EWS-006193
`
`Early Warning Services 1051
`IPR of U.S. Pat. No. 8,887,308
`
`

`

`US 6,891,953 B1
`
`Page 2
`
`US. PATENT DOCUMENTS
`
`4,977,594 A
`5,050,213 A
`5,191,573 A
`5,222,134 A
`5,410,598 A
`5,509,070 A
`5,530,235 A
`5,625,693 A
`5,629,980 A
`5,634,012 A
`5,638,443 A
`5,654,746 A
`5,666,411 A
`5,675,734 A
`5,708,780 A
`5,715,403 A
`5,724,425 A
`5,734,823 A
`5,734,891 A
`5,742,677 A
`5,784,609 A
`5,809,145 A
`5,845,281 A
`5,864,620 A
`5,883,955 A
`5,892,900 A
`5,910,987 A
`5,915,019 A
`5,917,912 A
`5,920,861 A
`5,933,498 A
`5,940,504 A
`
`5,943,422 A
`5,949,876 A
`5,970,475 A
`
`12/1990 Shear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 380/4
`9/1991 Shear .......................... 380/25
`
`~~ 369/84
`3/1993 Halr ~~~~~~~~~~~
`~~~~~~~~~~~~~~~~~~~ 380/4
`6/1993 Waite et a1.
`4/1995 Shear ............................ 380/4
`
`4/1996 Schull
`~~~~~~~~
`380/4
`~~~~~~~~~~~~~~~~ 235/492
`6/1996 Stefik et a1.
`4/1997 Rohatgi et al.
`............... 380/23
`
`5/1997 Stefik et a1~
`380/4
`~~~~~~~~~~~~~~~~ 395/239
`5/1997 Stefik 6t a1~
`................... 380/4
`6/1997 Stefik et a1.
`
`~~ 348/6
`8/1997 McMullan, R et a1~
`9/1997 MqCarty ~~~~~~~~~~~~~~~~~~~~~~~~ 380/4
`10/1997 Halr ...................... 395/200.01
`
`~~ 395/200-12
`1/1998 Levergood eta1~
`2/1998 Stefik ......................... 395/244
`3/1998 Chang et a1.
`~~~~~~~~~~~~~~~~~ 380/25
`
`3/1998 Sa}gh eta1~
`395/20006
`3/1998 Sfilgh ~~~~~~~~~~~~~~~~~~~~~~~~~ 395/610
`4/1998 Plnder 6t a1~
`~~~~~~~~~~~~~~~ 380/242
`.395/609
`7/1998 Kurihara .....
`
`..................... 380/25
`9/1998 Slik et a1.
`12/1998 BenSon et al.
`................. 707/9
`. 380/4
`1/1999 Pettltt .........
`
`.
`3/1999 Ronnlng ........................ 380/4
`.
`4/1999 Gmter et al.
`............... 395/186
`.
`6/1999 Glnter et a1.
`380/24
`
`.
`.................. 380/4
`6/1999 Glnter et a1.
`.
`6/1999 Glnter et a1.
`................. 380/24
`........
`7/1999 Hall et a1.
`707/9
`
`............... 380/4
`8/1999 Schneck et a1.
`.
`8/1999 Gnswold ....................... 380/4
`.
`
`.. 380/9
`8/1999 Van W1e et al.
`.................. 380/4
`9/1999 Ginter et al.
`10/1999 Barnes et a1. ................. 705/27
`
`5,982,891 A
`5,983,273 A
`5,991,402 A
`5,999,622 A
`6,006,332 A
`6,021,492 A
`6,029,046 A
`6,035,403 A
`6,067,582 A
`6,088,717 A *
`6,199,053 B1
`6,226,618 B1
`6,298,446 B1
`6,331,865 B1
`6,385,596 B1
`6,425,017 B1
`6,606,604 B1
`6,629,138 B1
`6,718,361 B1
`2001/0011238 A1
`2002/0002611 A1
`2002/0069265 A1
`
`.................. 380/4
`11/1999 Ginter et al.
`................ 709/229
`11/1999 White et a1.
`11/1999 Jia et a1. ........................ 380/9
`
`12/1999 Yasukawa et al.
`.
`...... 380/4
`............... 713/201
`12/1999 Rabne et a1.
`2/2000 May ........................... 713/200
`
`2/2000 Khan et al.
`..
`455/6.2
`3/2000 Subbiah et a1.
`............. 713/201
`5/2000 Smith et a1.
`................... 710/5
`
`7/2000 Reed et a1.
`709/201
`3/2001 Herbert et a1.
`................ 705/76
`5/2001 Downs et a1.
