (i.e., error codes)
Get User Information (i.e., currently logged-in user)
Receive Decrypted Data
Certain PC commands require the decryption controller to call the central billing computer via the telephone modem. For example, if the financial account is decremented to zero, the decryption controller will automatically call and request additional credit. In this case, the decryption controller makes the call (Block 55) and executes the call- out sequence (Block 56) . In the call-out protocol, the decryption controller dials the number of the central billing facility and transmits both its telephone and identification (ID) numbers. This simple transmission requests an immediate call-back from the central computer during which the financial account is automatically updated.
Each telephone transaction, initiated by the central billing computer, preferably comprises three steps:
(1) A download to the central billing facility of the current financial account status, all billing transactions completed since the previous download, and the user information stored in the decryption controller;
(2) A transmission from the central billing facility to the decryption controller of any updates, such as changes in pricing information and the like; and
(3) A communication of all error codes from the decryption controller to the central billing facility which indicate that the decryption controller is not functioning properly.
In addition, the financial account balance in the decryption controller can be updated by the central billing facility. It can be credited, if payment was made to the central billing facility by the user, or debited, for example if a check was returned from the bank marked "insufficient funds".
Each billing transaction provided to the central billing facility preferably contains, at a minimum, the following information:
Time and Date of Decryption
Identification No. of Information Packet (IP)
Volume No. of CD-ROM
Information Owner or Distributor of IP
Type of IP (Classification)
Price Paid for IP
Billing Reference, if inserted by the User
When an item (IP) is purchased by a user, and the decryption controller is able to complete this transaction by decrementing the financial account and decrypting the item, this transaction is logged into the flash memory 38 of the controller. In this case, the logging operation is flagged (Block 57) and carried out (Block 58) at the completion of the transaction. Thereafter, the decryption controller returns to the idle mode (Block 59) .
Referring to Fig. 5, the retrieval of an item (IP) commences with a request by the host computer 10 (Block 60) . The host computer sends this request to the decryption controller 14 via the SCSI bus which processes the request and then sends the item to the host (Block 61) , as if it were the CD-ROM reader. The host computer 10 thus addresses the decryption controller, rather than the CD-ROM reader; however, with the exception of this difference, the host computer operates in such a manner as if it were requesting the item of data directly from the CD-ROM reader. Thus, as far as the host computer 10 is concerned, the decryption controller is the CD-ROM reader; i.e., it is indistinguishable from, and "transparent' to the host computer.
The decryption controller initially queries the file directory of the CD-ROM to determine whether the item of information is encrypted (Block 62) . If not, the decryption controller initiates a data request from the CD-ROM reader 12 (Block 63) in the same manner as if it were the host computer and reads the item into its own RAM memory. Thereafter, the data item is transferred to the host computer (Block 61) .
If the file directory indicates that the desired item is encrypted, the decryption controller checks the user's financial account to determine if there is a sufficient positive balance to pay for the item (Block 64) . If not, the decryption controller informs the host computer of the insufficient credit (Block 65) . If credit is sufficient, the decryption controller transmits the cost of the item to the host computer and asks the host to confirm the purchase (Block 66) by displaying the cost to the user and requesting a user response. If the user fails to accept the purchase, the transaction is terminated (Block 67) .
If the host computer confirms the purchase of the item at the price indicated, the decryption controller initiates a data request to the CD-ROM reader. The item is thus caused to be read by the CD-ROM reader and it is transferred to the RAM of the decryption controller. Thereafter, the item is decrypted using the DES module and the decryption keys (Block 68) . The purchase price of the item is then debited from the user's financial account (Block 69) and the decrypted item is transferred to the host computer (Block 61) . Once the item of information has been supplied to the host computer in decrypted form, it is available for storage, both temporary and archival storage, and may be read and copied by the user, as desired.
Fig. 6 illustrates the detailed operation of the decryption controller of Fig. 2 in decrypting an item of information. As such, Fig. 6 represents the operation of Block 68 in Fig. 5.
As an initial step, the controller obtains the entire item of information (in encrypted form) from the CD-ROM (Block 70) . Thereafter, the controller determines the decryption key (Block 71) for this item from key rules and key data which are available (e.g., stored) locally. Preferably, each separate item of information has a unique decryption key. The method of determining the key will be described in detail hereinafter in connection with Fig. 7. Since the DES module 42 of the decryption controller processes (decrypts) only eight bytes of data at a time, a first group of eight bytes for the information item to be decrypted is initially transferred to the DES circuit (Block 72) and decrypted (Block 73) . The result of this decryption — that is, the cleartext — is placed temporarily in RAM (Block 74) and the process is repeated (Block 75) until all bytes of data of the information item are decrypted. Thereafter, the entire information item in cleartext is transmitted to the host computer (Block 61) .
Fig. 7' illustrates how the decryption key is determined from the key rules and the key data which are available locally for each separate item of information stored on the CD-ROM. In order to determine the key, it is necessary to obtain both the key rules and the key data for the specific item of information, and then to apply the rules to this data. Examples of both rules and data are given below.
The key rules and the key data are preferably obtained from one or more of the following five sources:
(1) Non-volatile storage of a "system message" within the decryption controller (flash memory) ; (2) A "communication message" received from either the host computer, via the SCSI bus or RS232C interface, or the central billing facility via the telephone modem;
(3) A "media message" contained on the CD-ROM header which is generic to all the files stored thereon (for example, the volume number of the CD-ROM) ;
(4) A "file message" constructed from information on the file directory associated with the specific item of information (IP) to be decrypted (for example, the identity, length, location and date of the respective file) and/or the header portion of the IP itself; and
(5) A "current status message" obtained from some element of the decryption controller (for example, the real time clock) or the host computer.
Referring to Fig. 7, it is seen that a "key message" — that is, the key rules and key data for generating a key — is obtained by retrieving a stored system message (Block 80) , by retrieving a stored communication message (Block 81) , by reading the media message from the CD-ROM (Block 82) , by reading the file directory and header of the selected IP from the CD-ROM (Block 83) , and by obtaining the current status of the decryption controller (Block 84) . With this information, all of which is available locally at the user site, the key rules and key data are selected (Block 85) . Thereafter, the key data is applied to the key rules (Block 86) to produce the decryption key. By way of example and not limitation, the following key rules are suggested:
(1) Add the CD-ROM volume number from the media message to the length of the IP from the file message.
(2) Add the date from the media message to the date from the file message.
(3) Add the most recent communication message (initial vector) to the file location in the file message.
(4) Subtract the date found in the file message (date of creation of the IP) from the current status (present date) . If the result is positive and less than one year, proceed to decrypt. If the result is negative or more than one year, do not generate a key (do not decrypt) .
Other combinations of key rules and key data will readily occur to those skilled in the art.
There has thus been shown and described a novel method for retrieving secure information from a CD-ROM database which fulfills all the objects and advantages sought therefor. Many changes, modifications, variations and other uses and applications of the subject invention will, however, become apparent to those skilled in the art after considering this specification and the accompanying drawings which disclose the preferred embodiments thereof. All such changes, modifications, variations and other uses and applications which do not depart from the spirit and scope of the invention are deemed to be covered by the invention, which is to be limited only by the claims which follow.

