WO2001008029A2 - Digital/internet distribution channel management system for digital content - Google Patents

Digital/internet distribution channel management system for digital content Download PDF

Info

Publication number
WO2001008029A2
WO2001008029A2 PCT/US2000/019931 US0019931W WO0108029A2 WO 2001008029 A2 WO2001008029 A2 WO 2001008029A2 US 0019931 W US0019931 W US 0019931W WO 0108029 A2 WO0108029 A2 WO 0108029A2
Authority
WO
WIPO (PCT)
Prior art keywords
digital
content
transaction
goods
digital goods
Prior art date
Application number
PCT/US2000/019931
Other languages
French (fr)
Other versions
WO2001008029A3 (en
Inventor
Pete O'dell
Charles Jennings
Michael Hudson
Christopher E. Jenkin
Daniel M. Woodard
Original Assignee
Supertracks. Com, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Supertracks. Com, Inc. filed Critical Supertracks. Com, Inc.
Priority to AU63628/00A priority Critical patent/AU6362800A/en
Publication of WO2001008029A2 publication Critical patent/WO2001008029A2/en
Publication of WO2001008029A3 publication Critical patent/WO2001008029A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00094Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised record carriers
    • G11B20/00123Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised record carriers the record carrier being identified by recognising some of its unique characteristics, e.g. a unique defect pattern serving as a physical signature of the record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00166Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software
    • G11B20/00173Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software wherein the origin of the content is checked, e.g. determining whether the content has originally been retrieved from a legal disc copy or another trusted source
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00855Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server