`................. 705/1
`..
`10/2001 Schreiber et al.
`713/201
`
`................ 345/776
`12/2001 Sachs et a1.
`.................. 705/51
`5/2002 Wiser et a1.
`
`7/2002 Dievendorff et al.
`.
`709/315
`8/2003 Dutta .......................... 705/26
`9/2003 Lambert et al.
`............ 709/224
`
`4/2004 Basani et a1.
`......
`709/201
`............. 705/27
`8/2001 Eberhard et a1.
`1/2002 Vange ........................ 709/223
`6/2002 Bountour et a1.
`........... 709/219
`
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`W0
`
`FOREIGN PATENT DOCUMENTS
`WO 96/24092
`8/1996
`WO 96/42041
`12/1996
`WO 98/44402
`10/1998
`WO 98/45768
`10/1998
`WO 98/58306
`12/1998
`WO 99/45491
`9/1999
`W0 99/55055
`12/1999
`W0 99/63416
`12/1999
`WO 00/08909
`2/2000
`WO 00/21239
`4/2000
`W0 00/7576 A1
`12/2000
`
`* cited by examiner
`
`EWS-0061 94
`
`EWS-006194
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 1 0f 10
`
`US 6,891,953 B1
`
`2EagmE250
`
`w.9“.
`
`
`
`835Smuéums.
`
`Nw
`
`
`
`“EEEE?/w_m.9.oomnmfimmEmma.850w>9.
`
`
`
`
`
`
`
`
`
`3......9:6262.“.xoomo.09:22:.Am.96.E..d
`
`
`
`or.25dd.$50..
`
`
`
`
`
`SEE....55339.5202
`
`OE.
`
`m:
`
`<3
`
`
`
`.2...>9.o...mEE>m
`
`EWS-0061 95
`
`EWS-006195
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 2 0f 10
`
`US 6,891,953 B1
`
`
`
` .mmwonQED38Ec2323?
`
`N.9“.
`
`EWS-0061 96
`
`__t.3:8:"III.“_u_.
`
`838
`
`$8onmmmmam50w6334281
`
`No“mm
`
`owjg:Edd
`
`omuS
`
`.232
`
`msmmmooi
`
`:5...
`
`wvrm
`
`
`
`M
`
`
`
`IIIIIIIII_mm95Swim_
`
`95_8_ao
`
`3,m:
`
`2.3%:
`
`“Sm>_.oin
`
`mm
`
`inEm:
`
`mmH:9,5
`
`u82.5.830mm2,5>&o_w.......x-...\
`
`
`aI.m...........
`
`
`9.owEmong.NV0822
`
`uuuuu_mm$9ono_n.m>oEmm
`
`.
`
`..
`
`
`
`mnmumo5&25
`
`
`
`alloEwIEIEm.«.l>lmw
`
`Mm
`
`9a20$
`
`5.25;
`
`zOfi<03an3
`
`mmmgoozm
`
`«9:0
`
`hmmsamUOmu
`
`25.00am
`
`an<._.<o
`
`
`
`EWS-006196
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 3 0f 10
`
`US 6,891,953 B1
`
`
`
`D t b
`Content
`.
`a a ase
`Management!
`
`
`
`LIT F"?
`Updates
`Encryption Tool
`
`
`Encryption
`82
`
`
`
`
`
`
`Resolve File ID to
`Fulfillment DB
`
`its Location on the
`(50'- sewer,
`
`
`
`Content Store
`Content Store
`MSMQ Site
`
`(LIT files)
`
`
`80
`controller)
`
` 84
`
`
`MSMQ Client
`Retrieves LIT
`
`
`Content Store
`
`(transaction logs.
`files based on
`Plug-In Module
`cache updates)
`
`
`
` 86
`83
`
`
`Download Sewer
`
`
`ISAPl Extension DLL
`78
`
`URLEncrypt
`(URL Encryption COM
`Object)
`74
`
`
`
`Bookstore Sewers (Web
`Front End)
`72
`
`location
`returned by
`Plug—In
`Module
`
`
`Web Content Servers
`
`(eBook Download Sewers)
`
`76
`
`User Authentication
`
`Shopping for Books
`Viewing Receipts
`
`
`H‘l‘I'P Downloads
`
`PC Reader 90
`
`70
`
`EWS-OO6197
`
`EWS-006197
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 4 0f 10
`
`US 6,891,953 B1
`
`
`
`co=m>=u<238w
`
`
`
`82983862.3".
`
`
`
`NovShow
`
`2:
`
`5:32
`
`88in57.5532c50
`E5.33%22w
`
`E250
`
`«5:33
`
`:088..3E..830.30S85%”.