Claims

C L A I M S What is claimed is :
1. Apparatus for retrieving information packets from a mass storage device, at least some of which information packets are stored in said mass storage device in encrypted form, said apparatus comprising, in combination:
(a) a digital bus adapted for transmission of address information, control information and data from a call initiating unit, connected to said bus, to one or more call receiving units, connected to said bus, wherein each unit connected to said bus has an associated bus address;
(b) a host computer connected to said bus and having a first address;
(c) a mass storage device reader connected to said bus and having a second address; and
(d) a"decryption controller connected to said bus and having a third address, said decryption controller including:
(1) a control unit for controlling the operation of said decryption controller;
(2) a memory; and
(3) means for decrypting encrypted information; wherein the host computer has stored therein said third address as the address of said mass storage device and is operative to send information requests via said bus to said decryption controller in lieu of said mass storage device; and wherein said decryption controller is operative, by means of said control unit, to receive information requests from said host computer and to execute said information requests by sending information requests via said bus to said mass storage device, storing in said memory information packets received from said mass storage device in response to said information requests, decrypting encrypted portions of said information packets, if any, by said decryption means and transmitting said information packets, in decrypted form, to said host computer.
2. The apparatus defined in claim 1, wherein th digital bus is a small computer system interface ("SCSI") bus.
3. The apparatus defined in claim 1, wherein said decryption controller further comprises a financial account register and wherein said decryption controller is operative, by means of said control unit, to debit the contents of said register when an information packet is decrypted, said decryption controller being further operative to decrypt encrypted portions of said information packets only when said financial account has a positive balance.
PCT/US1995/002072 1994-02-18 1995-02-09 Method and apparatus for retrieving secure information from a cd-rom database WO1995022796A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU19236/95A AU1923695A (en) 1994-02-18 1995-02-09 Method and apparatus for retrieving secure information from a cd-rom database