Definitions

  • the present invention is generally related to electronic commerce systems that provide support for commercial transactions to be performed over the Internet and, in particular, to a digital channel management system that supports the electronic distribution of digital content through a trusted distribution channel.
  • a general purpose of the present invention is to provide for the structure and operation of a digital distribution channel for digital goods
  • a digital distribution channel management system that includes a digital warehouse storing different master copies of digital goods awaiting transfer and a transaction database that stores a plurality of transaction records.
  • a transaction server is provided coupleable to a communications network, such as the Internet.
  • the transaction server is responsive to requests from the communications network to serve an instance of a particular digital goods.
  • the request includes predetermined information that is authenticateable against a predetermined transaction database record that stored in the transaction database.
  • the transaction server provides for the digital signing of the instance of the digital goods and the serving of the instance back onto the communications network where the predetermined information is successfully authenticated against the predetermined transaction database record.
  • An advantage of the present invention is that the system provides for the aggregation of many small transactions into unitary, cost-effective financial transactions. Another advantage of the present invention is that the system provides for the establishment of universal trust relationships between any number of content originators, content providers, distributors and repackagers, and the consumers. Additionally, these trust relationships are maintained through use of a comprehensive distribution system that enforces the relationships and thereby provides ⁇ highly credible support foundation for the maintenance of these relationships. A further advantage of the present invention is that the system specifically supports anonymous transactions as a default structural implementation of the system, thereby providing a very credible level of privacy for the commercial users of the system. Control over the release of information regarding any transactions can be directly established as belonging to the consumer.
  • Still another advantage of the present invention is that the aggregational vehicle utilized by the present invention can be made both tangible and redistributeable.
  • a physical card may be made the specific controlling entity that allows or supports the execution of an electronic transaction for the distribution of some digital goods, thereby allowing the card itself to be transferred between consumers.
  • This redistribution ability directly provides for substantial flexibility to use the present invention in widely different, simple to quite complex, single to multiparty distribution, advertising, and other promotional activities, as well as re-distribution as gifts, incentives, subscriptions, and sponsored activities.
  • implementations of the aggregational vehicle, such as a card permit use to be specifically defined on a pre-emptive basis. The effective financial value attached to a card is defined and held by the system.
  • the financial impact of the loss or mis-use of a card is limited.
  • the promotional, sponsored, or other branding-type value of a card is definable and potentially re-definable through the system by specification of the type, titles, categories, or other restrictions on the digital goods that can be electronically delivered through the use of any particular card or set of cards.
  • Still another advantage of the present invention is that the effective financial value of an aggregational vehicle, such as a card, can be re-charged through either a promotional, sponsored, or other branding-type source transaction or by a consumer transaction, such as the transfer of actual funds to the transactional account represented by the aggregational vehicle.
  • a single card may thus be able to be used as multiple virtual cards, each carrying their own usage-limitations and effective account balances.
  • a yet further advantage of the present invention is that the aggregational vehicle may be also used in connection with the purchases of tangible goods.
  • An electronic transaction based on a card may be sponsored or hosted directly or indirectly by a bricks-and-mortar retail site.
  • Figures 1 A, I B, AND l c generally depict, in flow-graph form, the relationships and transfers supported by the present invention in connection with the distribution of digital goods and the management of the electronic transactions in connection therewith;
  • Figure 2 shows the effective construction or digital packaging of digital content as an electronically deliverable digital goods in accordance with a preferred embodiment of the present invention;
  • Figure 3A illustrates the delivery of electronically deliverable digital goods, in accordance with a preferred embodiment of the present invention, to any of a number of different consumer devices capable of utilizing delivered digital goods;
  • Figure 3B illustrates a client utilization of electronically deliverable digital goods in accordance with a preferred embodiment of the present invention;
  • Figure 4 shows the system architecture of a distribution channel transaction management system constructed in accordance with a preferred embodiment of the present invention;
  • Figure 5 shows a transaction handling process flow for authentic
  • a channel management computer system 1 2 preferably hosts a distributor commerce (D-Commerce) site 14 on the Internet or other communications network to operate as a communications point of contact for requests for digital goods and management of the corresponding electronic transactions.
  • the distributor commerce site 14 is preferably implemented as a high- performance Web server computer system executing a Web server application, such as the Microsoft® Internet Information ServerTM (IIS).
  • IIS Internet Information Server
  • the computer system 12 stores digital goods as digital content files 16 in a secure storage device 18, effecting a digital warehousing of available digital goods.
  • the secure store device 18 is implemented as a secure server system that includes a redundant array of hard disk drives to ensure the data integrity of the stored digital content.
  • the secure server system itself is preferably protected from unauthorized electronic access through the use of a secure operating system, which can be implemented at a minimum through use of the Microsoft® WindowsNTTM secure server operating system. Physical security over the secure server system is also preferably provided. These protections together provide a highly credible secure environment for managing the storage of the digital goods.
  • the distributor commerce site 14 preferably utilizes a high-performance transaction oriented database 20 to provide access to transaction and related account records used for authenticating distribution requests and recording the corresponding completed electronic transactions.
  • the database 20 may be hosted on a separate database server computer system, which can be readily implemented using Microsoft® MSSQLTM and WindowsNTTM file server operating system.
  • Other components of the channel management computer system 1 2 preferably include a system management user interface 22 to the distributor commerce site 14 system and an off-line account management system 24.
  • the System management interface 22 provides local maintenance access and set of maintenance tools for use in operating the distributor site 14.
  • the account management system 24 likewise generally provides a local user interface and set of tools for establishing and processing accounting information and providing reports of account activity by users of the channel management computer system 12.
  • a key generation component 28 is provided within the generally secure environment of the channel management computer system 12.
  • This key generation component 28 is operated preferably though the system management user interface 22 to produce and manage a collection of keys - generally identification codes and personal identification numbers (PINs) - that are to be used in conjunction with the authentication of distribution requests as received by the distributor site 14.
  • the digital content 16 is preferably obtained from content providers 30, which may include content originators directly or indirectly as represented by agents and other entities that have the legal authority to engage the distribution and sale of digital content.
  • the digital content 1 6 is digitized music tracks (individual songs) and collections (digital albums).
  • the relevant content providers therefore include musicians, their contractual agents, and the many different music studios.
  • the contractual rights for distribution are obtained 32 on behalf of the channel management computer system 12 in a conventional manner.
  • the actual digital content 1 6 is thereafter obtained through any number of different forms of digital transport 34, provided that the transport 34 is secure 36.
  • a preferred form of secure digital transport 34 is through use of an encrypted digital transfer over the Internet.
  • One such form of secure, encrypted transfer 34 is provided utilizing the Netscape® Secure Sockets Layer (SSL).
  • SSL Netscape® Secure Sockets Layer
  • An additional layer of security may be provided by requiring the transfer to be made subject to the digital certification of the sending and receiving sites through the use of Digital Certificates, which is an optional feature of SSL.
  • a private communications network may also be used, alone or in some combination with SSL and Digital Certificates.
  • Digital transport through the use of a fixed, tangible digital medium, such as a compact disk (CD), may also be used.
  • Digital content 16 is available for distribution by the channel management computer system 12 preferably through the distributor commerce site 14 received through a generally secure digital transport medium 38. Requests for distribution are received generally in relation to any retail site 40 or e-commerce site 42 that has established a distribution relationship with the operator of the channel management computer system 12. This relationship may be direct or indirect through a third party that has ultimately established a direct relationship with the operator of the channel management computer system 12.
  • the relationship may be established as a direct relationship 44 or through a promoter 46 as an indirect relationship 38.
  • an aggregation vehicle is provided to a consumer.
  • a tangible card 50 is issued to a specific consumer.
  • the generalized aggregation vehicle is logically defined by certain data
  • the card 50 provides a convenient physical representation of essentially the same data.
  • Table I lists the pertinent data represented, if not explicitly printed, on a card 50.
  • Card Key A unique number identifying the card.
  • PIN An identification number usable to verify the authenticity of the Card Key.
  • Redemption One or more Web addresses that allow a selection of Site: some digital goods and that support redemptions of part or all of the allocated monetary value of a card as part of an electronic transaction for the selected digital goods.
  • a card 50 is preferably presented 52 to a corresponding retail site 40 through an access of a public redemption Web site hosted by or on behalf of the retail site 40.
  • This site would typically include the Web page identified on the card and others that allow for the consumer's selection of some digital goods.
  • One of the Web pages will preferably support the identification of the goods selected and provide for the input of at least the key and PIN data from the card 50. With the selection of a 'submit' button, the consumer would then preferably perceive that this information is forwarded as part of a digital goods distribution request to the retail site 40.
  • this page though appearing as one of the Web pages hosted by the retail site 50, is a Web page hosted by and as part of the distributor commerce site 14.
  • the selection and card data 50 is securely submitted directly to the distributor commerce site 14 for authentication and, as appropriate, fulfillment.
  • the fulfillment of the distribution request is dependent on a number of requirements, including validation of the card key and PIN, verifying that the card distribution request is within the expiration date or number of uses limitation of the card, and whether the selected digital goods are available for redemption against the card.
  • This set of requirements is variable based on the program or profile of such requirements that is established by the retail site 40 or promoter 46 for a particular series of cards 50. That is, the relationship established variously between the operator of the channel management computer system 1 2, the retail site 40, and the promoter 46 is used to establish, on a per series basis, a set of qualifying requirements for the redemption of the card.
  • transaction rules are stored in the transaction database 20 in effect as a set of business rules that are evaluated upon receipt of each distribution request.
  • the series numbers of the cards preferably provides for the segmentation of the rules into defined program profiles for the corresponding sets of cards.
  • an instance of selected digital content 16 is securely signed based on a unique key provided from the key generation component 28.
  • the resulting packaged instance of the selected digital content, representing verifiably deliverable digital goods, is then electronically transferred to a digital content store/player 54 designated by the consumer for receipt of the selected digital content.
  • This player 54 preferably includes a processor, content rendering engine, and memory that together provide for the storage and presentation of the digital content.
  • the player 54 is a conventional consumer's personal computer.
  • a conventional multi-media equipped personal computer is fully capable of performing the rendering and presentation of the digital content 16.
  • the use of the present invention in connection with e-commerce sites 42 is generally similar to the use in connection with the retail sites 40.
  • E- commerce sites 42 generally only exist in cyberspace - there is typically no realspace presence as in the case of retail sites 40 - and therefore naturally present themselves as public Web sites accessible over the Internet 56.
  • These e-commerce sites 42 preferably establish relationships with the operator of the channel management computer system 12 to allow the sites 42 to acquire and vend aggregation vehicles, such as the card 50. These cards, may be vended over the Internet 56 by anyone one with a directly or indirectly established relationship with the operator of the channel management computer system 12.
  • the promoter 46, other reseller or sponsor, or even a gift giver 58 can provide the card to a digital goods consumer either directly or through an electronic transaction over the Internet 56.
  • the redemption of a card 50 for digital goods occurs in connection with selection and ordering Web pages that at least appear to be presented or hosted by the e-commerce site 42.
  • the digital goods are transferred to the designated digital content store/player 54.
  • the flexibility of the present invention to provide for a rich set of commercial and non-commercial distribution opportunities in connection with electronic transactions for digital goods is further evident from the exemplary processes generally shown in Figures I B and l C.
  • the different business models generally represented in these figures are summarized in Table II below.
  • Promotion A promoter of some goods or services sponsors the distribution of cards in connection with the purchase or use the promoted goods or services, thus creating or supporting an advertising tie-in campaign.
  • Affinity A promoter of an event or product introduction sponsors the distribution of cards to encourage consumer sampling and acceptance of the event or product and to purchase and re-purchase the related goods and services.