`
`5:82
`
`:o=m>=u<3BESS
`
`
`
`
`
`22552:85.5-3....
`
`m»wmo58E..
`
`MN
`
`cumcozw>zo<823.2.3
`
`mum«CUE—ES..—.wEma
`
`.5805.
`
`mmumiaoa.
`
`.826.6
`
`caumgae
`
`“£5903%EwEwmmcm—z
`5me
`
`E950
`
`mmmm
`
`6mg.833we5
`9:32.28m:
`
`23:53
`
`EEK
`
`520mvac—c300
`
`
`
`.30:oficmfim_n_<w_
`
`3.
`
`23:23.
`
`8:3;
`
`0.225
`
`89.2.0
`
`22mE250
`
`mm238E5.9.3.
`
`
`
`32:26“.comm
`
`
`
`mc_0mu__m>c_ucm
`
`2.08Edam.2:
`
`€329,358
`
`mm€23
`
`
`02mg05.35
`EmEzEswEwE=Eam
`
`5mg2:9n:xoomw>_omwm
`
`9.0530mi
`
`«a2:38353%3:8:
`
`3;?Jmcmm0885
`
`
`xoommv202$
`E880no;
`
`RA8332:
`
`on
`
`
`
`@96082:38
`
`
`
`muongoDn.._|_.I
`
`
`
`.2ant;8:9?sinwcozgmfiwm
`
`
`
`
`
`.ouwwmoumoswoxoomm
`
`cam:83.
`
`E.
`
`.abuchm:
`
`.Ea
`
`coznbucm
`
`
`
`$3.305.00
`
`3.
`
`289.com
`
`
`
`502$202$
`
`:5so;
`
`fl
`
`5:838:03
`
`029.335
`
`0mm:
`
`mafiomm
`
`mEBoS
`
`9.00m.
`
`EWS-0061 98
`
`EWS-006198
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 5 0f 10
`
`US 6,891,953 B1
`
`835cm#5
`
`E30.28
`
`3.
`
`
`
`ms>3.oEwEEfi
`
`5:535%
`
`53mm329500
`
`9.
`
`
`
`
`
`m.9“.
`
`999.com
`
`59:.E:mmmmmn.
`
`920593
`
`
`
`325052:33".
`
`no.2
`
`
`
`9523.350mm
`
`0memw<
`
`
`
`2ho:52mmm:929.com
`
`E
`
`EWS-0061 99
`
`EWS-006199
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 6 0f 10
`
`US 6,891,953 B1
`
`m.07.
`
`
`
`Duo—5500yams—=53".
`
`
`
`Va3va.5535«coE=E:u_
`
`:oficouxm“SEEP.
`
`.053023.:3:23aims:
`
`
`uoEww.3acoE=Eau0::an
`
`
`_n_<m_I32:35“830.200
`3.._._Daims.3__3_mEmE=E=n_
`
`
`
`cumsmmmo
`
`$260E280“m53398m5:08..cmEommcmE2$63:
`
`
`
`
`
`
`
`
`
`32:3898.25:
`
`9:co£0805
`
`40m2390me
`
`tommE
`
`23:9583:2m.8macaw
`
`EWS—OO6200
`
`EWS-006200
`
`
`
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 7 0f 10
`
`US 6,891,953 B1
`
`FIG. 7
`
`110
`
` 136
`
`Parse request
`attributes
`
`
`
` ls
`For each
`
`
`Individualized
`116
`
`License
`
`
`
`
`
`copy include the
`ndividualiz
`user's Name in the
`
`
`
`ls Request
`
`
`d?
`
`License (as rightful
`well formed?
`
`
`owner)
`
`
`Complete each
`
`License XML
`structure and sign
`
`each License, to
`
`revent tam erin
`122
`P
`P
`Q
`
`142
`Can
`
`
`
`
`User Principals
`Log NT event
`
`
`
`oense gen-
`and Return
`be retrieved from
`User Princi-
`
`
`
`
`eration suc-
`a- -ro:riate error
`local DB?
`
`pals provi—
`
`
`
`ded?
`
`124
`
`
`
`
`Fetch User’s 3011
`
`Certificate from
`Performance
`Persist User
`
`
`
`Counters and
`Registration Sewer
`Principals in
`
`
`
`
`Return License
`local Database
`
`
`
`XML file
`126
`
` Did request
`
`For each Fully
`succeed?
`Individualized
`
`
`copy. encrypt
`Symmetric Key
`
`with Soft Public
`
`
`Key from User‘s
` Log NT event
`
`Certificate
`and Return
`
`a . ~ro-rlate error
`
`
`128
`
`
`
`EWS—OO6201
`
`EWS-006201
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 8 0f 10
`
`US 6,891,953 B1
`
`150
`
`156
`
`160
`
`162
`
`
`
`
`
`Redirect user to
`5 User
`
`customized
`Authenti-
`
`
`Passport Login
`cated?
`
`
`
`page
`
`“’3
`158
`
`Parse HTTP
`Query Passport
`
`
`header for
`A,“ for User
`
`
`
`Passport ID
`Alias 8- email
`
`address
`
`Parse query
`
`string for
`
`Machine_lD and
`PID
`
`lnstantiate page
`
`with MS Reader
`
`Client Connectivity
`Active-X control
`
`Yes
`
`
`
`
`
`Render re-
`190
`
`
`Activation page,
`
`
`wam if different
`Passport ID is
`
`
`bein- used
`
`page
`
`152
`Private key pair
`
`
`
`FIG. 8
`
`176
`
`178
`
`Yes
`
`Generate
`Certificates with
`stored Public!
`
`rea e new reco
`
`
`User + Reader,
`
`
`increment # of Readers
`
`
`user has
`
`182
`
`186
`
`188
`
`134
`Generate both
`clear text and
`encrypted
`Activation Certs
`(XML files)
`
`Reértl‘eevgtgrde-
`Secure
`Repository Key
`
`Persist Adlvation
`Keys, User ID and
`Machine lD in DB
`
`pair from DB
`
`
`
`Generate, Sign &
`Download
`individualized
`Secure Repository
`
`
`
`
`
`
`164
`
`168
`
`
`
`New Activation
`
`for this Reader
`
`Dawnload both
`Certificates via
`ActiveX Control
`
`192
`
`
`Did downloa-
`
`
`
`
`Render standard
`
`Activation HTML
`Has user
`
`
`Activated over 5
`
`
`
`Readers in 90
`
`days?
`
`
`Render
`ls form
`
`
`congratulations
`
`complete?
`
`
`page w/links to
`Render error
`
`Bookstores (or
`page. explain
`
`
`
`Return link if
`limits. provide
`
`
`
`user started
`support #
`
`
`
`from Client
`
`Portal)
`
`172
`
`
`
`198
`
`194
`
`N .
`
`Log NT event. render
`error message, link
`
`for retry. support #
`
`196
`
`EWS—OO6202
`
`EWS-006202
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 9 0f 10
`
`US 6,891,953 B1
`
`FIG. 9
`
`User Selects
`eBooks
`
`200
`
`202
`
`User
`Purchases
`eBooks
`
`Transaction
`Concludes and
`Issue Receipt
`Page
`
`204
`Reader
`
`206
`
`User Clicks
`Link on
`
`Receipt Page
`to initiate
`Download
`
`Download
`Complete
`
`208
`
`Move eBook to
`Destination
`Folder and
`Launch
`
`210
`
`EWS—OO6203
`
`EWS-006203
`
`

`

`US. Patent
`
`May 10, 2005
`
`Sheet 10 0f 10
`
`US 6,891,953 B1
`
`FIG. 10
`
`
`
`Fulfillment DB 89
`
`
`(SQL sewer, MSMQ client.
`
`
`Fulfillment COM object)
`
`
`
`
`Content
`MSMQ Client
`
`
`
`Store plug-in
`(async.
`
`
`
`Module 88
`pipeline) 86
`
`
`
`
`Content Store
`ISAPI fetches the
`
`
`Download
` LIT file
`
`
`(Source Sealed
`
`
`
`Server
`Licensing
`
`LIT files) 80
`
`
`M85211?
`ISAPI DLL
`
`
`
`78
`gener.. rights
`
`
`
` inclusion)
`
`URL
`
`Passed
`LlT
`
`
`As
`File
`
`
`
`Re-
`Returned
`
`
`
`quested
`
`6
`2
`
`
`
`Browser presents URL
`Content Sewers
`
`
`
`generated by URLEncrypt
`(IlS Cluster)
`
`
`
`76
`
`LIT file is returned via
`
`HTTP download
`
`Plug-In
`Module
`resolves the
`. physical
`location of the
`LIT file on the
`Content Store
`
`
`
`EWS—OO6204
`
`EWS-006204
`
`

`

`US 6,891,953 B1
`
`1
`METHOD AND SYSTEM FOR BINDING
`ENHANCED SOFTWARE FEATURES TO A
`PERSONA
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to the field of
`computing, and more particularly to methods and systems
`for binding certain software features and uses to a persona.
`
`BACKGROUND OF THE INVENTION
`
`As the availability and use of computers and palm-sized
`electronic devices has increased, it has become common for
`documents to be transmitted and viewed electronically. With
`improving communication over infrastructures such as the
`Internet, there is a tremendous drive to provide enhanced
`services and content to the devices. Examples of services
`and content that may be provided are authored works, such
`as books or other textual material. Electronic distribution of
`
`text documents is both faster and cheaper than conventional
`distribution of paper copies. The same principle applies to
`non-textual content, such as audio and video: electronic
`distribution of such content is generally faster and cheaper
`than the delivery of such content on conventional media
`(e.g., magnetic tape or optical disk). However, the low cost
`and instantaneity of electronic distribution, in combination
`with the ease of copying electronic content, is at odds with
`the goal of controlled distribution in a manner that protects
`the rights of the owners of the distributed works.
`Once an electronic document is transmitted to one party,
`it may be easily copied and distributed to others without
`authorization by the owner of rights in the electronic docu-
`ment or, often, without even the owner’s knowledge. This
`type of illicit document distribution may deprive the author
`or content provider of royalties and/or income. A problem
`with many present delivery schemes is that they may make
`no provisions for protecting ownership rights. Other systems
`attempt to protect ownership rights, but however, are cum-
`bersome and inflexible and make the viewing/reading of the
`authored works (or otherwise rendering the authored works,
`in the case of non-text content such as music, video, etc.)
`difficult for the purchaser.
`Thus, in view of the above, there is a need for an improved
`digital rights management system that allows of delivery of
`electronic works to purchasers in a manner that protects
`ownership rights, while also being flexible and easy to use.
`There is also a need for the system that provides flexible
`levels of security protection and is operable on several client
`platforms such that electronic content may be viewed/
`rendered by its purchaser on each platform. The digital
`rights management system of the present invention advan-
`tageously provides solutions to the above problems which
`protect the intellectual property rights of content owners and
`allow for authors or other content owners to be compensated
`for their creative efforts, while ensuring that purchasers are
`not over-burdened by the protection mechanism.
`SUMMARY OF THE INVENTION
`
`A server architecture is provided which supports the
`distribution of protected content in a digital rights manage-
`ment (“DRM”) system. The architecture includes an activa-
`tion server arrangement, and a distribution server arrange-
`ment. The architecture includes various security features
`that guard against unauthorized distribution or use of pro-
`tected content, as well as software components that imple-
`ment the security features.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`In accordance with the architecture provided, content may
`be protected at a plurality of levels, including: no protection,
`source sealed, individually sealed (or “inscribed”), source
`signed, and fully individualized (or “owner exclusive”). “No
`protection” content is distributed in an unencrypted format.
`“Source sealed” and “individually sealed” content
`is
`encrypted and bundled with an encryption key that
`is
`cryptographically sealed with certain rights-management
`data associated with the content, such that the key cannot be
`retrieved if the rights-management data has been altered.
`The distinction between “source” and “individual” sealing is
`that “individually sealed” content includes in the rights-
`management data information pertinent to the rightful owner
`(e.g., the owner’s name, credit card number, receipt number
`or transaction ID for the purchase transaction, etc.), such that
`this information cannot be removed from a working copy of
`the content thereby allowing for detection of unauthorized
`distributors. The particular type of information included is
`determined by the retailer of the copy. “Signed” content is
`cryptographically signed in such a way that the rendering
`application can verify its authenticity, or the authenticity of
`its distribution channel. “Fully individualized” content is
`encrypted content provided with a decryption key that has
`not merely been sealed with the rights-management
`information, but also encrypted in such a way that it cannot
`be accessed in the absence of a “secure repository” and
`“activation certificate,” which are issued by the activation
`server arrangement only to a particular client or set of
`clients, thereby limiting the use of such content to a finite
`number of installations.
`
`The activation server arrangement includes one or more
`server computing devices which “activate” client computing
`devices by providing code and data to these devices, where
`the code and data are necessary to access “fully individu-
`alized” content on a given client device. In one example, the
`“data” includes an activation certificate having a public key
`and an encrypted private key, and the “code” is a program
`(e.g., a “secure repository”) that accesses the private key in
`the activation certificate by applying, in a secure manner, the
`key necessary to decrypt
`the encrypted private key.
`Preferably, the key pair in the activation certificate is per-
`sistently associated with an authenticatable “persona,” such
`that a device can be “activated” to read content that has been
`
`individualized for that persona, but not content that has been
`“fully individualized” for other personas. As used herein, a
`“persona” is a unique identifier that can be tied to a user and
`can be securely authenticated by an out-of-band process—
`e.g., a username and password form on a web browser for
`use over a secure socket layer (SSL) is an example embodi-
`ment of such a process. Moreover,
`the activation server
`arrangement preferably provides a given activation certifi-
`cate (that is, an activation certificate having a particular key
`pair) only after authenticating credentials (e.g., a username
`and password) associated with a persona. In accordance with
`a feature of the invention,
`the number of devices that a
`particular persona may activate may be limited by rate and
`or by number (e.g., five activations within a first 90 day
`period, followed by an additional activation for every sub-
`sequent 90 day period, up to a maximum of ten activations),
`thereby preventing the unchecked proliferation of devices on
`which individualized content can be rendered. As one
`
`example use of this technique, protected content may be
`distributed as a file that includes content encrypted with a
`symmetric key, where the symmetric key itself is provided
`via a license construct embedded in the file in a form
`
`encrypted by the certificate’s public key, thus making it
`necessary to have both the activation certificate and accom-
`
`EWS-OO6205
`
`EWS-006205
`
`

`

`US 6,891,953 B1
`
`3
`panying secure repository prior to interacting with the
`licensed content.
`
`The distribution server arrangement includes one or more
`retail servers and one or more fulfillment sites. Retail servers
`
`sell protected content (or otherwise enlist users to receive
`protected content). Fulfillment sites provide the actual con-
`tent that has been sold by the retail servers. The operator of
`a retail server may be a different entity from the operator of
`a fulfillment site, thereby making it possible for a retailer to
`sell protected content simply by 0 entering into an agree-
`ment whereby a fulfillment site will provide content sold by
`the retailer. This allows the retailer to sell content without
`
`investing in the means to store or distribute the content. In
`one example, the retailer and the fulfillment site agree on a
`secret (e.g., a cryptographic key), and the retailer equips its
`server with software that uses the secret
`to create an
`
`encrypted instruction to provide the content to the purchaser.
`The retailer may then allow the purchaser to “fulfill” his or
`her purchase by providing an HTTP request to the purchaser
`(e.g., a POST request rendered as a hyperlink on a “receipt”
`or “confirmation” web page), where the HTTP request
`contains the address of the fulfillment site and the encrypted
`instruction. In the case of content requiring some level of
`individualization, the encrypted instruction may include the
`individualization information (e.g., the purchaser’s name,
`or, in the case of “fully individualized” content, the pur-
`chaser’s activation certificate). The fulfillment site receives
`the encrypted instruction when the purchaser clicks on the
`link, and the fulfillment site uses the shared secret to decrypt
`the instruction and provide the content in accordance there-
`with. A component object model (COM) object may be
`provided to the retailer which creates the encrypted instruc-
`tion.
`
`The fulfillment site may be organized as a fulfillment
`server plus one or more “download” servers and a content
`store. The content store stores content to be distributed to
`consumers. The fulfillment server maintains databases of
`information related to the fulfillment of content orders, such
`as the physical location of content items and the secret (e.g.,
`the cryptographic key) necessary to decrypt
`instructions
`received from the retailer. The download servers perform the
`actual downloading of content to consumers/purchasers of
`the content, as well as any preparation of the content that is
`necessary to meet the protection requirements associated
`with the content (e.g., the download server may perform
`individualization of the content). Each download server may
`have a cache, where the download server obtains a copy of
`a content item from the content store (in accordance with the
`location specified in the fulfillment server database) the first
`time that download server is called upon to process a
`download of that item, where the download server stores the
`item in the cache for future downloads. The cache may have
`limits associated therewith, and it may expire items out of
`the cache based on an algorithm such as a “least recently
`used” algorithm. The download server may also provide
`information regarding the downloads that it processes to the
`fulfillment server for entry into a log. The download server
`may provide this information in the form of messages
`through an asynchronous messaging, such as MICROSOFT
`MESSAGE QUEUE (MSMQ). The fulfillment server may
`store the information in a “logging database.” Additionally,
`when updates to information stored on the fulfillment server
`are made which affect the content item stored in the cache,
`the fulfillment server may use the messaging service to send
`messages to the various download servers indicating that the
`item should be invalidated in the download server caches.
`Other features of the invention are described below.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The foregoing summary, as well as the following detailed
`description, is better understood when read in conjunction
`with the appended drawings. For the purpose of illustrating
`the invention,
`like references numerals represent similar
`parts throughout the several views of the drawings, it being
`understood, however, that the invention is not limited to the
`specific methods and instrumentalities disclosed.
`In the
`drawings:
`FIG. 1 is an exemplary electronic book (eBook) title file
`format;
`FIG. 2 is a block diagram showing an exemplary com-
`puting environment in which aspects of the present inven-
`tion may be implemented;
`FIG. 3 is a block diagram of an embodiment of a first
`server architecture implementing aspects of a digital rights
`management system in accordance with the invention;
`FIG. 4 is a block diagram of an embodiment of a second
`server architecture implementing aspects of a digital rights
`management system in accordance with the invention;
`FIG. 5 is a block diagram illustrating certain interactions
`within a content provider server in accordance with aspects
`of the invention;
`FIG. 6 is a block diagram showing components of an
`asynchronous fulfillment pipeline in accordance with
`aspects of the invention;
`FIG. 7 is a flow diagram illustrating the process of
`generating a license in accordance with aspects of the
`invention;
`FIG. 8 is a flow diagram illustrating a client reader
`activation process in accordance with aspects of the inven-
`tion; and
`FIGS. 9 and 10 are flow and block diagrams illustrating
`an eCommerce flow in accordance with aspects of the
`invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`The present invention is directed to a system for process-
`ing and delivery of electronic content wherein the content
`may be protected at multiple levels. Apreferred embodiment
`of the invention is described, which is directed to the
`processing and delivery of electronic books, however, the
`invention is not limited to electronic books and may include
`all digital content such as video, audio, software
`executables, data, etc.
`
`Overview
`
`The success of the electronic book industry will undoubt-
`edly require providing the existing book-buying public with
`an appealing, secure, and familiar experience to acquire all
`sorts of textual material. This material may include “free” or
`low-cost material
`requiring little copy protection,
`to
`“premium-quality” electronic book titles (herein “eBooks”)
`requiring comprehensive rights protection.
`In order
`to
`enable a smooth transition from the current distribution and
`
`retail model for printed books into an electronic distribution
`system, an infrastructure must exist to ensure a high level of
`copy protection for those publications that demand it, while
`supporting the distribution of tides that require lower levels
`of protection.
`The Digital Rights Management (DRM) and Digital Asset
`Server (DAS) systems of the present invention advanta-
`geously provides such an infrastructure. The present inven-
`
`EWS-OO6206
`
`EWS-006206
`
`

`

`US 6,891,953 B1
`
`5
`tion makes purchasing an eBook more desirable than “steal-
`ing” (e.g., making an unauthorized copy of) an eBook. The
`non-intrusive DRM system minimizes piracy risk, while
`increasing the likelihood that any piracy will be offset by
`increased sales/distribution of books in the form of eBooks.
`In addition, the present invention provides retailers with a
`system that can be rapidly deployed at a low-cost.
`The primary users of the DRM System are publishers and
`retailers, who use and/or deploy the DRM System to ensure
`legitimacy of the content sold as well as copy protection.
`Exemplary users of the DRM System may be the traditional
`publisher,
`the “leading edge” publisher, and the “hungry
`author.” The traditional publisher is likely to be concerned
`about losing revenue from their printed book publishing
`operation to eBook piracy. The leading edge publisher is not
`necessarily concerned with isolated incidents of piracy and
`may appreciate that eBooks commerce will be most suc-
`cessful in a system where consumers develop habits of
`purchase. Meanwhile, the hungry author, who would like to
`collect money for the sale of his or her works,
`is more
`interested in attribution (e.g.,
`that the author’s name be
`permanently bound to the work).
`As will be described in greater detail below, the DRM
`System of the present invention accomplishes its goals by
`protecting works, while enabling their rightful use by
`consumers, by supporting various “levels” of protection. At
`the lowest
`level (“Level 1”),
`the content source and/or
`provider may choose no protection via unsigned and
`unsealed (clear-text) eBooks that do not include a license. A
`next
`level of protection (“Level 2”) is “source sealed,”
`which means that the content has been encrypted and sealed
`with a key, where the seal is made using a cryptographic
`hash of the eBook’s title’s meta-data (see below) and the key
`is necessary to decrypt the content. Source sealing guards
`against tampering with the content or its accompanying
`meta-data after the title has been sealed, since any change to
`the meta-data will render the title unusable; however, source
`sealing does not guarantee authenticity of the a copy of the
`title (i.e., source sealing does not provide a mechanism to
`distinguish legitimate copies from unauthorized copies). In
`the case of the “hungry author,” the author’s name may be
`included in the meta-data for permanent binding to the
`content, thereby satisfying the “hungry author’s” goal of
`attribution. A next level of protection (“Level 3”) is “indi-
`vidually sealed” (or “inscribed”). An “individually sealed”
`title is an eBook whose meta-data includes information
`
`related to the legitimate purchaser (e.g., the user’s name or
`credit card number, the transaction ID or receipt number
`from the purchase transaction, etc.), such that this informa-
`tion is cryptographically bound to the content when the title
`is sealed. This level of protection discourages people from
`distributing copies of the title, since it would be easy to
`detect the origin of an unauthorized copy (and any change to
`the meta-data,
`including the information related to the
`purchaser, would make it impossible, or at least improbable,
`that the necessary decryption key could be unsealed).
`The next
`level of protection (“Level 4”)
`is “source
`signed.” Source signed eBooks are titles that can be authen-
`ticated by a “reader” (which, as more particularly discussed
`below,
`is a user application that enables the reading of
`eBooks on a computing device, such as a PC, a laptop, a
`Personal Digital Assistant (PDA), PocketPC, or a purpose-
`built reading device). Authenticity may preferably be
`defined in three varieties: “tool signed,” which guarantees
`that the eBook title was generated by a trusted conversion
`and encryption tool; “owner signed,” which is a tool signed
`eBook that also guarantees the authenticity of the content in
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`
`the owner may be the author or other
`the copy (e.g.,
`copyright holder); and “provider signed,” which is a tool
`signed eBook that attests to the authenticity of its provider
`(e.g., the publisher or retailer of the content). The “tool,” the
`owner, and the provider may each have their own asymmet-
`ric key pair to facilitate the creation and validation of digital
`signatures of the information. A title may be both provider
`signed and source signed, which facilitates authentication of
`the distribution channel of the title (e.g., through a signature
`chain in the copy). The strongest level of protection is “fully
`individualized” or “owner exclusive” (“Level 5”). “Fully
`individualized” titles can only be opened by authenticated
`reader applications that are “activated” for a particular user,
`thereby protecting against porting of a title from one per-
`son’s reader (or readers) to a reader that is not registered to
`that person. In order for the reader of the present invention
`to open a title protected at Level 5, the Reader must be
`“activated” (i.e., the device on which the reader resides must
`have an activation certificate for a particular persona, and a
`secure repository). The process of activation is described in
`greater detail below with reference to FIG. 8.
`The systems of the present
`invention also define an
`architecture for sharing information between a reader, a
`content provider and a content source, how that information
`is used to “seal” titles at the various levels, and how that
`information must be structured. The availability of these
`choices will enable content sources to pick and choose
`which content will be sold to what users and using what
`protection (if any). The particular information may be used
`to sign and/or seal titles for use by a reader, and a compatible
`reader (which,
`in the case of level 5, may be a reader
`activated for a particular persona) may unseal the title and
`enable reading of the eBook.
`eBook File Structure
`
`The DRM system of the present invention protects con-
`tent by incorporating it
`in a file structure, such as the
`exemplary structure shown in FIG. 1. Referring to FIG. 1,
`eBook 10 contains content 16, which is text such as a book
`(or any electronic content) that has been encrypted by a key
`(the “content key”), which itself has been encrypted and/or
`sealed. In a preferred embodiment, the key is a symmetric
`key 14A that is sealed with a cryptographic hash of meta-
`data 12 or, in the case of level 5 titles, with the public key
`of the user’s activation certificate. This key is stored either
`as a separate stream in a sub-storage section of the eBook
`file (DRM Storage 14in the diagram) or, in the case of level
`5 titles, in the license. (In the case of level 5 titles, instead
`of storing the content key as a separate stream, stream 14A
`contains a license, which is a construct that defines the rights
`that the user can exercise upon purchase of the title. In titles
`that have a license, the content key is contained within the
`license.). Also included in the DRM storage 14 are the
`source stream 14B, which may include the name of the
`publisher (or other content source), as well as the bookplate
`stream 14C, which, for individually sealed (level 3 and/or
`level 5) titles, includes the consumer’s name as provided by
`the retailer (which may, for example, be obtained as part of
`the commercial transaction of purchasing an eBook 10, such
`as from the consumer’s credit card information). The
`method of calculating the cryptographic hash that encrypts
`and/or seals the symmetric key 14C (or the method of using
`such cryptographic hash to seal the key) is preferably a
`“secret” known only to trusted content preparation tools and
`trusted rendering applications. Using a hash in this way may
`complicate/discourage tampering with the meta-data 12 con-
`tained with the eBook 10. It is noted that any method may
`
`EWS-OO6207
`
`EWS-006207
`
`

`

`US 6,891,953 B1
`
`7
`be used to “seal” an eBook, so