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/198,733 1994-02-18
US08/198,733 US5394469A (en) 1994-02-18 1994-02-18 Method and apparatus for retrieving secure information from mass storage media

Publications (1)

Publication Number Publication Date
WO1995022796A1 true WO1995022796A1 (en) 1995-08-24

Family

ID=22734578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1995/002072 WO1995022796A1 (en) 1994-02-18 1995-02-09 Method and apparatus for retrieving secure information from a cd-rom database

Country Status (3)

Country Link
US (1) US5394469A (en)
AU (1) AU1923695A (en)
WO (1) WO1995022796A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997025675A1 (en) * 1996-01-10 1997-07-17 John Philip Griffits A secure pay-as-you-use system for computer software

Families Citing this family (125)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6771617B1 (en) * 1993-06-17 2004-08-03 Gilat Satellite Networks, Ltd. Frame relay protocol-based multiplex switching scheme for satellite mesh network
US5434850A (en) 1993-06-17 1995-07-18 Skydata Corporation Frame relay protocol-based multiplex switching scheme for satellite
FR2719680B1 (en) * 1994-05-05 1996-07-12 Gemplus Card Int Method for securing access to removable cards for computer.
US6473793B1 (en) * 1994-06-08 2002-10-29 Hughes Electronics Corporation Method and apparatus for selectively allocating and enforcing bandwidth usage requirements on network users
US6701370B1 (en) 1994-06-08 2004-03-02 Hughes Electronics Corporation Network system with TCP/IP protocol spoofing
EP0765560A1 (en) 1994-06-08 1997-04-02 Hughes Aircraft Company Apparatus and method for hybrid network access
EP0733239B1 (en) * 1994-10-10 2003-08-06 Koninklijke Philips Electronics N.V. Database system with local information remotely supported with dynamic information
US5727065A (en) 1994-11-14 1998-03-10 Hughes Electronics Deferred billing, broadcast, electronic document distribution system and method
US5652795A (en) * 1994-11-14 1997-07-29 Hughes Electronics Method and apparatus for an adapter card providing conditional access in a communication system
US6865551B1 (en) 1994-11-23 2005-03-08 Contentguard Holdings, Inc. Removable content repositories
JPH08263438A (en) * 1994-11-23 1996-10-11 Xerox Corp Distribution and use control system of digital work and access control method to digital work
US6963859B2 (en) * 1994-11-23 2005-11-08 Contentguard Holdings, Inc. Content rendering repository
US20050149450A1 (en) * 1994-11-23 2005-07-07 Contentguard Holdings, Inc. System, method, and device for controlling distribution and use of digital works based on a usage rights grammar
US7117180B1 (en) 1994-11-23 2006-10-03 Contentguard Holdings, Inc. System for controlling the use of digital works using removable content repositories
US6157721A (en) 1996-08-12 2000-12-05 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
US7124302B2 (en) * 1995-02-13 2006-10-17 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US7133845B1 (en) * 1995-02-13 2006-11-07 Intertrust Technologies Corp. System and methods for secure transaction management and electronic rights protection
US20060206397A1 (en) * 1995-02-13 2006-09-14 Intertrust Technologies Corp. Cryptographic methods, apparatus and systems for storage media electronic right management in closed and connected appliances
EP1555591B1 (en) 1995-02-13 2013-08-14 Intertrust Technologies Corp. Secure transaction management
US5943422A (en) 1996-08-12 1999-08-24 Intertrust Technologies Corp. Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US7133846B1 (en) * 1995-02-13 2006-11-07 Intertrust Technologies Corp. Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management
US6948070B1 (en) 1995-02-13 2005-09-20 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US6658568B1 (en) 1995-02-13 2003-12-02 Intertrust Technologies Corporation Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
US7095854B1 (en) * 1995-02-13 2006-08-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US7143290B1 (en) * 1995-02-13 2006-11-28 Intertrust Technologies Corporation Trusted and secure techniques, systems and methods for item delivery and execution
US5651064A (en) * 1995-03-08 1997-07-22 544483 Alberta Ltd. System for preventing piracy of recorded media
