This invention relates to regulating access to an object containing digital information or content stored at a client computer.
Content traditionally has been packaged in physical form, and physically delivered from one point to another. For example, the stories and images contained in most morning newspapers are arranged in electronic form, on computers, but the newspapers are published in printed form and delivered to the subscribers"" doorsteps by newspaper carriers. Business documents that need to be delivered to an associate or customer often are placed in an envelope and delivered by an overnight express service to their destination.
Computer networks, including public switched networks using Transmission Control Protocol/Internet Protocol (TCP/IP) such as the Internet, represent a potentially economical and efficient conduit for the electronic delivery of content. Digital files including text, graphics, sound, video, or any number of media formats can be created, and stored electronically, and delivered from one point to another via a network.
Applications for transfer of content via computer networks have proliferated in recent years, in part due to the popularity of the Internet. For example, one widely used application is electronic mail (xe2x80x9cemailxe2x80x9d), a messaging protocol for the delivery of text-based messages from one user to another. An email message also can include attachments, which are files that the sending party selected and designated for delivery along with the email message.
Another application, the Internet browser, provides a mechanism for viewing World Wide Web (xe2x80x9cWebxe2x80x9d) pages. Web pages are multimedia files written in a hypertext format, for example, utilizing the hypertext mark-up language (HTML), and stored at servers computers (xe2x80x9cWeb serversxe2x80x9d) on the Internet. A Web server responds to a request from a client to view a Web page by downloading the appropriate file to the client. The file is displayed by the client""s browser, and usually is stored in the client""s cache directory and/or memory along with other recently accessed Web page files. Each time a user at the client computer wishes to view a new Web page, the user must enter the address, or Uniform Resource Locator (URL) of the file corresponding to the Web page, or select a hypertext link corresponding to the URL of that page. The client then requests from the Web server the file at the designated URL, and the server delivers this file to the client.
Because content often is produced originally in digital form, a potential has arisen for the producers of such content to sell directly to their customers, without the need for physical production or a distribution chain, or third-party sales intermediaries such as retailers. For example, authors or publishers may offer their books for sale in digital form on the Internet, for immediate download by customers, without incurring the cost of printing and distributing the book in paper form. Likewise, newspaper publishers could deliver their daily content electronically, to the user""s home computer desktop, instead of in paper form to their doorstep, and music producers could sell their recordings online without producing and distributing tapes or compact disks. Electronic distribution could result in cost savings to the consumer and increased profitability to the content producer, due to the reduction in printing and distribution costs.
In an electronic delivery or distribution scheme, a baseline requirement is that content producers or sellers must have a way to regulate access to their product, for example, by first receiving payment before making the content accessible. Furthermore, since digital files are extremely easy to copy and distribute, sellers and producers have an interest in locking or encrypting the files containing the content, so as to limit access to those who have paid for it.
The efficacy and desirability of delivering and receiving content via a computer network such as the Internet is determined by several additional factors. For example, the speed and capacity of the server and client computers, and the communication link therebetween, may significantly affect content delivery and sometimes prohibit, as a practical matter, delivery of certain media formats. The speed of file transfer is affected by, among other things, the bandwidth of the communications link between the server and the client, the traffic on the network at the time of file transfer, and the size of the file(s) to be transferred. While small, plain text files normally can be delivered quickly using existing systems and networks, other file types, such as multimedia files containing graphics or sound, can be quite large and therefore may take significantly longer time to deliver. This is particularly true of delivery to home computers, which usually have a relatively low-bandwidth connection (e.g. a modem and standard telephone line) to the network. Also, memory capacities, including Dynamic Random Access Memory (DRAM) and disk space, can limit the size and complexity of files that can be executed and stored by a client or server computer.
Factors associated with maintaining a network connection also may affect the desirability of electronic content delivery, particularly from the standpoint of the client. For example, most Web sites consist of multiple pages including hypertext links to related pages at the same server, and to other Web sites located at other servers. When browsing, or jumping from page to page, on the Web, an Internet connection should be maintained continuously, because each file is accessed by a separate request from the client. Maintaining a connection can be inconvenient because it may tie up the user""s telephone line, the connection may be slow (requiring the user periodically to wait for the next page to be downloaded), or the connection may terminate unexpectedly before the user has completed viewing the document. Moreover, some Internet access providers charge customers based on connection time, so maintaining a connection over a long period of time can become expensive.
Yet another factor associated with electronic content delivery is the level of privacy protection afforded the sending and receiving parties. For example, electronic documents undergoing transmission may contain confidential business information, thus users may be reluctant to deliver such documents over a computer network for fear that the document may be intercepted by a third party, either intentionally or unintentionally. A message sent via a packet-switching network such as the Internet passes through many different computers on the network, or nodes, on the way to its final destination. The message potentially could be intercepted at any one of these nodes, or at the final destination.
Also important for content delivery are the attractiveness and ease of use of interfaces presented to the user for interacting with the computer or other content-providing vehicle. In the physical world, interfaces are important for a variety of purposes. A newspaper, for example, is arranged to have an aesthetically pleasing layout, eye-catching graphics and titles, and easy browsing from one page to the next, in order to facilitate viewing its content. Also, an interface can govern the manners in which separate physical documents are arranged and delivered. When sending physical documents, for example, related documents often are grouped by paperclip or staple, or by packaging in an envelope. Like the physical world, in the digital environment, using a network for sending a document, receiving a document, viewing a document, paying for a document, or requesting permission to access a document all may be controlled through user interfaces. The properties and characteristics of the particular interface(s) used will affect the desirability of conducting such operations electronically.
Access to digital content is regulated by the mechanisms described herein, based on, for example, proper payment or other authorization information submitted by a user or computer process. Embodiments may include various combinations of the following features.
Objects embodying digital content (such as newspaper text, executable computer programs, or music) are arranged in a format for electronic delivery, the format comprising an encrypted, compressed, parsed data string which includes the files containing the content, a unique coded key corresponding to the object, an access authorization form, and a setup file. The data string also may include applications necessary for viewing the content, such as browsers or viewers. The object may be copied and transmitted freely between computers. For example, a merchant server on the Internet may advertise objects representing newspapers or magazines available for delivery to client computers. Users at client computers may download an object using, for example, File Transfer Protocol (FTP), or users request that the object be sent to the client computer via electronic mail. Delivery is facilitated by the fact that the object is compressed and therefore requires relatively less time to transmit across the network. As an alternative to network delivery, the object may be acquired from a CD-ROM or other physically transportable medium. The object can be stored at the client computer, on a hard drive, for example, or on a transportable medium.
Completion of an authorization process is required in order to unlock, or gain access to, the object. Access to the object may be requested at the direction of a human user, or may be requested without human intervention, such as during execution of a computer program or script. Once the authorization process has been completed successfully, an install process is initiated at the client computer, wherein the object""s unique coded key is copied to a location at the client. The install process also causes a machine identification code corresponding to the client to be copied to a location at the client. On the Microsoft Windows Operating System, the Registry file is used for storing the unique coded key and the machine identification code. The installation process allows the object to be executed, or xe2x80x9cpublished,xe2x80x9d locally, at that particular client computer, as opposed to occurring across a network, and xe2x80x9clocksxe2x80x9d the installed object to that particular machine. The object can be copied and is freely transmissable between computers, but the authorization process will be executed again if access is attempted at a different computer.
When access to an object is requested initially at a client computer, for example by a human user or by an automated computer script, the client computer conducts an access check. The access check may comprise searching one or more designated system files at the client computer for the unique key corresponding to the object and the machine identification code corresponding to the computer at which the request occurred. If the access check reveals that the required files are present, then the object is automatically decoded and executed. The files containing the digital content are copied to a temporary directory, and the content is available for use. When the resource using the content has completed such use, the temporary directory is deleted and the object is encrypted. The content can be reaccessed and reused at that particular computer as many times as the user or resource desires.
If the access check fails, then an external authorization procedure is implemented. Payment and/or use information is collected at the client computer at which the access request occurred. The payment/use information can be input by a human user, or can be automatically collected by the resource based on existing, stored information. Payment information may be required if the producer or supplier of the object requires such payment for execution of the object (i.e. the object is being sold or licensed to the user). Alternatively or in addition to payment information, use information may be required, such as employment-related data, educational information, family information, or any other information which a content producer or supplier wishes to consider in regulating access to the object. The payment/use information is transmitted from the client to a payment server, using a communications link such as the Internet.
The payment server directs the external authorization procedure, based on the payment/use information received. The payment server first may process, at a xe2x80x9cpreprocessingxe2x80x9d stage, the payment/use information. During preprocessing, the payment server may search the information for payment information in correct format, such as valid credit card number (i.e. proper number of digits) and expiration date. Alternatively, if only xe2x80x9cusexe2x80x9d information is required for accessing the object, the payment server may search for the required xe2x80x9cusexe2x80x9d information. For example, a magazine may require that users indicate they are a student at an accredited U.S. law school in order to gain access to an object representing a legal magazine. The payment server will scan the information received from the client for such indication of law school, and if found, will transmit a message back to the client initiating an installation procedure as discussed later herein.
If payment information is required, and preprocessing reveals proper format, then selected portions of the payment information are transmitted via a communications link to an authorization center for account verification. The authorization center may be, for example, a credit card authorization center. In this example, the payment server transmits the credit card number, expiration date, and the amount of the purchase to the authorization center, and the authorization center verifies or rejects the transaction based on the funds available in the account and the amount of the requested purchase. If the purchase is verified, the authorization center deducts the appropriate amount from the account and sends a message to the payment server indicating verification. If the purchase is rejected, the authorization center sends a message to the payment server indicating rejection. A dedicated frame relay network may comprise the communications link between the payment server and the authorization center.
Upon receiving a message from the authorization center indicating either acceptance or rejection of the transaction, the payment server transmits a xe2x80x9ctokenxe2x80x9d back to the client computer. The token is a file indicating whether the transaction has been approved; i.e. whether the object should be installed and access granted. If the token indicates approval, the token causes the client computer to execute the install process discussed previously, wherein, for example, a unique coded key corresponding to the object is installed at the client, along with the client machine identification code. The object is then automatically published, and access is available thereafter (without requiring further payment or use information) according to the access check described herein. If the token indicates rejection, the install process will not be initiated and access is denied. The token may contain additional information indicating reasons for the rejection, and the client may display a message based on this additional information, for the benefit of a human user.
The token, as well as the access check and the install process, is transparent and inaccessible to the resource requesting access. The xe2x80x9cresourcexe2x80x9d seeking access to the object may be a human user, a computer program, or a combination thereof. The requesting resource, to the extent feasible, is prevented from copying the token or copying the installed unique coded key so as to enable access without the required payment or other authorization at other client computers.
Although the token and the unique coded key are not meant to be copied from one computer to another, the object itself may be copied or delivered to other computers or media. If access to the object then is requested at another computer, the access check again will be implemented, and payment or use information will be required for access if not already supplied at that particular computer.
Advantages of the digital content access regulating techniques described here may include one or more of the following.
By providing mechanisms for selectively granting access to digital content, the methods and techniques described here provide a practical and efficient way for producers or other authorized suppliers of such content to deliver and/or sell directly to their customers, without the need for physical production, a distribution chain, or third-party sales intermediaries. These mechanisms authorize and complete a purchase of digital content by billing or debiting the appropriate financial account, activating or unlocking the object embodying the content that was purchased, and storing authorization information at the buyer""s computer so that the content can be accessed at that particular computer on an ongoing basis once it has been purchased. While transfer of the object to a different computer is allowed, unregulated access to its content at the different computer is prevented. Thus, the mechanisms protect the economic interests of content suppliers by preventing wholesale copying and distribution of unlocked, potentially valuable digital content.
The mechanisms described here also protect the buyer""s confidential payment information, occur in real-time so as to grant the buyer quick and easy access to the object as soon as he purchases it, and utilize existing financial instruments, such as credit cards, debit cards, or demand deposit accounts.
The mechanisms described here also allow a customer to enjoy the advantages of a digital product without the delays and inconveniences associated with continuously retrieving files over a limited bandwidth public switched network. The product is stored at the customer""s computer in compressed and encrypted form, until the time at which the customer desires to view or use the product. Purchase or activation then occurs according to the mechanisms described here. Once activated and unlocked, the product is executed, or published, directly on the customer""s computer, and the customer can view or use the product without the need for network access. The mechanisms therefore make accessing large digital files, including multimedia documents or movies, much more convenient and enjoyable to the user
Additional security can be provided by encrypting, in addition to the object itself, the files containing the content. Such additional encryption can be implemented using, for example, the Blowfish algorithm. When the object is executed (decompressed and decrypted, with the files containing the content copied to a temporary subdirectory), these files containing the content may be decrypted xe2x80x9con the flyxe2x80x9d as a continuous data stream, as the product is executed. This provides protection against unauthorized copying of the decrypted files containing the content, during execution of the object.
A customer may obtain an object in any of several convenient and efficient ways, and the object may be copied and transmitted to others who also may wish to purchase or properly access the content contained therein. Electronic mail, for example, can be used to deliver the object to the customer""s electronic mailbox. Allowing electronic mail to be used for delivery of packaged content to a customer provides the benefit of extending the functionality of a communications framework which is already existent and available to a wide number of potential customers. It provides the additional benefit of not requiring the user to monitor the delivery process or maintain a network connection during delivery. In fact, delivery of various digital products to the user""s electronic mailbox could be automated to occur at regular intervals, thereby eliminating the hassle of a user having to request each and every day the delivery of, for example, the daily newspaper in digital form.
The systems and techniques described here also enable the coordinated execution, or xe2x80x9cpublishing,xe2x80x9d of the files comprising the object. Such coordinated execution provides benefits to the userxe2x80x94for example, the direct publication of a Web site completely on the customer""s client computer, without requiring input or instructions from the user. The system uses common, existing applications such as browsers and viewers to execute files and publish digital content, thus reducing the need for the user to purchase or acquire additional applications for the use of digital content.
Other advantages and features will become apparent from the following description, including the drawings and claims.