  • a promoter or originator of some serial content distributes cards to establish an ongoing relationship with consumers for the serial content, while constraining the repeated access to the serial content to comply with business rules defining the value, identity, redistribution, repeated use and other aspects of the serial content.
  • a manager of a program involving the access or employment of some content by a definite set of users may issue cards to define access and usage parameters that can then be reported to the manager.
  • the system 70 shown in Figure I B provides a distributor site 14 that operates as the entry point to an embodiment of the Internet distribution control system 12 of the present invention. Based on relationships with particular promoter sites 72 and providers of focused content 74, a promotion or sponsored distribution campaign can be organized and controlled through the operation of the Internet distribution control system 12.
  • the specific focus limitations to be employed for any particular series of cards 50 is preemptively established in conjunction with the promoter site 72, which in turn is selected to advance the objectives of the promotion.
  • the cards 50 may be distributed through retail outlets 76 to end-users/consumers 78 as a specific inducement for the end- users 78 to visit the retail outlets 76, as necessary to actually obtain a card 50 such as through the purchase of some other product or service of the retail outlet 76.
  • the promotion opportunity retains the specific focus not only as desired by the promoter 72, but fully consistent with similar conventional promotion activities.
  • the present invention allows the promoter 72 to effectively manage and control the campaign by minimizing the complex involvement of the individual retail outlets 76 to specific distribution activities that are easily manageable.
  • the specification and enforcement of the promotion redemption activities can also be off-loaded to the Internet distribution control system 12 while at least maintaining the appearance that the redemption process is entirely within the branded domain of the promoter site 72, and therefore both building and bearing the consumer's trust of the promoter's brand.
  • the source/subscriber system 90 as generally shown in Figure l C, further demonstrates the variability of use of the present invention.
  • the Internet distribution control system 1 2 may be used by a content source/originator 92 in a limited role as a digital order management/fulfillment house.
  • the content source/originator 92 may, in accordance with a preferred embodiment of the present invention, fully host the selection/ordering Web pages 80 as well as distribute cards 50 directly or indirectly as self-determined to the end-user/subscribers of the content source/originator 92.
  • the digital content produced by the content source/originator 92 may be provided through a focus content provider 74, as shown, or directly to the Internet distribution control system 12 for use in subsequent redemption fulfillment.
  • the distributor site 14 therefore operates merely as a source of card 50 series to the content source/originator 92 and as a limited portal for the distribution of the corresponding digital content in response to redemption requests provided from the content source/originator site 92.
  • the actual and perceived relationship between the end- user/subscriber and the content source/originator 92 is therefore direct and real.
  • the Internet distribution control system 12 and distribution site 14 transparently operate as a trusted digital distributor to the content source/originator 92.
  • the present invention supports the targeted objectives of the business models used by the promoter 72 and content source 92 by supporting the constrained fulfillment of redemption requests.
  • the Internet distribution control system 12 not only provides for the authentication of the cards 50 as electronically presented for redemption, but also provides for the limitation of the redemption to predefined, or focus selected digital goods. For example, a promotion targeted to a specific audio artist's works is desirably focused on just that artist's body of works.
  • the present invention provides, through the operation of the Internet distribution control system 12, a limiting of a specific card series to a particular profile of redeemable digital goods.
  • a fully authenticated card 50 may yet be denied for a particular selected digital goods where the goods are determined by the Internet distribution control system 12 to lay outside of the defined scope of the particular promotion for which the card 50 was distributed.
  • the scope of a promotion may be defined along any categorization line or genre that can be defined by a set of business rules executable by the Internet distribution control system 12.
  • the promotion of a specific 'blues' recording artist may yet allow redemption of digital goods that (1 ) are by that particular artist; (2) are blues recordings owned or controlled by the artist's record label; (3) are blues or jazz recordings, blues or jazz musical videos, or blues-type movies that are owned or controlled by the promoter's studio; or (4) relate to some other digital goods product that is desired by the promoter to be tied to the artist's name.
  • the digital content packaged and delivered as digital goods is a composite of multiple individual instances of different digital content.
  • a process of digital packaging 100 is preferably employed to produce a digital goods 102 that is suitable for distribution and capable of maintaining the trust relationships between the content providers and distributor by presenting a highly credible basis for ensuring that the digital content distributed is not improperly resold, redistributed, or copied for resale or distribution.
  • the digital goods 102 is preferably a unitary file that contains the full content associated with a particular distribution license. In the case of music, single tracks, sets of tracks, or entire albums are often defined as individual licensable entities. Alternately, a specific recording of a song and ⁇ corresponding music video may constitute the licensable entity.
  • the corresponding digital content representing the licensable entity is treated in the packaging process 100 as digital content 104, which is subjected to a highly-secure digital packaging, encoding and encrypting operation 1 1 2, 1 14.
  • digital encoder/encryption process 1 14 is an implementation of the Intel Software Integrity System, which is commercially available under license from Intel® Corporation, Santa Clara, California.
  • a commercially licensable software system is utilized to initially package the digital content 104 with some basic, packaging operator-supplied text content 106, which is descriptive of the digital content 104.
  • binary content 108 may include graphics, icons, applets, programs, and other material typically represented as binary images.
  • the binary content 108 may simply be the cover and related art originally released with the album compact disk.
  • the binary content 108 could also include a computer installable icon that is used to represent the album within the filesystem of the computer and an applet that presents advertisements and related offers as the album is played.
  • the ability to include a program within the binary content 108 would allow concurrent distribution of a demonstration game or other application program.
  • the included program could be one or more "plug-in" components useable by a digital content player to enhance or add to the listening or viewing experience of the digital content 104.
  • the text-oriented content 1 10 may also include a number of different text entities, potentially in different specific formats. For example, a plain text copy of the liner notes of an album could be included in the content 1 10.
  • the lyrics of the different songs present in the album might also be included in a text format appropriate to be read and displayed by an applet included as part of the binary content 108 or provided as part of an XML (extensible markup language), HTML and/or JavaScript TM file stored as still other textual content 1 10.
  • XML extensible markup language
  • HTML and/or JavaScript TM file stored as still other textual content 1 10.
  • Other XML and/or HTML files, stored as textual content 1 10 may provide additional information regarding the album and provide various hyper-text links to Web sites where additional relevant information may be obtained, thereby enhancing the end-user/consumer's experience and perceived value of the digital goods obtained through uses of the present invention.
  • the digital packaging 1 12 of the different digital, binary, and textual content 104, 108, 1 10 preferably provides for the organization of the content into a composite, transient document that is then further packaged to produce the unitary digital goods file 102.
  • the different input content 104, 106, 108, 1 10 is preferably numerically compressed using conventional algorithms appropriate for the particular type of content. In the case of content where lossless compression is required, implementations of the Lempel-Zev-Welch (LZW) or other similar algorithms may be used. Graphics and other similar types of binary images may be compressed using JPEG or other similar types of lossy compression.
  • This file 102 preferably includes a version identifier 1 16 and a digital signature 1 18.
  • the version identifier 1 16 may be variously used to identify, directly or indirectly, the specifics of the digital packager and encoding 1 1 2, 1 14 and, therefore, how the file 102 may be properly interpreted and parsed when subsequently examined for use by a content player.
  • the digital signature 1 18 is used to provide, at a minimum, a basis for subsequently confirming the integrity of the digital goods file 102.
  • the digital goods file 102 then contains an internal component 1 34 that includes an XML document 120, an object locators block 122, and an objects block 1 24.
  • the XML document 120 is constructed, at least in part, through the operation of the digital packager 1 12 to include an appropriate description or identification of the various other parts of the component 1 34.
  • the XML document 120 preferably includes XML references to the objects the content 108, 1 10 that are composited as part of the digital goods file 102. These XML references, however, would conventionally identify additional external documents and files.
  • the public XML standard as developed and published by the W3C (World Wide Web Consortium), does not provide a mechanism for the XML references to point back to the same file component 134 that contains the XML document 120. This is consistent with the conventionally recognized and intended uses of XML in connection with the organization and presentation of distributed information across an open communications medium, such as the Web.
  • the organization capabilities provided through the use of an XML document as conventionally defined is in tension with the need to provide digital goods through electronic transactions with certainty that the entirety of the digital goods are both transferred completely and remain properly organized for ready use by the end- user/consumer.
  • the present invention therefore, provides the XML document 120 with the additional ability to self- reference the file component 134, even as embedded within the digital goods file 102.
  • the digital packaging process step 1 12 of compositing the various content 104, 108, 1 10 provides for the creation of an objects locators block 1 22 within the component 134.
  • the objects locators block 122 provides a table of offsets or other pointers to the different objects 1 24 derived through the packaging from the binary content 108 and textual content 1 10.
  • parsing of the XML document 120 in connection with the objects locators block 122 in accordance with the present invention allows all of the objects 1 24 be separately identified even while digitally packaged into a single digital goods file 102.
  • the digital packaging step 1 12 operates to prepare a digital signature that covers the composited file 102.
  • the digital goods file 102 is processed through a digital signature generator provided as part of the encoder/encryption 1 14 to produce a binary string that securely represents the contents of the file 102.
  • the digital signature generator 1 14 includes a conventional software component implementing a public key encryption algorithm.
  • At least the core secure public key encryption engine, as used by the digital signature generator 1 14, is commercially licensable from conventional software vendors.
  • the digital signature generator 1 14 utilizes a SecurelDTM public key encryption component, which is a publicly licensable product of RSA Security, Inc., San Mateo, California. Since the generation of the digital signature is based on a public key encryption algorithm, the generator, 1 14 also takes as inputs a private key 128, corresponding to the identity of the distribution management system for the particular instance or series of instances of the digital goods 102 and a public key 130.
  • a second private key which is used to form the basis of a separate digital license 132, is also generated.
  • FIG. 3A A preferred process 140 of providing for the distribution of the digital goods file 102 is shown in Figure 3A.
  • a fully prepared instance of the digital goods file 102 is passed through the distributor site 14 by the Internet distribution control system 12 to the Internet 142 as part of a conventional HTTP transaction.
  • the destination of the digital goods file 102 is generally any content store/player that is designated by the consumer and that is available to participate, directly or indirectly, in the HTTP transaction.
  • Suitable content store/players include multi-media equipped personal computers 144, digital content audio players 146, and other digital audio/visual players and digital appliances 148, such as digital personal assistants (PDAs) and digital books that can store and present digital information.
  • PDAs digital personal assistants
  • the actual HTTP transfer of the digital goods file 102 is preferably performed using SSL to ensure that the transfer of the digital goods file 102 and, separately, the digital license file 132 are both delivered to the consumer without interception by any third party.
  • This process of distribution 140 may be simplified by providing for the actual digital goods file 102 to be prepared and delivered to a consumer separate from the delivery of the digital license 1 32. Specifically, different Internet and non-Internet delivery mechanisms may be employed to deliver the digital goods file 102.
  • a physical compact disk containing any number of different digital goods files 102 may be shipped or otherwise delivered into the possession of a consumer, potentially as part of a promotion.
  • Digital goods files 102 may also be pre-installed in a newly purchased multi-media computer system.
  • the digital goods files 102 may also be provided on software CD-ROMS that are purchased by consumers purely for the software program content. Alternately, the digital goods file 102 may be streamed over the Internet to the consumer. As part of a digital stream, the digital goods file 102 is only transiently stored by the consumer. In all of these cases, the absence of a valid digital license precludes the content of the digital goods file 102 from being accessed or limited to a short preview of the content.
  • a generalized digital content store/player 150 is shown in Figure 3B.
  • the content store/player 150 in accordance with a preferred embodiment of the present invention, includes a microprocessor 152 is capable of being uniquely identified, such as by the presence of a hardware identifier (ulD) 154, and a storage system 156, at least logically local to the microprocessor 152, that is capable of storing some number of digital goods files 102 and the corresponding digital licenses 132.
  • the player 150 also preferably includes some combination of audio stream renderers, such as hardware audio decoders 158, and speakers 160, video stream renders, such as hardware video display controller 162, and display system 1 64, depending on the intended use of the player 150.
  • the microprocessor 152 preferably executes an application program that implements the software processes 1 70 that provide for the processing of the digital goods file 102.
  • the software processes 1 70 provide an XML object server 1 72 that supports accesses by an XML parser 1 74 to select and retrieve the constituent parts of the digital goods file 102.
  • the XML object server 1 72 provides the bridging functionality of an essentially conventional XML parser at the core of the parser process 1 74 to be able to access the object locators block 1 22 as corresponding XML references are parsed from the XML document 120.
  • the XML object server performs a redirection function as needed to support the XML parser 1 74. All of the component parts of the digital goods file 102 are therefore made available to the software processes 1 70 under the organization of the XML document 120.
  • the software processes 1 70 following from the parsing of the XML document 120 provide for the processing of the digital content 104, binary content 108, and textual content 1 10, present in the digital goods file 102.
  • the software processes 1 70 invoke HTML parsers 1 76, audio decoders 1 78, and video/binary image decoders 180 to process the content 104, 108, 1 10 to a level suitable for presentation to the hardware renderers 158, 162, 166.
  • the software processes 1 70 can recognize and, as appropriate, utilize audio and video plug-ins 182, 184 to further process the content 104, 108, 1 10 prior to being passed to the renderers 158, 162, 1 66.
  • These software plug-ins 182, 184 may be independently or separately introduced into the player 150.
  • the plug-ins 1 82, 1 84 may be provided as part of the binary content of the digital goods 102.
  • the XML document 120 will identify the specific objects within the binary content 108 that are the plug- ins and permit the software processes 1 70 to appropriately load these objects into the execution memory space of the microprocessor 152.
  • the microprocessor 152 preferably operates to initialize the plug-ins 182, 184 into the software environment of the software processes 1 70.
  • the preferred architecture 190 of the Internet distribution control system 12 is shown in greater detail in Figure 4 as including a secure server system 192, ⁇ set of user interfaces 1 94, and a secure business-to-business interface 196 to a financial service provider.
  • the secure server system 192 may make use any of the many different commercial e-commerce server systems that are now widely available through established vendors or provided by hosting services.
  • the secure server system 192 includes a scalable internet server 1 98 using Microsoft IIS, hosted on a WindowsNT OS server and Intel Pentium III® platform provided behind a conventional Internet firewall that provides the network secure environment of the secure server system 192.
  • the internet server 1 98 may host and execute an instance of the Internet firewall application.
  • the internet server 1 98 is preferably used to process Internet transactions related to the authentication, digital goods selection, card redemption accounting, and digital goods electronic transfer fulfillment.
  • a database server 200 is preferably provided to support database access against an accounts database 202 used to store the card account and related information.
  • Table III lists the general account information stored by the accounts database 202.
  • Sponsor ID Information identifying the sponsor and sponsor program.
  • Card Key A unique number identifying the card.
  • PIN An identification number usable to verify the authenticity of the Card Key.
  • Redemption Identification of the profile or profiles that can be evaluated Profile in determining whether any particular use of the card is allowable. Initially, only a single profile is recognized.
  • Expiration A promotional offer or use termination date for this account Date relative to each of the available profiles for this card.
  • Total Uses The current total subscription uses or redemptions for each of the available profile for this card.
  • the accounts database 202 is also preferably used to store the account related profile information.
  • a summary of the profile information stored in the database 202 is provided in Table IV.
  • the account information and profile information is thus available to the internet server 198 in determining the authentication and authorization status for any particular redemption request received.
  • Card Series An alpha-numeric identifier of a set of cards associated with Number: a particular promotion, sponsored event, subscription, etc.
  • Profile ID An identifier of a particular promotion, sponsorship, subscription or other profile basis allowing for the use of any authenticated cards for the redemption of allowable digital goods.
  • a content store 204 is also preferably provided as a repository for the digital content that is to be distributed by the server system 1 92.
  • the database server 200 is preferably utilized to obtain the requested content from the content store 204.
  • An internet server 206 may be provided to separately support administration functions necessary to maintain and obtain reports from the secure server system 192.
  • the internet server 206 may be implemented utilizing essentially the same software and hard ward components as the server 198.
  • a key management server 208, key database server 210, and key database 212 is also preferably provided in the secure server system 192.
  • This key control subsystem 208, 210, 212 operates to produce and manage the secure storage of at least the private encryption keys that are used in the digital signing and licensing of the digital goods electronically transferred out of the secure server system 192.
  • the key manggement server 208 is responsible for generating the private keys, which then can be stored through the database server 210 by the key database 212. These generated keys can then be provided on a transactional or as needed basis through the database server 200 for storage, directly or indirectly, against the account records in the accounts database 202.
  • a key management and control user interface 214 is preferably provided within the secure server system 192 to operate, as needed, the key management server 208.
  • the secure server system 192 is used to support Web sites that are public, as in the case of the retail Web site 220, and that are protected, such as the remote administration Web site 224, which can be used to support secure sites 196, such as the card recharge site 226.
  • the retail site 220 supports a conventional Web page type user interface 228 that allows for the selection and ordering of digital goods.
  • the information collected regarding the consumer, including the aggregation vehicle information, and the digital goods selections requested by the consumer are preferably submitted through a HTTP transaction gateway 230 to the internet server 198 of the secure server system 192.
  • Administration functions are preferably performed through the administration site 224, which operates a HTTP gateway 232 to the internet server206 used to support the externally allowed management, maintenance, and control aspects of the secure server system 1 92. Interaction with the administration Web site 224 is supported through a conventional Web page type user interface 234. In accordance with a preferred embodiment of the present invention, the recharging of the aggregation vehicles is permitted though the use of the secure recharge site 1 96. For example, a consumer may be permitted by the profile associated with a card to add monetary value to the card. Thus, from the retail site 220, the consumer is permitted to access the secure site 226 and perform a supported HTTP transaction through a financial services gateway 236 with a third party financial services provider (FSP) 238.
  • FSP financial services provider
  • This transaction is typically a credit card charge transaction.
  • another HTTP transaction through the financial service gateway 236, directly or as shown indirectly, communicates updated account information to the administration internet server 206.
  • Corresponding account records in the accounts database 202 can then be updated as appropriate to reflect an increased account value for the corresponding aggregation vehicle.
  • Promoters and other parties provided with suitable access rights to the administration site 224 can also directly affect the account and profile records stored by the accounts database 202. Promotional values, new profile rules, extensions of expiration dates, and other aspects of the promotion, sponsorship, subscription, or other programs being run through the secure system 192 are available to be modified.
  • a preferred process 250 of authentication and electronic transfer of digital goods is shown in Figure 5.
  • the process 250 is initiated in response to the submission 252 of a redemption request.
  • This request preferably includes a key, PIN, a selection (SKU#), and a selection corresponding redemption value.
  • Other data submitted may include a transaction identifier, and a consumer supplied message or identifier.
  • An account lookup 254 is then performed. Where the key is not found, a notification message 258 can be returned to the consumer.
  • an analysis 264 of the number of PIN failures and frequency of failure may be performed to determine whether a fraudulent use is being attempted. Where fraud is reasonably suspected based on the analysis 264, the account, as represented by the card, may be deactivated 266. Otherwise, an appropriate notification message may be provided to the consumer. If the card corresponding account lacks sufficient funds 268, the consumer may be so notified 270. In addition, if permitted by the corresponding account profile, the notification may provide the consumer with an option to recharge the account. The active status of the promotion, subscription, or other activity represented by a card 272 is then checked. If the status is determined to be inactive, a corresponding error notification 274 is provided to the consumer.
  • the expiration date of the particular account, as represented by the card, is then checked 276. If the card has expired, which may be promotional mechanism used to require the consumer to revisit some retail site or store to have the expiration date modified, a corresponding message 278 is generated and provided to the consumer.
  • a transaction against the relevant account record is begun 280.
  • a header record for the transaction is initially written to the accounts database 202. On any failure of the header record write, the transaction is terminated and a corresponding message 284 is provided to the consumer.
  • a line item record 286 and an updated account balance 288 is written to the accounts database 202. Again, any failure in writing this information to the accounts database 202 results in the transaction termination and a corresponding message 284 being provided to the consumer.
  • an electronic licensing and transfer package is used to control the actual electronic delivery of the digital goods to the consumer.
  • the presently used package is available under the product name Ziplock ServerTM, which is also available under license from Preview Systems, Inc., Cupertino, California.
  • Ziplock ServerTM which is also available under license from Preview Systems, Inc., Cupertino, California.
  • the process 250 is considered complete 294 once the transfer package has accepted the authorization code.
  • An enhanced security operation for the process 250 is shown in greater detail in Figure 6.
  • the enhanced security process 300 may be invoked in the process 250 in place of or in addition to the analysis step 264. Alternately, any security check 302 may be performed initially, as shown.
  • failure 304 the failure history of the particular account, series of cards, or related set of promotion profiles are checked 308 for patterns of mis-use. For example, rate of failures, or failure velocity, may be analyzed 310 to determine whether an organized attack is being made to fraudulently authenticate an account that then can be used to improperly obtain access to some digital goods.
  • various threshold criteria can be applied to detect patterns and determine whether any velocity limit has been exceeded 312. If a limit is exceeded, the account is deactivated 314 and the consumer notified accordingly 316. Otherwise, where either no security failure is noted 304 or a limit is not exceeded 312, a security record is written 306 in the accounts database 202, directly or indirectly, so as to permit subsequent evaluation against the account, series of cards, or related set of promotion profiles considered by the security check 302.
  • the authentication and electronic transfer of digital goods process 250 preferably operates anonymously with respect to the actual consumer using any particular aggregation vehicle. Specifically, the authentication is performed against a particular card, not against the particular holder of the card.
  • the process 250 may selectively operate to request or require a registration or user identification before authentication is completed. Whether a registration request is presented to a consumer may be based on the profile associated with the particular account identified for use by a consumer. Thus, in some sequence with the active 272, expired 274, or other steps that involve the evaluation of the account profile, a determination 320 of whether registration is requested or required can be made. A further determination 322 of whether the registration has already occurred can then be made. If registration information has not already been received, the required or requested information can be obtained 324 upon presentation of appropriate Web page forms. Information so obtained, is then preferably written, directly or indirectly, to the accounts database 202 at least for purposes of subsequent examination in the process of authenticating and authorizing redemptions against the corresponding account.
  • a usage history 328 may be written to collect other reportable information in regard to the actions taken with respect to the identified account.
  • Figure 8 shows a further modification and enhancement of the authentication and electronic transfer of digital goods process 250.
  • a flexible focus limitation process 340 may be incorporated within the process 250 generally in some sequence with the active 272, expired 274, or other steps that involve the evaluation of the account profile being authenticated.
  • a determination 342 can be made from the account or related account profile as to whether any focus limitation needs to be considered. Where some focus limitation needs to be considered for enforcement, the identified limitations are considered either sequentially or on some order or as part of a decision hierarchy determined by the corresponding account profile.
  • an ordered linear sequence of focus limitations can be iteratively examined and thereby used to constrain a particular redemption selection.
  • These limitations include a "parental” or specific title inclusion/exclusion, limitation 344, a promotion limitation that may be specific to the number of digital goods available 346, a content limitation that may be specific to a particular artist, genre, label, or studio 348, and any other definable limitation 350 capable of being evaluated as a business rule.
  • a determination can then be made 354 as to whether the selected digital goods acceptably falls within the focus limitation.
  • a failure of a selection to conform to a focus limitation preferably results in a corresponding notification 356 being generated and provided to the consumer.
  • the corresponding selection is then removed or dropped 358.
  • the selection process iterating through the determination 342 of whether any remaining focus limitations remain to be considered, then continues.
  • a selection is finally determined to be within the defined focus limitation restrictions 344, 346, 348, 354, the selected digital goods are prepared 360 and transferred 362 to the consumer.

Abstract

A digital distribution channel management system includes a digital warehouse storing different master copies of digital goods awaiting transfer and a transaction database that stores a plurality of transaction records. A transaction server is provided coupleable to a communications network, such as the Internet. The transaction server is responsive to requests from the communications network to serve an instance of a particular digital goods. The request includes predetermined information that is authenticateable against a predetermined transaction database record stored in the transaction database. The transaction server provides for the digital signing of the instance of the digital goods and the serving of the instance back onto the communications network where the predetermined information is successfully authenticated against the predetermined transaction database record.

Description

Digital/Internet Distribution Channel Management System for Digital Content
Inventors: Peter O'Dell Charles Jennings Michael Hudson Christopher E. Jenkin Daniel M. Woodard
Background of the Invention Field of the Invention: The present invention is generally related to electronic commerce systems that provide support for commercial transactions to be performed over the Internet and, in particular, to a digital channel management system that supports the electronic distribution of digital content through a trusted distribution channel.
Description of the Related Art: While the growth of Internet commerce has and continues to grow at a substantial pace, problems remain in determining how to manage and perform many different types of commercial transactions over the Internet or other open network communications mediums. These problems generally concern the issue of establishing a trusted relationship between providers and consumers based on a system that maintains, if not enforces, the credibility of the trusted relationship. In commerce oriented to the delivery of physical goods and services the trusted relationship has an inherent touch-stone for guaranteeing performance of commercial transactions. The delivered goods and services must be acceptable to the consumer or the transaction will be returned or refused. In the case of commerce directed to the delivery of digital content, however, there is no such touch-stone. The digital goods delivered are essentially intangible, if not also transient. Thus, the trust issues of whether the proper digital goods were delivered by the content providers and whether additional copies of the goods are made by the consumers exist particularly in the realm of electronic commerce of digital goods. Beyond the trust issues, performance of commercial electronic transactions for digital content are limited by a number of practical, commercial, and even ethical issues that must be adequately resolved. One of the most immediate and tangible problems that must be faced before wide- spread adoption of any system of electronic commerce in digital goods can be used is that many forms of digital goods are relatively small in terms of their direct financial cost to a consumer. The existing public financial transaction system is based on charging transaction fees for obtaining compensation for the processing of individual fund transfers. As a result, the accumulated costs associated with the commercialization of digital goods severely constrains, if not precludes, the potential profitability of the sales of many types of digital goods. Substantial commercialization problems also arise from the existing natural structure of the content providers and their relationships with the consuming public. Specifically, the content originators for digital goods, such as the many different kinds of artists, performers, writers, and other artisans of works that can be represented by an intangible, are rarely prepared to directly commercialize their works. Rather, these works today are transported, packaged, and distributed through a myriad of producers, distributors, warehousers, and resellers before ever reaching a retailer. These works are also often commercialized in conjunction with advertising, promotion, and other campaigns to support the commercialization of these or other goods, even goods that are not amenable to electronic sale or delivery. The complexity of these commercialization processes has resulted in the development of a rich and diversified set of industries that together create and operate the various distribution channels that connect today's content providers with their consumers. Today, there are only limited, and very simplistic electronic distribution channels for a small and very select group and type of digital goods. The purely electronic distribution of computer software titles is typically supported by Internet retailers through direct download Web sites. The digital goods sold are highly unitized, typically represent a significant financial cost to the consumer, and fully correspond to conventionally distributed and retailed goods. Essentially all other aspects of these electronic distribution channels, such as advertising and promotions, are conventional in nature. Consequently, there is not any substantially or even significantly complete electronic distribution channels that are capable of handling the wide variety of digital goods commerce that potentially exists. Finally, the recurring issue of privacy, as particularly occurs in all matters involving the Internet, also creates some unique problems for electronic commerce for digital goods. Regardless of the specifics of particular individuals and instances of particular digital goods, there is a clear desire and need for consumers to have confidence that their electronic transactions are and remain private. Like any other produced or manufactured digital goods, the records of electronic transactions are themselves digital goods that, if available, are susceptible to being processed, repackaged, and sold. Where the digital goods distribution channel involves only the electronic retailer, an apparently adequate degree of trust over the privacy of any particular transaction seems to exist. This degree of acceptance in regards to privacy, however, is very unlikely to exist where an electronic distribution channel is both complex and involves many layers of different electronic packagers, distributors, and resellers, all of whom are at least perceived by the consumer to have access to or knowledge of any particular electronic transaction. Consequently, there is α need for an electronic distribution system for the wide variety of digital goods that exist today, where the system cost- effectively establishes and credibly maintains an effective and acceptable degree of trust between the content originators, all layers of distribution, and the consumers of digital goods.
Summary of the Invention Thus, a general purpose of the present invention is to provide for the structure and operation of a digital distribution channel for digital goods This is achieved in the present invention by providing a digital distribution channel management system that includes a digital warehouse storing different master copies of digital goods awaiting transfer and a transaction database that stores a plurality of transaction records. A transaction server is provided coupleable to a communications network, such as the Internet. The transaction server is responsive to requests from the communications network to serve an instance of a particular digital goods. The request includes predetermined information that is authenticateable against a predetermined transaction database record that stored in the transaction database. The transaction server provides for the digital signing of the instance of the digital goods and the serving of the instance back onto the communications network where the predetermined information is successfully authenticated against the predetermined transaction database record. An advantage of the present invention is that the system provides for the aggregation of many small transactions into unitary, cost-effective financial transactions. Another advantage of the present invention is that the system provides for the establishment of universal trust relationships between any number of content originators, content providers, distributors and repackagers, and the consumers. Additionally, these trust relationships are maintained through use of a comprehensive distribution system that enforces the relationships and thereby provides α highly credible support foundation for the maintenance of these relationships. A further advantage of the present invention is that the system specifically supports anonymous transactions as a default structural implementation of the system, thereby providing a very credible level of privacy for the commercial users of the system. Control over the release of information regarding any transactions can be directly established as belonging to the consumer. Still another advantage of the present invention is that the aggregational vehicle utilized by the present invention can be made both tangible and redistributeable. A physical card may be made the specific controlling entity that allows or supports the execution of an electronic transaction for the distribution of some digital goods, thereby allowing the card itself to be transferred between consumers. This redistribution ability directly provides for substantial flexibility to use the present invention in widely different, simple to quite complex, single to multiparty distribution, advertising, and other promotional activities, as well as re-distribution as gifts, incentives, subscriptions, and sponsored activities. Yet another advantage of the present invention is that implementations of the aggregational vehicle, such as a card, permit use to be specifically defined on a pre-emptive basis. The effective financial value attached to a card is defined and held by the system. Thus, the financial impact of the loss or mis-use of a card is limited. Further, the promotional, sponsored, or other branding-type value of a card is definable and potentially re-definable through the system by specification of the type, titles, categories, or other restrictions on the digital goods that can be electronically delivered through the use of any particular card or set of cards. Still another advantage of the present invention is that the effective financial value of an aggregational vehicle, such as a card, can be re-charged through either a promotional, sponsored, or other branding-type source transaction or by a consumer transaction, such as the transfer of actual funds to the transactional account represented by the aggregational vehicle. The potential also exists to allow the aggregational vehicle to support the aggregation of transactional accounts, yet maintain the specific limitations on account fund values provided by or through different promotional, sponsored, or other branding-type source transactions. A single card may thus be able to be used as multiple virtual cards, each carrying their own usage-limitations and effective account balances. A yet further advantage of the present invention is that the aggregational vehicle may be also used in connection with the purchases of tangible goods. An electronic transaction based on a card may be sponsored or hosted directly or indirectly by a bricks-and-mortar retail site. By establishment of a channel -type relationship with the allocation of funds to the channel distributor for use in connection with the purchase of tangible goods and services, the distribution of digital goods may be constrained to occur only with the concurrent or prior purchase or use of some tangible goods.
Brief Description of the Drawings These and other advantages and features of the present invention will become better understood upon consideration of the following detailed description of the invention when considered in connection with the accompanying drawings, in which like reference numerals designate like parts throughout the figures thereof, and wherein: Figures 1 A, I B, AND l c generally depict, in flow-graph form, the relationships and transfers supported by the present invention in connection with the distribution of digital goods and the management of the electronic transactions in connection therewith; Figure 2 shows the effective construction or digital packaging of digital content as an electronically deliverable digital goods in accordance with a preferred embodiment of the present invention; Figure 3A illustrates the delivery of electronically deliverable digital goods, in accordance with a preferred embodiment of the present invention, to any of a number of different consumer devices capable of utilizing delivered digital goods; Figure 3B illustrates a client utilization of electronically deliverable digital goods in accordance with a preferred embodiment of the present invention; Figure 4 shows the system architecture of a distribution channel transaction management system constructed in accordance with a preferred embodiment of the present invention; Figure 5 shows a transaction handling process flow for authenticating and recording a transaction request in accordance with a preferred embodiment of the present invention; Figure 6 shows an expanded security process flow for dynamically handling security exceptions in the transaction handling process flow shown in Figure 5 in accordance with a preferred embodiment of the present invention; Figure 7 shows an expanded registration process flow for handling security consumer registration in the transaction handling process flow shown in Figure 5 in accordance with a preferred embodiment of the present invention; and Figure 8 shows an expanded focus limitation and digital goods delivery management process flow for dynamically handling digital goods selection and transfer fulfillment in the transaction handling process flow shown in Figure 5 in accordance with a preferred embodiment of the present invention.
Detailed Description of the Invention The present invention provides the structure and operation of a digital distribution channel 10 for digital goods, as generally shown in Figure lA. A channel management computer system 1 2 preferably hosts a distributor commerce (D-Commerce) site 14 on the Internet or other communications network to operate as a communications point of contact for requests for digital goods and management of the corresponding electronic transactions. The distributor commerce site 14 is preferably implemented as a high- performance Web server computer system executing a Web server application, such as the Microsoft® Internet Information Server™ (IIS). Preferably, the computer system 12 stores digital goods as digital content files 16 in a secure storage device 18, effecting a digital warehousing of available digital goods. The secure store device 18 is implemented as a secure server system that includes a redundant array of hard disk drives to ensure the data integrity of the stored digital content. The secure server system itself is preferably protected from unauthorized electronic access through the use of a secure operating system, which can be implemented at a minimum through use of the Microsoft® WindowsNT™ secure server operating system. Physical security over the secure server system is also preferably provided. These protections together provide a highly credible secure environment for managing the storage of the digital goods. The distributor commerce site 14 preferably utilizes a high-performance transaction oriented database 20 to provide access to transaction and related account records used for authenticating distribution requests and recording the corresponding completed electronic transactions. The database 20 may be hosted on a separate database server computer system, which can be readily implemented using Microsoft® MSSQL™ and WindowsNT™ file server operating system. Other components of the channel management computer system 1 2 preferably include a system management user interface 22 to the distributor commerce site 14 system and an off-line account management system 24. The System management interface 22 provides local maintenance access and set of maintenance tools for use in operating the distributor site 14. The account management system 24 likewise generally provides a local user interface and set of tools for establishing and processing accounting information and providing reports of account activity by users of the channel management computer system 12. Finally, a key generation component 28 is provided within the generally secure environment of the channel management computer system 12. This key generation component 28 is operated preferably though the system management user interface 22 to produce and manage a collection of keys - generally identification codes and personal identification numbers (PINs) - that are to be used in conjunction with the authentication of distribution requests as received by the distributor site 14. The digital content 16 is preferably obtained from content providers 30, which may include content originators directly or indirectly as represented by agents and other entities that have the legal authority to engage the distribution and sale of digital content. In the presently preferred embodiment of the present invention, the digital content 1 6 is digitized music tracks (individual songs) and collections (digital albums). The relevant content providers therefore include musicians, their contractual agents, and the many different music studios. The contractual rights for distribution are obtained 32 on behalf of the channel management computer system 12 in a conventional manner. The actual digital content 1 6 is thereafter obtained through any number of different forms of digital transport 34, provided that the transport 34 is secure 36. A preferred form of secure digital transport 34 is through use of an encrypted digital transfer over the Internet. One such form of secure, encrypted transfer 34 is provided utilizing the Netscape® Secure Sockets Layer (SSL). An additional layer of security may be provided by requiring the transfer to be made subject to the digital certification of the sending and receiving sites through the use of Digital Certificates, which is an optional feature of SSL. A private communications network may also be used, alone or in some combination with SSL and Digital Certificates. Digital transport through the use of a fixed, tangible digital medium, such as a compact disk (CD), may also be used. Use of these security mechanisms ensures to the content providers that their content is accurately and actually delivered to the channel management computer system 12. The reliability of the transfer of the digital content 1 6 thus forms a substantial credible basis for maintaining the trust relationships between the content providers and the operator of the channel management computer system 12. Digital content 16 is available for distribution by the channel management computer system 12 preferably through the distributor commerce site 14 received through a generally secure digital transport medium 38. Requests for distribution are received generally in relation to any retail site 40 or e-commerce site 42 that has established a distribution relationship with the operator of the channel management computer system 12. This relationship may be direct or indirect through a third party that has ultimately established a direct relationship with the operator of the channel management computer system 12. As generally shown in relationship to the retail site 40, the relationship may be established as a direct relationship 44 or through a promoter 46 as an indirect relationship 38. As a result of the relationship with the operator of the channel management computer system 12, an aggregation vehicle is provided to a consumer. As shown, and in the preferred embodiment of the present invention, a tangible card 50 is issued to a specific consumer. Whereas the generalized aggregation vehicle is logically defined by certain data, the card 50 provides a convenient physical representation of essentially the same data. For a preferred embodiment of the present invention, Table I lists the pertinent data represented, if not explicitly printed, on a card 50.
Table I - Card Data
Data Type Description
Sponsor An advertising-type graphic and/or logo typically Personalization: covering the front of the card.
Series Number: An alpha-numeric identifier of a set of cards associated with a particular promotion, sponsored event, subscription, etc.
Card Key: A unique number identifying the card.
PIN: An identification number usable to verify the authenticity of the Card Key.
Sponsor Name and optionally the real address of the promoter or Identification: sponsor of this card series.
Redemption One or more Web addresses that allow a selection of Site: some digital goods and that support redemptions of part or all of the allocated monetary value of a card as part of an electronic transaction for the selected digital goods.
Initial Value: Identification of the initial monetary value of the card. Optional. Table 1 - Card Data
Data Type Description Expiration A promotional offer or use termination date for this card. Date: Optional. Total Uses: A subscription limitation on the total number of redemptions allowed for this card. Optional.
A card 50 is preferably presented 52 to a corresponding retail site 40 through an access of a public redemption Web site hosted by or on behalf of the retail site 40. This site would typically include the Web page identified on the card and others that allow for the consumer's selection of some digital goods. One of the Web pages will preferably support the identification of the goods selected and provide for the input of at least the key and PIN data from the card 50. With the selection of a 'submit' button, the consumer would then preferably perceive that this information is forwarded as part of a digital goods distribution request to the retail site 40. In the initially preferred embodiment of the present invention, this page, though appearing as one of the Web pages hosted by the retail site 50, is a Web page hosted by and as part of the distributor commerce site 14. In this manner, the selection and card data 50 is securely submitted directly to the distributor commerce site 14 for authentication and, as appropriate, fulfillment. The fulfillment of the distribution request is dependent on a number of requirements, including validation of the card key and PIN, verifying that the card distribution request is within the expiration date or number of uses limitation of the card, and whether the selected digital goods are available for redemption against the card. This set of requirements is variable based on the program or profile of such requirements that is established by the retail site 40 or promoter 46 for a particular series of cards 50. That is, the relationship established variously between the operator of the channel management computer system 1 2, the retail site 40, and the promoter 46 is used to establish, on a per series basis, a set of qualifying requirements for the redemption of the card. These transaction rules are stored in the transaction database 20 in effect as a set of business rules that are evaluated upon receipt of each distribution request. The series numbers of the cards preferably provides for the segmentation of the rules into defined program profiles for the corresponding sets of cards. Provided that fulfillment is approved, an instance of selected digital content 16 is securely signed based on a unique key provided from the key generation component 28. The resulting packaged instance of the selected digital content, representing verifiably deliverable digital goods, is then electronically transferred to a digital content store/player 54 designated by the consumer for receipt of the selected digital content. This player 54 preferably includes a processor, content rendering engine, and memory that together provide for the storage and presentation of the digital content. In a preferred embodiment of the present invention, the player 54 is a conventional consumer's personal computer. Where the digital content 16 is some combination of audio and video, a conventional multi-media equipped personal computer is fully capable of performing the rendering and presentation of the digital content 16. The use of the present invention in connection with e-commerce sites 42 is generally similar to the use in connection with the retail sites 40. E- commerce sites 42, however, generally only exist in cyberspace - there is typically no realspace presence as in the case of retail sites 40 - and therefore naturally present themselves as public Web sites accessible over the Internet 56. These e-commerce sites 42 preferably establish relationships with the operator of the channel management computer system 12 to allow the sites 42 to acquire and vend aggregation vehicles, such as the card 50. These cards, may be vended over the Internet 56 by anyone one with a directly or indirectly established relationship with the operator of the channel management computer system 12. Thus, the promoter 46, other reseller or sponsor, or even a gift giver 58 can provide the card to a digital goods consumer either directly or through an electronic transaction over the Internet 56. As before, the redemption of a card 50 for digital goods occurs in connection with selection and ordering Web pages that at least appear to be presented or hosted by the e-commerce site 42. Subject to the appropriate authentication and validation of the digital goods selected against the card 50, the digital goods are transferred to the designated digital content store/player 54. The flexibility of the present invention to provide for a rich set of commercial and non-commercial distribution opportunities in connection with electronic transactions for digital goods is further evident from the exemplary processes generally shown in Figures I B and l C. The different business models generally represented in these figures are summarized in Table II below.
Table II - Business Models
Usaae Model Model Description
Sponsor: An advertising sponsor of goods or services underwrites the distribution of cards with assigned values, focus limitations, etc. to introduce the goods or services or to create and increase brand awareness of the sponsor and other related goods and services.
Promotion: A promoter of some goods or services sponsors the distribution of cards in connection with the purchase or use the promoted goods or services, thus creating or supporting an advertising tie-in campaign.
Affinity: A promoter of an event or product introduction sponsors the distribution of cards to encourage consumer sampling and acceptance of the event or product and to purchase and re-purchase the related goods and services.
Subscription: A promoter or originator of some serial content distributes cards to establish an ongoing relationship with consumers for the serial content, while constraining the repeated access to the serial content to comply with business rules defining the value, identity, redistribution, repeated use and other aspects of the serial content. Table II - Business Models
Usage Model Model Description
Reporting: A manager of a program involving the access or employment of some content by a definite set of users may issue cards to define access and usage parameters that can then be reported to the manager.
Combination: Any combination of the above or other similar usage models.
For a promotion or sponsored model, the system 70 shown in Figure I B provides a distributor site 14 that operates as the entry point to an embodiment of the Internet distribution control system 12 of the present invention. Based on relationships with particular promoter sites 72 and providers of focused content 74, a promotion or sponsored distribution campaign can be organized and controlled through the operation of the Internet distribution control system 12. The specific focus limitations to be employed for any particular series of cards 50 is preemptively established in conjunction with the promoter site 72, which in turn is selected to advance the objectives of the promotion. The cards 50 may be distributed through retail outlets 76 to end-users/consumers 78 as a specific inducement for the end- users 78 to visit the retail outlets 76, as necessary to actually obtain a card 50 such as through the purchase of some other product or service of the retail outlet 76.
Since the card 50 for a particular promotion activity can only be obtained from specified retail outlets, and only in conjunction with some other specific activity, the promotion opportunity retains the specific focus not only as desired by the promoter 72, but fully consistent with similar conventional promotion activities. In the case of many advertising campaigns sponsored by the original manufacturers of particular goods or even digital content itself, the present invention allows the promoter 72 to effectively manage and control the campaign by minimizing the complex involvement of the individual retail outlets 76 to specific distribution activities that are easily manageable. Further, the specification and enforcement of the promotion redemption activities can also be off-loaded to the Internet distribution control system 12 while at least maintaining the appearance that the redemption process is entirely within the branded domain of the promoter site 72, and therefore both building and bearing the consumer's trust of the promoter's brand. Furthermore, the off- loading of the redemption activities to the Internet distribution control system 12 only increases the tangible cost-effectiveness of the promotional campaign and the intangible credibility of the Internet distribution control system 12 to correctly process the redemption information and ensure that the correct digital goods are provided in the fulfillment process. The source/subscriber system 90, as generally shown in Figure l C, further demonstrates the variability of use of the present invention. In this exemplary case, the Internet distribution control system 1 2 may be used by a content source/originator 92 in a limited role as a digital order management/fulfillment house. The content source/originator 92 may, in accordance with a preferred embodiment of the present invention, fully host the selection/ordering Web pages 80 as well as distribute cards 50 directly or indirectly as self-determined to the end-user/subscribers of the content source/originator 92. In this case, the digital content produced by the content source/originator 92 may be provided through a focus content provider 74, as shown, or directly to the Internet distribution control system 12 for use in subsequent redemption fulfillment. The distributor site 14 therefore operates merely as a source of card 50 series to the content source/originator 92 and as a limited portal for the distribution of the corresponding digital content in response to redemption requests provided from the content source/originator site 92. The actual and perceived relationship between the end- user/subscriber and the content source/originator 92 is therefore direct and real. The Internet distribution control system 12 and distribution site 14 transparently operate as a trusted digital distributor to the content source/originator 92. In both the systems 70, 90, the present invention supports the targeted objectives of the business models used by the promoter 72 and content source 92 by supporting the constrained fulfillment of redemption requests. The Internet distribution control system 12 not only provides for the authentication of the cards 50 as electronically presented for redemption, but also provides for the limitation of the redemption to predefined, or focus selected digital goods. For example, a promotion targeted to a specific audio artist's works is desirably focused on just that artist's body of works. The present invention provides, through the operation of the Internet distribution control system 12, a limiting of a specific card series to a particular profile of redeemable digital goods. Thus, a fully authenticated card 50 may yet be denied for a particular selected digital goods where the goods are determined by the Internet distribution control system 12 to lay outside of the defined scope of the particular promotion for which the card 50 was distributed. There is, however, a substantial degree of freedom in how the scope of a promotion is defined. For any promoted activity, works, or even digital goods, the scope of the promotion may be defined along any categorization line or genre that can be defined by a set of business rules executable by the Internet distribution control system 12. Thus, the promotion of a specific 'blues' recording artist may yet allow redemption of digital goods that (1 ) are by that particular artist; (2) are blues recordings owned or controlled by the artist's record label; (3) are blues or jazz recordings, blues or jazz musical videos, or blues-type movies that are owned or controlled by the promoter's studio; or (4) relate to some other digital goods product that is desired by the promoter to be tied to the artist's name. In accordance with a preferred embodiment of the present invention, the digital content packaged and delivered as digital goods is a composite of multiple individual instances of different digital content. As generally shown in Figure 2, a process of digital packaging 100 is preferably employed to produce a digital goods 102 that is suitable for distribution and capable of maintaining the trust relationships between the content providers and distributor by presenting a highly credible basis for ensuring that the digital content distributed is not improperly resold, redistributed, or copied for resale or distribution. The digital goods 102 is preferably a unitary file that contains the full content associated with a particular distribution license. In the case of music, single tracks, sets of tracks, or entire albums are often defined as individual licensable entities. Alternately, a specific recording of a song and α corresponding music video may constitute the licensable entity. In any of these cases, the corresponding digital content representing the licensable entity is treated in the packaging process 100 as digital content 104, which is subjected to a highly-secure digital packaging, encoding and encrypting operation 1 1 2, 1 14. There are many different suitable encoding processes that are commercially licensable. In at least the initially preferred embodiment of the present invention, the digital encoder/encryption process 1 14 is an implementation of the Intel Software Integrity System, which is commercially available under license from Intel® Corporation, Santa Clara, California. In a preferred embodiment of the present invention, a commercially licensable software system is utilized to initially package the digital content 104 with some basic, packaging operator-supplied text content 106, which is descriptive of the digital content 104. This software system is obtainable from Preview Systems, Inc., Cupertino, California. In accordance with the preferred embodiments of the present invention, however, additional content, such as binary content 108 and text-oriented content 1 10 is also provided as source material to the digital packaging process 100. The binary content 108 may include graphics, icons, applets, programs, and other material typically represented as binary images. In connection with a music album, for example, the binary content 108 may simply be the cover and related art originally released with the album compact disk. The binary content 108 could also include a computer installable icon that is used to represent the album within the filesystem of the computer and an applet that presents advertisements and related offers as the album is played. The ability to include a program within the binary content 108 would allow concurrent distribution of a demonstration game or other application program. Alternately, the included program could be one or more "plug-in" components useable by a digital content player to enhance or add to the listening or viewing experience of the digital content 104. The text-oriented content 1 10 may also include a number of different text entities, potentially in different specific formats. For example, a plain text copy of the liner notes of an album could be included in the content 1 10. The lyrics of the different songs present in the album might also be included in a text format appropriate to be read and displayed by an applet included as part of the binary content 108 or provided as part of an XML (extensible markup language), HTML and/or JavaScript file stored as still other textual content 1 10. Other XML and/or HTML files, stored as textual content 1 10, may provide additional information regarding the album and provide various hyper-text links to Web sites where additional relevant information may be obtained, thereby enhancing the end-user/consumer's experience and perceived value of the digital goods obtained through uses of the present invention. The digital packaging 1 12 of the different digital, binary, and textual content 104, 108, 1 10 preferably provides for the organization of the content into a composite, transient document that is then further packaged to produce the unitary digital goods file 102. In creating the composite document, the different input content 104, 106, 108, 1 10 is preferably numerically compressed using conventional algorithms appropriate for the particular type of content. In the case of content where lossless compression is required, implementations of the Lempel-Zev-Welch (LZW) or other similar algorithms may be used. Graphics and other similar types of binary images may be compressed using JPEG or other similar types of lossy compression. Once appropriately encoded and compressed, the various content is organized and placed into the digital goods file 102. This file 102 preferably includes a version identifier 1 16 and a digital signature 1 18. The version identifier 1 16 may be variously used to identify, directly or indirectly, the specifics of the digital packager and encoding 1 1 2, 1 14 and, therefore, how the file 102 may be properly interpreted and parsed when subsequently examined for use by a content player. The digital signature 1 18 is used to provide, at a minimum, a basis for subsequently confirming the integrity of the digital goods file 102. In a preferred embodiment of the present invention, the digital goods file 102 then contains an internal component 1 34 that includes an XML document 120, an object locators block 122, and an objects block 1 24. The XML document 120 is constructed, at least in part, through the operation of the digital packager 1 12 to include an appropriate description or identification of the various other parts of the component 1 34. Thus, the XML document 120 preferably includes XML references to the objects the content 108, 1 10 that are composited as part of the digital goods file 102. These XML references, however, would conventionally identify additional external documents and files. The public XML standard, as developed and published by the W3C (World Wide Web Consortium), does not provide a mechanism for the XML references to point back to the same file component 134 that contains the XML document 120. This is consistent with the conventionally recognized and intended uses of XML in connection with the organization and presentation of distributed information across an open communications medium, such as the Web. In connection with the present invention, the organization capabilities provided through the use of an XML document as conventionally defined is in tension with the need to provide digital goods through electronic transactions with certainty that the entirety of the digital goods are both transferred completely and remain properly organized for ready use by the end- user/consumer. The present invention, therefore, provides the XML document 120 with the additional ability to self- reference the file component 134, even as embedded within the digital goods file 102. The digital packaging process step 1 12 of compositing the various content 104, 108, 1 10 provides for the creation of an objects locators block 1 22 within the component 134. The objects locators block 122 provides a table of offsets or other pointers to the different objects 1 24 derived through the packaging from the binary content 108 and textual content 1 10. Thus, parsing of the XML document 120 in connection with the objects locators block 122 in accordance with the present invention allows all of the objects 1 24 be separately identified even while digitally packaged into a single digital goods file 102. Once the digital goods file 102 is fully composited, the digital packaging step 1 12 operates to prepare a digital signature that covers the composited file 102. Preferably, the digital goods file 102 is processed through a digital signature generator provided as part of the encoder/encryption 1 14 to produce a binary string that securely represents the contents of the file 102. In α preferred embodiment of the present invention, the digital signature generator 1 14 includes a conventional software component implementing a public key encryption algorithm. At least the core secure public key encryption engine, as used by the digital signature generator 1 14, is commercially licensable from conventional software vendors. For the preferred embodiment of the present invention, the digital signature generator 1 14 utilizes a SecurelD™ public key encryption component, which is a publicly licensable product of RSA Security, Inc., San Mateo, California. Since the generation of the digital signature is based on a public key encryption algorithm, the generator, 1 14 also takes as inputs a private key 128, corresponding to the identity of the distribution management system for the particular instance or series of instances of the digital goods 102 and a public key 130. As a product of the signature generation process 1 14, a second private key, which is used to form the basis of a separate digital license 132, is also generated. Finally, the binary signature string produced by the digital signal generator is then written to the signature field of the digital goods file 102. At this point, the completed instance of the digital goods file 102 is ready for electronic transport to an end-user/consumer. A preferred process 140 of providing for the distribution of the digital goods file 102 is shown in Figure 3A. A fully prepared instance of the digital goods file 102 is passed through the distributor site 14 by the Internet distribution control system 12 to the Internet 142 as part of a conventional HTTP transaction. The destination of the digital goods file 102 is generally any content store/player that is designated by the consumer and that is available to participate, directly or indirectly, in the HTTP transaction. Suitable content store/players include multi-media equipped personal computers 144, digital content audio players 146, and other digital audio/visual players and digital appliances 148, such as digital personal assistants (PDAs) and digital books that can store and present digital information. The actual HTTP transfer of the digital goods file 102 is preferably performed using SSL to ensure that the transfer of the digital goods file 102 and, separately, the digital license file 132 are both delivered to the consumer without interception by any third party. This process of distribution 140 may be simplified by providing for the actual digital goods file 102 to be prepared and delivered to a consumer separate from the delivery of the digital license 1 32. Specifically, different Internet and non-Internet delivery mechanisms may be employed to deliver the digital goods file 102. For example, a physical compact disk containing any number of different digital goods files 102 may be shipped or otherwise delivered into the possession of a consumer, potentially as part of a promotion. Digital goods files 102 may also be pre-installed in a newly purchased multi-media computer system. The digital goods files 102 may also be provided on software CD-ROMS that are purchased by consumers purely for the software program content. Alternately, the digital goods file 102 may be streamed over the Internet to the consumer. As part of a digital stream, the digital goods file 102 is only transiently stored by the consumer. In all of these cases, the absence of a valid digital license precludes the content of the digital goods file 102 from being accessed or limited to a short preview of the content. A generalized digital content store/player 150 is shown in Figure 3B. The content store/player 150, in accordance with a preferred embodiment of the present invention, includes a microprocessor 152 is capable of being uniquely identified, such as by the presence of a hardware identifier (ulD) 154, and a storage system 156, at least logically local to the microprocessor 152, that is capable of storing some number of digital goods files 102 and the corresponding digital licenses 132. The player 150 also preferably includes some combination of audio stream renderers, such as hardware audio decoders 158, and speakers 160, video stream renders, such as hardware video display controller 162, and display system 1 64, depending on the intended use of the player 150. In addition, other stream data renderers 166 and corresponding presentation units 168 may be provided. These additional renderers may provide for the presentation of other sensor data, such as force feedback in games, and sub-sonic vibrations and environmental lighting modulation in conjunction with, for example, live concert recordings and action movies. The microprocessor 152 preferably executes an application program that implements the software processes 1 70 that provide for the processing of the digital goods file 102. Specifically, the software processes 1 70 provide an XML object server 1 72 that supports accesses by an XML parser 1 74 to select and retrieve the constituent parts of the digital goods file 102. In the preferred embodiment of the present invention, the XML object server 1 72 provides the bridging functionality of an essentially conventional XML parser at the core of the parser process 1 74 to be able to access the object locators block 1 22 as corresponding XML references are parsed from the XML document 120. Thus, the XML object server performs a redirection function as needed to support the XML parser 1 74. All of the component parts of the digital goods file 102 are therefore made available to the software processes 1 70 under the organization of the XML document 120. Preferably then, the software processes 1 70, following from the parsing of the XML document 120 provide for the processing of the digital content 104, binary content 108, and textual content 1 10, present in the digital goods file 102. As needed, the software processes 1 70 invoke HTML parsers 1 76, audio decoders 1 78, and video/binary image decoders 180 to process the content 104, 108, 1 10 to a level suitable for presentation to the hardware renderers 158, 162, 166. Additionally, the software processes 1 70 can recognize and, as appropriate, utilize audio and video plug-ins 182, 184 to further process the content 104, 108, 1 10 prior to being passed to the renderers 158, 162, 1 66. These software plug-ins 182, 184 may be independently or separately introduced into the player 150. Alternately, the plug-ins 1 82, 1 84 may be provided as part of the binary content of the digital goods 102. In this case, the XML document 120 will identify the specific objects within the binary content 108 that are the plug- ins and permit the software processes 1 70 to appropriately load these objects into the execution memory space of the microprocessor 152. Once loaded, the microprocessor 152 preferably operates to initialize the plug-ins 182, 184 into the software environment of the software processes 1 70. The preferred architecture 190 of the Internet distribution control system 12 is shown in greater detail in Figure 4 as including a secure server system 192, α set of user interfaces 1 94, and a secure business-to-business interface 196 to a financial service provider. The secure server system 192 may make use any of the many different commercial e-commerce server systems that are now widely available through established vendors or provided by hosting services. In a preferred embodiment of the present invention, the secure server system 192 includes a scalable internet server 1 98 using Microsoft IIS, hosted on a WindowsNT OS server and Intel Pentium III® platform provided behind a conventional Internet firewall that provides the network secure environment of the secure server system 192. The internet server 1 98 may host and execute an instance of the Internet firewall application. The internet server 1 98 is preferably used to process Internet transactions related to the authentication, digital goods selection, card redemption accounting, and digital goods electronic transfer fulfillment. A database server 200 is preferably provided to support database access against an accounts database 202 used to store the card account and related information. For a preferred embodiment of the present invention, Table III lists the general account information stored by the accounts database 202.
Table III - Account Information
Account Information Account Information Description
Sponsor ID: Information identifying the sponsor and sponsor program.
Series An alpha-numeric identifier of a set of cards associated with Number: a particular promotion, sponsored event, subscription, etc.
Card Key: A unique number identifying the card.
PIN: An identification number usable to verify the authenticity of the Card Key.
Redemption Identification of the profile or profiles that can be evaluated Profile: in determining whether any particular use of the card is allowable. Initially, only a single profile is recognized.
Current Identification of the current monetary value of the card Value: against each of the available profiles for this card. Tαble III - Account Information
Account Information Account Information Description
Expiration A promotional offer or use termination date for this account Date: relative to each of the available profiles for this card.
Total Uses: The current total subscription uses or redemptions for each of the available profile for this card.
The accounts database 202 is also preferably used to store the account related profile information. A summary of the profile information stored in the database 202 is provided in Table IV. The account information and profile information is thus available to the internet server 198 in determining the authentication and authorization status for any particular redemption request received.
Table IV - Profile Information
Account Information Account Information Description
Sponsor Information identifying the sponsor and sponsor program. ID:
Card Series An alpha-numeric identifier of a set of cards associated with Number: a particular promotion, sponsored event, subscription, etc.
Profile ID: An identifier of a particular promotion, sponsorship, subscription or other profile basis allowing for the use of any authenticated cards for the redemption of allowable digital goods.
Business A set of business rules and requirements defining the Rules: allowable uses of a card with respect to this profile.
A content store 204 is also preferably provided as a repository for the digital content that is to be distributed by the server system 1 92. Thus, as redemption requests are approved for fulfillment, the database server 200 is preferably utilized to obtain the requested content from the content store 204. An internet server 206 may be provided to separately support administration functions necessary to maintain and obtain reports from the secure server system 192. The internet server 206 may be implemented utilizing essentially the same software and hard ward components as the server 198. A key management server 208, key database server 210, and key database 212 is also preferably provided in the secure server system 192. This key control subsystem 208, 210, 212 operates to produce and manage the secure storage of at least the private encryption keys that are used in the digital signing and licensing of the digital goods electronically transferred out of the secure server system 192. The key manggement server 208 is responsible for generating the private keys, which then can be stored through the database server 210 by the key database 212. These generated keys can then be provided on a transactional or as needed basis through the database server 200 for storage, directly or indirectly, against the account records in the accounts database 202. A key management and control user interface 214 is preferably provided within the secure server system 192 to operate, as needed, the key management server 208. In a preferred embodiment of the present invention, the secure server system 192 is used to support Web sites that are public, as in the case of the retail Web site 220, and that are protected, such as the remote administration Web site 224, which can be used to support secure sites 196, such as the card recharge site 226. The retail site 220 supports a conventional Web page type user interface 228 that allows for the selection and ordering of digital goods. The information collected regarding the consumer, including the aggregation vehicle information, and the digital goods selections requested by the consumer are preferably submitted through a HTTP transaction gateway 230 to the internet server 198 of the secure server system 192. Administration functions are preferably performed through the administration site 224, which operates a HTTP gateway 232 to the internet server206 used to support the externally allowed management, maintenance, and control aspects of the secure server system 1 92. Interaction with the administration Web site 224 is supported through a conventional Web page type user interface 234. In accordance with a preferred embodiment of the present invention, the recharging of the aggregation vehicles is permitted though the use of the secure recharge site 1 96. For example, a consumer may be permitted by the profile associated with a card to add monetary value to the card. Thus, from the retail site 220, the consumer is permitted to access the secure site 226 and perform a supported HTTP transaction through a financial services gateway 236 with a third party financial services provider (FSP) 238. This transaction is typically a credit card charge transaction. On completion of the credit card charge transaction, another HTTP transaction through the financial service gateway 236, directly or as shown indirectly, communicates updated account information to the administration internet server 206. Corresponding account records in the accounts database 202 can then be updated as appropriate to reflect an increased account value for the corresponding aggregation vehicle. Promoters and other parties provided with suitable access rights to the administration site 224 can also directly affect the account and profile records stored by the accounts database 202. Promotional values, new profile rules, extensions of expiration dates, and other aspects of the promotion, sponsorship, subscription, or other programs being run through the secure system 192 are available to be modified. Limitations and constraints on these modifications may be readily established as part of the defined relationship between the entities, such as promoters, and the operators of the secure server system 192. A preferred process 250 of authentication and electronic transfer of digital goods is shown in Figure 5. The process 250 is initiated in response to the submission 252 of a redemption request. This request preferably includes a key, PIN, a selection (SKU#), and a selection corresponding redemption value. Other data submitted may include a transaction identifier, and a consumer supplied message or identifier. An account lookup 254 is then performed. Where the key is not found, a notification message 258 can be returned to the consumer. If the PIN is determined 260 to be incorrect, an analysis 264 of the number of PIN failures and frequency of failure may be performed to determine whether a fraudulent use is being attempted. Where fraud is reasonably suspected based on the analysis 264, the account, as represented by the card, may be deactivated 266. Otherwise, an appropriate notification message may be provided to the consumer. If the card corresponding account lacks sufficient funds 268, the consumer may be so notified 270. In addition, if permitted by the corresponding account profile, the notification may provide the consumer with an option to recharge the account. The active status of the promotion, subscription, or other activity represented by a card 272 is then checked. If the status is determined to be inactive, a corresponding error notification 274 is provided to the consumer. Similarly, the expiration date of the particular account, as represented by the card, is then checked 276. If the card has expired, which may be promotional mechanism used to require the consumer to revisit some retail site or store to have the expiration date modified, a corresponding message 278 is generated and provided to the consumer. Once the account as represented by a particular card has been authenticated and authorized for redemption of the value of the specified digital goods, a transaction against the relevant account record is begun 280. In a preferred embodiment of the present invention, a header record for the transaction is initially written to the accounts database 202. On any failure of the header record write, the transaction is terminated and a corresponding message 284 is provided to the consumer. Preferably, in sequence, a line item record 286 and an updated account balance 288 is written to the accounts database 202. Again, any failure in writing this information to the accounts database 202 results in the transaction termination and a corresponding message 284 being provided to the consumer. In a preferred embodiment of the present invention, an electronic licensing and transfer package is used to control the actual electronic delivery of the digital goods to the consumer. The presently used package is available under the product name Ziplock Server™, which is also available under license from Preview Systems, Inc., Cupertino, California. Thus, after the accounts database 202 is updated with the new account balance 288, a corresponding authorization code is generated and used as the basis for initiating the transfer of the digital goods 290. The digital license is then also transferred 292. Since the transfer package operates as an independent server application to manage the actual transfers of the digital goods and license, the process 250 is considered complete 294 once the transfer package has accepted the authorization code. An enhanced security operation for the process 250 is shown in greater detail in Figure 6. The enhanced security process 300 may be invoked in the process 250 in place of or in addition to the analysis step 264. Alternately, any security check 302 may be performed initially, as shown. On failure 304, the failure history of the particular account, series of cards, or related set of promotion profiles are checked 308 for patterns of mis-use. For example, rate of failures, or failure velocity, may be analyzed 310 to determine whether an organized attack is being made to fraudulently authenticate an account that then can be used to improperly obtain access to some digital goods. In this case, various threshold criteria can be applied to detect patterns and determine whether any velocity limit has been exceeded 312. If a limit is exceeded, the account is deactivated 314 and the consumer notified accordingly 316. Otherwise, where either no security failure is noted 304 or a limit is not exceeded 312, a security record is written 306 in the accounts database 202, directly or indirectly, so as to permit subsequent evaluation against the account, series of cards, or related set of promotion profiles considered by the security check 302. The authentication and electronic transfer of digital goods process 250 preferably operates anonymously with respect to the actual consumer using any particular aggregation vehicle. Specifically, the authentication is performed against a particular card, not against the particular holder of the card. As generally shown in Figure 7, the process 250, however, may selectively operate to request or require a registration or user identification before authentication is completed. Whether a registration request is presented to a consumer may be based on the profile associated with the particular account identified for use by a consumer. Thus, in some sequence with the active 272, expired 274, or other steps that involve the evaluation of the account profile, a determination 320 of whether registration is requested or required can be made. A further determination 322 of whether the registration has already occurred can then be made. If registration information has not already been received, the required or requested information can be obtained 324 upon presentation of appropriate Web page forms. Information so obtained, is then preferably written, directly or indirectly, to the accounts database 202 at least for purposes of subsequent examination in the process of authenticating and authorizing redemptions against the corresponding account. Similarly, a usage history 328 may be written to collect other reportable information in regard to the actions taken with respect to the identified account. Figure 8 shows a further modification and enhancement of the authentication and electronic transfer of digital goods process 250. A flexible focus limitation process 340 may be incorporated within the process 250 generally in some sequence with the active 272, expired 274, or other steps that involve the evaluation of the account profile being authenticated. Thus, a determination 342 can be made from the account or related account profile as to whether any focus limitation needs to be considered. Where some focus limitation needs to be considered for enforcement, the identified limitations are considered either sequentially or on some order or as part of a decision hierarchy determined by the corresponding account profile. This latter case allows for simple to quite complex "bonus-level," "rebate," and "incentive program" structures to be defined and directly enforced as part of the general authentication process 250. As shown in Figure 8, an ordered linear sequence of focus limitations can be iteratively examined and thereby used to constrain a particular redemption selection. These limitations, which are exemplary, include a "parental" or specific title inclusion/exclusion, limitation 344, a promotion limitation that may be specific to the number of digital goods available 346, a content limitation that may be specific to a particular artist, genre, label, or studio 348, and any other definable limitation 350 capable of being evaluated as a business rule. As each limitation is identified, a determination can then be made 354 as to whether the selected digital goods acceptably falls within the focus limitation. A failure of a selection to conform to a focus limitation preferably results in a corresponding notification 356 being generated and provided to the consumer. The corresponding selection is then removed or dropped 358. The selection process, iterating through the determination 342 of whether any remaining focus limitations remain to be considered, then continues. Where a selection is finally determined to be within the defined focus limitation restrictions 344, 346, 348, 354, the selected digital goods are prepared 360 and transferred 362 to the consumer. Thus, a system for providing for the trusted channel distribution of digital goods utilizing a network communications system, such as the Internet, has been described. In view of the above description of the preferred embodiments of the present invention, many modifications and variations of the disclosed embodiments will be readily appreciated by those of skill in the art. It is therefore to be understood that, within the scope of the appended claims, the invention may be practiced otherwise than as specifically described above.

Claims

Claims
1 . A digital distribution channel management system comprising: a) a digital warehouse storing a predetermined digital unit; b) a transaction database storing a plurality of transaction records; and c) a transaction server coupleable to a communications network, said transaction server being responsive to a request from said communications network to serve said predetermined digital unit wherein said request includes predetermined information authenticateable against a predetermined transaction database record stored in said transaction database, wherein said transaction server provides for the digital signing of an instance of said predetermined digital unit and the serving of said instance to said communications network in response to said request where said predetermined information is successfully authenticated against said predetermined transaction database record.
PCT/US2000/019931 1999-07-23 2000-07-21 Digital/internet distribution channel management system for digital content WO2001008029A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU63628/00A AU6362800A (en) 1999-07-23 2000-07-21 Digital/internet distribution channel management system for digital content

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14531299P 1999-07-23 1999-07-23
US60/145,312 1999-07-23
US48365900A 2000-01-14 2000-01-14
US09/483,659 2000-01-14

Publications (2)

Publication Number Publication Date
WO2001008029A2 true WO2001008029A2 (en) 2001-02-01
WO2001008029A3 WO2001008029A3 (en) 2003-01-09

Family

ID=26842842

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/019931 WO2001008029A2 (en) 1999-07-23 2000-07-21 Digital/internet distribution channel management system for digital content

Country Status (2)

Country Link
AU (1) AU6362800A (en)
WO (1) WO2001008029A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1433095A1 (en) * 2001-09-07 2004-06-30 Entriq Limited BVI A distributed digital rights network (drn), and methods to access, operate and implement the same
US8290819B2 (en) 2006-06-29 2012-10-16 Microsoft Corporation Electronic commerce transactions over a peer-to-peer communications channel

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0855687A2 (en) * 1997-01-15 1998-07-29 AT&T Corp. System and method for distributed content electronic commerce
WO1999007121A2 (en) * 1997-07-29 1999-02-11 Netadvantage Corporation Method and system for conducting electronic commerce transactions
US5899980A (en) * 1997-08-11 1999-05-04 Trivnet Ltd. Retail method over a wide area network
EP0921487A2 (en) * 1997-12-08 1999-06-09 Nippon Telegraph and Telephone Corporation Method and system for billing on the internet

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0855687A2 (en) * 1997-01-15 1998-07-29 AT&T Corp. System and method for distributed content electronic commerce
WO1999007121A2 (en) * 1997-07-29 1999-02-11 Netadvantage Corporation Method and system for conducting electronic commerce transactions
US5899980A (en) * 1997-08-11 1999-05-04 Trivnet Ltd. Retail method over a wide area network
EP0921487A2 (en) * 1997-12-08 1999-06-09 Nippon Telegraph and Telephone Corporation Method and system for billing on the internet

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BERNSTEIN ET AL: "Copyrights, Distribution Chains, Integrity and Piracy: The Need for a Standards-Based Solution" PROCEEDINGS OF THE KNOWRIGHT. CONFERENCE. PROCEEDINGS OF THE INTERNATIONAL CONGRESS ON INTELECTUAL PROPERTY RIGHTS FOR SPECIALIZED INFORMATION, KNOWLEGDE AND NEW TECHNOLOGY, XX, XX, 21 August 1995 (1995-08-21), pages 340-354, XP002083938 *
KOHL ET AL: "Safeguarding Digital Library Contents and Users" -, September 1997 (1997-09), XP002126428 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1433095A1 (en) * 2001-09-07 2004-06-30 Entriq Limited BVI A distributed digital rights network (drn), and methods to access, operate and implement the same
EP1433095A4 (en) * 2001-09-07 2005-09-28 Entriq Ltd Bvi A distributed digital rights network (drn), and methods to access, operate and implement the same
AU2001290653B2 (en) * 2001-09-07 2008-10-09 Irdeto Usa, Inc. A distributed digital rights network (DRN), and methods to access, operate and implement the same
US8290819B2 (en) 2006-06-29 2012-10-16 Microsoft Corporation Electronic commerce transactions over a peer-to-peer communications channel

Also Published As

Publication number Publication date
AU6362800A (en) 2001-02-13
WO2001008029A3 (en) 2003-01-09

Similar Documents

Publication Publication Date Title
US8706636B2 (en) System and method for unique digital asset identification and transaction management
US6944776B1 (en) System and method for data rights management
US8996423B2 (en) Authentication for a commercial transaction using a mobile module
US7529929B2 (en) System and method for dynamically enforcing digital rights management rules
US7466823B2 (en) Digital media distribution method and system
AU2006236243B2 (en) Network commercial transactions
US7209892B1 (en) Electronic music/media distribution system
US7849020B2 (en) Method and apparatus for network transactions
US20060235795A1 (en) Secure network commercial transactions
US20030120557A1 (en) System, method and article of manufacture for an internet based distribution architecture
JP2005506619A (en) System and method for providing secure transmission of licenses and content
WO2001001226A9 (en) A system, method and article of manufacture for software source authentication for return purposes
WO2001001319A1 (en) A system, method and article of manufacture for a customer profile-tailored support interface in an electronic software distribution environment
WO2001008029A2 (en) Digital/internet distribution channel management system for digital content
WO2001065796A2 (en) Digital data distribution method and system
WO2001001225A1 (en) A system, method and article of manufacture for automatically generating a tailored license agreement
WO2001001316A2 (en) A system, method and article of manufacture for an electronic software distribution, post-download payment scheme with encryption capabilities
EP1632831A1 (en) System and method for data rights management
AU2011202945B2 (en) Network commercial transactions
WO2004053720A1 (en) Secure system for creating and processing digital signatures and method for use thereof
WO2004079608A2 (en) Apparatus and method for data file distribution

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AU BR CA CZ JP PL

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP