|
|
|
Usage or charge determination |
Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management6658568
Abstract
The present invention provides methods and systems for secure, automated transaction processing for use in electronic commerce and electronic rights and transaction management over an electronic network such as the Internet and/or over organization internal Intranets. One exemplary system involves rule-based specification and selection of clearinghouses, and rule-based specification of user restrictions on the use of identification information.
Claims
What is claimed is:
1. A system for secure, automated transaction processing including:
a user site including a first secure environment including a processor and a secure memory,
the secure memory storing a first secure container including first governed content and having associated a first rule set, a second secure container including second governed content and having associated a second rule set, and a third rule set;
the first rule set including:
a first rule specifying a first secure, interoperable transaction processing system including a first plurality of interoperable clearinghouses, and
a second rule allowing the user to select one or more clearinghouses from the first plurality, the chosen clearinghouses to be used to at least in part process a transaction involving at least a portion of the first governed content; and
the second rule set including:
a third rule specifying a second secure interoperable transaction processing system including a second plurality of interoperable clearinghouses, and
a fourth rule allowing the user to select one or more clearinghouses from the second plurality, the chosen clearinghouses to be used to at least in part process a transaction involving at least a portion of the second governed content;
the third rule set including:
one or more rules specifying one or more clearinghouses acceptable to the user, and
a fifth rule specifying a user requirement restricting use of identification information supplied by the user; and
the user site including a processor capable of comparing a clearinghouse specified by the third rule set with a clearinghouse specified by the first rule set or the second rule set and indicating whether a match exists.
2. A system as in claim 1, in which:
the fifth rule specifies that a clearinghouse must delete at least some identification-related information prior to transmitting information relating to the user to a third party.
3. A method of processing digital transactions including:
delivering a node to a user site;
initializing the node, the initialization including:
specifying at least one processing center to be used for processing of at least some digital transactions involving the node, and
specifying at least one privacy-related option relating to permissible uses of identification information relating to the user;
delivering a secure container containing governed content to the user site, the secure container having associated a rule set at least in part governing access or other use of the governed content;
the user indicating an intent to access at least a portion of the governed content;
in accordance with the rule set, displaying a message to the user, the message including information relating to a condition required before access to the governed content will be allowed;
the user indicating assent to the condition;
access to at least a portion of the governed content being allowed to the user, the access governed at least in part by the rule set; and
in accordance with the rule set, a communication being securely transmitted from the user site to the processing center, the communication including information relating to the transaction.
4. A method as in claim 3, in which:
the step of specifying at least one processing center includes presenting a list of potential processing centers to the user, and the user choosing one processing center from the list.
5. A method as in claim 3, in which:
the node is delivered and installed in a manner which is at least in part secure.
6. A method as in claim 3, in which:
the step of initializing the node includes specifying a payment method; and
the communication information includes information relating to a payment made using the specified payment method.
7. A method as in claim 3, in which:
the communication information includes usage information, which usage information is securely transmitted from the processing center to a third party site.
8. A method as in claim 3, in which:
the step of the user assenting agreeing to a condition includes the user agreeing to a specified price.
9. A method of processing a digital transaction including:
delivering an electronic apparatus to a user, the electronic apparatus including software from a first entity;
at the user site, initializing the electronic apparatus, the initialization including
registering the software with the first entity and selecting a payment option, wherein the registration includes
specifying a privacy option relating to permissible use of identification information, and
transmitting registration information from the user to the first entity;
delivering a first secure container to the user, the first secure container including first governed content and having associated a first rule set at least in part governing access to or other use of at least a portion of the first governed content;
under at least partial control of the first rule set, the user using the electronic apparatus to gain access to at least a portion of the first governed content;
under at least partial control of the first rule set, creating a second secure container including information relating to the user's access to the first governed content, the second secure container having associated a second rule set at least in part governing access to or other use of the second secure container governed content and containing information relating to a payment made by the user in return for access to the first governed content, the payment being specified at least in part by the payment option selected in the initializing step;
transmitting the second secure container to a second entity specified at least in part by the second rule set;
at the second entity, extracting information from the second secure container and performing an operation on at least a portion of the extracted information; and
directly or indirectly transmitting information relating to the user's use of the first governed content from the second entity to the first entity.
10. A method of processing digital transactions including:
a first rightsholder transmitting first content to an administrator;
the administrator storing the first content in a first secure container and associating a first rule set with the first secure container, the first rule set at least in Part governing access to or other use of the first content;
the administrator communicating the first secure container to a user;
at the user's site, the user indicating a desire to access at least a portion of the first content;
in accordance with the first rule set, the user choosing a first clearinghouse;
the user obtaining access to at least a portion of the first content, the access being at least in part governed by the first rule set;
in accordance with the first rule set, payment information and usage information relating to the user's access being stored in a second secure container having associated a second rule set at least in Dart governing access to or other use of at least certain contents of the second secure container, wherein the second rule set includes a rule generated by the user, at least in part specifying a privacy policy regarding use of identification information relating to the user;
the second secure container being communicated to the administrator;
the administrator accessing the contents of the second secure container, the access being governed, at least in part, by the second rule set;
the administrator communicating at least some of the second secure container payment information to the first clearinghouse, wherein the communication of information from the administrator to the first clearinghouse is governed, at least in part, by the requirements of the user rule;
the administrator communicating at least some of the second secure container usage information to the first clearinghouse; and
the first clearinghouse communicating Payment information and usage information relating to the user's first content access to the rightsholder.
11. A method of processing digital transactions including:
a first rightsholder transmitting first content to an administrator;
the administrator storing the first content in a first secure container and associating a first rule set with the first secure container, the first rule set at least in part governing access to or other use of the first content;
the administrator communicating the first secure container to a user;
at the user's site, the user indicating a desire to access at least a portion of the first content;
in accordance with the first rule set, the user choosing a first clearinghouse;
the user obtaining access to at least a portion of the first content, the access being at least in part governed by the first rule set;
in accordance with the first rule set, payment information and usage information relating to the user's access being stored in a second secure container having associated a second rule set at least in part governing access to or other use of at least certain contents of the second secure container;
the second secure container being communicated to the administrator;
the administrator accessing the contents of the second secure container, the access being governed, at least in part, by the second rule set;
the administrator communicating at least some of the second secure container payment information to the first clearinghouse;
the administrator communicating at least some of the second secure container usage information to the first clearinghouse;
the first clearinghouse communicating payment information and usage information relating to the user's first content access to the rightsholder;
a second rightsholder transmitting second content to the administrator;
the administrator storing the content in a third secure container and associating a third rule set with the third secure container, the third rule set at least in part governing access to or other use of the second content;
the administrator communicating the third secure container to a user;
at the user's site, the user indicating a desire to access at least a portion of the second content;
in accordance with the third rule set, the user choosing a second clearinghouse;
the user obtaining access to at least a portion of the second content, the access being at least in part governed by the third rule set;
in accordance with the third rule set, payment information and usage information relating to the user's access being stored in a fourth secure container having associated a fourth rule set, the fourth rule set at least in part governing access to or other use of at least certain contents of the fourth secure container;
the fourth secure container being communicated to the administrator;
the administrator accessing the contents of the fourth secure container, the access being governed, at least in part, by the fourth rule set;
the administrator communicating at least some of the fourth secure container payment information to the second clearinghouse;
the administrator communicating at least some of the fourth secure container usage information to the second clearinghouse;
the second clearinghouse communicating payment information relating to the user's second content access to the rightsholder; and
the second clearinghouse communicating usage information relating to the user's second content access to the rightsholder.
12. A method of processing digital transactions including:
a first rightsholder transmitting first content to an administrator;
the administrator storing the first content in a first secure container and associating a first rule set with the first secure container, the first rule set at least in part governing access to or other use of the first content;
a second rightsholder transmitting second content to the administrator;
prior to communication of the first secure container to a user, the administrator storing the second content in the first secure container, the first rule set at least in part governing access to or other use of the second content;
the administrator communicating the first secure container to the user;
at the user's site, the user indicating a desire to access at least a portion of the first content;
in accordance with the first rule set, the user choosing a first clearinghouse;
the user obtaining access to at least a portion of the first content, the access being at least in part governed by the first rule set;
in accordance with the first rule set, payment information and usage information relating to the user's access being stored in a second secure container having associated a second rule set at least in part governing access to or other use of at least certain contents of the second secure container;
the second secure container being communicated to the administrator;
the administrator accessing the contents of the second secure container, the access being governed, at least in part, by the second rule set;
the administrator communicating at least some of the second secure container payment information to the first clearinghouse;
the administrator communicating at least some of the second secure container usage information to the first clearinghouse; and
the first clearinghouse communicating payment information and usage information relating to the user's first content access to the rightsholder.
13. A method as in claim 12, further including:
at the user's site, the user indicating a desire to access at least a portion of the second content;
in accordance with the first rule set, the user choosing a second clearinghouse;
the user obtaining access to at least a portion of the second content, the access being at least in part governed by the first rule set;
in accordance with the first rule set, payment information and usage information relating to the user's access being stored in a third secure container having associated a third rule set, the third rule set at least in part governing access to or other use of at least certain contents of the third secure container;
the third secure container being communicated to the administrator;
the administrator accessing the contents of the third secure container, the access being governed, at least in part, by the third rule set;
the administrator communicating at least some of the third secure container payment information to the first clearinghouse;
the administrator communicating at least some of the third secure container usage information to the first clearinghouse; and
the first clearinghouse communicating payment information and usage information relating to the user's second content access to the rightsholder.
14. A digital transaction method including the following steps:
a first rightsholder packaging first content in a first secure container having associated a first rule set, the first rule set at least in part governing access to or other use of at least a portion of the first secure container contents;
the first rightsholder communicating the first secure container to a user;
the user obtaining access to at least a portion of the first content, the access being at least in part governed by the first rule set;
the user choosing a first financial clearinghouse from a plurality of financial clearinghouse choices, the choice being governed at least in part by the first rule set;
the user choosing a privacy option relating to use of identifying information;
the user communicating payment information to the first financial clearinghouse, the communication being governed at least in Part by the first rule set;
the first financial clearinghouse communicating payment information to the first rightsholder, the first financial clearinghouse's communication of payment information to the first rightsholder being governed at least in part by the user's privacy choice; and
the first rightsholder receiving usage information relating to the user's access to the first content.
15. A digital transaction method including the following steps:
a first rightsholder packaging first content in a first secure container having associated a first rule set, the first rule set at least in part governing access to or other use of at least a portion of the first secure container contents;
the first rightsholder communicating the first secure container to a user;
the user obtaining access to at least a portion of the first content, the access being at least in part governed by the first rule set;
the user choosing a first financial clearinghouse from a plurality of financial clearinghouse choices, the choice being governed at least in Part by the first rule set;
the user communicating payment information to the first financial clearinghouse, the communication being governed at least in part by the first rule set;
the first financial clearinghouse communicating payment information to the first rightsholder;
the first rightsholder receiving usage information relating to the user's access to the first content;
a second rightsholder packaging second content in a second secure container having associated a second rule set, the second rule set at least in part governing access to or other use of at least a portion of the second secure container contents;
the second rightsholder communicating the second secure container to a user;
the user obtaining access to at least a portion of the second content, the access being at least in part governed by the second rule set;
the user choosing a second financial clearinghouse from a plurality of financial clearinghouse choices, the choice being governed at least in part by the second rule set;
the user communicating payment information to the second financial clearinghouse, the communication being governed at least in part by the second rule set;
the second financial clearinghouse communicating payment information to the first rightsholder; and
the first rightsholder receiving usage information relating to the user's access to the second content.
16. A digital transaction method including:
communicating a first rule set to a user site, the first rule set being associated with a first entity;
communicating a second rule set to the user site, the second rule set being associated with a second entity;
communicating a first secure container to the user site, the first secure container including first content;
at the user site, accessing at least a portion of the first content;
creating a second secure container at the user site,
the creation of the second secure container being governed at least in part by the first rule set,
the second secure container having associated a third rule set at least in part governing access to or other use of the contents of the second secure container, and
the third rule set including a rule generated by or on behalf of the user;
incorporating the payment-related information into the second secure container;
in accordance with the first rule set, communicating payment-related information from the user site to the first entity, the step of communicating the payment-related information to the first entity at least in part consisting of communicating the second secure container to the first entity;
in accordance with the second rule set, communicating usage-related information from the user site to the second entity; and
at the first entity, using at least a portion of the payment-related information, the use being at least in part governed by the user rule from the third rule set.
17. A method as in claim 16, in which:
the user rule from the third rule set at least in part specifies a privacy policy relating to permissible uses of identification information relating to the user or the user site.
18. A digital transaction method including:
communicating a first rule set to a user site, the first rule set being associated with a first entity;
communicating a second rule set to the user site, the second rule set being associated with a second entity;
communicating a first secure container to the user site, the first secure container including first content;
at the user site, accessing at least a portion of the first content;
in accordance with the first rule set, communicating payment-related information from the user site to the first entity;
in accordance with the second rule set, communicating usage-related information from the user site to the second entity;
communicating a third rule set to the user site, the third rule set being associated with a third entity;
communicating a second secure container to the user site, the second secure container including second content;
at the user site, accessing at least a portion of the second content;
in accordance with the third rule set, communicating payment-related information form the user site to the third entity;
in accordance with the second rule set, communicating usage-related information form the user site to the second entity; and
communicating usage-related information from the second entity to a fourth entity, the fourth entity owning at least some rights in the first content.
19. A digital transaction method including:
communicating a first secure container from a first party to a second party, the first secure container including first content and having associated a first rule set, the first rule set at least in part governing access to or use of at least a portion of the first secure container contents;
comparing requirements specified by the first rule set to requirements specified by a second rule set present at the second party site, the compared requirements including requirements relating to a clearinghouse, the comparison process including:
comparing a first clearinghouse candidate specified by the first rule set to acceptable clearinghouses specified by the second rule set,
determining that the first clearinghouse candidate is not acceptable to the second rule set,
comparing a second clearinghouse candidate specified by the first rule set to acceptable clearinghouses specified by the second rule set, and
determining that the second clearinghouse candidate is acceptable to the second rule set;
specifying use of the second clearinghouse candidate; comparing a privacy-related requirement contained in the second rule set to an information-usage requirement of the first rule set, and if a match exists, the second party gaining access to at least a portion of the first content;
payment information being communicated from the second party to the second clearinghouse candidate; and
the second clearinghouse candidate using the payment information to at least in part clear a payment by the second party for the access to the first content.
20. A digital transaction administration system including:
means for creation of secure digital containers, including means for packaging content in secure digital containers and means for associating rule sets with secure digital containers, the rule sets at least in part governing access to or other use of the contents of the secure digital containers;
means for communicating secure containers from a rightsholder to an administrator;
at the administrator's site, means for undertaking an automated negotiation between a rule set specified by the rightsholder and a rule set specified by the administrator, the negotiation involving at least the specification of one or more financial clearinghouses for clearing of payment-related information and one or more usage clearinghouses for clearing of usage-related information;
means for communicating secure digital containers to potential users of content packaged within the containers;
means for communicating payment information and usage information from users of content, including means for rules associated with the content to at least in part control the communication;
means for a financial clearinghouse specified in an automated negotiation between the administrator and the rightsholder to receive payment-related information from users and to communicate payment-related information to the rightsholder; and
means for a usage clearinghouse specified in an automated negotiation between the administrator and the rightsholder to receive usage-related information from users and to communicate usage-related information to the rightsholder.
21. A system as in claim 20, further including:
means at the administrator's site for enforcement of privacy-related restrictions specified by users.
Description
FIELD OF THE INVENTIONS
These inventions generally relate to optimally bringing the efficiencies of modern computing and networking to the administration and support of electronic interactions and consequences and further relate to a secure architecture enabling distributed, trusted administration for electronic commerce.
These inventions relate, in more detail, to a "Distributed Commerce Utility"--a foundation for the administration and support of electronic commerce and other electronic interaction and relationship environments.
In still more detail, these inventions generally relate to:
efficient administration and support of electronic commerce and communications;
methods and technologies for electronic rights administration and support services;
techniques and arrangements for distributing administration and support services such as secure electronic transaction management/administration, electronic process control and automation, and clearing functions across and/or within an electronic network and/or virtual distribution environment; and/or p1 clearing, control, automation, and other administrative, infrastructure and support capabilities that collectively enable and support the operation of an efficient, secure, peer-to-peer collection of commerce participants within the human digital community.
BACKGROUND
Efficient, effective societies require capabilities enabling their inhabitants to control the nature and consequences of their participation in interactions. Every community needs certain basic services, facilities and installations:
the post office delivers our mail,
the schools teach our children,
the highway department keeps our roads passable and in good repair,
the fire department puts out fires,
the power company delivers electrical power to our homes,
the telephone company connects people and electronic devices near and far and provides directory services when you don't know the right number,
banks keep our money safe,
cable TV and radio stations deliver news and entertainment programming to our homes.
police keep order,
the sanitation department collects refuse, and
social services support societal policies for the needy.
These and other important "behind the scenes" administrative and support services provide an underlying base or foundation that makes the conveniences and necessities of modern life as we know it possible and efficient, and allow the wheels of commerce to spin smoothly.
Suppose you want to buy bread at the local bakery. The baker doesn't have to do everything involved in making the bread because he can rely on support and administration services the community provides. For example:
The baker doesn't need to grow or mill grain to make flour for the bread. Instead, he can purchase flour from a supplier that delivers it by truck.
Similarly, the baker doesn't need to grow or produce fuel to keep its ovens hot; that fuel can be delivered in pipes or tanks by people who specialize in producing and supplying fuel.
You can also have confidence in the cleanliness of the local bakery because it displays an inspection notice certifying that it has been inspected by the local health department.
Support and administrative services are also very important to ensure that people are compensated for their efforts. For example:
You and the bakery can safely trust the government to stand behind the currency you take out of your wallet or purse to pay for the bread.
If you pay by check, the banking system debits the amount of your check from your bank account overnight and gives the bakery the money.
If you and the bakery use different banks, your check may be handled by an automated "clearinghouse" system that allows different banks to exchange checks and settle accounts--efficiently transferring money between the banks and returning checks drawn on accounts that don't have enough money in them.
If the bakery accepts credit cards as payment, the flexibility of payment methods accepted in exchange for the bakery products is increased and provides increased convenience and purchasing power to its customers.
Such support and administrative services provide great economies in terms of scale and scope--making our economy much more efficient. For example, these important support and administrative services allow the baker to concentrate on what he knows how to do best--make and bake bread. It is much more efficient for a bakery and its experienced bakers to make many loaves of bread in its large commercial ovens than it is for individual families to each bake individual loaves in their own home ovens, or for the growers of grain to also bake the bread and pump the fuel needed for baking and accept barter, for example, chickens in exchange for the bread. As a result, you and the bakery can complete your purchasing transaction with a credit card because both you and the bakery have confidence that such a payment system works well and can be trusted to "automatically" function as a highly efficient and convenient basis for non-cash transactions.
The Electronic Community Needs Administrative and Support Services
There is now a worldwide electronic community. Electronic community participants need the ability to shape, control, and, in an electronic world, automate, their interactions. They badly need reliable, secure, trusted support and administrative services.
More and more of the world's commerce is being carried on electronically. The Internet--a massive electronic network of networks that connects millions of computers worldwide--is being used increasingly as the vehicle for commerce transactions. Fueled largely by easy-to-use interfaces (e.g., those allowing customers to "point and click" on items to initiate purchase and then to complete a simple form to convey credit card information), the Internet is rapidly becoming a focal point for consumer and business to business purchases. It is also becoming a significant "channel" for the sale and distribution of all kinds of electronic properties and services, including information, software, games, and entertainment.
At the same time, large companies use both private and public data networks to connect with their suppliers and customers. Driven by apparently inexorable declines in the cost of both computing power and network capacity, electronic commerce will increase in importance as the world becomes more and more computerized. This new electronic community--with its widespread electronic commerce--is generating great new demands for electronic administrative, support and "clearing" services.
The electronic community badly needs a foundation that will support both commercial and personal electronic interactions and relationships. Electronic commerce on any significant scale will require a dependable, efficient, scaleable, and secure network of third party support and administrative service providers and mechanisms to facilitate important parts of the transaction process. For example:
People who provide value to the electronic community require seamless and efficient mechanisms allowing them to be compensated for the value they provide.
Providers who sell goods or services to the electronic community need reliable, efficient electronic payment mechanisms to service themselves and other value chain participants.
Purchasers in the electronic marketplace, while often unaware of the behind-the-scenes intricacies of payment transaction activity, nonetheless require easy to use, efficient and flexible interfaces to payment mechanisms and financial obligation fulfillment systems.
Rights holders in all types of electronic "content" (for example, analog or digital information representing text, graphics, movies, animation, images, video, digital linear motion pictures, sound and sound recordings, still images, software computer programs, data), and to many types of electronic control processes, require secure, flexible and widely interoperable mechanisms for managing their rights and administering their business models, including collecting, when desired, payments and relevant usage information for various uses of their content.
All parties require infrastructure support services that remain dependable, trusted, and secure even as the volume of commerce transactions increases substantially.
An important cornerstone of successful electronic transaction management and commerce is therefore the development and operation of a set of administrative and support services that support these objectives and facilitate the emergence of more diverse, flexible, scaleable, and efficient business models for electronic commerce generally.
The Ginter Patent Specification Describes a Comprehensive Solution
The above-referenced Ginter, et al. patent specification describes technology providing unique, powerful capabilities instrumental to the development of secure, distributed transaction-based electronic commerce and rights management. This technology can enable many important, new business models and business practices on the part of electronic commerce participants while also supporting existing business models and practices.
The Ginter et al. specification describes comprehensive overall systems and wide arrays of methods, techniques, structures and arrangements that enable secure, efficient distributed electronic commerce and rights management on the Internet (and Intranets), within companies large and small, in the living room, and in the home office. Such techniques, systems and arrangements bring about an unparalleled degree of security, reliability, efficiency and flexibility to electronic commerce and electronic rights management.
The Ginter, et al. patent specification also describes an "Information Utility"--a network of support and administrative services, facilities and installations that grease the wheels of electronic commerce and support electronic transactions in this new electronic community. For example, Ginter, et al. details a wide array of support and administrative service providers for interfacing with and supporting a secure "Virtual Distribution Environment." These support and administrative service providers include:
transaction processors,
usage analysts,
report receivers,
report creators,
system administrators,
permissioning agents,
certification authority
content and message repositories,
financial clearinghouses,
consumer/author registration systems,
template libraries,
control structure libraries,
disbursement systems,
electronic funds transfer, credit card, paper billing systems, and
receipt, response, transaction and analysis audit systems.
The Present Inventions Build On and Extend the Solutions Described In the Ginter Patent Specification
The present inventions build on the fundamental concepts described in the Ginter, et al. patent specification while extending those inventions to provide further increases in efficiency, flexibility and capability. They provide an overlay of distributed electronic administrative and support services (the "Distributed Commerce Utility"). They can, in their preferred embodiments, use and take advantage of the "Virtual Distribution Environment" (and other capabilities described in the Ginter et al patent specification and may be layered on top of and expand on those capabilities.
Brief Summary of Some of the Features and Advantages of the Present Inventions
The present inventions provide an integrated, modular array of administrative and support services for electronic commerce and electronic rights and transaction management. These administrative and support services supply a secure foundation for conducting financial management, rights management, certificate authority, rules clearing, usage clearing, secure directory services, and other transaction related capabilities functioning over a vast electronic network such as the Internet and/or over organization internal Intranets, or even in-home networks of electronic appliances.
These administrative and support services can be adapted to the specific needs of electronic commerce value chains. Electronic commerce participants can use these administrative and support services to support their interests, and can shape and reuse these services in response to competitive business realities.
The present inventions provide a "Distributed Commerce Utility" having a secure, programmable, distributed architecture that provides administrative and support services. The Distributed Commerce Utility can make optimally efficient use of commerce administration resources, and can scale in a practical fashion to accommodate the demands of electronic commerce growth.
The Distributed Commerce Utility may comprise a number of Commerce Utility Systems. These Commerce Utility Systems provide a web of infrastructure support available to, and reusable by, the entire electronic community and/or many or all of its participants.
Different support functions can be collected together in hierarchical and/or in networked relationships to suit various business models and/or other objectives. Modular support functions can be combined in different arrays to form different Commerce Utility Systems for different design implementations and purposes. These Commerce Utility Systems can be distributed across a large number of electronic appliances with varying degrees of distribution. The comprehensive "Distributed Commerce Utility" provided by the present invention:
Enables practical and efficient electronic commerce and rights management.
Provides services that securely administer and support electronic interactions and consequences.
Provides infrastructure for electronic commerce and other forms of human electronic interaction and relationships.
Optimally applies the efficiencies of modern distributed computing and networking.
Provides electronic automation and distributed processing.
Supports electronic commerce and communications infrastructure that is modular, programmable, distributed and optimally computerized.
Provides a comprehensive array of capabilities that can be combined to support services that perform various administrative and support roles.
Maximizes benefits from electronic automation and distributed processing to produce optimal allocation and use of resources across a system or network.
Is efficient, flexible, cost effective, configurable, reusable, modifiable, and generalizable.
Can economically reflect users' business and privacy requirements.
Can optimally distribute processes--allowing commerce models to be flexible, scaled to demand and to match user requirements.
Can efficiently handle a full range of activities and service volumes.
Can be fashioned and operated for each business model, as a mixture of distributed and centralized processes.
Provides a blend of local, centralized and networked capabilities that can be uniquely shaped and reshaped to meet changing conditions.
Supports general purpose resources and is reusable for many different models; in place infrastructure can be reused by different value chains having different requirements.
Can support any number of commerce and communications models.
Efficiently applies local, centralized and networked resources to match each value chain's requirements.
Sharing of common resources spreads out costs and maximizes efficiency.
Supports mixed, distributed, peer-to-peer and centralized networked capabilities.
Can operate locally, remotely and/or centrally.
Can operate synchronously, asynchronously, or support both modes of operation.
Adapts easily and flexibly to the rapidly changing sea of commercial opportunities, relationships and constraints of "Cyberspace."
In sum, the Distributed Commerce Utility provides comprehensive, integrated administrative and support services for secure electronic commerce and other forms of electronic interaction.
Some of the advantageous features and characteristics of the Distributed Commerce Utility provided by the present inventions include the following:
The Distributed Commerce Utility supports programmable, distributed, and optimally computerized commerce and communications administration. It uniquely provides an array of services that perform various administrative and support roles--providing the administrative overlay necessary for realizing maximum benefits from electronic automation, distributed processing, and system (e.g., network) wide optimal resource utilization.
The Distributed Commerce Utility is particularly adapted to provide the administrative foundation for the Internet, organization Intranets, and similar environments involving distributed digital information creators, users, and service systems.
The Distributed Commerce Utility architecture provides an efficient, cost effective, flexible, configurable, reusable, and generalizable foundation for electronic commerce and communications administrative and support services. Providing these capabilities is critical to establishing a foundation for human electronic interaction that supports optimal electronic relationship models--both commercial and personal.
The Distributed Commerce Utility architecture provides an electronic commerce and communication support services foundation that can be, for any specific model, fashioned and operated as a mixture of distributed and centralized processes.
The Distributed Commerce Utility supported models can be uniquely shaped and reshaped to progressively reflect optimal blends of local, centralized, and networked Distributed Commerce Utility administrative capabilities.
The Distributed Commerce Utility's innovative electronic administrative capabilities support mixed, distributed, peer-to-peer and centralized networked capabilities. Collections of these capabilities, can each operate in any mixture of local, remote, and central asynchronous and/or synchronous networked combinations that together comprise the most commercially implementable, economic, and marketable--that is commercially desirable--model for a given purpose at any given time.
The Distributed Commerce Utility architecture is general purpose. It can support any number of commerce and communication models which share (e.g., reuse), as appropriate, local, centralized, and networked resources. As a result, the Distributed Commerce Utility optimally enables practical and efficient electronic commerce and rights management models that can amortize resource maintenance costs through common usage of the same, or overlapping, resource base.
One or more Distributed Commerce Utility commerce models may share some or all of the resources of one or more other models. One or more models may shift the mix and nature of their distributed administrative operations to adapt to the demands of Cyberspace--a rapidly changing sea of commercial opportunities, relationships, and constraints.
The Distributed Commerce Utility supports the processes of traditional commerce by allowing their translation into electronic commerce processes. The Distributed Commerce Utility further enhances these processes through its use of distributed processing, rights related "clearinghouse" administration, security designs, object oriented design, administrative smart agents, negotiation and electronic decision making techniques, and/or electronic automation control techniques as may be necessary for efficient, commercially practical electronic commerce models.
Certain Distributed Commerce Utility operations (financial payment, usage auditing, etc.) can be performed within participant user electronic appliance secure execution spaces such as, for example, "protected processing environments" disclosed in Ginter et al.
Distributed clearinghouse operations may be performed through "virtually networked and/or hierarchical" arrays of Commerce Utility System sites employing a general purpose, interoperable (e.g., peer-to-peer) virtual distribution environment foundation.
For a given application or model, differing arrays of Distributed Commerce Utility Services may be authorized to provide differing kinds of administrative and/or support functions.
Any or all of the roles supported by the Distributed Commerce Utility may be performed by, and/or used by, the same organization, consortium or other grouping of organizations, or other electronic community participants, such as individual user web sites.
One or more parts of the Distributed Commerce Utility may be comprised of a network of distributed protected processing environments performing one or more roles having hierarchical and/or peer-to-peer relationships.
Multiple Distributed Commerce Utility protected processing environments may contribute to the overall role of a service, foundation component, and/or clearinghouse.
Distributed protected processing environments contributing to a Distributed Commerce Utility role may be as distributed, in a preferred embodiment, as the number of VDE participant protected processing environments and/or may have specific hierarchical, networked and/or centralized administration and support relationship(s) to such participant protected processing environments.
In a given model, certain one or more Distributed Commerce Utility roles may be fully distributed, certain other one or more roles may be more (e.g., hierarchically), and/or fully, centralized, and certain other roles can be partially distributed and partially centralized.
The fundamental peer-to-peer control capabilities provided by the Distributed Commerce Utility allows for any composition of distributed roles that collectively provide important, practical, scaleable, and/or essential commerce administration, security, and automation services.
Combinations of Distributed Commerce Utility features, arrangements, and/or capabilities can be employed in programmable mixtures of distributed and centralized arrangements, with various of such features, arrangements, and capabilities operating in end-user protected processing environments and/or "middle" foundation protected processing environments (local, regional, class specific, etc.) and/or centralized service protected processing environments.
The Distributed Commerce Utility is especially useful to support the Internet and other electronic environments that have distributed information creators, users and service providers. By helping people to move their activities into the electronic world, it plays a fundamentally important role in migration of these non-electronic human activities onto the Internet, Intranets, and other electronic interaction networks. Such network users require the Distributed Commerce Utility foundation and support services in order to economically realize their business and privacy requirements. This secure distributed processing foundation is needed to optimally support the capacity of electronic commerce models to meaningfully scale to demand and efficiently handle the full range of desired activities and service volume.
The Distributed Commerce Utility technologies provided by the present inventions provide a set of secure, distributed support and administrative services for electronic commerce, rights management, and distributed computing and process control.
The Distributed Commerce Utility support services including highly secure and sophisticated technical and/or contractual services, may be invoked by electronic commerce and value chain participants in a seamless, convenient, and relatively transparent way that shields users against the underlying complexity of their operation.
The Distributed Commerce Utility can ensure appropriately high levels of physical, computer, network, process and policy-based security and automation while providing enhanced, efficient, reliable, easy to use, convenient functionality that is necessary (or at least highly desirable) for orderly and efficiently supporting of the needs of the electronic community.
The Distributed Commerce Utility, in its preferred embodiments, support the creation of competitive commercial models operating in the context of an "open" VDE based digital marketplace.
The Distributed Commerce Utility can provide convenience and operating efficiencies to their value chain participants. For example, they may offer a complete, integrated set of important "clearing" function capabilities that are programmable and can be shaped to optimally support multi-party business relationship through one seamless, "distributed" interface (e.g., a distributed application). Clearing and/or support functions and/or sub-functions can, as desirable, be made available individually and/or separately so as to serve business, confidentiality, efficiency, or other objectives.
The Distributed Commerce Utility can make it easy for providers, merchants, distributors, repurposers, consumers, and other value chain participants to attach to, invoke, and work with Distributed Commerce Utility services. Hookups can be easy, seamless and comprehensive (one hook-up may provide a wide variety of complementary services).
The Distributed Commerce Utility can further enhance convenience and efficiency by providing or otherwise supporting consumer brand images for clearing services offered by participant organizations, but utilizing shared infrastructure and processes.
The Distributed Commerce Utility can realize important efficiencies resulting from scale and specialization by participant organizations by supporting "virtual" models that electronically and seamlessly employ the special services and capabilities of multiple parties.
The Distributed Commerce Utility makes it possible for consumers to conveniently receive a benefit such as a service or product, where such service or product results from the invocation of a "fabric" of various support services--each of which service may be comprised of a distributed fabric of more specialized services and/or participating constituent service providers (the overall fabric is apparent to the value chain participant, the underlying complexity is (or can be) largely or entirely hidden).
Distributed Commerce Utility services and capabilities in their preferred embodiments can employ and be combined in any reasonable manner with any one or more Virtual Distribution Environment capabilities described in Ginter, et. al., including for example:
A. VDE chain of handling and control,
B. secure, trusted internodal communication and interoperability,
C. secure database,
D. authentication,
E. cryptographic,
F. fingerprinting,
G. other VDE security techniques,
H. rights operating system,
I. object design and secure container techniques,
J. container control structures,
K. rights and process control language,
L. electronic negotiation,
M. secure hardware, and
N. smart agent (smart object) techniques (for example, smart agents employed as process control, multi-party, and/or other administrative agent capabilities supporting distributed node administrative integration).
Commerce Utility Systems Can Be Distributed and Combined
The support and administrative service functions provided by the Distributed Commerce Utility can be combined in various ways and/or distributed through an electronic community, system or network. The preferred embodiment uses the protected processing environment based Virtual Distribution Environment described in Ginter et al. to facilitate such combinations and distributedness. Since all such Virtual Distribution Environment protected processing environments are at least to some degree trusted, every protected processing environment can be a clearinghouse or a part of a clearinghouse. Commerce models acceptable to the interest and desires of VDE commerce node users, can support Distributed Commerce Utility services that are pushed all the way to end-user electronic appliances employing, for example, other VDE protected processing environments, secure communication techniques and other VDE capabilities (as discussed elsewhere VDE capabilities can be directly integrated with the present inventions). Such appliances, along with more centralized value chain nodes can together form combinations that function as virtual clearing protected processing environments. In the end, cyberspace will be populated, in part, by big, "virtual" computers where access to resources is based upon "availability" and rights.
The Distributed Commerce Utility is a modular, programmable and generalizable context that it can support such virtual computers. The Distributed Commerce Utility is a unique architectural foundation for the design of electronic commerce value chain models and virtual computers. The programmable nature of a particular implementation can support differing actual (logical and/or physical), and/or degrees of, distribution for the same and/or similar services For example:
Centralized Commerce Utility Systems and services may be used to provide certain support service functions, or collections of functions, efficiently from a centralized location.
Other Commerce Utility Systems might be provided in a partially or wholly distributed manner.
Some support and administrative service functions might be distributed in and/or throughout existing or new communications infrastructure or other electronic network support components.
Other support services might operate within secure execution spaces (e.g., protected processing environments) on any or all user electronic appliances, using peer-to-peer communications and interactions, for example, to provide a secure web of support service fabric.
Other support services might operate both in the network support infrastructure and at user electronic appliances.
Such distributed support services may complement (and/or eliminate the need for) more centralized support service installations. Different combinations of the same and/or differing, non-distributed and differently distributed services may be provided to support different activities. Moreover, the nature and distribution of services for one overall model may differ from one implementation to another. Such differing model implementations can, if desired, share both the same Commerce Utility Systems and Services and/or any particular and/or any combination of Distributed Commerce Utility administrative and/or support functions.
Further, a particular Commerce Utility Systems and Service infrastructure may be used by differing value chains (e.g., business model or relationship set) in differing manners. For example, certain value chains may elect to keep certain support service functions more centralized for efficiency, security, control or other reasons, others may elect more and/or differently distributed models.
Provided that, for example, payment methods and rightsholders and/or other value chain participants concur, any one or more of the Distributed Commerce Utility secure infrastructure support services may distribute and/or delegate a portion or all of their functions and authority to any arbitrary collection or set of end-user and/or other value chain electronic appliances. Distributing and delegating these services and functions has various advantages including, for example, enabling flexible and efficient creation of temporary, ad hoc webs of secure electronic commerce in which any, a number, or all appliance(s) in the collection or set may participate as at least a partial (if not full) peer of other appliances in the same commerce web fabric.
The present invention provides the following non-exhaustive list of additional features relating to distributing administrative and support functions:
Any mixture of any administrative and/or support functions may be integrated with any other mixture of administrative and/or support functions.
Any set or subset of Commerce Utility System functions can be combined in an integrated design with any other mixture of Commerce Utility system functions. Such mixtures can be distributed to any desired degree and any one or more portions of the mixture may be more or less distributed than any other one or more portion. This allows a value chain to employ optimum desired and/or practical designs. Any mixture, including any degrees of distribution, of rights clearing, financial clearing, usage aggregation, usage reporting and/or other clearing and/or other Distributed Commerce Utility functions, can be provided. Such Distributed Commerce Utility functions and/or administrative and/or support services can be combined with any other desired Distributed Commerce Utility functions and/or administrative and/or support services.
Any one or more such administrative and/or support services and/or functions can operate as a Commerce Utility System and support a web of Commerce Utility System nodes, each of which supports at least a portion of such Commerce Utility administrative service activities. Each Commerce Utility System may be capable of granting authority and/or providing services to and/or otherwise securely interoperating with other Commerce Utility Systems and/or nodes.
Each Commerce Utility System (or combination of Commerce Utility Systems) may be capable of participating as a "virtual clearinghouse" comprised of plural Commerce Utility Systems. In the preferred embodiment, these "virtual clearinghouses" may, when in accordance with VDE rules and controls, interoperate--in a fashion prescribed by such rules and controls--with other Commerce Utility Systems and/or other virtual clearinghouses participating in the same web. Such "virtual clearinghouses" may receive authority from secure chain of handling and control embodied in electronic control sets, and may participate in electronic commerce process automation resulting from such chain of handling and control and other VDE capabilities.
This ability to distribute, and, if desired to subsequently adapt (modify), any support service functions to any desired degree across a system or network provides great power, flexibility and increases in efficiency. For example, distributing aspects of support services such as clearing functions will help avoid the "bottlenecks" that a centralized clearing facility would create if it had insufficient capacity to handle the processing loads. Taking advantage of the distributed processing power of many value chain participant appliances also has great benefits in terms of improved effectiveness and system response time, much lower overhead of operation, greater fault tolerance, versatility in application implementations, and, in general much greater value chain appeal resulting from the present inventions adaptability to each value chain participant's needs and requirements.
Some Examples of Administrative and/or Support Services Provided by the Distributed Commerce Utility
The Distributed Commerce Utility may be organized into a number of different, special and/or general purpose "Commerce Utility Systems." The Commerce Utility Systems can be centralized, distributed, or partially distributed and partially centralized to provide administrative, security, and other services that practical commerce management layer requires. Certain Commerce Utility Systems comprise Distributed Commerce Utility implementations of certain well known administrative service functions, such as financial clearinghouse and certifying authorities. Other Commerce Utility Systems involve new forms of services and new combinations and designs for well known service activities. A Commerce Utility System is any instanstiation of the Distributed Commerce Utility supporting a specific electronic commerce model, and a Commerce Utility System may itself be comprised of constituent Commerce Utility Systems. Commerce Utility Systems may include any or all of the following, in any combination of capabilities and distribution designs, for example:
financial clearinghouses,
usage clearinghouses,
rights and permissions clearinghouses,
certifying authorities,
secure directory services,
secure transaction authorities,
multi-purpose, general purpose and/or combination Commerce Utility Systems including any combination of the capabilities of the systems listed immediately above, and
other Commerce Utility Systems.
These Commerce Utility Systems are far-reaching in their utility and applicability. For example they may provide administrative support for any or all of the following:
trusted electronic event management,
networked, automated, distributed, secure process administration and control,
Virtual Distribution Environment chain-of-handling and control, and
rights administration and usage (e.g., event) management (e.g., auditing, control, rights fulfillment, etc.), across and/or within electronic networks, including "unconnected," virtually connected, or periodically connected networks.
The Commerce Utility Systems may govern electronic process chains and electronic event consequences related to, for example:
electronic advertising,
market and usage analysis,
electronic currency,
financial transaction clearing and communications,
manufacturing and other distributed process control models,
financial clearing,
enabling payment fulfillment or provision of other consideration (including service fees, product fees or any other fees and/or charges) based at least in part on content, process control (event) and/or rights management,
performing audit, billing, payment fulfillment (or provision of other consideration) and/or other clearing activities,
compiling, aggregating, using and/or providing information relating to use of one or more secure containers and/or content and/or processes (events), including contents of secure containers and/or any other content,
providing information based upon usage auditing, user profiling, and/or market surveying related to use of one or more secure containers and/or content and/or processes (events),
employing information derived from user exposure to content (including advertising) and/or use of processes (events),
providing object registry services; and/or rights, permissions, prices, and/or other rules and controls information; for registered and/or registering objects;
electronically certifying information used with and/or required by rules and controls, such as authenticating identity, class membership and/or other attributes of identity context including for example, certification of class identity for automating processes, such as rights related financial transaction fulfillment based upon governing jurisdiction (taxation(s)), employment and/or other group membership including, for example, acquired class rights (e.g., purchased discount buyers club membership);
third party archiving and/or authenticating of transactions and/or transaction information for secure backup and non-repudiation,
providing programmed mixed arrays of Commerce Utility System process control and automation services, where different Commerce Utility Systems support different value chains and/or business models requirements, and where such Commerce Utility Systems further support distributed, scaleable, efficient networked and/or hierarchical fixed and/or virtual clearinghouse models which employ secure communication among a Commerce Utility System's distributed clearinghouse protected processing environments for passing clearinghouse related rules and controls and derived, summarized, and/or detailed transaction information,
EDI, electronic trading models, and distributed computing arrangements where participants require trusted foundation that enables efficient, distributed administration, automation, and control of transaction value chains, and
other support and/or administrative services and/or functions.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features and advantages provided by the present inventions will become better and more completely understood by studying the following detailed description of presently preferred example embodiments in conjunction with the drawings, of which:
FIG. 1 shows an example Distributed Commerce Utility supporting a consumer's example electronic appliance;
FIG. 1A shows a protected processing environment(s) ("PPE") within the consumer's electronic appliance(s);
FIG. 1B shows that the Distributed Commerce Utility may comprise a number of example Commerce Utility Systems;
FIGS. 2A-2E show examples of how administrative and support service functions can be distributed;
FIGS. 3A-3C show example distributed Commerce Utility Systems;
FIG. 4 shows an example web of Commerce Utility Systems;
FIG. 4A shows a limitless web of consumer appliances and Commerce Utility Systems;
FIG. 5 shows how rights holders can select between multiple Commerce Utility Systems connected to an electronic "information highway";
FIG. 6 shows an example of how different Commerce Utility Systems can work together;
FIG. 7 shows an example of how multiple administrative and support service functions can be combined and integrated within Commerce Utility Systems;
FIG. 7A shows an example web of combined function Commerce Utility Systems;
FIGS. 8A-8B show example Commerce Utility System hierarchies;
FIG. 9 shows an example hierarchy of multi-function Commerce Utility Systems
FIG. 10 shows an example financial clearinghouse;
FIG. 11 shows an example usage clearinghouse;
FIG. 12 shows an example rights and permissions clearinghouse;
FIG. 13 shows an example certifying authority;
FIG. 14 shows an example secure directory service;
FIG. 15 shows an example transaction authority;
FIGS. 16A-16F show that Commerce Utility Systems can support other commerce utility systems;
FIGS. 17A through 17D-3 show an example Commerce Utility System architecture;
FIGS. 17E-1 through 17E-4 show Commerce Utility System example interaction models;
FIG. 17F shows an example arrangement for distributing portions of administrative and support service operations;
FIG. 18 shows an example financial clearinghouse Commerce Utility System;
FIG. 19 shows an example financial clearinghouse arrangement;
FIG. 20 shows an example financial clearing process;
FIGS. 20A-20F show an additional example of financial clearing activities and processes;
FIG. 21 shows a simplified value chain (payment) disaggregation example;
FIG. 22 shows an example of how the FIG. 21 disaggregation can be implemented within a financial clearinghouse context;
FIG. 22A shows an example arrangement for implementing payment disaggregation on a user protected processing environment;
FIG. 23 shows a more complex value chain (payment) disaggregation example;
FIG. 24 shows an example of how disaggregation can be implemented within a financial clearinghouse context;
FIG. 25 shows a value chain disaggregation example that also details compensation to the Distributed Commerce Utility;
FIG. 26 shows an example value chain (payment) disaggregation to any number of payees;
FIG. 27 shows an additional example of how value chain (payment) disaggregation and redistribution may be accomplished through a financial clearinghouse;
FIG. 28 shows an example superdistribution payment and redistribution scenario using a financial clearinghouse for financial clearing;
FIG. 29 shows an example value chain (payment) aggregation at a consumer protected processing environment or other site;
FIG. 30 shows example value chain (payment) aggregation across multiple transactions;
FIG. 31 shows example value chain (payment) aggregation across multiple transactions and multiple consumers;
FIG. 32 shows an example Commerce Utility System architecture providing payment aggregation;
FIG. 33 shows an example usage clearinghouse Commerce Utility System;
FIG. 34 shows an example usage clearinghouse architecture;
FIG. 35 shows an example usage clearing process;
FIG. 36 shows an additional example usage clearing process using multiple usage clearinghouses;
FIG. 37 shows an example usage clearing process using usage and financial clearinghouses;
FIG. 38 shows an example usage clearinghouse media placement process;
FIG. 39 shows an example usage clearing process providing discounts based on different levels of consumer usage information disclosure;
FIG. 40 shows an example rights and permissions clearinghouse Commerce Utility System;
FIG. 41 shows an example rights and permissions clearinghouse architecture;
FIG. 42 shows an example rights and permissions clearing process;
FIG. 42A shows an example control set registration process for updates;
FIG. 43 shows an additional example rights and permissions clearing process;
FIGS. 44A-44E show an additional rights and permissions clearing example;
FIGS. 45A and 45B show example rights template(s);
FIG. 45C shows an example control set corresponding to the example rights template(s);
FIG. 46 shows another example rights and permissions clearing process;
FIG. 47 shows an example certifying authority Commerce Utility System;
FIG. 48 shows an example certifying authority architecture;
FIG. 49 shows an example certifying process;
FIG. 50 shows an example distributed certifying process;
FIG. 50A shows an example control set that conditions performance and/or other consequences on the presence of digital certificates;
FIGS. 51A-51D show example digital certificate data structures;
FIG. 51E shows an example technique for generating digital certificates based on other digital certificates and a trusted database(s);
FIGS. 51F-51H show an example technique for defining a virtual entity;
FIG. 52 shows an example secure directory services Commerce Utility System;
FIG. 53 shows an example secure directory services architecture;
FIG. 54 shows an example secure directory services process;
FIG. 55 shows an example transaction authority Commerce Utility System;
FIG. 56 shows an example transaction authority architecture;
FIG. 57 shows an example transaction authority process;
FIG. 58A shows an example of how the transaction authority creates a control superset;
FIG. 58B shows example steps performed by the transaction authority;
FIGS. 58C and 58D show an example secure checkpoint Commerce Utility System;
FIGS. 59 and 60 show examples of how the Distributed Commerce Utility can support different electronic value chains;
FIG. 61 shows a purchase, licensing and/or renting example;
FIG. 62 shows a tangible item purchasing and paying example;
FIG. 63 shows an example of a customer securely paying for services;
FIG. 64 shows example value chain disaggregation for purchase of tangibles;
FIG. 65 shows an example of cooperation between Commerce Utility Systems internal and external to an organization;
FIG. 66 shows an example inter and intra organization transaction authority example;
FIG. 67 shows an international trading example.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
Distributed Commerce Utility
FIG. 1 shows an example consumer appliance 100 electronically connected to Distributed Commerce Utility 75. in this example, an electronic network 150 connects appliance 100 to Distributed Commerce Utility 75. Distributed Commerce Utility 75 supports the activities going on within consumer appliance 100.
Distributed Commerce Utility 75 provides a foundation of administrative and support services for electronic commerce and communications. This foundation is efficient, cost effective, flexible, configurable, reusable, programmable and generalizable. It supports all kinds of electronic relationships, interactions and communications for both personal and business use.
The Distributed Commerce Utility Can Support Any Electronic Appliance
Appliance 100 may be any sort of electrical or electronic device such as for example, a computer, an entertainment system, a television set, or a video player--just to name a few examples. In the particular example shown in FIG. 1, the consumer appliance 100 is a home color television set 102, a video player/recorder 104, and a set top box 106. Appliance 100 may be controlled by hand held remote controller 108, for example. Set top box 106 could receive television programs from television broadcasters 110 and/or satellites 112 via a cable television network 114, for example. Player/recorder 104 could play various types of program material from tapes, optical disks or other media, and may also have the capability of recording program materials received through set top box 106.
The Appliance 100 Can Have A "Protected Processing Environment"
Appliance 100 preferably is a secure electronic appliance of the type shown for example in FIGS. 7 and 8 of the Ginter et al. patent specification. It is preferably part of the "Virtual Distribution Environment" described in the Ginter, et al. patent specification. FIG. 1A shows that television 102, set top box 106, media player/recorder 104 and remote control 108 may each have a "protected processing environment" ("PPE") 154. Distributed Commerce Utility 75 may interact with and support the processes going on within each of these protected processing environments 154.
Protected processing environments 154 may be based on one or more computer chips, such as a hardware and/or software based "secure processing unit" as shown in FIG. 9 of the Ginter et al. Patent specification. The protected processing environment 154 provides a highly secure, trusted environment in which electronic processes and transactions can be reliably performed without significant danger of tampering or other compromise. The Ginter et al. patent disclosure describes techniques, systems and methods for designing, constructing and maintaining the protected processing environment 154 so that rights holders and other value chain participants (including consumers 95) can trust its security and integrity. In the preferred embodiment, this trustedness is important in the interaction between the Distributed Commerce Utility 75 and electronic appliance 100.
The Distributed Commerce Utility Can be Made Up of Many "Commerce Utility Systems"
FIG. 1B shows that Distributed Commerce Utility 75 can be made up of a number of Commerce Utility Systems 90. There can be different kinds of Commerce Utility Systems, for example:
a financial clearinghouse 200;
a usage clearinghouse 300;
a rights and permissions clearinghouse 400;
a certifying authority 500;
a secure directory services 600;
a transaction authority 700;
a VDE administrator 800; and
other kinds of Commerce Utility Systems 90.
Commerce Utility Systems 90 can support and administer functions or operations within protected processing environment(s) 154. For example:
The appliance 100 protected processing environment 154 may provide an automatic electronic payment mechanism 118 that debits the consumers' bank or other money account based on program consumption. Distributed Commerce Utility 75 may include a special purpose Commerce Utility System 90a called a "financial clearinghouse" 200 that supports financial aspects of the operation of the protected processing environment 154--ensuring that rights holders and others get paid appropriate amounts and that the consumers 95 are not charged excessive amounts.
The broadcaster of a television program 102a may require appliance 100's protected processing environment 154 to meter, with an electronic usage metering mechanism 116, how much of video program 102a the consumers 95 watch, and which video programs they watch. Distributed Commerce Utility 75 may include a special purpose Commerce Utility System 90b called a "usage clearinghouse" 300 that receives usage information metered by a usage meter 116 within the protected processing environment 154, analyzes it and provides reports.
The rights holders in video program 102a may insist upon the protected processing environment 154 providing a copy protection mechanism 120 that securely protects against copying video program 102a. Distributed Commerce Utility 75 may include a special purpose Commerce Utility System 90c called a "rights and permissions clearinghouse" 400 that supplies the protected processing environment 154 with necessary permissions to allow consumers 95 to watch particular programs (for example, on a pay per view basis) and to assist in enforcing prohibitions, such as, for example, a copy protection mechanism 120.
Rights holders in video program 102a may further require the appliance 100 protected processing environment 154 to possess a "digital certificate" 122 certifying the consumer's identity, age, or the like before consumers 95 can watch video program 102a. Distributed Commerce Utility 75 may include a special purpose Commerce Utility System 90d called a "certifying authority" 500 that creates and provides "digital certificates" 504 to the protected processing environment 154--allowing the consumers to efficiently interact with the permissions provided by the rights holders.
Other Commerce Utility Systems 90 shown in FIG. 1B include:
A "Secure directory services" 600 that may assist the protected processing environment 154 in communicating electronically with other computers and appliances over network 150;
A "transaction authority" 700 that may be available for process control and automation such as, for example, securely auditing and overseeing complicated electronic transactions involving protected processing environment 154; and
A virtual distribution environment ("VDE") "administrator" 800 that may, in the preferred embodiment, keep the protected processing environment 154 operating smoothly and securely.
Still other Commerce Utility Systems 90 not shown in FIG. 1B may be used to administer and/or support additional functions and operations. The various Commerce Utility Systems 90 can work together, dividing up the overall tasks to support the consumers 95 efficiently and effectively.
Commerce Utility Systems Can Be Distributed
FIGS. 2A-2E show how Distributed Commerce Utility 75 can be distributed. Some administrative and support functions of Commerce Utility Systems 90 can be performed within a consumer's electronic appliance 100--or even in a "spread out" fashion over a large number of different appliances cooperating together.
As described above, appliances 100 each provide a protected processing environment 154 that is tamper resistant and provides a secure place in which administrative and support operations can be performed. This allows an electronic appliance 100 within a consumer's home to perform operations that can trusted by other parties, such as rights holders, electronic commerce participants, and the like. Because of the trusted, protected characteristics of protected processing environment 154, the parts, extensions or even the entirety of a Commerce Utility System 90 may exist within each or any of the protected processing environments 154 and associated electronic appliances within the overall system.
FIGS. 2A-2E represent the overall functions of an example Commerce Utility System 90 such as Usage Clearinghouse 300 as a four-piece jigsaw puzzle. FIGS. 2A-2E show that these Commerce Utility System functions can be distributed to varying degrees. For example:
FIG. 2A shows an example in which all functions of the Commerce Utility System 90 are performed in a secure central facility.
FIG. 2B shows an example in which most functions of the Commerce Utility System 90 are performed in a secure central facility, but some of its functions are performed within the protected processing environment 154 of a user electronic appliance 100.
FIG. 2C shows an example in which some functions of the Commerce Utility System 90 are performed in a secure central facility, but most of its functions are performed within the protected processing environment 154 of a user electronic appliance 100.
FIG. 2D shows an example in which some functions of the Commerce Utility System 90 are performed in a secure central facility, some of its functions are performed within the protected processing environment 154A of a first user electronic appliance 100A, and some of its functions are performed within the protected processing environment 154B of a second user electronic appliance 100B.
FIG. 2E shows an example in which none of the functions of the Commerce Utility System 90 are performed in a secure central facility; some of its functions are performed within the protected processing environment 154(1) of a first user electronic appliance 100(1), some of its functions are performed within the protected processing environment 154(2) of a second user electronic appliance 100(2), ), some of its functions are performed within the protected processing environment 154(3) of a third user electronic appliance 100(3), and some of its functions are performed within the protected processing environment 154(N) of a Nth user electronic appliance 100(N).
Alternately or in addition, some of the functions of the Commerce Utility System 90 may be distributed within network 150--for example, in the equipment used to communicate data between appliances 100.
Distributing Multiple Administrative and Support Functions
FIG. 3A shows how multiple Commerce Utility System 90 functions or sub-functions can be distributed into the same protected processing environment 154.
For example:
Financial clearinghouse function 200a operating within consumer appliance 100A's protected processing environment 154a may provide certain financial clearing such as auditing that can take the place of and/or support some of the financial clearing operations performed by a centralized financial clearinghouse 200.
Usage clearinghouse function 300a operating within consumer appliance 100A's protected processing environment 154a may perform certain usage information clearing operations, such as, for example, combining or analyzing collected usage information to complement, substitute for, or add to usage clearing operations performed by usage clearinghouse 300.
Appliance 100A's protected processing environment 154a may perform certain rights and permissions clearing operations 400a, certain certifying authority operations 500a, and certain secure directory services support operations 600a all at the consumer's site to complement, add to or substitute for operations performed by rights and permissions clearinghouse 400, certifying authority 500 and secure directory services 600.
FIG. 3B shows that another example consumer electronic appliances 100(2), . . . , 100N (in this case personal computers 124) might perform different combinations of support or administrative functions locally (for example, some or all of the functions performed by transaction authority 700). For example:
the processes within protected processing environment 154(1) may rely on a partially distributed and partially centralized financial clearinghouse 200A, a partially distributed and partially centralized usage clearinghouse 300A, a partially distributed and partially centralized rights and permissions clearinghouse 400A, a partially distributed and partially centralized certifying authority 500A, a centralized secure directory services 600A, and a centralized transaction authority 700A;
the processes within protected processing environment 154(2) may rely on a centralized financial clearinghouse 200B, a partially distributed and partially centralized usage clearinghouse 300B, a partially distributed and partially centralized rights and permissions clearinghouse 400B, a centralized certifying authority 500B, a centralized secure directory services 600B, and a partially distributed and partially centralized transaction authority 700B; and
the processes within protected processing environment 154(N) may rely on a partially distributed and partially centralized financial clearinghouse 200N, a partially distributed and partially centralized usage clearinghouse 300N, a partially distributed and partially centralized rights and permissions clearinghouse 400N, a partially distributed and partially centralized certifying authority 500N, a partially distributed and partially centralized secure directory services 600N, and a partially distributed and partially centralized transaction authority 700N.
Taking this concept of distributed clearing services further, it would be possible to completely distribute the Distributed Commerce Utility 75 as shown in FIG. 3C--relying mostly or completely on administrative and support service operations and activities within the secure, protected processing environments 154 of users' electronic appliances 100. Thus, the users' own electronic appliances 100 could--in a distributed manner--perform any or all of financial, usage, and rights and permissions clearing, as well as certification, secure directory services and transaction authority services. Such "local" and/or parallel and/or distributed processing transaction clearing might more efficiently accommodate the needs of individual consumers. For example, this is one way of allowing consumers to contribute controls that prevent certain private data from ever leaving their own electronic appliance while nevertheless providing rightsholders with the summary information they require.
The distributed arrangements shown in FIGS. 2A-2E and 3A-3C are not mutually exclusive ways of providing centralized Commerce Utility System 90. To the contrary, it may be advantageous to provide hybrid arrangements in which some administrative and support service functions (such as, for example, micro-payment aggregation, usage data privacy functions, and some issuing of certificates, such as parents issuing certificates for their children) are widely distributed while other administrative and support service functions (for example, issuance of important digital certificates, maintaining massive data bases supporting secure directory services, etc.) are much more centralized. The degree of distributedness of any particular administrative and support service, clearinghouse or function may depend on a variety of very important issues including, for example, efficiency, trustedness, scalability, resource requirements, business models, and other factors. In addition, the degree of distribution may involve multiple levels of hierarchy based, for example, on sub-sets determined by specific business models followed by specific business sub-models, or, for example, geographic and/or governing body and/or region areas.
Since a given electronic appliance 100 can participate in multiple activities, it is possible that its different activities may rely on different blends of distributed and centralized Commerce Utility Systems 90. For example, for one activity a protected processing environment 154 may rely on a centralized financial clearinghouse 200, for another activity it may rely on a partially distributed and partially centralized financial clearinghouse 200, and for still another activity it may rely on a wholly distributed financial clearinghouse 200. Different degrees of distributedness may be used for different activities or business models.
Web of Commerce Utility Systems
FIG. 4 shows that Commerce Utility System 75 may comprise a vast "web" of distributed, partly distributed and/or centralized Commerce Utility Systems 90. Network 150 can be used to connect this web of Commerce Utility Systems 90 to a variety of different electronic appliances 100 that can all share the Distributed Commerce Utility 75. For example, electronic network 150 can connect to:
set top boxes 106 and/or media players 104,
personal computers 124,
computer graphics workstations 126, multi-media/video game systems 128, or
any other kinds of electronic appliances 100 including for example, manufacturing control device, household appliances, process control equipment, electronic networking and/or other communication infrastructure devices, mainframe and/or mini computers, etc.
In this example, the same Distributed Commerce Utility 75 can support a variety of different kinds of activities of a number of different consumers, authors, distributors, providers, merchants, and other people--and the Distributed Commerce Utility 75 can support a very large variety of different electronic activities. FIG. 4 also shows that Commerce Utility Systems 90 may communicate with electronic appliances 100 (and with each other) by exchanging electronic "containers" 152 of the type disclosed in Ginter et al. for purposes of security (for example, secrecy, authenticity and integrity) and managed through the use of secure rules and controls processed in protected processing environments.
The Commerce Utility Systems Web Can Be Virtually Limitless
FIG. 4A shows that the web of Commerce Utility Systems may be vast or limitless. Indeed, network 150 may be a seamless web stretching around the world and connecting millions upon millions of electronic appliances with any number of Commerce Utility Systems 90.
The Commerce Utility Systems 90 web may provide a very complex interconnection with a variety of different types of electronic appliances performing a variety of different electronic functions and transactions. As mentioned above, any of electronic appliances 100 may be able to communicate with any of the Commerce Utility Systems 90 or with any other electronic appliance. This allows maximum efficiency and flexibility in terms of allocating different Commerce Utility Systems to different electronic transactions. For example:
Geographically close Commerce Utility Systems might best be used to minimize the amount of time it takes to get messages back and forth.
In some cases, more distant Commerce Utility Systems might be better equipped to efficiently handle certain kinds of specialized transactions.,
Government regulations might also, at least in part, dictate the selection of certain Commerce Utility Systems over others. (for example, a Japanese customer may run into legal problems if she tries to use a financial clearinghouse 200 located in the Cayman Islands--or a New Jersey resident might be required by law to deal with a financial clearinghouse 200 that reports New Jersey sales tax).
Different, competitive Commerce Utility Systems are likely to be offered by different parties and these different systems would populate the web comprising Distributed Commerce Utility 75. Interoperability between such System and/or their nodes is important for efficiency and to allow reusability of electronic commerce resources.
Rights Holders And Providers Can Choose Among Commerce Utility Systems
FIG. 5 shows how rights holders can select between different Commerce Utility Systems 90. In this example, Bob operates a first usage clearinghouse 300a, Alice operates a second usage clearinghouse 300b, and Helen operates a third usage clearinghouse 300c. These various usage clearing service providers may compete with one another based on quality and/or price, or they may be complementary (for example, they may each specialize in different kinds of transactions).
Because electronic network 150 may connect electronic appliances 100 to many different Commerce Utility Systems 90, rightsholders in the digital properties the consumers are using may have a number of different Commerce Utility Systems to choose from. Content providers and rights holders may authorize particular (or groups of) Commerce Utility Systems 90 to handle different aspects of transactions. For example:
Computer software distributor might specify that a personal computer 124 should send metering information 116a to Helen's usage clearinghouse 300c for monitoring usage of the computer software or other activities performed by the personal computer.
A rights holder in video program 102a might specify that set top box 106 should send metering information 116 about the video to Alice's usage clearinghouse.
A multimedia content provider might specify that Bob's usage clearinghouse 300a should be used for processing usage data 116c generated by multimedia player 128.
In some instances, particular consumers 95 may also pay a role in specifying in advance particular clearinghouses or other Commerce Utility Systems 90 they prefer to use. FIG. 5 illustrates the provider's (and/or consumer's) choice by a policeman directing metering traffic to selected usage clearinghouses 300 (electronic controls as described herein and in Ginter et al. would preferably be the mechanism actually controlling how traffic is directed).
A content provider or rights holder could allow a consumer 95 to select from a group of Commerce Utility Systems 90 (and/or Commerce Utility Systems 90 providers) the content provider/rights holder wants to deal with. For example:
A television studio might authorize specific individual or classes of Commerce Utility Systems 90 to handle transactions relating to its television programs and/or it may specify particular individual or classes of Commerce Utility Systems 90 that it doesn't want to have handle its transactions.
Particular Commerce Utility Systems 90 may set requirements or standards for individual (or classes of) providers and/or consumers 95.
Value chain participants could enter into legal agreements and/or business relationships with different Commerce Utility Systems 90.
Commerce Utility Systems Can Work Together
FIG. 6 shows that different Commerce Utility Systems 90 can work together to support different kinds of operations. In this example:
Usage clearinghouse 300a, rights and permissions clearinghouse 400a, certifying authority 500a, and financial clearinghouse 200a (left-hand side of drawing) might be used to support a particular operation by set top box 106 and television set 102.
The same financial clearinghouse 200a but a different usage clearinghouse 300b, a different certifying authority 500b and a different rights and permissions clearinghouse 400b (top of drawing) might be used to support certain activities on personal computer 124.
A still different financial clearinghouse 200c, certifying authority 500c and usage clearinghouse 300c but the same rights and permissions clearinghouse 400b (right-hand side of drawing) might be used to support electronic activities of multimedia system 128.
A still different combination of Commerce Utility Systems. (in this example, usage clearinghouse 300c, financial clearinghouse 200d, rights and permissions clearinghouse 400c and certifying authority 500a--along the bottom of the drawing) might be used to support sound system 130.
This example shows that various Commerce Utility Systems 90 may operate in combination, and that different combinations of Commerce Utility Systems might be used to support different electronic transactions.
Administrative and Support Service Functions Can Be Combined Within General Purpose Commerce Utility Systems For Efficiency or Convenience
FIG. 7 shows that different special purpose Commerce Utility Systems 90 administrative and support service functions or sub-functions may be integrated together into more general or multi-purpose Commerce Utility Systems 90 for maximum convenience, efficiency or other reasons. For example:
Bob may operate an integrated or combined Commerce Utility System 90a providing a financial clearinghouse 200a function, a certifying authority 500a function, and a usage clearinghouse 300a function.
Anne may operate an integrated or combined Commerce Utility System 90b providing a financial clearinghouse function 200b, a rights and permissions clearinghouse function 400b and a transaction authority function 700b.
Helen may operate an integrated or combined Commerce Utility System 90c providing a rights and permissions clearinghouse function 400c and a certifying authority function 500c.
Roger may operate an integrated or combined Commerce Utility System 90d providing secure directory services 600d, usage clearinghouse services 300d, financial clearinghouse services 200d and rights and permissions clearinghouse 400d.
A consumer operating electronic appliances 100 may access any or all of these different Commerce Utility Systems 90 or combinations. For example, set top box 106 might obtain rights and permissions and certificates from Helen's Commerce Utility System 90c, but might make use of Bob's Commerce Utility System 90a for financial clearing and usage analysis.
A Commerce Utility System 90 may provide any combination of administrative and support functions or subfunctions as may be desirable to perform the operations required in certain business models, provide maximum efficiency, and/or maximize convenience. For example, Arine's Commerce Utility System 90(2) might provide only a specialized subset of financial clearinghouse function
FIG. 7A shows another illustration of how Commerce Utility Systems 90 can offer a wide variety of different combinations or subcombinations of administrative and support functions. In this FIG. 7A diagram each of the various administrative and support service functions is represented (for purposes of illustration) as a different kind of child's play block:
financial clearing functions 200 are shown as square blocks,
Usage clearing functions 300 are shown as half-circle blocks,
Rights and permissions clearing functions 400 are shown as rectangular blocks,
Certifying authority functions 500 are shown as triangular blocks,
Secure directory service functions 600 are shown as tunnel blocks, and
Transaction authority functions 700 are shown as cylinders.
Consumer and user appliances 100 are shown as standing-up rectangular columns in the diagram. Electronic network 150 is shown as a road which connects the various Commerce Utility Systems to one another and to consumer electronic appliances 100. Electronic digital containers 152 may be carried along this electronic network or "information highway" 150 between different electronic installations.
FIG. 7A illustrates just some of the many possible administrative and support service combinations that might be used. For example:
In the upper left-hand corner, a Commerce Utility System 90A provides at least some financial clearing functions 200a, at least some rights and permissions clearing functions 400a, and at least some certifying functions 500a. This type of overall electronic Commerce Utility System 90A might, for example, be in the business of managing and granting rights on behalf of rights holders and in handling payments based on those rights.
The Commerce Utility System 90D just to the right of installation 90A comprises financial clearing services 200d and transaction authority services 700a. It might be especially useful in, for example, auditing and/or managing an overall complex multi-step transaction while also ensuring that appropriate parties to the transaction are paid.
In the lower center of the diagram there is a Commerce Utility System 90B including financial clearing functions 200f and usage clearing functions 300c. This Commerce Utility System 90B could be especially useful, for example, for handling payment and other financial details relating to electronic usage transactions and also providing audit and report services based on the electronic usage.
The Commerce Utility System 90C shown in the bottom center of the drawing combines certifying authority services 500 with usage clearing services 300f. It could be especially useful in issuing digital certificates and then tracking the usage of those certificates (for example, in order to evaluate risks, potential liability, insurance costs, etc.).
The various examples shown in FIG. 7A are for purposes of illustration. Other combinations are possible or likely depending on business objectives, convenience and other factors.
Commerce Utility System Hierarchies
FIG. 8A shows that Commerce Utility Systems 90 or functions can be arranged in a hierarchy. For example, an overall financial (or other) clearinghouse 200(N) may oversee and/or have ultimate responsibility for the operations of numerous other financial (or other) sub-clearinghouses 200(1), 200(2), . . . . In the FIG. 8A example, a consumer electronic appliance 100 might interact with a clearinghouse 200(1), which might in turn interact with another clearinghouse 200(2), etc. This administrative and support service "hierarchy" might be thought of as being similar in some ways to a chain of command in a large corporation or in the military--with some clearinghouses exercising and/or delegating power, control and/or supervision over other clearinghouses.
FIG. 8B shows another example of a administrative and support service hierarchy. In this example, a number of centralized overall clearinghouses and/or other Commerce Utility Systems 90 delegate some or all of their work responsibilities to other Commerce Utility Systems 90. In this particular example shown, organizations, such as companies, non-profit groups or the like may have their own Commerce Utility Systems 156. Certain electronic commerce or other activities (the entertainment industry, for example) might have their own vertically-specialized Commerce Utility Systems 158. Certain geographical, territorial or jurisdictional groups (e.g., all purchasers of particular products within the state of Wisconsin) may have their own territorial/jurisdictional specialized Commerce Utility. Systems 160. Commerce Utility Systems 156, 158, 160 lower in the hierarchy may, in turn, further delegate authorities or responsibilities to particular consumers, organizations or other entities.
In one example arrangement, the Commerce Utility Systems 90 to which authority has been delegated may perform substantially all of the actual support work, but may keep the more over arching Commerce Utility Systems 90 informed through reporting or other means. In another arrangement, the over arching Commerce Utility Systems 90 have no involvement whatsoever with day to day activities of the Commerce Utility Systems to whom they have delegated work. In still another example arrangement, the more specialized Commerce Utility Systems do some of the work and the more overarching Commerce Utility Systems do other parts of the work. The particular division of work and authority used in a particular scenario may largely depend on factors such as efficiency, trustedness, resource availability, the kinds of transactions being managed, and a variety of other factors. Delegation of clearing authority may be partial (e.g., delegate usage aggregation but not financial or rights management responsibilities), and may be consistent with peer-to-peer processing (e.g., by placing some functions within consumers' electronic appliances while keeping some more important functions centralized).
Multi-Function Commerce Utility Systems Can be Organized Hierarchically or Peer-to-Peer
FIG. 9 shows a still different, more complex Commerce Utility System environment including elements of both a hierarchical chain of command and a high degree of cooperation in the horizontal direction between different multi-function Commerce Utility Systems 90. In this example, there are five different levels of responsibility with a master or overarching Commerce Utility Systems 90(1) (for example, a financial clearinghouse 200) on level 1 having the most authority and with additional Commerce Utility Systems on levels 2, 3, 4, and 5 have successively less power, authority, control, scope and/or responsibility. FIG. 9 also shows that different Commerce Utility Systems on the same level may have different functions, scopes and/or areas of responsibility. For example:
a Commerce Utility System 90(2)(1) may be a "type A" Commerce Utility System,
Commerce Utility System 90(2)(2) might be a "type B" Commerce Utility System, and
Commerce Utility System 90(2)(3) might be a "type C" Commerce Utility System.
On the next level down, Commerce Utility Systems might be type A Commerce Utility System (such as, 90(3)(1) and 90(3)(2)), they might be type B Commerce Utility Systems (such as, 90(3)(4)), they might be type C Commerce Utility Systems (such as, 90(3)(5), 90(3)(6)), or they might be hybrids--such as, Commerce Utility System 90(3)(3) which is a hybrid having type A and type B functions.
FIG. 9 also shows that additional clearinghouses on levels 4 and 5 might have sub-types as well as types. In the context of a financial clearinghouse 200 for example, Type A might be responsible for consumer credit, Type B for electronic checks, and Type C for commercial credit. Another demarcation might be clearing for Visa (Type A), Mastercard (Type B) and American Express (Type C). A Type A/B clearinghouse would then be a clearing delegation that could handle both consumer credit and electronic check clearing. A Type B Subtype I might be responsible for commercial electronic checks. A Type C Subtype I might be commercial credit card transactions, and Subtype III might be credit drafts. The rationale for multiple instances might be based on jurisdictional boundaries (e.g., France, Germany, New York, and Alabama), and/or contractual arrangements (e.g., delegation of responsibility for bad credit risks, small purchasers, very large transactions, etc.) The peer-to-peer dimension might reflect a need to coordinate an overall transaction (e.g., between a small purchaser's clearinghouse and a large commercial player's clearinghouse).
A rights and permissions clearinghouse 400 might break out along content types (e.g., movies; scientific, technical and medical; and software). Subtype A might include first run movies, oldies, and art films; subtype B might handle journals and textbooks; and type C might be responsible for games, office, educational content. Peer-to-peer communications between clearinghouses could involve multimedia presentation permissions (e.g., a multimedia presentation might have permissions stored at one clearinghouse that uses a back channel to other clearinghouses to ensure that the latest permissions are distributed).
Some Example Commerce Utility Systems
As described above, Commerce Utility Systems 90 are generalized and programmable--and can therefore provide a mix of different support and administration functions to meet requirements of a given transaction. Thus, many or most Commerce Utility Systems 90 as actually implemented may provide a range of different support and administrative functions that may make it difficult to categorize the implementation as being of one particular "kind" of Commerce Utility System as opposed to another.
Nevertheless, certain types of idealized specialized Commerce Utility Systems 90 are particularly useful for a wide range of models, transactions and applications. It is helpful and convenient to describe some of the characteristics of these "pure" Commerce Utility Systems of different types--recognizing that actual implementations may mix functions or function subsets from several of these idealized models. The following are brief vignettes of some of the characteristics of such "pure" idealized Commerce Utility Systems.
Financial Clearinghouse 200
FIG. 10 shows an example financial clearinghouse 200 in more detail. Financial clearinghouse 200 handles payments to ensure that those who provide value are fairly compensated. Financial clearinghouse 200 may securely coordinate with other Commerce Utility Systems 90 in performing this task.
In this example, financial clearinghouse 200 may communicate with appliance protected processing environment 154 over electronic network 150 in a secure manner using electronic containers 152 of the type described, for example, in the Ginter et al. patent specification in connection with FIGS. 5A and 5B. Financial clearinghouse 200 may receive payment information 202 from protected processing environment 154 in these secure containers 152, and interact electronically or otherwise with various banking, credit card or other financial institutions to ensure that appropriate payment is made.
Financial clearinghouse 200 may, for example, interact with a consumer's bank 206a, a provider's bank 206b and a consumer's credit card company 206c. For example, financial clearinghouse 200 can debit funds from the consumer's bank 206a and credit funds to the rights holder's bank 206b to pay for the consumers' watching of a movie, television program or other content. Additionally or alternately, financial clearinghouse 200 may interact with a consumer's credit card company 206c to request credit checks, obtain credit authorizations, payments and the like.
Financial clearinghouse 200 may provide payment statement statements 204 to consumers 95--for example, by transmitting the statements to appliance 100 in a secure electronic container 152b to preserve the confidentiality of the statement information. In this example, consumers 95 can view the statements 204 using their appliance 100 protected processing environment 154, and may also be able to print or save them for record-keeping purposes.
In one example, the payment mechanism 118 provided by protected processing environment 154 might be an electronic wallet supplying electronic money. for use in paying for electronic services or content. This electronic wallet may hold money in digital form. Consumers 95 can spend the digital money on whatever they wish. When the electronic wallet is empty, consumers 95 can have the financial clearinghouse 200 replenish the wallet by authorizing the financial clearinghouse to debit the funds from the consumers' account in their bank 206a. Financial clearinghouse 200 may process electronic money payments, arrange for the electronic wallet to be refilled automatically (based on the consumers' pre-authorization, for example) when the consumers have spent all of its former contents, and provide the consumers with detailed reports and statements 204 about how they have spent their electronic money.
Usage Clearinghouse 300
FIG. 11 shows an example usage clearinghouse 300. Usage clearinghouse 300 in this example receives usage information 302 from usage meter 116, analyzes the usage information and provides reports based on the analysis it performs. Usage clearinghouse 300 may securely coordinate with other Commerce Utility Systems 90 in accomplishing these tasks.
For example, usage clearinghouse 300 may send the consumers 95 a detailed report 304a of all the movies, television programs and other material the consumers have watched over the last month. The communication between protected processing environment 154 and usage clearinghouse 300 may be in the form of secure containers 152. As described in the Ginter et al. patent disclosure, usage meter 116 can meter use on the basis of a number of different factors, and can range from being extremely detailed to being turned off altogether. The consumers, if they desire, could view the detailed usage report 304a on their television set 102.
Usage clearinghouse 300 can report to others about the consumers' viewing habits consistent with protecting the consumers' privacy. These reports can also be sent within secure containers 152. For example, usage clearinghouse 300 might provide a summary report 304b to advertisers 306 that does not reveal the consumers' identity but provides the advertisers with valuable information about the consumers' viewing habits. On the other hand, with the consumers' consent, usage clearinghouse 300 could provide a more detailed report revealing the consumers' identity to advertisers 306 or to other specified people. In return, the consumers 95 could be given incentives, such as, for example, discounts, cash, free movies, or other compensation.
Usage clearinghouse 300 can also issue reports 304c to rights holders 308--such as the producer or director of the video program 102a the consumers 95 are watching. These reports allow the rights holders to verify who has watched their program material and other creations. This can be very useful in ensuring payment, or in sending the consumers other, similar program material they may be interested in.
Usage clearinghouse 300 might also send reports 304d to a ratings company 310 for the purpose of automatically rating the popularity of certain program material. Usage clearinghouse 300 might also send reports to other market researchers 312 for scientific, marketing or other research.
Rights and Permissions Clearinghouse 400
FIG. 12 shows an example rights and permissions clearinghouse 400. Rights and permissions clearinghouse 400 stores and distributes electronic permissions 404 (shown as a traffic light in these drawings). Permissions 404 grant and withhold permissions, and also define consequences. Rights and permissions clearinghouse 400 may work with other Commerce Utility Systems 90 to accomplish its tasks.
In this example, rights and permissions clearinghouse 400 may act as a centralized "repository" or clearinghouse for rights associated with digital content. For example, broadcasters, authors, and other content creators and rights owners can register permissions with the rights and permissions clearinghouse 400 in the form of electronic "control sets." These permissions can specify what consumers can and can't do with digital properties, under what conditions the permissions can be exercised and the consequences of exercising the permissions. Rights and permissions clearinghouse 400 can respond to requests 402 from electronic appliance protected processing environment 154 by delivering permissions (control sets) 188 in response.
For example, suppose that consumers 95 want to watch a concert or a fight on television set 102. They can operate their remote control unit 108 to request the right to watch a certain program. Protected processing environment 154 may automatically contact rights and permissions clearinghouse 400 over electronic network 150 and send an electronic request 402. The rights and permissions clearinghouse 400 can "look up" the request in its library or repository to see if it has received (and is authorized to provide) the necessary permission 404b from the program's rights holder 400. It may then send the requested permission 188 to protected processing environment 154.
For example, permission 188 might allow the consumers to view the concert or fight only once and prohibit its copying with copy protection mechanism 120. Permission 188 may also (or in addition) specify the price for watching the program (for example, $5.95 to be deducted from the consumers' electronic wallet). Appliance 100 can ask the consumers 95 if they want to pay $5.95 to watch the program. If they answer "yes" (indicated, for example, by operating remote control 108), the appliance 100 can automatically debit the consumers' electronic wallet and "release" the program so the consumers can watch it.
Rights and permissions clearinghouse 400 can deliver permissions 188 within a secure container 152b that may optionally also contain the information controlled by the permissions--or permission 188 may arrive at a different time and over a different path than the program or other content travels to the appliance 100. For example, the permissions could be sent over network 150, whereas the program it is associated with may arrive directly from satellite 112 or over some other path such as cable television network 114 (see FIG. 1).
Rights and permissions clearinghouse 400 may also issue reports 406 to rights holders or other people indicating which permissions have been granted or denied. For example, the author of a book or video might, consistent with consumer privacy concerns, be able to learn the exact number of people who have requested the right to publish excerpts from his or her work. These kinds of reports can supplement reports provided by usage clearinghouse 300.
Certifying Authority 500
FIG. 13 shows an example of a certifying authority 500. Certifying authority 500 issues digital certificates 504 that provide a context for electronic rights management. Certifying authority 500 may coordinate with other Commerce Utility Systems 90 to accomplish its tasks.
Certifying authority 500 issues digital certificates 504 that certify particular facts. Digital certificate 122 is like a driver's license or a high school diploma in some respects, since they each provide proof of a certain fact. For example, we may show our drivers' license to prove that we are old enough to vote, buy liquor, or watch an "R" rated movie. This same driver's license attests to the fact that we have a certain name and live at a certain address, and that we have certain knowledge (of state motor vehicle laws) and skills (the ability to maneuver a motor vehicle). Digital certificate 504 is similar to that aspect of a driver's license that confirms the identity of, and related facts pertaining to the licensee, except that it is made out of digital information instead of a laminated card.
In this example, certifying authority 500 may receive consumer requests and associated evidence 502, and may issue corresponding digital certificates 504 that certify particular facts. Certifying authority 500 may also receive evidence, credentials and possibly also certificate definitions from other people such as government authorities 506, professional organizations 508 and universities 510. As one example, the certifying authority 500 might receive birth certificate or other identity information from a government authority 506. Based on this identity information, the certifying authority 500 may prepare and issue a digital certificate 504 that attests to person's identity and age. The certifying authority 500 might also issue digital certificates 504 attesting to professional status, employment, country of residence, or a variety of other classes and categories based on various evidence and inputs from various people.
Certifying authority 500 may certify organizations and machines as well as people. For example, certifying authority 500 could issue a certificate attesting to the fact that Stanford University is an accredited institution of higher learning, or that the ACME Transportation Company is a corporation in good standing and is authorized to transport hazardous materials. Certifying authority 500 could also, for example, issue a certificate 504 to a computer attesting to the fact that the computer has a certain level of security or is authorized to handle messages on behalf of a certain person or organization.
Certifying authority 500 may communicate with protected processing environment 154 and with other parties by exchanging electronic containers 152. Electronic appliance 100's protected processing environment 154 may use the digital certificates 504 the certifying authority 500 issues to manage or exercise permissions 188 such as those issued by rights and permissions clearinghouse 400. For example, set top box 106 might automatically prevent any consumer under 17 years of age from watching certain kinds of program material, or it might provide a payment discount to students watching educational material--all based on certificates 504 issued by certifying authority 500.
Secure Directory Services
FIG. 14 shows an example of secure directory services 600. Secure directory services 600 acts something like a computerized telephone or name services directory. Consumers 95 can send a request 602 specifying the information they need. Secure directory services 600 can "look up" the information and provide the answer 604 to consumers 95. Secure directory services 600 can work with other Commerce Utility Systems 90 to perform its tasks.
For example, suppose consumers 95 want to electronically order a pizza from Joe's Pizza. They decide what kind of pizza they want (large cheese pizza with sausage and onions for example). However, they don't know Joe's Pizza's electronic address (which may be like an electronic phone number). Consumers 95 can use remote control 108 to input information about what they want to have looked up ("Joe's Pizza, Lakeville, Conn."). Protected processing environment 154 may generate a request 602 containing the identification information and send this request to secure directory services 600. It can send the request in a secure container 152a.
When secure directory services 600 receives the request 602, it may access a database to locate the requested information. Secure directory services 600 may have earlier obtained Joe's electronic address directly from Joe or otherwise. Secure directory services 600 may send the requested information back to appliance 100 in a response 604. Response 604 may also be in a secure container 152b. The consumers 95 can use this information to electronically send their order to Joe's Pizza--which can display on Joe's order terminal within a few seconds after the consumers send it. Joe may deliver to consumer 95 a piping hot cheese, sausage and onion pizza a few minutes later (by car--not electronically--since a physical pizza is much more satisfying than an electronic one).
Secure directory services 600 can help anyone connected to network 150 contact anyone else. As one example, secure directory services 600 can tell usage clearinghouse 300 how to find a financial clearinghouse 200 on network 150. Any electronic appliance 100 connected to network 150 could use secure directory services 150 to help contact any other electronic appliance.
As mentioned above, the request 602 to secure directory services 600 and the response 604 it sends back may be encased within secure containers 152 of the type described in the Ginter et al patent specification. The use of secure containers 152 helps prevent eavesdroppers from listening into the exchange between consumers 95 and secure directory services 600. This protects the consumers' privacy. The consumers 95 may not care if someone listens in to their pizza order, but may be much more concerned about protecting the fact that they are corresponding electronically with certain other people (e.g., doctors, banks, lawyers, or others they have a relationship of confidence and trust with). Secure containers 152 also help ensure that messages sent across network 150 are authentic and have not been altered. Electronic containers 152 allow Joe's Pizza to trust that the just-received pizza order actually came from consumers 95 (as opposed to someone else) and has not been altered, and the consumers can be relatively sure that no one will send Joe a fake pizza order in their name. The use of secure containers 152 and protected processing environment 154 in the preferred embodiment also ensures that the consumers 95 cannot subsequently deny that they actually placed the order with Joe's Pizza if they in fact did so.
Transaction Authority 700
FIG. 15 shows an example transaction authority 700. Transaction authority 700 in this example provides process control and automation. It helps ensure that processes and transactions are completed successfully. Transaction authority 700 may work with other Commerce Utility Systems 90 to perform and complete its tasks.
In more detail, transaction authority 700 in this example monitors the sta |
