`{11} Patent Number:
`[45] Date of Patent:
`
`6,041,411
`Mar.21, 2000
`
`5,371,797
`5,388,211
`5,416,840
`5,457,798
`5,465,206
`5,548,645
`5,557,518
`5,734,819
`5,737,416
`5,758,068
`
`icssssessssenssessvase 380/24
`12/1994 Bocinsky, In.
`395/186
`2/1995 Hornbuckle...
`. 380/
`5/1995 Cane etal. .
`« 395/700
`10/1995 Alfredsson .
`. 364/406
`11/1995 Hilt et al. ...
`8/1996 Ananda .....ccstseseinesenceeues 380/4
`9/1996 Rosen ..
`364/408
`3/1998 Lewis.....
`« 395/186
`4/1998 Cooper et al.ee 395/186
`5/1998 Brandt et al.
`.....scecsesscseeseens 395/186
`
`
`
`
`OTHER PUBLICATIONS
`
`“Secure Electronic Commerce Method and Apparatus”,
`Serial No. 08/735,308, filed Oct. 22, 1996.
`
`Primary Examiner—Norman Michael Wright
`ABSTRACT
`
`[57]
`
`A method for minimizing the potential for unauthorized use
`of digital information, particularly software programs, digi-
`tal content and other computer information, by verifying
`user access rights to electronically transmitted digital infor-
`mation. A second computer system transmits requested
`digital information to a requesting first computing system in
`wrapped form, which includes digital instructions that must
`be successfully executed, or unwrapped, before accessto the
`digital
`information is allowed. Successful unwrapping
`requires that certain conditions must be verified in accor-
`dance with the digital instructions, thereby allowing access
`to the digital information. In one embodiment, verification
`includes locking the digital
`information to the requesting
`computer system by comparing a generated digital finger-
`print associated with the digital
`information to a digital
`fingerprint previously generated which is unique to the
`requesting computer system.
`
`228
` LENCRYPT PURCHASE REQUEST MESSAGE
`
`TRANSMIT PURCHASE REQUEST MESSAGE To /230
`
`
`SERVER HAVING ENCRYPTION KEY
`
`a I
`
`———PURCHASED. PRODUC
`NCLUDE DIGITALTOKEN AS. FART OF
`
`238
`
`
`HAVING DECRYPTION KE’
`244{TRANSMIT TO REQUESTING CLIENTCOMPUTER
`246 DECRYPT RETURN MESSAGE
`
`24g -/ CLIENT COMPUTER UPDATES CATALOGFILE WITH
`PURCHASED PRODUCT
`
`UNWRAP THE PRODUGT UPONANATTEMPT
`TO ACCESS THE PRODUCT
`
`
`
`2
`
`1
`
`GOOGLE 1014
`
`ACCESSING
`CATALOG FILE TO EXECUTE
`STORED SOFTWARE
`
`
`
`DIGITAL
`SELECT SOFTWARE PRODUCT DESIRED FROM
`PRODUCT CATALOG
`TOKEN PRESENT
`254
`YES
`GENERATE PUCHASE REQUEST MESSAGE|—“©
`ACCESS PRODUCT
`A
`$+)
`
`United States Patent
`Wyatt
`
`5:5
`
`[54] METHOD FOR DEFINING AND VERIFYING
`USER ACCESS RIGHTS TO A COMPUTER
`INFORMATION
`
`[76]
`
`Inventor: Stuart Alan Wyatt, 24806 SE.
`Mirrormont Way, Issaquah, Wash.
`98027
`
`[21] Appl. No.: 08/827,548
`
`[22]
`
`Filed:
`
`Mar. 28, 1997
`
`[SL]
`
`Tmt. C1 occeeceecccssessnennneees GO06F 13/00; HO4L 9/32;
`HO4L 9/12; HO4K 1/00
`[82] USSG wesesscavecsccexanes 713/200; 713/201; 380/4;
`380/25; 380/27
`Field of Search ou. 395/186, 188.01,
`395/187.01; 380/3, 4, 23, 25, 27; 705/26,
`27; 713/200, 201
`
`[58]
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`
`
`
`
`°
`
`| USER EXECUTES CLIENT PROGRAM ON COMPUTER |
`H
`ED ON |
`FIRST TIME CLIENT
`CLIENT COMPUTER
`“PROGRAM EXEC!
`[STOREFINGERPRINTIN(CATALOG 206
`FILE ASSOCIATED WITH CLIENT
`COMPUTER
`
`
`
`
`ENCRYPT CATALOG
`FILE
`
`
`
`208-|
`212
`OMPUTER ATTEMPTING TO ACCESS CATALOG FILE
`SENERATE SECOND UNIQUE FINGERPRINT BASED ON CLIENT
`DECRYPT FILE AND FIRST UNIQUE
`FINGERPRINT STORED WITHIN
`
`
`
`c.scesseeeeeeereeeeee 364/401
`7/1989 Nagata et al.
`Re. 32,985
`3/1981 Campbell v.e..ssseesssesseseesnen 364/200
`4,259,720
`5/1981 Case oe
`we 235/379
`4,270,042
`4,302,810 11/1981 Bouricius et al.
`.....cscs 364/200
`4,528,643
`7/1985 Freemy, Ur... ceeeesssessseeenenenaeee 364/900
`4,688,169
`8/1987 Joshi
`
`364/200 .....
`4,797,920
`1/1989 Stein .....
`. 380/24
`
`4/1989 Deming ..
`369/401
`4,823,264
`3/1990 Leeet al. ...
`. 380/24
`4.912.762
`6/1990 Bestock et‘ak
`. 380/44
`4,933,971
`
`6/1991 Rosenow et al... cece 380/2
`5,022,076
`5,121,345
`6/1992 Lentz vescssssssesssesssssessseeeseeeeeeee 395/186
`5,138,712
`8/1992 Corbin .....
`395/700
`.....
`5,222,134
`6/1993 Waite et al.
`w. 3BO/4
`5,283,829
`2/1994 Anderson .....
`. 380/24
`
`5,349,643=9/1994 Cox et ab. cccccsccssccesesssesseeeeenes 380/25
`6 Claims, 11 Drawing Sheets
`
`GOOGLE 1014
`
`1
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 1 of 11
`
`6,041,411
`
`10
`
`20
`
`20
`
`20
`
`CREDIT
`COMPANY:
`
`22
`
`IDD
`[SERVER(S)]
`
`14
`
`—
`
`INTERNET
`
`
`
`FIG. 1
`
`2
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 2 of 11
`
`6,041,411
`
`START
`
`30
`
`32
`
`34
`
`36
`
`38
`
`CLIENT COMPUTER REQUESTS
`PARTICULARDIGITAL INFORMATION FROM
`SERVER
`
`SERVER RECEIVES REQUEST AND
`LOCATES REQUESTED DIGITAL
`
`
`
`ELECTRONICALLY WRAP THE REQUESTED
`DIGITAL INFORMATION WITH DIGITAL
`
`INSTRUCTIONS RECOGNIZABLE BY THE
`REQUESTING CLIENT COMPUTER
`
`SERVER TRANSMITS THE REQUESTED
`DIGITAL INFORMATION TO THE
`REQUESTING CLIENT COMPUTER
`
`INFORMATION
`ACCESS SHOULD BE ALLOWED
`
`UPON CLIENT COMPUTER'S ATTEMPT TO
`ACCESSTHEDIGITAL INFORMATION, CLIENT
`COMPUTER PERFORMS UNWRAPPING
`PROCESS TO DETERMINE WHETHER
`
`STOP
`
`FIG. 2
`
`3
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 3 of 11
`
`6,041,411
`
`PURCHASEINITIATED AT CLIENT
`COMPUTER
`
`CLIENT PROGRAM DISPLAYS
`PRODUCT CATALOG
`
`52
`
` 50
`
`CLIENT PROGRAM GENERATES
`
`54
`
`
`
`PURCHASE ORDER FORM
`60 SKU ENTERED
`
`
`
`
`CLIENT COMPUTER
`
`AT CLIENT
` YES
`PREVIOUSLY REGISTERED?
`
`
`
`COMPUTER
`
`
`
`NO
`
`
`ENTER SKU, IDENTIFICATION INFORMATION, AND
`PAYMENT INFORMATION AT CLIENT COMPUTER
`
`
`
`
`
`CLIENT PROGRAM GENERATES A PURCHASE
`
`
`REQUEST MESSAGE, AND TRANSMITS TO SERVER PAYMENT INFORMATION
`VALID?
`
`
`RECOGNIZABLE BY THE CLIENT COMPUTER
`
`ELECTRONICALLY WRAP THE PURCHASED
`PRODUCTWITH DIGITAL INSTRUCTIONS
`
`NO
` GENERATE RETURN MESSAGE
`
`TRANSMIT TO CLIENT COMPUTER
`CONTAINING PURCHASED PRODUCT, AND
`
`
`
`
`CLIENT COMPUTER PERFORMS
`UNWRAPPING PROCESS TO DETERMINE
`
`WHETHER THE CLIENT COMPUTERIS
`AUTHORIZED TO ACCESS THE PRODUCT
`
`
`
`4
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 4 of 11
`
`6,041,411
`
`34
`SAG ieee re een eo ects ek ct a est ;
`ASSOCIATE A PRODUCT ACTIVATION CODE WITH DATA STORED
`AT A PARTICULAR COMPUTER
`
`|
`
`ASSOCIATE COMPUTER INSTRUCTIONS WITH THE |_84
`
`STORED DATA
`
`NO
`
`
`PRODUCT
`ACTIVATION CODE
`
`
`PRESENT
`?
`
`
` ACCESS
`
`
`TO THE DATA
`
`AUTHORIZED
`
`YES
`eee J
`
`ALLOW THE COMPUTING SYSTEM IN WHICH THE
`DATA RESIDES TO ACCESS THE DATA
`
`94
`
`5
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 5 of 11
`
`6,041,411
`
`100
`
`™
`
`CLIENT
`INFORMATION
`PAYMENT
`INFORMATION
`
`CLIENT COMPUTER
`INFORMATION
`
`PURCHASE ORDER
`INFORMATION
`
`VERSION
`NUMBERS
`
`MISCELLANEOUS
`INFORMATION
`
`PURCHASE REQUEST MESSAGE
`
`HEADER
`
`INFORMATION
`
`Gs
`
`f
`
`DATA
`
`FIG. 5
`
`127
`
`120 \ RETURN MESSAGE
`
`
`
`
`
`
`CATALOG FILE
`UPDATE SECTION
`
`TOKEN
`
`HEADER
`INFORMATION
`
`DATA
`
`124
`
`FIG. 6
`
`6
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 6 of 11
`
`6,041,411
`
`NOdn
`
`ASVHOWNd
`
`vol
`
`LONGOUdJ|j------------------
`qgqaqqv.)}-----------------------}
`
`JOId|NOILdIMDS3qd|NAS(g)vSL
`JOWd|NOILdId49S3d/NXs
`JOMd|NOILdIH9S3d|NHS
`
`OS|AlsDOWLVD
`JOMd|NOlLdIYDS3d|NS
`col09L4Oldd|NOILdINDS3G|Ny
`
`
`
`
`
`zscorNOUN
`
`LONdOud
`
`NOILOAS
`
`7
`
`
`
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 7 of 11
`
`6,041,411
`
`GENERATE A FIRSTDIGITAL IDENTIFIER DERIVED FROM
`PREDETERMINED HARDWARE CHARACTERISTICS OF THE
`AUTHORIZED COMPUTING SYSTEM
`
`180
`
`182
`
`STORE THE FIRST DIGITAL IDENTIFIER AS AN
`ASSOCIATED PORTION OF THE COMPUTER FILE
`
`184
`
`GENERATETHE FIRSTDIGITAL IDENTIFIER UPON AN
`ATTEMPT TO ACCESS THE COMPUTERFILE
`
`186
`
`COMPARETHE FIRST DIGITAL
`IDENTIFIER TO THE SECOND DIGITAL
`
`IDENTIFIER
`
`188 FIRST DIGITAL
`
`
`
`NO
`
`IDENTIFIER MATCH
`SECOND DIGITAL
`
`ENTE
`
`YES
`
`190
`
`ALLOW ACCESS TO COMPUTERFILE
`
`FIG. 8
`
`8
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 8 of 11
`
`6,041,411
`
`USER EXECUTES CLIENT PROGRAM ON COMPUTER
`
` 200
`
`ae
`GENERATEFIRST UNIQUEL 204
`FINGERPRINT BASEDON |yES___FIRST TIME CLIENT
`CLIENT COMPUTER
`PROGRAMEXECUTED”
`STORE FINGERPRINTIN CATALOG [296
`NOF
`
`COMPUTER saetna
`FILE ASSOCIATED WITH CLIENT
`
`
`2084
`—
`
`ENCRYPT CATALOG
`FILE
`
`ie MEEeATALOS
`spe?
`10
`
`GENERATE SECOND UNIQUE FINGERPRINT BASED ON CLIENT
`COMPUTER ATTEMPTING TO ACCESSCATALOGFILE
`
`DECRYPT FILE AND FIRST UNIQUE
`FINGERPRINT STORED WITHIN
`216
`NO FINGERPRINTS~SYES genesTO
`MATCH
`CATALOGFILE
`
`[214
`
`21
`
`
`
`
`
`END
`
`
`
`
`ACCESSING
`
`CATALOG FILE TO EXECUTE
`
`
`STORED SOFTWARE
`
`PRODUCT
`
`y
`
`NO '
`224
`
`YES
`
`(B)
`
`SELECT SOFTWARE PRODUCT DESIRED FROM
`PRODUCT CATALOG
`
`GENERATE PUCHASE REQUEST MESSAGE[
`
`226
`
`9
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 9 of 11
`
`6,041,411
`
`(A)
`
`228
`
`ENCRYPT PURCHASE REQUEST MESSAGE
`
`TRANSMIT PURCHASE REQUEST MESSAGETO +230
`SERVER HAVING ENCRYPTION KEY
`
`SERVER PROCESSES REQUEST}.939
`
`PAYMENT
`
`eae
`
`INCLUDE DIGITAL TOKEN AS PART OF
`PURCHASED PRODUCT
`
`238
`
`WRAP PRODUCTBY INCLUDING COMPUTER
`INSTRUCTIONS AS PART OF PURCHASED PRODUCT
`
`240—{
`
`GENERATE RETURN MESSAGE
`
`242—
`
`ENCRYPT RETURN MESSAGE
`
`244-| TRANSMIT TO REQUESTING CLIENT COMPUTER
`HAVING DECRYPTION KEY
`
`246 DECRYPT RETURN MESSAGE
`
`243~| CLIENT COMPUTER UPDATES CATALOGFILE WITH
`PURCHASED PRODUCT
`
`(B)
`
`UNWRAP THE PRODUCT UPON AN ATTEMPT
`
`TO ACCESS THE PRODUCT
`
`250
`
`252
` DIGITAL
` NO
`
`TOKEN FEEmeEN]
`
`254
`
`FIG. 9B
`
`END
`
`10
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 10 of 11
`
`6,041,411
`
`-c-oco
`
`12
`—— +—-——-~-——-—~——-—~— ~~~,
`CLIENT COMPUTER
`
`FINGERPRINT
`
`CLIENT PROGRAM
`
`
`
` GENERATE NEW
`
`STORED FINGERPRINT MATCH
`NEW ellaA
`
`
` 312
`DIGITAL TOKEN
`——
`
`
` 320
`
`VALIDITY
`RESPONSE (Y/N)
`
`
`
`FIG. 10
`
`11
`
`
`
`U.S. Patent
`
`Mar.21, 2000
`
`Sheet 11 of11
`
`6,041,411
`
`SLY
`
`ALLASIO
`
`8
`
`12
`
`12
`
`
`
`
`6,041,411
`
`1
`METHOD FOR DEFINING AND VERIFYING
`USER ACCESS RIGHTS TO A COMPUTER
`INFORMATION
`
`FIELD OF THE INVENTION
`
`This invention relates generally to facilitating electronic
`commerce, and more particularly to a method for minimiz-
`ing the potential for unauthorized use ofdigital information,
`particularly software programs, digital content and other
`computer information.
`
`BACKGROUND OF THE INVENTION
`
`Electronic commerce, or e-commerce as it is commonly
`called,
`includes the transfer of orders or other sales
`communications, credit information, electronic “funds”, and
`digital products. Electronic commerce has been recognized
`as offering the promise of providing speed and convenience
`to many types of commercial activities. Interest in electronic
`commerce has heightened with the advent of widely acces-
`sible communication systems such as the Internet. Other
`means for providing electronic commerce include direct
`telephone line connections, interactive cable or television
`services, telefacsimile services, local and wide area network
`communications and the like. Electronic data communica-
`tions technologies, particularly the Internet, have greatly
`enhanced marketing and retail opportunities and activities.
`To a large extent, the promise of electronic commerce has
`not been fully realized, partially because of concerns with
`security such as the potential for unauthorized manipulation
`of information. Such unauthorized manipulation of infor-
`mation includes diverting electronic fund transfers and
`delivery of unauthorized software (also referred to as “boot-
`leg” or “pirated” software) to unauthorizeddestinations.
`Although some attempts have been made to enhance the
`security of electronic commerce, software “pirating” has
`continuedto affect software publishers, particularly due to
`the relative ease in electronically downloading or transmit-
`ting illegal copies of digital information. While the Internet
`provides a convenient medium for providing legally
`obtained electronic information, it similarly provides a con-
`venient way to copy software. Even where software has been
`encrypted, once it is decrypted, the program or other digital
`content can be copied to other systems.
`There is a need, therefore, for a method for facilitating
`electronic commerce which preferably minimizes the poten-
`tial
`for unauthorized use of software programs, digital
`content and other computer information. The present inven-
`tion provides a solution to these and other problems, and
`offers other advantages over the prior art.
`
`SUMMARY OF THE INVENTION
`
`‘The present invention addresses the problems of the prior
`art by providing a method for verifying user access rights to
`electronically transmitted digital information. The present
`invention includes a “locking” aspect which securely asso-
`clates particular computer files or programsto a particular
`computer. The present invention further includes a “wrap-
`ping” aspect which prohibits execution of a computerfile or
`program on any computer where it is determined that the
`computer file or program was not validly purchased.
`In accordance with one aspect of
`the invention, a
`computer-implemented method for securing transmitted
`digital information to a first computer system is provided.
`The digital information is provided by a second computing
`system, which may include multiple computers. The first
`
`15
`
`20
`
`2
`
`30
`
`n
`
`40
`
`$0
`
`55
`
`60
`
`65
`
`2
`computing system, or requesting system, makes a requestto
`the second computing system, or provider system, to trans-
`mit requested digital information. This digital information
`may include executable files, data files, and other multime-
`dia content such as graphics and audio files. The provider
`system transmits the requested digital informationto thefirst
`computing system in wrapped form. Information is wrapped
`by including digital instructions with the requested digital
`information. The digital information must be successfully
`unwrapped before access to the digital
`information is
`allowed. Successful unwrapping involves execution of the
`digital instructions such that certain conditions are verified
`in accordance with the digital instructions, thereby allowing
`access to the digital information.
`In accordance with another aspect of the invention, a
`computer-implemented method to securely associate, or
`lock, a computer file with a target computing system is
`provided. The method provides for the prevention ofaccess
`to the computer file by computer systems other than the
`target computing system. A first digital
`identifier
`is
`generated, which is unique to the target computing system,
`by using particularattributes of the target computing system
`in an algorithm which createsthe first digital identifier. The
`first digital identifier is stored as an associated part of the
`computer file which ts being lockedto the target computing
`system. A second digital
`identifier is generated upon an
`attempt to access the computerfile, using the same algorithm
`which created the first digital
`identifier, but using the
`attributes of the computing system attempting to access the
`computer file. The first and seconddigital identifiers are then
`compared, and wherethefirst and second digital identifiers
`are the same, the computer attempting to access the com-
`puter file is recognized as the target computing system, and
`is allowed to access the computer file.
`In accordance with yet another aspect of the invention, a
`computer-implemented method for permitting access to one
`or more data packages is provided. A product activation code
`is associated with designated data packagesthat are stored in
`a storage system. The product activation code indicates
`whether there is authorization to access the one or more data
`
`packages from the particular storage system. Electronic
`instructions are also associated with the data packages. The
`electronic instructions are executed upon an attempt
`to
`access any of the designated data packages. These instruc-
`tions monitorfor the presence of the product activation code,
`and allow access to data packages only where the product
`activation code indicates that access is authorized.
`
`Still other objects and advantagesofthe present invention
`will becomereadily apparent to those skilled in this art from
`the following detailed description. As will be realized, the
`invention is capable ofother and different embodiments, and
`its details are capable of modification without departing
`from the scope andspirit of the invention. Accordingly, the
`drawing and description are to be regarded asillustrative in
`nalure, and not as restrictive.
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG, 1 is a block diagram illustrating one embodiment of
`a computing system formed in accordance with the present
`invention;
`FIG, 2 is a general ow diagram ofa digital information
`transmission and payment validation method provided by
`the present invention;
`FIG. 3 is a flow diagram illustrating a more detailed
`embodiment of a digital information transmission and pay-
`ment validation method provided by the present invention;
`
`13
`
`13
`
`
`
`6,041,411
`
`4
`is not necessary for a TI 12 to directly
`it
`of FIG. 1,
`communicate with any of the vendors 20. Instead, the TI 12
`can communicate with the IDD 14, which in turn commu-
`nicates with the vendors 20. Therefore, even where the Tl 12
`initiates a purchase of goodsor services from a variety of the
`vendors 20, the TI 12 needs only communicate with the IDD
`14, thereby decreasing the total number of communication
`links.
`
`3
`FIG. 4 is a general flow diagram of one embodimentof an
`electronic wrapping and unwrapping methodprovided by
`the present invention;
`FIG, 5 illustrates one embodiment ofthe structure of a
`purchase request message sent from a client computer to a
`server computer in accordance with certain aspects of the
`invention;
`FIG. 6 illustrates the structure of one embodiment of a
`Often sensitive information, such as credit card numbers
`return message sent [rom a server computer to a client
`or other personal information, is transmitted between a TI 12
`computer in response to a purchase request message,
`in
`and the IDD 14 via the Internet channel 16 or the telephone
`accordance with other aspects of the invention;
`link 18. The arrangement of FIG. 1 increases the user’s
`FIG. 7 illustrates one embodiment of the structure of a
`confidence that the credit card information or other sensitive
`catalog file formed in accordance with the invention;
`information will remain secure, as the user needs to have
`FIG. 8 is a general flow diagram of one embodimentof a
`confidence only in a single entity, the IDD 14. It is the IDD
`method according to the invention, which securely associ-
`14 rather than the vendors 20 which verifies credit status
`ates a computerfile with a particular computing system to
`with a credit company 22, so that the user needs to have
`prevent other computing systems from accessing the com-
`confidence only in the security of the relationship and
`puter file;
`communication links between the IDD 14 andthe credit
`20
`FIGS. 9A-9B together comprise a flow diagram illustrat-
`company 22 rather than a plurality of relationships and
`communication links between various vendors and_their
`ing a combination of the various information security veri-
`fication schemes provided by one embodimentof the present
`respective banking or credit companies.
`invention;
`The system of FIG. 1 provides for the transmission of
`FIG, 10 is a block diagram illustrating the interaction
`digital information to the TI 12. In one embodiment, the
`between the catalog file and a client program within the 2
`vendors 20 are software vendors, providing digital informa-
`client computer according to certain aspects of the inven-
`tion which can be downloadedto the purchasing TIs 12 via
`tion; and
`the IDD 14. The client computer of the TI 12 allows a user
`FIG. 11 is a system block diagram of a typical client
`to enter a purchase request, which is transmitted to the IDD,
`computer.
`or server, 14. The server 14 validates the purchase request,
`and transmits a return message containing the purchased
`software to the client computer 12. The purchased software
`is previously provided to the server 14 from the appropriate
`vendor 20. The client computer 12 receives the purchased
`software, and stores it on the hard disk of the client computer
`12 for subsequent use. However, as will be appreciated by
`those skilled in the art, the present invention is not limited
`to the client/server relationship depicted in FIG. 1.
`FIG. 2 is a general flow diagram ofthe digital information
`transmission and payment validation in accordance with the
`present
`invention. For the example of FIG. 2, it will be
`assumed that the digital information to be provided from the
`vendors 20 to the server 14 and ultimately to the client
`computers 12 includes software products, and further that
`the users at the client computers 12 are required to make a
`payment in order to purchase such software products.
`Referring now to FIG. 2, a user may request a particular
`software product from the server via the client computer, as
`shown at step 30. In one embodiment ofthe invention,a list
`of software products available for downloading from the
`server is presented to the user via the client computer, and
`the user selects one or more software products desired from
`the list.
`
`15
`
`30
`
`35
`
`40
`
`45
`
`$0
`
`DETAILED DESCRIPTION OF THE
`ILLUSTRATED EMBODIMENTS
`
`FIG, 1 is a block diagram illustrating one embodiment of
`a computing system 10 formed in accordance with the
`present invention. In the embodiment depicted in FIG. 1, a
`plurality of transaction initiators (TT) 12 can be connectedin
`a variety of waysto the intermediary data destination (IDD)
`14. The IDD in FIG. 1 includes one or more server com-
`puting systems, which share their resources, including hard
`disk drives, attached peripherals such printers and CD-ROM
`drives, and communications circuits.
`The transaction initiators (TT) 12 illustrated in FIG, 1 are
`represented by client computing systems. Client software
`within a client computer allows the client computer to
`communicate with the IDD 14. In the example of FIG, 1, the
`client computers 12 are coupled to the server 14 in one or
`more ways, including an Internet connection 16 ora tele-
`phone wire connection 18 using modulator/demodulators
`(modem) within the client computers 12 and the server 14.
`Other types of electronic communication devices can also be
`used rather than the client computer 12 in connection with
`the present invention. For example, the TI 12 may provide
`for electronic communications using devices other than a
`client computer, such as a personal communication device
`(PCD), cellular or other telephone, interactive television,
`and the like. Furthermore, connections from the TI 12 to the
`IDD 14 can also be accomplished in various manners,
`including communication over cellular telephone systems or
`other wireless links such as microwave or infrared commu-
`nication links, Ethernet®, token ring or other local area or
`wide area network communications systems,
`Internet
`communications, satellite communications,
`fiber optic
`communications, and the like.
`The intermediary data destination (IDD) 14 is referred to
`as an intermediary device because it is situated between the
`Tis 12 and one or more product vendors 20. In the system
`
`55
`
`60
`
`65
`
`Step 32 indicates that the server 14 receives the request
`for one or more software products, and retrieves the
`requested products. The software products may be stored on
`the server 14, or may alternatively be downloaded from
`other computer systems, such as from a plurality of com-
`puter systems of software vendors.
`In one embodiment of the invention, the server 14 elec-
`tronically “wraps” the requested software product(s) which
`have been designated to be transmitted to the requesting
`client computer 12, as represented by step 34. The wrapping
`represented by step 34 may be performed on-lineoroff-line,
`in which case the resulting wrapped products are stored by
`the server 14. Furthermore, in one embodiment, wrapping is
`performed off-line by the software vendors 20, and the
`
`14
`
`14
`
`
`
`6,041,411
`
`15
`
`20
`
`30
`
`5
`is provided to the server 14
`wrapped software product
`electronically or otherwise, where it is stored in its wrapped
`form. Where the software products are wrapped off-line and
`stored on the server 14, step 34 may be executed prior to
`steps 30 and 32.
`“Wrapping”, as it is used in connection with the present
`invention, indicates associating digital instructions with the
`software product which can be executed by the requesting
`client computer 12 after the client computer 12 receives the
`software product. The transmission of the software product
`and the associated digital instructions from the server 14 to
`the requesting client computer 12 is represented as step 36.
`The requesting client computer 12 receives the information,
`and electronically “unwraps” the requested software product
`upon an attempt to access the software product. “Unwrap-
`ping”refers to the process of determining whether access to
`the wrapped product
`is to be allowed. This unwrapping
`occurs in accordance with the digital instructions provided
`with the requested software product. Where the software
`product
`is successfully unwrapped (i.c., execution of the
`digital instructions indicate that the client computer 12 is
`authorized to access the software product),
`the software
`product may be executed or utilized according to the type of
`software product. If the unwrapping process determines that
`the client computer 12 is authorized to access the software 2
`product,
`the client computer 12 is given access to the
`software product.
`FIG. 3 is a flow diagram illustrating a more detailed
`embodiment of the digital
`information transmission and
`payment validation in accordance with the present
`inven-
`tion. The user at the client computer 12 initiates a purchase
`for software product(s), which is represented by step 50. In
`one embodiment ofthe invention, this is accomplished by
`running an ordering program (hereinafter the “client
`program”) on the client computer 12. The client program
`gives the user of the client computer 12 the tools necessary
`to see what software products are available and to request
`downloading of a particular one or more of the software
`products.
`The client program displays a product catalog using a
`catalogfile, illustrated at step 52. The catalog file includes
`a list of the available software products, including software
`programs and program features such as executablefiles, as
`well as non-executable digital information such as bitmaps,
`soundfiles, graphic images and other multimedia content
`(all generally referred to herein as data or information). Each
`of the products is identified by the product’s Stock Keeping
`Unit (SKU)or other product identifier, which is used by the
`user in indicating which ofthe desired software products is
`being requested.
`At step 54, the client program generates a purchase order
`form on the client computer 12 that the user completes to
`designate one or more desired software products. The pur-
`chase order form provides for the entry of SKU numbers of
`the product(s) to be purchased, user’s name, account number
`and credit card number.
`
`35
`
`40
`
`45
`
`$0
`
`55
`
`However, in one embodiment of the invention, much of
`this information need only be entered once. The user iden-
`tification and payment information (including the account
`number and credit card number) can be entered once by the
`user upon initial registration with the server 14, so that it
`does not need to be entered each time a software productis
`requested. Decision step 56 determines whether the client
`computer 12 has been previously registered. If it has not
`been previously registered, the user enters the registration
`information (identification and payment information) and
`
`60
`
`65
`
`15
`
`6
`the SKU number(s) corresponding to the software products
`desired, as shown at step 58. If the client computer 12 has
`been previously registered, only the SKU number(s) need to
`be entered, as illustrated at step 60. Note that
`in one
`embodiment of the invention, identification and payment
`information is only transmitted once to the server 14, where
`the information is stored. This information is also stored on
`the client computer 12, such that at the time of a subsequent
`purchase, the user again enters this information, but it is not
`transmitted to the server 14. Instead, the client computer 12
`uses the information to verify the user by comparing the
`stored information to the entered information. The user is
`allowed to request desired software products only if this
`information matches.
`
`After the SKU numberhas been enteredat step 60, or the
`SKU number andregistration information at step 38, the
`client program generates a purchase request message that is
`transmitted to the server 14 for processing, as illustrated by
`step 62. The purchase request message is preferably
`encrypted for system security. The server 14 processes the
`request at step 64, which includes receiving the request and
`determining whether the requested software products are
`available to be transmitted to the client computer 12. Where
`the purchase request message was transmitted to the server
`14 in encrypted form, step 64 further includes decrypting the
`purchase request message.
`information is verified at
`The validity of the payment
`decision step 66. This includes verifying the availability of
`funds and/or credit for that particular client computer 12. For
`example, a credit verification includes an inquiry to a credit
`card company to verify the status of the user’s credit card
`and available credit. In one embodiment, the user’s credit
`card number is electronically transmitted to the server 14 (at
`initial registration) where it is stored, so that the sensitive
`credit card information need only be transmitted once. The
`electrical transmission is preferably performed by transmit-
`ting the credit card information in encrypted form by way of
`a direct telephone line connection for security purposes. The
`server 14 then verifies the credit card information with the
`credit card company.
`The credit verification inquiry from the server 14 includes
`the formulation of a credit verification message to the credit
`card company, bank, or similarfinancial institution to verify
`the payment method. The credit card company or other
`financial
`institution returns authentication and verification
`information to the server 12. Where the authentication and
`verification information indicates that the payment informa-
`tion is not valid, the server 14 will not transmit the requested
`software to the client computer 12, and the server 14 sends
`a return message to the requesting client computer 12
`indicating that the requested software will not be transmit-
`ted.
`Where the authentication and verification information
`indicates that
`the payment
`information is valid,
`the
`requested product(s) are prepared to be transmitted to the
`requesting client computer 12. In one embodiment,
`this
`includes electronically wrapping the purchased software
`product(s) with digital instructions as depicted at step 68. As
`previously described with respect to a preferred embodiment
`of the invention, wrapping can be performed on-line or
`off-line at the server 14 or by the software vendors 20, in
`which case the resulting wrapped products are stored by the
`server 14. In the case of off-line wrapping, the wrapping of
`step 68 may occur at any time prior to transmitting the
`purchased product
`to the requesting client computer 12,
`including prior to the client computer 12 initiating a pur-
`chase at step 50. Wrapping, as introducedin step 34 ofFIG.
`2, is described in greater detail in connection with FIG. 4.
`
`15
`
`
`
`6,041,411
`
`7
`Areturn message containing the purchased productis then
`transmitted to the requesting client computer 12, as shown
`at step 70. The return message is preferably encrypted to
`provide enhanced security. The purchased software product,
`in wrapped form, is included in the return message to the
`requesting client computer 12. In one embodiment, the client
`computer 12 receives and stores the purchased product on
`the client computer’s 12 hard drive. The wrapper on the
`purchased product controls access to the product. When an
`attempt is made to access the product, the wrapper deter-
`mines whether access should be allowed. If access should be
`
`allowed, the wrapper gives the client computer 12 access to
`the product. The process of executing the digital instructions
`in order to determine whether the client computer 12 is
`granted access to the product
`is referred to herein as
`“unwrapping” the product. Where access is granted,
`the
`requested software product
`is said to be successfully
`“unwrapped”, such that
`it can be accessed by the user.
`Where access is not granted, the requested software product
`is said to remain “wrapped”and therefore is not accessible
`by the user. Unwrapping, as introduced in step 38 of FIG. 2,
`is described in greater detail in connection with FIG, 4.
`FIG, 4 is a general flow diagram of one embodiment of the
`electronic wrapping and unwrapping in accordance with the
`present invention. Data stored in a computer can be elec-
`tronically wrapped as was represented by step 34 ofFIG. 2.
`In the embodiment described here, the wrapping step 34 of
`FIG. 2 includes steps 82 and 84 as shownin FIG. 4. At step
`82, a productactivation codeis associated with the data. The
`product activation code can take on various formats, includ-
`ing a binary value, a digital flag, or a field of a binary value.
`The pro