|
|
|
Including remote charge determination or related payment system |
Trusted and secure techniques, systems and methods for item delivery and execution6185683
Abstract
Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, "trusted" virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).
Claims
What is claimed is:
1. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
a second secure container, the second secure container containing audit information; and
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
2. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted; the first secure container having been received from a second apparatus;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item, the first secure container rule, the first secure container rule having been received from a third apparatus different from said second apparatus; and
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
3. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
a second secure container containing a digital certificate;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
4. A system as in claim 3, said memory storing a rule associated with said second secure container, said rule associated with said second secure container at least in part governing at least one aspect of access to or use of said digital certificate.
5. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing,
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
a second secure container containing a digital signature, the second secure container being different from said first secure container;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
6. A system as in claim 5, said memory storing a rule at least in part governing an aspect of access to or use of said digital signature.
7. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure econainer governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including receipt information;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
8. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including usage information;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
9. A system as in claim 8, said usage information including information at least in part identifying usage of said governed item.
10. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including an image designed to allow for visual recognition of said seal;
hardware or software used for receiving and opening secure containers, and secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said firs apparatus, said protected processing environment including hardware or software used for applying said first rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
11. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including encoded information;
hardware or software used for receiving an opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
12. A system as in claim 11, said encoded information being steganographically encoded in said seal.
13. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including (a) a representation of an aspect of said governed item, said representation including a hash of at least a portion of said governed item after normalization of said portion, and (b) a item value;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
14. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including encrypted information;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure econatiner rule in combination to at least in part govern at least one aspect of access or to use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
15. A system as in claim 14, said encrypted information being encrypted, at least in part, using a key from a public/private key pair.
16. A system as in claim 15, said encryption key belonging to an individual or entity responsible at least in part for a transmission of said first secure container governed item.
17. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal including an error correction code derived from at least a portion of said first secure container governed item;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
18. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic seal stored in a secure container;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
19. A system as in claim 18, said secure container in which said electronic seal is stored being a second secure container, different from said first secure container.
20. A system as in claim 19, said memory storing a rule at least in part governing at least one aspect of access to or use of said electronic seal.
21. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item; and
an electronic fingerprint stored in a second secure container, different from said first secure container;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
22. A system including:
a first apparatus including,
user controls,
a communications port,
a processor,
a memory storing:
a first secure container containing a governed item, the first secure container governed item being at least in part encrypted, the first secure container governed item including steganographically encoded information including a first portion encoded using a first steganographic encoding technique and a second portion encoded using a second steganographic encoding technique;
a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item;
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses.
23. A system as in claim 22, in which said first steganographic encoding technique provides a higher degree of security than said second steganographic encoding technique.
24. A system as in claim 23, in which at least a portion of said steganographically encoded information is encrypted.
25. A system as in claim 24, in which said first portion is encrypted using a first technique which differs in at least one respect from a second encryption technique used for encryption of said second portion.
26. A system as in claim 25, in which said encryption techniques differ in at least the key used for each technique.
27. A system as in claim 25, in which said encryption techniques differ in the strength of encryption used.
28. A system including;
a first apparatus including;
user controls,
a communications port,
a processor,
a memory containing a first rule,
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said protected processing environment including hardware or software used for applying said first rule and a secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item; and
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses; and
a second apparatus including:
user controls,
a communications port,
a processor,
a memory containing a second rule,
hardware or software used for receiving and opening secure containers, said secure containers each including the capacity to contain a governed item, a secure container rule being associated with each of said secure containers;
a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus, said protected processing environment including hardware or software used for applying said second rule and a secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item;
hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses; and
an electronic intermediary, said intermediary including a user rights authority clearinghouse.
29. A system as in claim 28, said user rights authority clearinghouse operatively connected to make rights available to users.
30. A method of securely delivery an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including:
registering a first rule associated with said first apparatus or a user of said first apparatus;
establishing the identity of a user of said first apparatus; and
at least partially integrating a rule with a user application, including altering the user interface of said user application;
(b) specifying information to be used in said delivery, said information including:
an address of a recipient of said item,
delivery information,
receipt information,
authentication information,
a rule to at least in part govern at least one access to or use of said item once delivered;
(c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule; and
(d) transmitting said secure electronic container to a second apparatus.
31. A method as in claim 30, in which said alteration includes adding at least one option to a menu of user options provided by said user application.
32. A method as in claim 30, in which said alteration includes altering the functionality of at least one user-selectable option.
33. A method of securely delivering an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initializing including:
registering a first rule associated with said first apparatus or a user of said first apparatus; and
establishing the identity of a user of said first apparatus;
(b) specifying information to be used in said delivery, said information including:
an address of a recipient of said item,
delivery information,
receipt information,
authentication information, and
a rule to at least in part govern at least one access to or use of said item once delivered,
(c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a porting of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
(d) transmitting said secure electronic container to a second apparatus;
(e) receiving said secure electronic container at the second apparatus;
(f) said second apparatus generating a receipt following reception of said secure container; and
(g) using said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.
34. A method as in claim 33, in which said receipt generation is controlled, at least in part, by at least one rule received by said second apparatus.
35. A method as in claim 33, further including said second apparatus transmitting said receipt to another apparatus.
36. A method as in claim 35, in which said other apparatus is said first apparatus.
37. A method as in claim 36, in which said other apparatus is a third apparatus.
38. A method of securely delivering an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including:
registering a first rule associated with said first apparatus or a user of said first apparatus; and
establishing the identity of a user of said first apparatus;
(b) specifying information to be used in said delivery and providing a key associated with an intended recipient, said information including:
an address of a recipient of said item,
information at least in part identifying at least one intended recipient,
delivery information,
receipt information,
authentication information, and
a rule to at least in part govern at least one access to or use of said item once delivered;
(c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
(d) transmitting said secure electronic container to a second apparatus;
(e) receiving said secure electronic container at the second apparatus; and
(f) using said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.
39. A method of securely delivering an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including:
registering a first rule associated with said first apparatus or a user of said first apparatus; and
establishing the identity of a suer of said first apparatus;
(b) specifying information to be used in said delivery, said information including
an address of a recipient of said item,
delivery information,
receipt information,
authentication information, and
a rule to at least in part govern at least one access to or use of said item once delivered;
(c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
(d) transmitting said secure electonic container to a second apparatus;
(e) receiving said secure electronic container at the second apparatus;
(f) using said second rule to at least in part govern at least on aspect of access to or use of said item at said second apparatus; and
(g) determining the identity of a party required to make a payment relating to said delivery.
40. A method of securely delivering an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including:
registering a first rule associated with said first apparatus or a user of said first apparatus; and
establishing the identity of a user of said first apparatus;
(b) specifying information to be used in said delivery, said information including
an address of a receipt of said item,
delivery information,
receipt information,
authentication information, and
a rule to at least in part govern at least one access to or use of said item once delivered;
(c) at least in part using said protected processing environment of said first apparatus, storing said item in secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part by said first rule;
(d) said first apparatus receiving a rule, said first apparatus using said received rule to govern an aspect of said method;
(e) following said receipt in said step (d), transmitting said secure electronic container to a second apparatus;
(f) receiving said secure electronic container at the second apparatus; and
(g) using said second rule to at least in part govern an aspect of access to or use of said item at said second apparatus.
41. A method as in claim 40, in which said received rule is received from said second apparatus.
42. A method as in claim 40, in which said received rule is received from a control set archive located at a third apparatus.
43. A method of securely delivering an item, including the following steps:
(a) initializing a first apparatus, said first apparatus including a protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus, said initialization including:
registering a first rule associated with said first apparatus or a user of said first apparatus; and
establishing the identity of a user of said first apparatus;
(b) specifying information to be used in said delivery, including obtaining an address of a recipient of said item information from a third apparatus, said information including:
said recipient address,
delivery information,
receipt information,
authentication information, and
a rule to at least in part govern at least one access to or use of said item once delivered;
(c) at least in part using said protected processing environment of said first apparatus, storing said item in a secure electronic container, including encrypting at least a portion of said item, and associating a second rule with said secure electronic container, said step of storing and associating being governed at least in part under control of said first rule;
(d) transmitting said secure electronic container to a second apparatus;
(e) receiving said secure electronic container at the second apparatus; and
(f) using at least said second rule to at least in part govern at least one aspect of access to or use of said item at said second apparatus.
44. A method as in claim 43, in which said third apparatus includes a secure directory service from which said recipient address information is obtained.
45. A method of securely delivering an item, including the following steps:
steganographically encoding information in an electronic seal, using a first steganographic technique to encode a first portion of said encoded information, and using a second steganographic technique to encode a second portion of said encoded information;
associating said electronic seal with said item;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing enviormnment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said rule and by a second rule present at said intended recipient's site.
46. A method as in claim 45, in which said first steganographic technique is more secure in one respect than said second steganographic technique.
47. A method as in claim 46, in which said first steganographic technique uses a first encryption key and said second steganographic technique uses a second encryption key different from said first encryption key.
48. A method of securely delivering an item, including the following steps:
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
steganographically encoding information in an electronic seal, at least a portion of said steganographically encoded information being encrypted;
associating said electronic seal with said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
49. A method of securely delivering an item, including the following steps:
creating a hash value representing an aspect of said item;
encrypting said hash value;
associating said hash value with an electronic seal;
associating said electronic seal with said item;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
50. A method as in claim 49, in which said hash value encryption is performed at least in part using a private key of at least one transmitter of said item.
51. A method of securely delivering an item, including the following steps:
associating a digital signature with said item, said digital signature having associated a rule, said digital signature rule requiring connection to a remote server prior to a use of said digital signature;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
52. A method of securely delivering an item, including the following steps:
receiving a digital signature from a remote site, said remote site including a secure director;
embedding said digital signature in said item,
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
53. A method of securely delivering an item, including the following steps:
receiving a digital signature in a secure electronic container;
embedding said digital signature in said item;
incorporating said item into a secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
54. A method of securely delivering an item, including the following steps:
associating a digital signature with said item, said digital signature including a digital image representation of a handwritten signature of a user associated with said digital signature;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
55. A method as in claim 54, further including capturing said digital image representation, said capturing including said user associated with said digital signature using an input device to store a representation of said user's handwritten signature.
56. A method of securely delivering an item, including the following steps:
performing an authentication step;
associating a digital signature with said item;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
57. A method as in claim 56, in which said authentication step includes authenticating a suer associated with said digital signature.
58. A method as in claim 57, in which said user associated with said digital signature is at least in part responsible for said transmission of said digital item to said intended recipient.
59. A method of securely delivering an item, including the following step:
associating an electronic fingerprint with said item, said electronic fingerprint containing a cryptographic key;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
60. A method as in claim 59, in which said cryptographic key constitutes a public key associated with a transmitter of said item.
61. A method as in claim 59, further including using said public key to perform at least one decryption, said decryption being performed by a recipient of said item.
62. A method of securely delivering an item, including the following steps:
associating an electronic fingerprint with said item, said electronic fingerprint container the date of transmission of said item;
incorporating said item into a first secure electronic container, said item being at least in part encrypted while in said container, said incorporation occurring in an apparatus containing a first protected processing environment, said protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
in said first protected processing environment, associating a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
authenticating an intended recipient of said item;
transmitting said first secure electronic container and said first rule to said intended recipient; and
using a second protected processing environment, providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule and by a second rule present at said intended recipient's site.
63. A method of securely delivering an item, including the following steps:
incorporating said item into a first secure electronic container;
associated a first rule with said first secure electronic container, said first rule at least in part governing at least one aspect of access to or use of said item;
providing an address for at least one intended recipient of said item;
transmitting said first secure electronic container and said first rule to an apparatus associated with said intended recipient, said apparatus already storing a second rule, said apparatus including a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said apparatus;
providing said intended recipient access to at least a portion of said item, said access being governed at least in part by said first rule, said governance at least in part using said protected processing environment; and
generating a first digital receipt documenting at least one aspect of said transmission, said generation being governed at least in part by said first rule and by said second rule, said generation occurring at least in part in said protected processing environment.
64. A method as in claim 63, further including selecting a delivery option prior to said transmission step.
65. A method as in claim 64, in which said selected delivery option constitutes direct delivery.
66. A method as in claim 63, in which said selected delivery option constitutes store and forward.
67. A method as in claim 64, in which said selected delivery option constitutes proxy delivery.
68. A method as in claim 63, further including selecting an authentication option prior to said transmission step.
69. A method as in claim 68, in which said selection includes selecting a type of authentication to be used.
70. A method as in claim 63, further including selecting at least one integrity guarantee option prior to said transmission step.
71. A method as in claim 70, in which at least one of said selected integrity guarantee option(s) includes an option relating to a digital signature.
72. A method as in claim 71, in which at least one of said selected integrity guarantee option(s) includes an option relating to an electronic seal.
73. A method as in claim 72, in which said electronic seal is associated with a sender of said item.
74. A method as in claim 63, further including selecting at least one privacy option prior to said transmission step.
75. A method as in claim 74, in which said privacy option at least in part governs the extent to which the recipient of said item will be provided with information relating to the identity or location of the sender of said item.
76. A method as in claim 63, further including selecting at least one use option prior to said transmission step.
77. A method as in claim 76, in which said use option relates to whether and/or to what extent said item may be modified following transmission.
78. A method as in claim 63, further including selecting at least one receipt option prior to said transmission step.
79. A method as in claim 78, in which at least one of said selected receipt options requires that said digital receipt be electronically sent to the sender of said item following receipt of said item by the intended recipient.
80. A method as in claim 78, in which at least one of said selected receipt options requires that a digital receipt be electronically sent to a trusted intermediary following receipt of said item by the intended recipient.
81. A method as in claim 63, further including authenticating said intended recipient, said authentication occurring before said step of providing access to said recipient.
82. A method as in claim 81, in which said recipient authentication step includes presentation of at least some information from a digital certificate associated with said recipient.
83. A method as in claim 81, in which said recipient authentication step includes:
said recipient entering a password; and
said password being compared to an expected value.
84. A method as in claim 81, in which said recipient authentication step includes the presentation and evaluation of biometric information associated with said recipient.
85. A method as in claim 84, in which said recipient authentication step includes:
presenting at least one smart card;
accessing information from said smart card; and
comparing said accessed information to expected information.
86. A method as in claim 85, in which said information accessed from said smart card includes information from at least one digital certificate.
87. A method as in claim 81, in which said recipient authentication step includes:
receiving a digital certificate associated with an intended recipient of said item;
comparing said digital certificate to an expected value;
receiving biometric information associated with an intended recipient of said item; and
comparing said biometric information with an expected value.
88. A method as in claim 63, further including calculation of at least one price associated with delivery of said item.
89. A method as in clam 88, in which said price is calculated at least in part based on the size of said item.
90. A method as in claim 88, in which said price is calculated at least in part based on the number of items delivered.
91. A method as in claim 88, further including providing at least one payment.
92. A method as in claim 63, in which said first rule is transmitted to said recipient apparatus separately from said transmission of said first secure container containing said item.
93. A method as in claim 63, further including said recipient apparatus obtaining and registering said first rule.
94. A method as in claim 63, further including said recipient apparatus authenticating said received item.
95. A method as in claim 94, in which said recipient apparatus authentication of said received item includes checking at least one digital signature.
96. A method as in claim 94, in which said recipient apparatus authentication of said received item includes checking at least one electronic seal.
97. A method as in claim 96, in which said electronic seal checking step includes decrypting information contained in or associated with said electronic seal.
98. A method as in claim 94, in which said recipient apparatus authentication of said received item includes comparing at least one value to a value received from a trusted intermediary.
99. A method as in claim 95, further including said recipient apparatus associating certain information with said item following said item authentication step.
100. A method as in claim 99, in which said certain information includes a electronic fingerprint.
101. A method as in claim 100, in which said electronic fingerprint includes information at least in part identifying said intended recipient and/or said recipient apparatus.
102. A method as in claim 101, in which said electronic fingerprint includes information at least in part identifying at least one access to or use of said item at said recipient apparatus.
103. A method as in claim 63, further including:
said recipient apparatus transmitting said first digital receipt to another apparatus, and
said intended recipient retransmitting at least a portion of said item to a second recipient, said retransmission being governed at least in part by said first rule.
104. A method as in claim 103, in which said first rule requires the transmission of a second digital receipt in connection with said retransmission.
105. A method as in claim 104, further including transmitting said second digital receipt to at least one apparatus to which said first receipt was transmitted.
106. A method as in claim 63, further including:
generating audit information relating to said transmission, and reporting said audit information.
107. A method of providing trusted intermediary services including the following steps:
providing a secure communications node on a first network, said secure communications node being connected to said first network and to a second network;
receiving a first item from a node on said first network;
incorporating said first item into a first secure digital container;
associated at least one rule with said first secure digital container, said first rule at least in part governing at least one aspect of access to or use of said first item;
associating authentication information with said first item,
transmitting said first secure digital container to an intended recipient of said first item, said intended recipient being located at a node on said second network,
receiving a second secure digital container and a second rule from said second network node,
removing a second item from said second secure digital container, said removal at least in part occurring under the control of said second rule, and
transmitting said second item to said first network node.
108. A method as in claim 107, in which said second network is a publicly accessible network.
109. A method as in claim 108, in which said second network is the internet.
110. A method as in claim 109, in which said authentication association step further includes associating a digital signature with said first item.
111. A method as in claim 110, in which said digital signature includes information at least in part identifying a provider of trusted intermediary services.
112. A method as in claim 107, in which said authentication association step further includes associating hash information with said first item.
113. A method as in claim 112, further including preparing said hash information by applying at least one hash algorithm to at least a portion of said first item.
114. A method as in claim 107, in which said authentication association step further includes associating at least one electronic seal with said first item.
115. A method as in claim 107, in which said authentication association step further includes associating item stamp information with said first item.
116. A method as in claim 107, further including storing information relating to said first item in an archive.
117. A method as in claim 116, in which said information relating to said first item includes at least one digital receipt relating to the transmission of said first item to said intended recipient, and further including the steps of:
said second network node receiving said transmitted first item;
said second network node generating a digital receipt;
said second network node transmitting said digital receipt to said secure communications node; and
said secure communications node storing said digital receipt in said archive.
118. A method as in claim 116, further including:
using a hashing algorithm to create a hash value representative of at least a portion of said first item; and
storing said hash value in said archive.
119. A method as in claim 116, in which said information relating to said first item includes information relating to the transmission of said first item to said intended recipient.
120. A method as in claim 107, further including storing at least one rule in a secure archive.
121. A method as in claim 120, in which said step of association of at least one rule with said first secure digital container further includes obtaining at least one rule from said secure archive.
122. A method as in claim 107, further including:
said secure communications node generating receipt information; and
said secure communications node transmitting said receipt information to said first network node.
123. A method as in claim 122, further including:
following said transmission of said first secure digital container to said intended recipient, said second network node generating information relating to said transmission;
said second network node transmitting said information relating to said transmission to said secure communications node;
said secure communications node using at least some of said information relating to said transmission in the process of preparing said receipt information.
124. A method as in claim 107, further including:
performing at least one transaction.
125. A method as in claim 124, in which the participants to said transaction include a user of said first network node and said intended recipient, and said performance step includes:
said secure communications node receiving information regarding transaction requirements of a first participant to said transaction;
said secure communications node comparing said first participant transaction requirement information to information regarding transaction requirements of a second participant to said transaction; and
said secure communications node communicating the results of said comparison to at least one of said participants.
126. A method of providing trusted intermediary services including the following steps:
at a first apparatus, receiving an item from a second apparatus;
associating authentication information with said item;
incorporating said item into a secure digital container;
associating a first rule with said secure digital container, said first rule at least in part governing at least one aspect of access to or use of said item;
transmitting said secure digital container and said first rule to a third apparatus, said third apparatus including a protected processing environment at least in part protecting information stored in said protected processing environment from tampering by a user of said third apparatus;
said third apparatus receiving said secure digital container and said first rule;
said third apparatus checking said authentication information; and
said third apparatus performing at least one action on said item, said at least one action being governed, at least in part, by said first rule and by a second rule resident at said third apparatus prior to said receipt of said secure digital container and said first rule, said action governance occurring at least in part in said protected processing environment.
127. A method as in claim 126, in which said authentication information at least in part identifies said first apparatus and/or a user of said first apparatus.
128. A method as in claim 127, in which said authentication information at least in part identifies said second apparatus and/or a suer of said second apparatus.
129. A method as in claim 128, in which said step of incorporating said item into a secure digital container includes encrypting at least a portion of said item.
130. A method as in claim 129, in which said step of said third apparatus performing at least one action includes decrypting at least a portion of said item.
131. A method as in claim 130, in which said first rule includes a key, and said step of said third apparatus decrypting at least a portion of said item includes said third apparatus gaining access to said key and using said key for at least a portion of said decryption.
Description
FIELD OF THE INVENTION(S)
These inventions relate to secure and trusted delivery of digital information. More specifically, these inventions pertain to techniques, methods and systems for providing reliable, trusted, verifiable delivery, handling, creation and/or execution of digital items such as documents, executable code (e.g., Java applets), and/or any other information capable of being represented in digital form. The present invention also relates to commercial and other electronic activities involving a trusted third party electronic go-between (such as a computer controlled process) to audit, validate, and/or direct electronic transactions, executions and/or delivery and/or to archive information representing and/or at least in part comprising securely communicated digital information.
BACKGROUND AND SUMMARY OF THE INVENTIONS
There is a great need for convenient, cost effective techniques to securely handle and deliver documents and other items. Existing methods such as express and personal couriers, registered mail, facsimile and electronic mail fulfill some of these needs but these techniques each have their problems and are deficient in important ways.
Trusted Personal Couriers
Perhaps the ultimate in secure document handling is the personal trusted courier. Many of us have seen spy films showing a trusted courier delivering documents containing state secrets. In such scenarios, the document sender places the document or other item into a lockable attache case. The sender seals and locks the case with a key or combination that only he and the recipient have. The courier handcuffs the case to his or her wrist, boards an airplane and flies to the required destination--all the while carefully guarding the attache case and its contents. Upon arriving at the destination, the courier personally delivers the case to the intended recipient. The recipient unlocks the case and retrieves its contents, all the while having a high degree of assurance that the contents have been kept secret.
The confidentiality, security and reliability provided by a personal trusted document courier has never really been matched by any other form of document delivery. Even though we sometimes might want or need the services of a personal trusted document courier, it is likely that practical reasons (such as cost and availability) require us to use less trusted forms of delivery for even our most important and confidential documents or other items. Moreover, even the trusted courier technique does not provide a reliable means of later providing how and when the information was used by the recipient and/or subsequently handled by others to whom the recipient may pass the information and what information was actually sent. This approach also cannot provide the degree of interactivity between the sender and the recipient possible in a world of near instantaneous communications, including seamlessly supporting processes related to rights management, and document creation and dissemination.
As discussed below, existing alternatives to the trusted courier are more practical and less expensive, and some offer advantages such as instantaneous communications and interactivity--but all suffer from various disadvantages.
Express Courier Services
Federal Express and other express courier services provide rapid (for example, overnight) delivery services at a relatively high degree of trustedness.
In the typical case, the sender places the items to be delivered into a special, tear resistant sealed envelope, and fills out an "air bill" that lists the sender's name, address and telephone number, and the intended recipient's name, address and telephone number. The "air bill" also lists options such as, for example, the type of delivery service required (i.e., delivery next business morning, next business afternoon, or second business day), whether the sender requires Federal Express to obtain the recipient's signature, the payment method, and a unique "tracking number" used to uniquely identify the package.
Once the package is complete and ready to send, the sender may provide it to Federal Express through a number of different methods:
the sender may take the package to a Federal Express office and personally hand it to a clerk,
the sender may drop the completed envelope in any one of many pervasive Federal Express drop off boxes, and someone will come and collect the envelopes from the boxes sometime before the end of the business day and deliver them to a Federal Express office, or
the sender can call Federal Express and arrange for a delivery person to come and pick up the package.
Federal Express maintains a fleet of aircraft that shuttle most packages to a central sorting and routing facility for subsequent dispatch to various destinations across the United States and the world. A fleet of delivery trucks deliver the packages from local airports to each recipient. At the sender's option, a delivery person may obtain a recipient's signature at the time she delivers the package--providing documentation that may later be used to prove the package was in fact received by the intended recipient or someone at his or her home or office.
Federal Express uses automated computer tracking and package handling equipment to route individual packages to their destinations. Delivery information is put into the tracking computer to allow customers and service people to automatically retrieve information about when and to whom particular packages were actually delivered, or where the package happens to be at the moment.
Federal Express and other similar document delivery services have been highly successful because they cost-effectively ensure reliable delivery of original documents and other items. Nevertheless, they do have some significant disadvantages and limitations. For example:
They are much more expensive than other delivery mechanisms at least in part because of the high labor, transportation, and infrastructure (many offices, planes, etc.) costs involved.
They do not provide the very high degree of confidentiality desired for certain confidential business or other documents.
They generally can only reliably verify that the package was delivered to the intended recipient (or his or her home or place of business)--and not that the intended recipient opened the package or read or saw or used the document.
The one (or two) day delay they introduce may be too great for time sensitive or time pressing items.
These problems are exacerbated when several individuals and/or organizations in different geographical locations are all parties to a transaction--a complex, multiparty contract, for example--and all must sign or otherwise process and/or execute one or more related documents.
Registered Mail
A relatively more secure delivery technique is registered mail. Registered mail correspondents can have a high degree of confidence that their packages will arrive at their required destinations--but may not like the time delays and additional expense associated with this special form of mail handling.
To use registered mail, the sender places her document or other items into a sealed envelope or package and takes her package to the nearest Post Office. For security, the Post Office may prohibit the use of resealable tape and mailing labels, and instead require the package to be sealed with paper tape and the address to be written directly on the package. These safeguards help to ensure that any attempts to tamper with the package or its contents will be detected.
The Post Office securely transports the registered mail package to the recipient, requiring each postal employee who accepts custody of the package along its journey to sign and time stamp a custody record. The postal carrier at the recipient's end personally delivers the package to the recipient--who also has to sign for it and may be asked to produce proof of identification. The custody record establishes a chain of custody, listing every person who has had custody of the package on its journey from sender to recipient.
As discussed above, registered mail is relatively secure and confidential but delivery takes a long time and is very labor and infrastructure intensive.
Facsimile
Facsimile is an electronic-based technology that provides virtually instantaneous document delivery. A facsimile machine typically includes a document scanner, a document printer, and electronic circuits that convert document images to and from a form in which they can be sent over a telephone line. Facsimile requires each of the sender and the intended recipient to have a facsimile machine. The sender typically places the document to be sent into a document feeder attached to a facsimile machine. The sender then typically keys in the telephone number of the intended recipient's facsimile machine and presses a "start" button. The sender's facsimile machine automatically dials and establishes contact with the recipient's facsimile machine.
Once a good connection is established, the sender's facsimile machine begins to optically scan the document one page at a time and convert it into digital information bits. The sender's facsimile machine converts the digital bits into a form that can be transmitted over a telephone line, and sends the bits to the intended recipient's facsimile machine. The sender's facsimile machine may also send as part of the document, a "header" on the top of each page stating the sender's identity, the page number of the transmission, and the transmission time. However, these headers can be changed at will by the sender and therefore cannot be trusted.
Since the recipient's facsimile machine receives the transmitted information at the same time the sender's facsimile machine is sending it, delivery is virtually instantaneous. However, sending a document to an unattended facsimile machine is an insecure location may result in the document falling into the wrong hands. Another common scenario is that the facsimile machine operator, through human error, dials the wrong telephone number and ends up delivering a confidential document to the wrong person (for example, the local grocery store down the street, or in some unfortunate cases, the opposing side of a negotiation, legal proceeding or other pitched battle). Thousands of faxes are lost every day in a "black hole"--never arriving at their desired destinations but possibly arriving at completely different destinations instead.
Some secure facsimile machines such as those used by government and military organizations, or by companies needing a significantly higher level of security provide an extra security/authentication step to ensure that the intended recipient is physically present at the receiving facsimile machine before the sender's machine will transmit the document. In addition, it is possible to use encryption to prevent the facsimile transmitted information from being understood by electronic eavesdroppers. However, such specially equipped facsimile machines tend to be very expensive and are ot generally available for common commercial facsimile traffic. Moreover, facsimile machines typically can send and receive documents only--and therefore are not very versatile. They do not, for example, handle digital items such as audio, video, multimedia, and executables, yet these are increasingly part and parcel of communications for commerce and other purposes. Thus, despite its many advantages, facsimile transmissions do not provide the very high degree of trustedness and confidence required by extremely confidential documents, nor do they provide the degree of flexibility required by modern digital communications. As with Express Courier Services and Registered Mail, faxing can only indicate that the package was delivered to the intended recipient (or his or her home or place of business)--and not that the intended recipient opened the package or read or saw or used the document.
Electronic Mail
More and more, people are using electronic mail to send documents, messages, and/or other digital items. The "Internet explosion" has connected millions of new users to the Internet. Whereas Internet electronic mail was previously restricted primarily to the academic world, most corporations and computer-savvy individuals can now correspond regularly over the Internet.
Currently, Internet electronic mail provides great advantages in terms of timeliness (nearly instantaneous delivery) and flexibility (any type of digital information can be sent), but suffers from an inherent lack of security and trustedness. Internet messages must typically pass through a number of different computers to get from sender to recipient, regardless of whether these computers are located within a single company on an "Intranet" for example, or on Internet attached computers belonging to a multitude of organizations. Unfortunately, any one of those computers can potentially intercept the message and/or keep a copy of it. Moreover, even though some of these systems have limited "return receipt" capabilities, the message carrying the receipt suffers from the same security and reliability problems as the original message.
Cryptography (a special mathematical-based technique for keeping messages secret and authenticating messages) is now beginning to be used to prevent eavesdroppers from reading intercepted messages, but the widespread use of such cryptography techniques along will not solve electronic mail's inherent lack of trustedness. These electronic mail messages, documents and other items (e.g., executable computer programs or program fragments) that might have been sent with them as "attachments," remain vulnerable to tampering and other unauthorized operations and uses once decrypted and while delivery may be reported, actual use can not be demonstrated. Some people have tried to develop "privacy enhanced" electronic mail, but prior systems have only provided limited improvements in reliability, efficiency and/or security.
The Present Invention Solve These and Other Problems
As discussed above, a wide variety of techniques are currently being used to provide secure, trusted confidential delivery of documents and other items. Unfortunately, none of these previously existing mechanisms provide truly trusted, virtually instantaneous delivery on a cost-effective, convenient basis and none provide rights management and auditing through persistent, secure, digital information protection.
In contrast, the present inventions provide the trustedness, confidentiality and security of a personal trusted courier on a virtually instantaneous and highly cost-effective basis. They provide techniques, systems and methods that can being to any form of electronic communications (including, but not limited to Internet and internal company electronic mail) an extremely high degree of trustedness, confidence and security approaching or exceeding that provided by a trusted personal courier. They also provide a wide variety of benefits that flow from rights management and secure chain of handling and control.
The present inventions preferred embodiment make use of a digital Virtual Distribution Environment (VDE) as a major portion of its operating foundation, providing unique, powerful capabilities instrumental to the development of secure, distributed transaction-based electronic commerce and digital content handling, distribution, processing, and usage management. This Virtual Distribution Environment technology can flexibly enable a wide variety of new business models and business practices while also supporting existing business models and practices.
The Virtual Distribution Environment provides comprehensive overall systems, and wide arrays of methods, techniques, structures and arrangements, that enable secure, efficient electronic commerce and rights management on the Internet and other information superhighways and on internal corporate networks such as "Intranets". The present inventions use (and in some cases, build upon and enhances) this fundamental Virtual Distribution Environment technology to provide still additional flexibility, capabilities, features and advantages. The present invention, in its preferred embodiment, is intended to be used in combination a broad array of the features described in Ginter, et al, including any combination of the following:
A. VDE chain of handling and control,
B. security trusted internodal communication,
C. secure database,
D. authentication,
E. cryptographic,
F. fingerprinting,
G. other VSE security and communication techniques,
H. rights operating system,
I. object design and secure container techniques,
J. container control structures,
K. ARPML rights and process control language,
L. electronic negotiation,
M. secure hardware, and
N. smart agent (smart object) techniques.
For example, parties using the Virtual Distribution Environment can participate in commerce and other transactions in accordance with a persistent set of rules they electronically define. Such techniques, systems and arrangements bring about an unparalleled degree of security, reliability, efficiency and flexibility to electronic commerce, electronic rights management and other important business models. The present inventions make use of these persistent electronic rules to provide secure, automated, cost-effective electronic control for electronic document and other digital item handling and/or delivery, and for the electronic formation and negotiation of legal contracts and other documents.
By way of non-exhaustive summary, these present inventions provide a highly secure and trusted item delivery and agreement execution services providing the following features and functions:
Trustedness and security approaching or exceeding that of a personal trusted courier.
Instant or nearly instant delivery.
Optional delayed delivery ("store and forward").
Broadcasting to multiple parties.
Highly cost effective.
Trusted validation of item contents and delivery.
Value Added Delivery and other features selectable by the sender and/or recipient.
Provides electronic transmission trusted auditing and validating.
Allows people to communicate quickly, securely, and confidentially.
Communications can later be proved through reliable evidence of the communications transaction--providing non-repudiatable, certain, admissible proof that a particular communications transaction occurred.
Provides non-repudiation of use and may record specific forms of use such as viewing, editing, extracting, copying, redistributing (including to what one or more parties), and/or saving.
Supports persistent rights and rules based document workflow management at recipient sites.
System may operate on the Internet, on internal organization and/or corporate networks ("intranets" irrespective of whether they use or offer Internet services internally), private data networks and/or using any other form of electronic communications.
System may operate in non-networked and/or intermittently networked environments.
Legal contract execution can be performed in real time, with or without face to face or ear-to-ear personal interactions (such as audiovisual teleconferencing, automated electronic negotiations, or any combination of such interactions) for any number of distributed individuals and/or organizations using any mixture of interactions.
The items delivered and/or processed may be any "object" in digital format, including, but not limited to, objects containing or representing data types such as text, images, video, linear motion pictures in digital format, sound recordings and other audio information, computer software, smart agents, multimedia, and/or objects any combination of two or more data types contained within or representing a single compound object.
Content (executables for example) delivered with proof of delivery and/or execution or other use.
Secure electronic containers can be delivered. The containers can maintain control, audit, receipt and other information and protection securely and persistently in association with one or more items.
Trustedness provides non-repudiation for legal and other transactions.
Can handle and send any digital information (for example, analog or digital information representing text, graphics, movies, animation, images, video, digital linear motion pictures, sound and sound recordings, still images, software computer programs or program fragments, executables, data, and including multiple, independent pieces of text; sound clips, software for interpreting and presenting other elements of content, and anything else that is electronically representable).
Provides automatic electronic mechanisms that associate transactions automatically with other transactions.
System can automatically insert or embed a variety of visible or invisible "signatures" such as images of handwritten signatures, seals, and electronic "fingerprints" indicating who has "touched" (used or other interacted with in any monitorable manner) the item.
System can affix visible seals on printed items such as documents for use both in encoding receipt and other receipt and/or usage related information and for establishing a visible presence and impact regarding the authenticity, and ease of checking the authenticity, of the item.
Seals can indicate who originated, sent, received, previously received and redistributed, electronicallyview, and/or printed and/or otherwise used the item.
Seals can encode digital signatures and validation information providing time, location, send and/or other information and/or providing means for item authentication and integrity check.
Scanning and decoding of item seals can provide authenticity/integrity check of entire item(s) or part of an item (e.g., based on number of words, format, layout, image--picture and/or test--composition, etc.).
Seals can be used to automatically associate electronic control sets for use in further item handling.
System can hide additional information within the item using "stenanography" for later retrieval and analysis.
Steganography can be used to encode electronic fingerprints and/or other information into an item to prevent deletion.
Multiple stenanographic storage of the same fingerprint information may be employed reflecting "more" public and "less" public modes so that a less restricted steganographic mode (different encryption algorithm, keys, and/or embedding techniques) can be used to assist easy recognition by an authorized party and a more private (confidential) mode may be readable by only a few parties (or only one party) and comprise of the less restricted mode may not affect the security of the more private mode.
Items such as documents can be electronically, optically scanned at the sender's end--and printed out in original, printed form at the recipient's end.
Document handlers and processors can integrate document scanning and delivery.
Can be directly integrated into enterprise and Internet (and similar network) wide document workflow systems and applications.
Secure, tamper-resistant electronic appliance, which may employ VDE SPUs, used to handle items at both sender and recipient ends.
"Original" item(s) can automatically be destroyed at the sender's end and reconstituted at the recipient's end to prevent two originals from existing simultaneously.
Secure, non-repudiable authentication of the identification of a recipient before delivery using any number of different authentication techniques including but not limited to biometric techniques (such as palm print scan, signature scan, voice scan, retina scan, iris scan, biometric fingerprint and/or handprint scan, and/or face profile) and/or presentation of a secure identity "token."
Non-repudiation provided through secure authentication used to condition events (e.g., a signature is affixed onto a document only if the system securely authenticates the sender and her intention to agree to its contents).
Variety of return receipt options including but not limited to a receipt indicating who opened a document, when, where, and the disposition of the document (stored, redistributed, copied, etc.). These receipts can later be used in legal proceedings and/or other contexts to prove item delivery, receipt and/or knowledge.
Audit, receipt, and other information can be delivered independently from item delivery, and become securely associated with an item within a protected processing environment.
Secure electronic controls can specify how an item is to be processed or otherwise handled (e.g., document can't be modified, can be distributed only to specified persons, collections of persons, organizations, can be edited only by certain persons and/or in certain manners, can only be viewed and will be "destroyed" after a certain elapse of time or real time or after a certain number of handlings, etc.)
Persistent secure electronic controls can continue to supervise item workflow even after it has been received and "read."
Use of secure electronic containers to transport items provides an unprecedented degree of security, trustedness and flexibility.
Secure controls can be used in conjunction with digital electronic certificates certifying as to identity, class (age, organization membership, jurisdiction, etc.) of the sender and/or receiver and/or user of communicated information.
Efficiently handles payment and electronic addressing arrangements through use of support and administrative services such as a Distributed Commerce Utility as more fully described in the copending Shear, et al. application.
Compatible with use of smart cards, including, for example, VDE enabled smart cards, for secure personal identification and/or for payment.
Transactions may be one or more component transactions of any distributed chain of handling and control process including Electronic Data Interchange (EDI) system, electronic trading system, document workflow sequence, and banking and other financial communication sequences, etc.
The present inventions also provide for the use of a trusted third party electronic go-between or intermediary in various forms, including the "virtual presence" of such go-between through the rules and controls it contributes for distributed governance of transactions described in the present invention, and further through the use of a distributed, go-between system operating in on-line and/or off-line modes at various user and/or go-between sites. Such a trusted third-party go-between can provide enhanced and automated functionality, features and other advantages such as, for example:
Third party go-between can provide an independent, objective third party assurance of item authenticity, integrity, delivery and/or other action and/or events.
Third party go-between can support non-repudiation of items having legal and/or other important consequences.
Third-party go-between can perform auditing, notarizing, authentication, integrity checking, archiving, routing, distributed chain of handling and control processing, and/or other processing.
Third party can provide store and forward capabilities.
Trusted go-between can supervise execution of legal items such as documents--ensuring that all required conditions are satisfied and that all parties agree before permitting a document to be executed and informing parties of any as-yet-unsatisfied requirements and allow parties to view completed documents on-screen and/or in printed form with "draft, not enforceable" or the like printed on the pages, before final agreement to commit. Actual execution (closing) occurs, for example, as the third party system verifies final, electronically asserted agreement and execution by all parties. Such "atomic" transactions are especially useful in supporting "closings" or the like.
Third party go-between can securely audit, manage, supervise, and/or control automated electronic negotiations, contract agreement, contract execution, contract notariziation, and/or archiving of contracts, notarized contracts, and/or at least one VDE control set utilized in an electronic negotiation regardless whether or not that negotiation resulted in an executed contract, and regardless of whether or not the entire negotiation was conducted by electronic means.
Secure electronic controls can direct tasks to be performed by the third party go-between.
Third party go-between can provide a digital time stamp service to certify that a certain version of a certain document existed and was delivered to it at a certain day and time.
Third party go-between can legally notarize the item(s) if desired, and can also "notarize" electronic control structures associated with the item(s).
Third party go-between can authenticate an item by, for example, opening (e.g. decrypting content) one or more containers; digitally or otherwise "signing" one or more items to indicate the third party has seen the item(s); verifying the integrity of the item(s) (e.g., using a one way hash function); affixing its own distinctive seal and/or other information to the item; generating audit information for item tracking purposes; and collecting payment based on the services it has performed.
Third party go-between can maintain a secure archive of the item(s) and/or identification/authentication information associated with the item(s) (e.g., a "one way hash" value of item contents or portions thereof). A portion or all of such archive (e.g., a "one way hash") may be stored within the affixed, visible seal applied described above.
Go-between can also serve as an archive of controls relating to certain items or item types (e.g., to allow a sender to access common controls and/or templates from any of various electronic appliances).
Secure electronic controls can provide a message digest that can be delivered to and registered by a trusted go-between as part of the object registry/archiving process.
Third party go-between can deliver item(s) to an intended recipient, or simply oversee the delivery transaction as an impartial third party observer.
Trusted go-between can deliver a copy and/or the original of an item with or without a seal affixed by the go-between.
Trusted third party go-between can maintain or exert control over an item, distributed chain of handling and control process(s), and/or other processes or workflow associated with it.
Trusted go-between can support governmental regulatory requirements by acting as a cryptographic key repository for encrypted communications; such secure communications may be accessed by governmental authorities, for example, through a warrant process to provide court or otherwise mandated access to specific communications or communications related information (e.g., for encrypted communications employing long key lengths).
Trusted go-between can act as a user rights authority clearinghouse for additional and/or alternative rights which may, for example, be available to particular classes, specific users, at a certain cost, or as specified by the sender. Trusted go-between may also mediate between sender(s) and recipient(s) in response to recipient's request for new, different and/or modified rights or sender's and/or receiver's request for third party archived information (which may require the agreement by only one, expressly either one, or both sender(s) and recipient(s).
In addition to multiple individuals and/or parties in several organizations, a trusted go-between may also provide services to parties within a single organization, thus enhancing the security, reliability, auditability, authentication, efficiency, and timeliness of secure document delivery and secure transaction facilitation within a given organization.
Trusted go-between may provide services both on public networks, such as the Internet, on internal corporate networks ("Intranets"--irrespective of whether or not they use Internet type conventions), and on private networks connecting two or more individuals and/or organizations exchanging documents and other content in digital format and/or participating together in various transactions.
A third party go-between can provide a communications switching integration. For example, a communications service provider may automatically provide the go-between services for a connection. For example, certain telephone numbers might be offered that have these services built in to the switching network, or a special dialing sequence might be used to access a communications channel with these characteristics. This can provide data links for networks, or be integrated with traditional fax lines, or even voice lines. For example, a fax transmission might be archived, have a seal inserted during transmission, and/or have a hash value stored for later reference. A voice transmission could be similarly managed. Both of these examples have the advantage of compatibility with the existing infrastructure (albeit at the cost of lacking persistent control after delivery). Using this infrastructure for data links has the added advantage of transparency.
A third party go-between can provide Transaction Authority services as described in the copending concurrently filed Ginter et al patent application
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features and advantages provided by the present invention will become better and more completely understood by studying the following detailed description of presently preferred exemplary embodiments in conjunction with the drawings, of which:
FIG. 1 illustrates an example of a "Virtual Distribution Environment";
FIG. 1A is a more detailed illustration of an example of the "Information Utility" shown in FIG. 1;
FIG. 2 illustrates an example of chain of handling and control;
FIG. 2A illustrates one example of how rules and control information may persist from one participant to another in the FIG. 2 chain of handling and control;
FIG. 3 shows one example of different control information that may be provided;
FIG. 4 illustrates examples of some different types of rules and/or control information;
FIGS. 5A and 5B show an example of an "object";
FIG. 6 shows an example of a Secure Processing Unit ("SPU");
FIG. 7 shows an example of an electronic appliance;
FIG. 8 is a more detailed block diagram of an example of the electronic appliance shown in FIG. 7;
FIG. 9 is a detailed view of an example of the Secure Processing Unit (SPU) shown in FIGS. 6 and 8;
FIG. 10 shows an example of a "Rights Operating System" ("ROS") architecture provided by the Virtual Distribution Environment;
FIGS. 11A-11C show examples of functional relationship(s) between applications and the Rights Operating System;
FIGS. 11D-11J show examples of "components" and "component assemblies";
FIG. 12 is a more detailed diagram of an example of the Rights Operating System shown in FIG. 10;
FIG. 12A shows an example of how "objects" can be created;
FIG. 13 is a detailed block diagram of an example the software architecture for a "protected processing environment" shown in FIG. 12;
FIGS. 14A-14C are examples of SPU memory maps provided by the protected processing environment shown in FIG. 13;
FIG. 15 illustrates an example of how the channel services manager and load module execution manager of FIG. 13 can support a channel;
FIG. 15A is an example of a channel header and channel detail records shown in FIG. 15;
FIG. 15B is a flowchart of an example of program control steps that may be performed by the FIG. 13 protected processing environment to create a channel;
FIG. 16 is a block diagram of an example of a secure data base structure;
FIG. 17 is an illustration of an example of a logical object structure;
FIG. 18 shows an example of a stationary object structure;
FIG. 19 shows an example of a traveling object structure;
FIG. 20 shows an example of a content object structure;
FIG. 21 shows an example of an administrative object structure;
FIG. 22 shows an example of a method core structure;
FIG. 23 shows an example of a load module structure;
FIG. 24 shows an example of a User Data Element (UDE) and/or Method Data Element (MDE) structure;
FIGS. 25A-25C show examples of "map meters";
FIG. 26 shows an example of a permissions record (PERC) structure;
FIGS. 26A and 26B together show a more detailed example of a permissions record structure;
FIG. 27 shows an example of a shipping table structure;
FIG. 28 shows an example of a receiving table structure;
FIG. 29 shows an example of an administrative event log structure;
FIG. 30 shows an example inter-relationship between and use of the object registration table, subject table and user rights table shown in FIG. 16 secure database;
FIG. 31 is a more detailed example of an object registration table shown in FIG. 16;
FIG. 32 is a more detailed example of subject table shown in FIG. 16;
FIG. 33 is a more detailed example of a user rights table shown in FIG. 16;
FIG. 34 shows a specific example of how a site record table and group record table may track portions of the secure database shown in FIG. 16;
FIG. 34A is an example of a FIG. 34 site record table structure;
FIG. 34B is an example of a FIG. 34 group record table structure;
FIG. 35 shows an example of a process for updating the secure database;
FIG. 36 shows an example of how new elements may be inserted into the FIG. 16 secure data base;
FIG. 37 shows an example of how an element of the secure database may be accessed;
FIG. 38 is a flowchart example of how to protect a secure database element;
FIG. 39 is a flowchart example of how to back up a secure database;
FIG. 40 is a flowchart example of how to recover a secure database from a backup;
FIGS. 41A-41D are a set of examples showing how a "chain of handling and control" may be enabled using "reciprocal methods";
FIGS. 42A-42D show an example of a "reciprocal" BUDGET method;
FIGS. 43A-43D show an example of a "reciprocal" REGISTER method;
FIGS. 44A-44C show an example of a "reciprocal" AUDIT method;
FIGS. 45-48 show examples of several methods being used together to control release of content or other information;
FIGS. 49, 49A-49F show an example OPEN method;
FIGS. 50, 50A-50F show an example of a READ method;
FIGS. 51, 51A-51F show an example of a WRITE method;
FIG. 52 shows an example of a CLOSE method;
FIGS. 53A-53B show an example of an EVENT method;
FIG. 53C shows an example of a BILLING method;
FIG. 54 shows an example of an ACCESS method;
FIGS. 55A-55B show examples of DECRYPT and ENCRYPT methods;
FIG. 56 shows an example of a CONTENT method;
FIGS. 57A and 57B show examples of EXTRACT and EMBED methods;
FIG. 58A shows an example of an OBSCURE method;
FIGS. 58B, 58C show examples of a ELECTRONIC FINGERPRINT method;
FIG. 59 shows an example of a DESTROY method;
FIG. 60 shows an example of a PANIC method;
FIG. 61 shows an example of a METER method;
FIG. 62 shows an example of a key "convolution" process;
FIG. 63 shows an example of how different keys may be generated using a key convolution process to determine a "true" key;
FIGS. 64 and 65 show an example of how protected processing environment keys may be initialized;
FIGS. 66 and 67 show example processes for decrypting information contained within stationary and traveling objects, respectively;
FIG. 68 shows an example of how a protected processing environment may be initialized;
FIG. 69 shows an example of how firmware may be downloaded into a protected processing environment;
FIG. 70 shows an example of multiple VDE electronic appliances connected together with a network or other communications means;
FIG. 71 shows an example of a portable VDE electronic appliance;
FIGS. 72A-72D show examples of "pop-up" displays that may be generated by the user notification and exception interface;
FIG. 73 shows an example of a "smart object";
FIG. 74 shows an example of a process using "smart objects";
FIGS. 75A-75D show examples of data structures used for electronic negotiation;
FIGS. 75E-75F show example structures relating to an electronic agreement;
FIGS. 76A-76B show examples of electronic negotiation processes;
FIG. 77 shows a further example of a chain of handling and control;
FIG. 78 shows an example of a VDE "repository";
FIGS. 79-83 show an example illustrating a chain of handling and control to evolve and transform VDE managed content and control information;
FIG. 84 shows a further example of a chain of handling and control involving several categories of VDE participants;
FIG. 85 shows a further example of a chain of distribution and handling within an organization;
FIGS. 86 and 86A show a further example of a chain of handling and control; and
FIG. 87 shows an example of a virtual silicon container model.
FIG. 88 shows an example trusted electronic delivery system;
FIG. 89 shows a detailed view of an example electronic intelligent kiosk appliance;
FIGS. 90A and 90B show example options the sender can select for electronic delivery;
FIG. 91A shows example steps to send an item;
FIG. 91B shows example steps to receive an item;
FIGS. 92 and 92A show example trusted electronic delivery providing a return receipt;
FIG. 93 shows example trusted item delivery from an intelligent kiosk to a personal computer;
FIGS. 94 & 95 show examples of trusted electronic delivery between personal computers;
FIG. 96 shows an example trusted item handling and delivery within an organization;
FIG. 97 shows an example trusted electronic document execution;
FIG. 98 shows an example multi-party electronic document execution;
FIG. 99 shows an example trusted electronic go-between;
FIG. 100 shows an example use of the trusted electronic go-between for notarizing and/or archiving;
FIG. 101 shows an example electronic legal contract execution using a trusted electronic go-between;
FIG. 101A shows an example electronic requirements list;
FIG. 101B shows an example multi-party electronic legal contract execution using a trusted electronic go-between;
FIG. 102 shows example use of trusted electronic go-betweens within and outside of organizations;
FIG. 103 illustrates an example secure object;
FIG. 104 shows example electronically-generated signatures, seals and electronic fingerprints;
FIG. 105A shows an example way of hiding information within line spacing;
FIG. 105B shows an example way of hiding information within letter spacing;
FIG. 105C shows an example electronic fingerprint;
FIGS. 106A-106C show example electronically generated seals;
FIGS. 107A and 107B show detailed electronically generated seal examples;
FIG. 108 shows an example process for creating digital information for encoding into an item or item seal;
FIG. 109 shows an example electronic appliance;
FIGS. 110-113 show example processes for securely sending an item;
FIG. 113A shows an example routing slip data structure;
FIG. 113B shows an example audit trail data structure;
FIGS. 114A-118 show example processes for securely receiving an item;
FIG. 119 shows an example architecture for a trusted electronic go-between;
FIGS. 120A-120B show example reciprocal control set usage to provide a trusted electronic go-between having secure electronic notarization capabilities;
FIG. 121 shows example steps performed by a trusted third party go-between to receive an item;
FIGS. 122 and 123 show example trusted go-between processes;
FIGS. 124A-124B and 125A-125B show example contract execution processes;
FIG. 126 shows an example automobile purchase providing electronic contract execution through a trusted electronic go-between;
FIG. 127 shows an example use of a trusted electronic go-between to provide electronic item notarization;
FIG. 128 shows an example secure item delivery with real time teleconferencing capabilities;
FIG. 129 shows a health insurance example;
FIG. 130 shows an example real estate "atomic" settlement;
FIG. 130A shows example transaction rules;
FIG. 131 shows an example judicial electronic data interchange (EDI);
FIG. 132 shows an example Patent Office automation;
FIG. 133 shows an example tax filing; and
FIG. 134 shows an example using facsimile transmission.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
The entire disclosure of the above-referenced Ginter et al. patent specification is incorporated by reference in connection with FIGS. 1-87.
FIG. 88 shows an electronic trusted delivery system 4050. In this example, sender 4052 is sending an item 4054 to a recipient 4056 over an electronic network 4058. In this example, electronic delivery over network 4058 is by way of a secure, trusted electronic delivery virtual distribution environment transport mechanism 4060 which is shown for purposes of illustration as an electronic delivery person. Delivery person 4060 is shown as a human being for purposes of illustration, but in the example is actually an automatic, trusted electronic delivery means supported and provided by virtual distribution environment 100.
Item 4054 might be a document such as a handwritten or typed letter, or it could be a legal document such as a contract. It could have both text and pictures, just text or just pictures. It could be a sound recording, a multimedia presentation, or a visual work such as a film or television program. Item 4054 could be any item or information capable of being represented in digital form. The item 4054 can be initially presented by the appliance 600 in electronic form (for example, on a diskette), or the appliance can convert it from some other form into electronic form.
Electronic delivery person 4060 receives item 4054 in digital form and places it into a secure electronic container 302--thus forming a digital "object" 300. A digital object 300 may in this case be, for example, as shown in FIGS. 5A and 5B, and may include one or more containers 302 containing item 4054. FIG. 88 illustrates secure electronic container 302 as an attache case handcuffed to the secure delivery person's wrist. Once again, container is shown as a physical thing for purposes of illustration only--in the example it is preferably electronic rather than physical, and comprises digital information having a well-defined structure (see FIG. 5A). Special mathematical techniques known as "cryptography" can be used to make electronic container 302 secure so that only intended recipient 4056 can open the container and access the electronic document (or other item) 4054 it contains.
In this example, sender 4052 sends item 4054 by supplying the document to an electronic appliance 600A. In this example, electronic appliance 600A is an intelligent electronic walk-up kiosk that may be located in a public place or on private property, such as the offices or work areas of a firm. Appliance 600A in this example has a document slot 4102 into which sender 4052 can feed item 4054. Electronic appliance 600A can automatically, optically scan the item 4054 and convert it into digital information for sending over an electronic connection or network 4058 (such as, for example, electronic highway 108 shown in FIG. 2). The item 4054 can be sent to one or many recipients specified by sender 4052.
FIG. 89 shows an example appliance 600A in the form of an intelligent walk-up kiosk. This example kiosk appliance 600A could be installed in an office building lobby, shopping mall, office supply store, or other public place for walk-up use by members of the public. It could also be installed in a location within a corporate or business office (e.g., a mail room) for use by company employees. The kiosk appliance 600A is an example. Aspects of the present invention can be used with other types of electronic appliances such as personal computers or computer workstations for example (see FIGS. 7 and 8, and 93-93C for example).
Referring to FIG. 89, the example kiosk appliance 600A can include a computer screen 4104 for displaying informational messages, and user operable controls 4106 such as push buttons for allowing sender 4052 to select between delivery options. Appliance 600 in this example may also include a card reader 4108 for reading a credit card or other kind of card provided by the sender 4052. Additionally, if desired, electronic appliance 600A may include a telephone receiver 4110 and telephone dialing keypad 4112 (or other input devices) to allow sender 4052 to get information and assistance or give additional instructions. Electronic appliance 600A may optionally include a keyboard for entering textual and other information (not shown).
Also as shown in FIG. 89, electronic appliance 600A may optionally include a video camera 4124 and may display remote video in a "window" 4126 on screen 4104 (or on an optionally separate screen not shown). Camera 4124 allows appliance 600 to take a photography of sender 4052 and/or recipient 4056. It may also allow sender 4052 and recipient 4056 to see each other in order to simultaneously authenticate each other's identity visually--and to have a "teleconference" discussion about item 4054 or other matters. The electronic appliance 600 may also have a microphone/speaker 4140 perhaps to coordinate details of the pending transaction. Appliance 600A might also include a media reader 4132 to read from a floppy diskette, smart card or other digital storage device. The appliance 600 can include, in addition, a document shredder/destroyer 4115.
Also as shown in FIGS. 88 and 89, appliance 600A in this example has a secure processing unit (SPU) 500 (see FIG. 6). SPU 500 provides a tamper-resistant protected processing environment ("PPE") in which processes and transactions can take place securely and in a trusted fashion.
FIG. 91A shows example steps for sensing an item such as item 4054. To send item 4054 to recipient 4056, sender 4052 may first press buttons 4106 and read display 4104 to select between different delivery options (see FIG. 91A, step 4090A). FIG. 90A shows some example service options, and FIG. 90B shows some more detailed delivery options. For example, sender 4052 might press a button corresponding to "delivery options," which might cause appliance 600A to display the FIG. 90A menu screen of various delivery options. These delivery options could include, for example:
receipt options ( what kind of receipt, if any, sender 4052 wishes to receive documenting delivery of item 4054 to intended recipient 4056);
integrity guarantee options (providing high levels of assurance that item 4054 was delivered in its entirety without any errors, and without any accidental or intentional modifications);
privacy options (for example, whether recipient 4056 is to know who sender 4052 is or where she has sent the document from); and
more options.
Electronic appliance 600A may also ask the user to identify intended recipient 4056 (FIG. 91A, step 4090B). Sender 4052 may select different ways to identify recipient 4056 based on the confidentiality of the document and the level of security the sender is willing to pay for. In one example, sender 4052 might require the recipient's appliance 600B to require recipient 4056 to prove that he is who he says he it. This secure "authentication" function might be met by, for example, requiring recipient 4056 to input a password, present digital proof of identity using, for example:
a digital document or "certificate" issued by a trusted third party, and/or
have appliance 600 measure a biometric characteristic of the recipient such as, for example, taking the recipient's photograph (and possibly automatically compare it with a known photograph of the recipient supplied by sender 4052 or system 4050) or using any other biometric sensing technique.
Sender 4052 may also specify the electronic address of recipient 4056, or it might let system 4050 automatically, securely and confidentially locate the recipient using a secure directory service as described in the copending Shear et al. application.
Once sender 4052 has selected the service options she desires, appliance 600 may next display a message on computer screen 4104 asking sender 4052 to insert item 4054 into document slot 102 for electronic scanning. When the sender 4052 inserts the document 4054 or other item (FIG. 91A, block 4030C), electronic appliance 600 may (if necessary) automatically, optically scan item 4054 to create an electronic, digital form of the document (using conventional optical scanning and optical character recognition technology, for example). During this scanning process, appliance 600 might display a message on computer screen 4104 such as "I am scanning your document now . . . ". Instead of feeding in a document, the sender might provide the document or other item in digital form by inserting a floppy diskette or smart card into reader 4132, or by connecting a portable computer up to port 4130 and having the portable computer "upload" the document into appliance 600.
The item 4054 to be sent need not be a document, but could be any type of item capable of being transformed into digital form such as, for example:
pictures or other graphical information;
sound information such as voice, music or both;
executable computer program or other code;
video, film or other moving image sequences;
multimedia, video games and the like;
any combination or subcombination of the above.
After appliance 600 has scanned or otherwise received the entirety of document 4054 or other item, appliance 600 may calculate and display a total price on computer screen 4104 and ask sender 4052 to pay for the service (FIG. 91A, block 4090D). The calculated price may, for example, depend in part on the size and/or number of items to be securely delivered. The appliance may then ask sender 4052 to confirm she wishes to send the document to the recipient 4056 (FIG. 91A, block 4090E). Upon receiving that confirmation (FIG. 91A, "y" exit to decision block 4090E), appliance 600 may request sender 4052 to pay, for example, by inserting her credit card into car reader 4108 as a form of payment, or it might use other payment arrangements (FIG. 9aA, block 4090F). Appliance 600 may then package the digital form of document into secure electronic container 302 and send it over electronic network 4058 for secure delivery to recipient 4056 (FIG. 91A, block 4090F). Because system 405 uses the secure "virtual distribution environment" 100, sender 4052 can have a high degree of confidence and trust that item 4054 will be usable only by intended recipient(s) 4056 and to no one else.
FIG. 91B shows example steps for receiving an item. Intended recipient 4056 may receive delivery of the document by walking up to the same or different electronic appliance intelligent kiosk 600B and operate controls 4106 instructing the appliance to deliver the document to him (FIG. 91B, block 4092A). Depending upon the delivery options sender 4052 selected, appliance 600 may require recipient 4056 to prove he is who he says he is (FIG. 91B, block 4092B). For example, appliance 600B may require recipient 4056 to provide a secret password and/or it may require the recipient to insert a special card into car reader 108. This special card may certify the identity of recipient 4056. Appliance 600B might also take the recipient's picture using camera 4124, and automatically compare the picture with a known photographic image of the recipient to see if they match. Once appliance 600 is satisfied regarding the identity of recipient 4056, it may require the recipient to pay (FIG. 91B, block 4092C)--such as for example in a "collect on delivery" model. The appliance 600 may then open the secure electronic container ("attache case") 302 and deliver the item it contains to recipient 4056 (FIG. 91B, block 4092D). For example, if the container 302 contains item 4054, prints the copy of the document, and provides the printed copy through document slot 4102. It could also give recipient 4056 a digital copy of the item 4054 (such as a document) via media drive 4132 and/or port 4130. Appliance 600B may deliver the digital copy of item 4054 within a container 302 and/or may protect the item with seals, electronic fingerprints, watermarks and/or other visible and/or hidden markings to provide a "virtual container" or some of the security or other characteristics of a container (for example, the ability to associate electronic controls with the item).
Example Electronic Delivery and Return Receipt
FIG. 92 illustrates one example delivery of item 4054 to recipient 4056. In this example, the virtual electronic delivery person 4060 demands to see a certificate or token 4064 proving that recipient 4056 is the same person sender 4052 designated to receive item 4054 (FIG. 91B, block 4092B). Recipient 4056 could provide this certificate 4064 by, for example, supplying a "smart" electronic card containing the certificate in digital form. Alternatively or in addition, if sender 4052 so required, electronic delivery person 4060 might require stronger forms of personal authentication such as, for example, a voice print, fingerprint or handprint test, identification based on other physical (biometric) characteristics such as face profile, retinal or iris patterns of the eye, or the like.
There are advantages to using multiple authentication techniques in combination. For example, a well made certificate is essentially unforgeable (which is to say, it would be easier to fabricate a electronic fingerprint carrying device, for example, than a well made certificate 4064 barring unforeseen advances in mathematics), but the trouble with certificates is the weakness of correlation between physical access (e.g., holding the card, or sitting at the appliance) and permission to use. Passwords are a weak form of authentication--that is, establishing this correlation. Biometric techniques, particularly iris and retinal scans, are stronger forms of authentication. It is possible for biometric information to be encoded in a field of a certificate 4064, and for the software controlling the card to confirm that the biometric input is consistent with the field in the certificate prior to authorizing use of the certificate or the card in general. This authentication may be limited in time (e.g., using an inactivity time out, each time the card is inserted, etc.) In addition, a transaction might require this authentication to occur simultaneous with use (rather than for an entire session, even if the card only requires one authentication per session).
After payment has been arranged (FIG. 91B, block 4092C), electronic delivery person 4060 will open secure container 302 and give recipient 4056 a printed and/or electronic copy of item 4054 only once he is satisfied--to the degree required by sender 4052--that the recipient 4056 is the correct person.
Electronic delivery person 406 may also note various information about the delivery (illustrated here by having him write the information down on a clipboard 4066, but implemented in practice by electronically storing an "audit" tr |