MX9700655A (en) 1995-05-24 1998-01-31 Walker Asset Man Ltd Partnersh Readily openable pop-up dispenser.
US5592549A (en) * 1995-06-15 1997-01-07 Infosafe Systems, Inc. Method and apparatus for retrieving selected information from a secure information source
US5893080A (en) * 1995-07-25 1999-04-06 Bottomline Technologies, Inc. Disbursement system and method
US6223168B1 (en) * 1995-07-25 2001-04-24 Bottomline Technologies, Inc. Automatic remittance delivery system
US5757924A (en) * 1995-09-18 1998-05-26 Digital Secured Networks Techolognies, Inc. Network security device which performs MAC address translation without affecting the IP address
US5899987A (en) * 1995-10-03 1999-05-04 Memco Software Ltd. Apparatus for and method of providing user exits on an operating system platform
US5974307A (en) * 1995-12-21 1999-10-26 Pitney Bowes Inc. Method and system communicating with a voice response unit over a cellular telephone network
US5812945A (en) * 1995-12-22 1998-09-22 Pitney Bowes Inc. Metered payment cellular telephone communication system
US5768383A (en) * 1995-12-22 1998-06-16 Pitney Bowes Inc. Authorized cellular voice messaging and/or analog or digital data communication access and verification control system
US6035043A (en) * 1995-12-22 2000-03-07 Pitney Bowes Inc. Cellular telephone manifest system
US5765106A (en) * 1995-12-22 1998-06-09 Pitney Bowes Inc. Authorized cellular telephone communication access and verification control system
US5740247A (en) * 1995-12-22 1998-04-14 Pitney Bowes Inc. Authorized cellular telephone communication payment refill system
EP0880840A4 (en) * 1996-01-11 2002-10-23 Mrj Inc System for controlling access and distribution of digital property
US5699428A (en) * 1996-01-16 1997-12-16 Symantec Corporation System for automatic decryption of file data on a per-use basis and automatic re-encryption within context of multi-threaded operating system under which applications run in real-time
US20060265336A1 (en) * 1996-02-26 2006-11-23 Graphon Corporation Automated system for management of licensed digital assets
US20010011253A1 (en) * 1998-08-04 2001-08-02 Christopher D. Coley Automated system for management of licensed software
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope
JP3866376B2 (en) * 1996-05-02 2007-01-10 テキサス インスツルメンツ インコーポレイテツド How to make only copyrighted material available for playback and use in a digital media system
US5784459A (en) * 1996-08-15 1998-07-21 International Business Machines Corporation Method and apparatus for secure, remote swapping of memory resident active entities
US6052780A (en) * 1996-09-12 2000-04-18 Open Security Solutions, Llc Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information
US5784460A (en) * 1996-10-10 1998-07-21 Protocall Technolgies, Inc. Secured electronic information delivery system having a three-tier structure
EP0849734B1 (en) 1996-12-20 2003-04-16 Texas Instruments Incorporated Improvements in or relating to security systems
EP0951767A2 (en) 1997-01-03 1999-10-27 Fortress Technologies, Inc. Improved network security device
US5920861A (en) 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6233684B1 (en) 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6097834A (en) * 1997-06-13 2000-08-01 Paystation America Inc. Financial transaction processing systems and methods
US7325077B1 (en) * 1997-08-21 2008-01-29 Beryl Technical Assays Llc Miniclient for internet appliance
US6112181A (en) 1997-11-06 2000-08-29 Intertrust Technologies Corporation Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US7092914B1 (en) * 1997-11-06 2006-08-15 Intertrust Technologies Corporation Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US6092195A (en) * 1997-11-14 2000-07-18 Castlewood Systems, Inc. Encryption of defects map
US20010025273A1 (en) * 1997-12-22 2001-09-27 Jay Walker Parallel data network billing and collection system
US20010044901A1 (en) * 1998-03-24 2001-11-22 Symantec Corporation Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption
US7096358B2 (en) * 1998-05-07 2006-08-22 Maz Technologies, Inc. Encrypting file system
US6363486B1 (en) * 1998-06-05 2002-03-26 Intel Corporation Method of controlling usage of software components
US6834346B1 (en) * 1998-07-30 2004-12-21 Sony Corporation Content processing system
US7068787B1 (en) 1998-10-23 2006-06-27 Contentguard Holdings, Inc. System and method for protection of digital works
US6857076B1 (en) 1999-03-26 2005-02-15 Micron Technology, Inc. Data security for digital data storage
US7096370B1 (en) * 1999-03-26 2006-08-22 Micron Technology, Inc. Data security for digital data storage
US7356688B1 (en) 1999-04-06 2008-04-08 Contentguard Holdings, Inc. System and method for document distribution
US6859533B1 (en) 1999-04-06 2005-02-22 Contentguard Holdings, Inc. System and method for transferring the right to decode messages in a symmetric encoding scheme
US6937726B1 (en) 1999-04-06 2005-08-30 Contentguard Holdings, Inc. System and method for protecting data files by periodically refreshing a decryption key
US7286665B1 (en) 1999-04-06 2007-10-23 Contentguard Holdings, Inc. System and method for transferring the right to decode messages
US7152165B1 (en) 1999-07-16 2006-12-19 Intertrust Technologies Corp. Trusted storage systems and methods
WO2001006374A2 (en) 1999-07-16 2001-01-25 Intertrust Technologies Corp. System and method for securing an untrusted storage
US7243236B1 (en) * 1999-07-29 2007-07-10 Intertrust Technologies Corp. Systems and methods for using cryptography to protect secure and insecure computing environments
US6885748B1 (en) 1999-10-23 2005-04-26 Contentguard Holdings, Inc. System and method for protection of digital works
US7089420B1 (en) 2000-05-24 2006-08-08 Tracer Detection Technology Corp. Authentication method and system
US7162035B1 (en) 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
US7152047B1 (en) 2000-05-24 2006-12-19 Esecure.Biz, Inc. System and method for production and authentication of original documents
US7073199B1 (en) 2000-08-28 2006-07-04 Contentguard Holdings, Inc. Document distribution management method and apparatus using a standard rendering engine and a method and apparatus for controlling a standard rendering engine
US7743259B2 (en) 2000-08-28 2010-06-22 Contentguard Holdings, Inc. System and method for digital rights management using a standard rendering engine
US6931545B1 (en) * 2000-08-28 2005-08-16 Contentguard Holdings, Inc. Systems and methods for integrity certification and verification of content consumption environments
US7603319B2 (en) * 2000-08-28 2009-10-13 Contentguard Holdings, Inc. Method and apparatus for preserving customer identity in on-line transactions
EP1352307A2 (en) * 2000-09-22 2003-10-15 EDC Systems, Inc. Systems and methods for preventing unauthorized use of digital content
US7237123B2 (en) 2000-09-22 2007-06-26 Ecd Systems, Inc. Systems and methods for preventing unauthorized use of digital content
US7343324B2 (en) 2000-11-03 2008-03-11 Contentguard Holdings Inc. Method, system, and computer readable medium for automatically publishing content
US6912294B2 (en) * 2000-12-29 2005-06-28 Contentguard Holdings, Inc. Multi-stage watermarking process and system
AU2002234254B2 (en) 2001-01-17 2005-04-21 Contentguard Holdings, Inc. Method and apparatus for managing digital content usage rights
US8069116B2 (en) * 2001-01-17 2011-11-29 Contentguard Holdings, Inc. System and method for supplying and managing usage rights associated with an item repository
US6754642B2 (en) 2001-05-31 2004-06-22 Contentguard Holdings, Inc. Method and apparatus for dynamically assigning usage rights to digital works
US7028009B2 (en) * 2001-01-17 2006-04-11 Contentguardiholdings, Inc. Method and apparatus for distributing enforceable property rights
US7774279B2 (en) * 2001-05-31 2010-08-10 Contentguard Holdings, Inc. Rights offering and granting
US20030220880A1 (en) * 2002-01-17 2003-11-27 Contentguard Holdings, Inc. Networked services licensing system and method
US7206765B2 (en) * 2001-01-17 2007-04-17 Contentguard Holdings, Inc. System and method for supplying and managing usage rights based on rules
US7526795B2 (en) * 2001-03-27 2009-04-28 Micron Technology, Inc. Data security for digital data storage
CA2446584A1 (en) * 2001-05-09 2002-11-14 Ecd Systems, Inc. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20030043852A1 (en) * 2001-05-18 2003-03-06 Bijan Tadayon Method and apparatus for verifying data integrity based on data compression parameters
US8275709B2 (en) * 2001-05-31 2012-09-25 Contentguard Holdings, Inc. Digital rights management of content when content is a future live event
US6976009B2 (en) 2001-05-31 2005-12-13 Contentguard Holdings, Inc. Method and apparatus for assigning consequential rights to documents and documents having such rights
US8001053B2 (en) * 2001-05-31 2011-08-16 Contentguard Holdings, Inc. System and method for rights offering and granting using shared state variables
US6973445B2 (en) * 2001-05-31 2005-12-06 Contentguard Holdings, Inc. Demarcated digital content and method for creating and processing demarcated digital works
US7222104B2 (en) * 2001-05-31 2007-05-22 Contentguard Holdings, Inc. Method and apparatus for transferring usage rights and digital work having transferrable usage rights
US7725401B2 (en) * 2001-05-31 2010-05-25 Contentguard Holdings, Inc. Method and apparatus for establishing usage rights for digital content to be created in the future
US8275716B2 (en) 2001-05-31 2012-09-25 Contentguard Holdings, Inc. Method and system for subscription digital rights management
US7152046B2 (en) * 2001-05-31 2006-12-19 Contentguard Holdings, Inc. Method and apparatus for tracking status of resource in a system for managing use of the resources
US6876984B2 (en) 2001-05-31 2005-04-05 Contentguard Holdings, Inc. Method and apparatus for establishing usage rights for digital content to be created in the future
US6895503B2 (en) * 2001-05-31 2005-05-17 Contentguard Holdings, Inc. Method and apparatus for hierarchical assignment of rights to documents and documents having such rights
US8099364B2 (en) * 2001-05-31 2012-01-17 Contentguard Holdings, Inc. Digital rights management of content when content is a future live event
US20030009424A1 (en) * 2001-05-31 2003-01-09 Contentguard Holdings, Inc. Method for managing access and use of resources by verifying conditions and conditions for use therewith
JP3781640B2 (en) * 2001-06-05 2006-05-31 シャープ株式会社 Encryption processing apparatus and encryption processing system
AU2002312351B2 (en) * 2001-06-07 2006-11-30 Contentguard Holdings, Inc. Method and apparatus managing the transfer of rights
US7774280B2 (en) * 2001-06-07 2010-08-10 Contentguard Holdings, Inc. System and method for managing transfer of rights using shared state variables
AU2002305814B2 (en) * 2001-06-07 2004-06-10 Contentguard Holdings, Inc. Cryptographic trust zones in digital rights management
US6824051B2 (en) * 2001-06-07 2004-11-30 Contentguard Holdings, Inc. Protected content distribution system
AUPR645701A0 (en) * 2001-07-18 2001-08-09 Tralee Investments Ltd Database adapter
US7036020B2 (en) * 2001-07-25 2006-04-25 Antique Books, Inc Methods and systems for promoting security in a computer system employing attached storage devices
US7925894B2 (en) * 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US8171567B1 (en) 2002-09-04 2012-05-01 Tracer Detection Technology Corp. Authentication method and system
CN1241350C (en) * 2002-09-23 2006-02-08 国际商业机器公司 Key allocation method and device in conditional receiving system
DE20314722U1 (en) * 2003-09-23 2005-02-10 Scm Microsystems Gmbh Device for secure access to digital media content, virtual multi-interface driver and system for secure access to digital media content
US7822994B2 (en) * 2005-01-07 2010-10-26 Konica Minolta Systems Laboratory, Inc. Data bus line and bus having an encryption/decryption device
US20060271915A1 (en) * 2005-05-24 2006-11-30 Contentguard Holdings, Inc. Usage rights grammar and digital works having usage rights created with the grammar
US7438078B2 (en) * 2005-08-05 2008-10-21 Peter Woodruff Sleeping bag and system
US8429724B2 (en) 2006-04-25 2013-04-23 Seagate Technology Llc Versatile access control system
US7539890B2 (en) * 2006-04-25 2009-05-26 Seagate Technology Llc Hybrid computer security clock
US8028166B2 (en) 2006-04-25 2011-09-27 Seagate Technology Llc Versatile secure and non-secure messaging
JP2009027525A (en) * 2007-07-20 2009-02-05 Nec Corp Optical transmission system and optical transmission method
US7995196B1 (en) 2008-04-23 2011-08-09 Tracer Detection Technology Corp. Authentication method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990002382A1 (en) * 1988-08-16 1990-03-08 Indata, Corporation Information distribution system
DE4034444A1 (en) * 1990-10-30 1992-05-14 Ant Nachrichtentech Data protected work station computer - requires special software for access and monitors system to detect unauthorised manipulation

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5136648A (en) * 1985-02-19 1992-08-04 Octel Communications Corporation Message storage security system
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US4977594A (en) * 1986-10-14 1990-12-11 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US5050213A (en) * 1986-10-14 1991-09-17 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US5247575A (en) * 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990002382A1 (en) * 1988-08-16 1990-03-08 Indata, Corporation Information distribution system
DE4034444A1 (en) * 1990-10-30 1992-05-14 Ant Nachrichtentech Data protected work station computer - requires special software for access and monitors system to detect unauthorised manipulation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997025675A1 (en) * 1996-01-10 1997-07-17 John Philip Griffits A secure pay-as-you-use system for computer software
GB2325319A (en) * 1996-01-10 1998-11-18 John Philip Griffits A secure pay-as-you-use system for computer software

Also Published As

Publication number Publication date
US5394469A (en) 1995-02-28
AU1923695A (en) 1995-09-04

Similar Documents

Publication Publication Date Title
US5394469A (en) Method and apparatus for retrieving secure information from mass storage media
US5661799A (en) Apparatus and storage medium for decrypting information
US5592549A (en) Method and apparatus for retrieving selected information from a secure information source
US5473687A (en) Method for retrieving secure information from a database
US5784460A (en) Secured electronic information delivery system having a three-tier structure
US5689560A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy user interaction
US5757907A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US5563946A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for passing encrypted files between data processing systems
US5737416A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5323323A (en) Franking machine system
US5598470A (en) Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block
US7483860B2 (en) Method and system for managing software licenses
CN100359519C (en) Method and apparatus for establishing usage rights for digital content to be created in future
US6195432B1 (en) Software distribution system and software utilization scheme for improving security and user convenience
US20020007347A1 (en) Secured electronic information delivery system having a metering device
EP0719485A1 (en) Access control for portable data storage media
EP0870380A1 (en) System and method for access control for data storage media
GB2149944A (en) Software distribution
EP0298776B1 (en) Franking machine system
WO1996004599A1 (en) Method and apparatus for retrieving secure information from mass storage media
JPH06337886A (en) Information sales system and sales information writer
AU715638C (en) System and method for access control for data storage media
WO1996024893A1 (en) Method for retrieving secure information from a database
AU715638B2 (en) System and method for access control for data storage media
JP3289656B2 (en) Program execution control method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AM AT AU BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU JP KE KG KP KR KZ LK LR LT LU LV MD MG MN MW MX NL NO NZ PL PT RO RU SD SE SI SK TJ TT UA UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA