CN101084524A - Personal digital key and receiver/decoder circuit system and method - Google Patents

Abstract

The present invention enables automatic authentication of a personal digital key based upon proximity of the key which is associated with a person. The system enables linking of the personal digital key to an account based upon the automatic authentication. The personal digital key includes encrypted digital data unique thereto, which enables automatic authentication based upon proximity thereof to a receiver and the account linking system. The system further includes an account linking system based upon authentication of the personal digital key. The account linking system comprises a receiver/decoder circuit, which is able to automatically authenticate the personal digital key, whereby the personal digital key is able to be linked to and associated with an account.

Description

Personal digital key and receiver/decoder circuitry and method

Cross References to Related Applications

This application is a continuation of co-pending application serial number 09/750,487, filed December 27, 2000; serial number 10/750,487, filed December 14, 2001 016,857 co-pending application; co-pending application serial number 10/153,979 filed May 23, 2002; serial number 10/715,035 filed November 17, 2003 Co-pending application; and co-pending application serial number 10/847,135, filed May 17, 2004, this application asserts based on serial number filed December 1, 2004 Co-pending provisional application 60/632,067 and co-pending provisional application serial number 60/652,765 filed February 14, 2005.

The following application is hereby incorporated by reference: U.S. Patent Application Publication No. US 2002/0080969, published June 27, 2002, entitled "Digital Rights Management System and Method" ; U.S. Patent Application Publication No. US 2003/0115351, published June 19, 2003, entitled "Digital Content Distribution System and Method"; published October 3, 2002 U.S. Patent Application Publication No. US 2002/0144116 entitled "Digital Rights Management"; U.S. Patent entitled "Digital Content Security System" published on May 20, 2004 Application Publication No. US 2004/0098597; and U.S. Patent Application Publication No. US 2004/0255139, published on December 16, 2004, entitled "Digital Content Security System (Digital Content Security System)". The following application is hereby incorporated by reference as an "Appendix": PTC Patent Application No. PCT/US2005/007535, filed March 8, 2005, entitled "Linked Account System Using Personal Digital Keys" Number.

technical field

The present invention relates to a system for initiating automatic verification of a personal digital key based on the proximity of said personal digital key, wherein said personal digital key can be associated with a person and based on said automatic verification of said personal digital key Links to Accounts.

Background technique

Contents of the invention

This application is a continuation of co-pending application serial number 09/750,487, filed December 27, 2000; serial number 10/750,487, filed December 14, 2001 016,857 co-pending application; co-pending application serial number 10/153,979 filed May 23, 2002; serial number 10/715,035 filed November 17, 2003 Co-pending application; and co-pending application serial number 10/847,135, filed May 17, 2004, this application asserts based on serial number filed December 1, 2004 Co-pending provisional application 60/632,067 and co-pending provisional application serial number 60/652,765 filed February 14, 2005.

The following application is hereby incorporated by reference: U.S. Patent Application Publication No. US 2002/0080969, published June 27, 2002, entitled "Digital Rights Management System and Method" ; U.S. Patent Application Publication No. US 2003/0115351, published June 19, 2003, entitled "Digital Content Distribution System and Method"; published October 3, 2002 U.S. Patent Application Publication No. US 2002/0144116 entitled "Digital Rights Management"; U.S. Patent entitled "Digital Content Security System" published on May 20, 2004 Application Publication No. US 2004/0098597; and U.S. Patent Application Publication No. US 2004/0255139, published on December 16, 2004, entitled "Digital Content Security System (Digital Content Security System)". The following application is hereby incorporated by reference as an "Appendix": PTC Patent Application No. PCT/US2005/007535, filed March 8, 2005, entitled "Linked Account System Using Personal Digital Keys" Number.

Description of drawings

Fig. 1 is a schematic diagram of a first type of wireless personal digital key according to the present invention.

Fig. 2 is a schematic diagram of a second type of wireless personal digital key according to the present invention.

Fig. 3 includes schematic diagrams of various types of wireless personal digital keys according to the present invention.

Figure 4 includes schematic diagrams of various types of receiver/decoder circuit adapters in accordance with the present invention.

FIG. 5 is a schematic diagram of a receiver/decoder circuit chipset according to the present invention.

FIG. 6 is a schematic diagram of the receiver/decoder circuit chipset and various types of receiver/decoder circuit adapters in the present invention.

Figure 7 is a schematic diagram of a personal digital key and receiver/decoder circuitry in the present invention.

Fig. 8 is a schematic diagram of personal digital keys and linked accounts in the present invention.

Figure 9 is a schematic diagram of a personal digital key, a receiver/decoder circuit adapter and a secure link account in the present invention.

Fig. 10 is a schematic diagram of one version of a personal digital key according to the present invention and various devices capable of being linked thereto.

Figure 11 is a schematic diagram of a person using an associated personal digital key to initiate a customized service running a protected computer through a linked account in the present invention.

FIG. 12 is a schematic diagram of a person using an associated personal digital key to initiate a customized service of opening a locked door through a linked account in the present invention.

FIG. 13 is a schematic diagram of the present invention in which a person initiates a customized service of ordering cameras online through a linked account using an associated personal digital key.

Figure 14 is a schematic diagram of the present invention in which a person uses an associated personal digital key to activate various casino customization services related to restaurants, hotels, and parking through linked accounts.

Figure 15 is a schematic illustration of personnel using associated personal digital keys to initiate casino customization services related to patron and employee tracking in the present invention.

Detailed ways

Referring to the figures, a system according to the invention initiates automatic verification of a personal digital key based on the proximity of said personal digital key, wherein said personal digital key can be associated with a person, and based on said automatic verification initiates said Linking of personal digital keys to accounts. The present system includes a personal digital key that can be associated with a person, said personal digital key includes their unique encrypted digital data, and initiates automatic verification based on the proximity of said personal digital key to the account linking system. The system also includes an account linking system based on automatic verification of a personal digital key, the account linking system including a receiver/decoder circuit, the account linking system being capable of accessing the receiver/decoder when the personal digital key is in proximity to the receiver/decoder. The decoder circuit automatically verifies the personal digital key, thereby enabling the linking and association of the personal digital key to an account.

The personal digital key and the receiver/decoder circuit can be mutually authenticated. When the personal digital key is located near the receiver/decoder circuit and is authenticated by the receiver/decoder circuit, the linked account is unlocked; decoder circuit when the linked account is blocked. The personal digital key includes an internal power source. The proximity of the personal digital key to the receiver/decoder circuit to initiate account linking can be adjusted as desired. The range typically averages 6 feet to 8 feet, but can extend to about 300 feet and beyond. The personal digital key includes a permanent, secure, unique identifier that cannot be modified, updated or manipulated in any way. The identifier transmits the unique encrypted digital data to the receiver/decoder circuit over a secure wireless link.

The unique encrypted digital data within the personal digital key includes an unalterable unique personal digital key identifier. The receiver/decoder circuit includes an unalterable unique identifier. The receiver/decoder circuit is capable of detecting, authenticating and securely communicating with the personal digital key. The receiver/decoder circuit is capable of detecting, authenticating and communicating with multiple personal digital keys simultaneously. The receiver/decoder circuit is also capable of encrypting and decrypting content such as data, files, emails, transactions, games and music. Data is contained within the linked account and the receiver/decoder circuit is capable of directly or indirectly accessing the data within the linked account based on automatic verification of a personal digital key. The personal digital key and the receiver/decoder circuitry include embedded challenge-answer logic and cryptographic algorithms to enable secure verification that the personal digital key and the receiver/decoder circuitry are original, non-duplicate authorized devices and enable secure communication between the authenticating devices.

The system can provide one or more customized services for the linked accounts. The customized services provided for the linked accounts may include customized services provided for casino properties and/or hotel properties. The casino property customization service may include tracking the number of personal digital keys in proximity to the receiver/decoder circuit. The casino property may also include a slot machine or similar device, and the casino property customization service may include a game downloadable to the slot machine, wherein the slot machine includes the receiver /decoder circuitry, the system is capable of tracking a customer's gaming preferences and based on the gaming preferences, via the receiver/decoder's unalterable unique identifier, the system is capable of Games transmitted to the slot machines are decrypted to ensure that the downloaded game arriving at the slot machines is unchanged from the "master" version on the download server.

The system can further protect the network through the system between the slot machine and its associated reader/decoder circuit (or any other device that utilizes a recorder/decoder circuit) and between the servers of the system. any and all transactional data that flows between them. In this function, the system encrypts/decrypts transaction data using a reader/decoder circuit located within each communication device.

The system may further include a game server that includes games that it is capable of encrypting. the receiver/decoder circuit within the slot machine is capable of receiving games from the game server encrypted using the reader/decoder circuit's unique identifier as a key, and The receiver/decoder circuit is capable of decrypting the aforementioned game for play on the slot machine.

As can be clearly seen in the illustrations, the system according to the invention includes a technology based on the proximity of a Personal Digital Key (PDK), wherein each small, unique device containing a Personal Digital Key (key) is assisted by The device performs wireless authentication, and the auxiliary device contains a reader/decoder circuit (RDC). The RDC acts as a gatekeeper for various digital and physical items, selectively granting valid key access to said items.

The core functions of the system include secure digital access, secure access and use of digital content, devices and transactions, secure physical access, secure access and use of physical entities and devices, and identification and verification of keys and owners. Many products are designed around the functions described above, including encryption keys, RDC/chipsets and/or hard drives, access systems and account protection systems. The system can be used in gaming (eg, casino) products and non-gaming products.

In this system, as shown in Figures 1 to 3, various types of keys are shown, including keys 10, 12, 14, and 16, which are single unit, self-contained devices that can be shaped like Car-style smart key. Each key produced is uniquely identifiable. The key contains and uses complex, active technology, two-way, secure wireless authentication and encrypted communication algorithms. The key cannot be modified, updated or changed in any way after manufacture, making it essentially tamper-proof and indestructible.

The key is a standard proximity-only type, using a standard key that only needs to be carried. Regardless of the number of uses, an individual does not need more than one key. The plastic or similar key casing (the housing that surrounds the internal components of the key and the electronics) can be molded in many different styles. The functionality enables customization of models that are acceptable and suitable for use in single-property and multi-property environments, where properties are not necessarily all parts of the same business entity. This allows patrons and players to use and carry only one key regardless of the number of businesses, properties and systems they expect to have access to. An example of such an option includes shaping the key into the form of a miniature slot machine, where a slide-in compartment houses a small placard "symbol" bearing the name of the casino property. Single symbols can be slid in and out of the housing as desired, and multiple symbols can be attached simultaneously, for example, along with the key itself, to a common key ring. Keys provide a signage option acceptable to property owners, enabling patrons and players to use and carry only one key.

As shown in Figure 2, the bio-key 12 is an improved form of proximity and biometrics. It utilizes a modified biometric key that, for example, may require placing a finger on the base of the key, running an eye scan, or taking any biometric action to biometrically authenticate its owner. In all other respects, the biometric key is identical to the standard key. Specifically, bio-key 12 works on the same principle as key 10, with the difference that key 10 delivers its identification code when asked to deliver its identification code, whereas bio-key 12 does not deliver an identification code unless taken A biometric action to authenticate the person, after which an identification code is delivered.

The system is a proximity based technology and the RDC adapters 18, 20, 22 and 24 (see Figures 4, 6, 7 and 9) can detect, authenticate and communicates with it, and it knows when the key has not been detected within range. A particular protected item includes a digital file that can be associated ("linked") with each key. The system technology described utilizes components and functions such as key and receiver/decoder circuit components, technology based on active (two-way authentication/communication) proximity, automatic detection, reading and verification of keys (each key is unique of) capabilities. It also leverages the ability to communicate securely over its keyed-RDC wireless link, optionally using secondary authentication procedures (such as requesting a password for confirmation or taking biometric action) when required.

As shown in FIGS. 5-6, the PDK reader/decoder circuit chipset 26 (RDC chipset) contains various core functions including authentication, encryption and access control. Reader/Decoder Circuit Adapters (RDCs) utilize standardized chipsets. RDC has a variety of options that allow PDK technology to be added to virtually any traditional and modern computer, as well as to most other electronic devices. The PDK's standardized chipset powers all RDC adapters and is directly integrated into OEM products, giving the PDK full board compliance. The external RDC option connects via a PC card and USB port, providing an upgrade path for traditional and modern computers that include standard hard drives but do not add an integrated RDC. Access to the drive and its contents is only allowed when the linked key is detected, protecting it if said drive and its contents are lost, stolen or simply left alone.

After linking to an account, whenever access is attempted, the RDC will scan items linked to the key (e.g., files 28, secure files 30, drives 32, doors 34, computers 36, and slot machine 38). If the item is detected, access is allowed - otherwise, access is denied and the item remains locked and private. Users don't need to carry more than one small key because a key can be linked to as many protected items as needed at any time. Similarly, standardizing on RDC simplifies upgrades and integration efforts.

For example, when a person is working at a desk and his key is detected, as shown in Figure 11, his computer 36 works exactly like any other personal computer. But when he leaves, his key is no longer detected and his drive is automatically locked and secured. Similarly, when a person approaches a PDK-enhanced ATM, he only needs to touch his bio-key with his finger, and the ATM will automatically recognize him (and his account number), effectively using his fingerprint as his PIN. The Enhanced ATM provides enhanced authentication based on account transactions - greatly reducing the chances of credit/bank card fraud by linking the account holder's key to his/her account. Once linked, transactions will only be made against the account if the linked key is detected. In the example shown in Figure 13, when someone is trying to buy a new camera, he selects and enters his credit card number. Its key is automatically read, and its order, credit card and key information is sent to the store.

As illustrated in Figure 12, the following "Access" examples show the permitted uses of the base and core functions. Many similar OEM and stand-alone products and uses are contemplated using standard and/or biometric enhanced keys. The core identification and verification functions can be integrated relatively easily into many common devices. Technologies that do not require hands-on operations, passwords, access keys, or placing keys in close proximity provide infinite new possibilities for traditionally inefficient and/or inconvenient tasks. possibility. The various types and styles of keys provide a way to adapt the security features of the technology to almost any need.

The system's RDC wirelessly detects, authenticates, and securely communicates with the key. RDC may include the following functions: interrogating keys in a specific area and section (e.g., a room or section of property); identifying specific key information (e.g., number of keys in an area); identifying "hot spots" . The RDC may also include functionality for the overall distribution of patrons in high traffic areas and around properties, as well as functionality to locate specific keys. RDC is capable of detecting multiple keys in the vicinity at the same time (for example, detecting all people around a particular game).

Gaming products of the system include casino property systems, such as those used in casinos or casino/hotels, including standard and biometric augmented versions. Use of the technology within casino and hotel environments allows keys to replace or be used in conjunction with current standard player tracking cards (PTCs). Each key is linked to an account record within a centralized database (which maintains patron and player account information), also replacing cash and/or room charge account numbers (electronic funds transfer or EFT) where appropriate ( within the institution) or work with it. Key usage can be configured as one key per person, one key per casino, one key per casino chain, or a combination of each as desired. The RDC can work as a stand-alone unit and replace current Player Tracking System (PTS) card readers and other common devices such as cash registers, credit card readers, door lock mechanisms, touch kiosks and personal computers or with the described Common devices are used in combination.

When the system is installed on a device other than an electronic game machine, the RDC can be connected to the required network and centralized database through devices such as a small independent unit with or without a touch screen or display mechanism, installed on a device such as a touch query integrated Machines, personal computers, cash registers, door lock mechanisms, portable readers (possibly used in parking garages or street bars) among other devices. The above connections can be made through independent hardware directly connected to the PTS network (bypassing the hardware of all local devices), or through independent hardware connected to an independent network laid in parallel with the PTS network (the network can optionally be connected to other locations). Connections for any of the above options may be wired or wireless.

As shown in FIGS. 14-15, the features and functions of the system provide the casino 40 and hotel with increased profits by providing a greatly enhanced, more comfortable and fun experience for the casino 40 and hotel guests, while achieving Numerous new market and data collection features. The product could be introduced as a replacement for player tracking cards (ie, plastic cards used by players to accumulate redeemable points), and expanded over time to provide a potential property-wide solution. The ability to automatically identify guests (and employees) and use the information to track, buy and sell and collect data creates significant new opportunities to manage and grow casino and hotel business (e.g., downloadable games). Automatically tracking player registrations offers the potential to dramatically increase system utilization and enhance the customer experience. Data such as how long someone watches a new game but chooses not to play can now be captured. The system always knows "who is there" and uses the data as needed.

The system's operators leverage the technology to provide extremely efficient and personal guest service and to implement powerful new employee management optional features. The system is capable of providing a completely passive, integrated property management solution, including automatic player tracking, custom downloads, slot-operated in-airport research reports, innovative marketing options, and property access options. The system leverages market and customer interest in technology to maximize in-floor profitability through physical use of advanced player tracking and data analysis. It also enables system and device data acquisition and analysis capabilities to configure in-floor margins. The market places growth costs on technologies that provide tangible benefits. The system provides a solution for long-standing applications related to online gaming through biometric extensions.

The system administrator (such as the owner of a casino property) may determine that any single key may be used for property functions of a single casino/hotel property and/or multiple casino/hotel properties (including properties from unrelated entities). Key usage can be configured as one key per person, one key per casino, one key per casino chain, or a combination of each as desired. Online/Internet-based functionality includes online gaming and general website interaction - a means of providing identification, verification, age verification and payment services. Alternatively, the key can also be used for any other non-game related system based applications and products. Customers and employees can use the same style of keys, simplifying key handling and management.

RDCs can be installed individually (e.g., on floors, ceilings, walls) and used in gaming equipment (e.g., slot machines, table games) and other equipment/environments (e.g., cash registers, check-in counters, personal computers , touch inquiry all-in-one machine). When installed in a video game console, tabletop, or similar device, the RDC can be connected to the system's network and Centralized database, or networked and centralized database connected to the system via the local unit's game motherboard (bypassing the player tracking hardware). RDCs can also be connected via stand-alone hardware directly connected to the PTS network (bypassing all local device hardware), or through stand-alone hardware connected to a stand-alone network laid in parallel with the PTS network (the network can optionally be connected elsewhere). Connections for any of the above options may be wired or wireless.

Casinos benefit from the system's ability to: provide significant data capture and marketing capabilities and opportunities; provide customers with easy and consistent access to the casino's player rewards program (RP); and the ability to create and enhance customer loyalty the ability to provide customers with an efficient PTC solution that is more functional and simpler than currently available options such as standard PTC or smart cards; and technologies such as retinal scanning and fingerprinting. Since there is a real price difference between a standard card reader and an RDC and the additional, unused space on the front of the gaming machine (because the card reader is not installed) can provide space for promotional advertising and a more simplified player interface, the system also provides It has a lower stand-alone cost of the game machine.

The overall configuration functionality of the system can include customer database records, local machine hard drives and associated data, and any other transactional/stored data can be linked to/associated with the key to enhance the data with the encryption capabilities of the PDK Security and Integrity. At idle, the RDC locates any keys that are still within its "read window" for a definable period of time (e.g. to determine if a player wishes to "log in" to the PTS, measure the time a player spends browsing, identify Touch to search for hotel guests near the kiosk). When an RDC has detected the key and has read its data, it will display a message on its display mechanism (the internal mechanism of the local device) showing the player's name (or nickname) and asking for confirmation to use the key (On gaming devices, this action effectively logs the player into the PTS network for the time the player is playing the game). When someone is logged in, RDC will not let him log in again, but even if someone is logged in, RDC will still locate other keys. RDC, while locating other keys, would enable the system, for example, to track people as they move through a casino. When a player (key) moves out of range, a "bell" (or similar) will sound to get said player's attention, asking for confirmation to "log out of the system". However, after a defined period of time, the RDC will automatically log the player out of the system.

In this system, in order to better define the "read window" (required key detection area), RDC can contain some options and functions, including reducing the "valid window" to a limited space (for example, a game directional antenna in the front area of the device) (the angular area where the key can be detected). An adjustable "read range and resilience" feature (distance from the RDC where the key is detected) further limits the "active window" and minimizes spurious readings, and a "strongest signal detection" feature (for each The strength of the detected key signal is compared to determine the strongest signal) to select the specific/correct key more precisely (when multiple keys are detected), the "read duration" function (in the RDC identification key The length of time the key is "seen" or "unseen" before being "detected" or "lost") minimizes spurious readings.

The system is capable of automatically transmitting information (optionally also information retrieved from the account associated with the key) to a person (key) when the person approaches the RDC. Examples include items of customer preference (default wager information, color or text size options) and automating downloadable games (where games are physically stored and retrieved from a centralized server rather than a local gaming device) based on known customer preferences, casino Dynamic configuration of in-floor games provides patrons with games and game groups/game types. A portion of the casino floor may be dynamically configured for poker, another portion of the casino floor based on known histories and preferences of patrons and viewers or the number of patrons and viewers within a given portion of the casino floor at a given time. A part is used for slot games and the like.

In a downloadable game environment, when the game in the slot machine can be changed, by utilizing all the data collected from the wireless key, the system along the line can configure the field itself through the back-end program, so as to utilize the available The downloaded game function and key's ability to report such information dynamically changes the floor layout. For example, where at a given time there are more players in blackjack than in slot machines, the system may change the majority of the floor from slot machines to blackjack. Additional transmittable information includes: customer identification/greeting - attracting the attention of "viewers" by displaying the customer's name (or nickname), offering play/shopping incentives, providing marketing promotional videos or similar; Bonuses are offered to players who play a particular high-stakes game at a particular moment.

The system is also capable of automatically acquiring the data of a person (key) when the person (key) approaches the RDC. Examples include any data obtained through current/standard PTS devices, player data on unconnected (not directly connected to PTS network) games (e.g. poker, blackjack), passive viewers (browsers) Statistics, tracking how many people watch a new game for how long and how many people travel through a specific part of the casino. Additionally, the captured data may also include general customer and browser statistics, game/game genre/game library data, shopping and restaurant preference data, general customer and browser data - shopping and restaurant sales transactions, and for triggering Hotel room door lock mechanism, trigger touch query all-in-one machine program, and automatically identify the customer and key identification data to the parking garage attendant.

In addition, the system may enable game/machine and backend system configuration and management to proceed, e.g., initiate casino internal management procedures, including enabling game, machine, and backend system setup, configuration, and reporting functions without Requires internal access to said equipment (minimizing the number of times the gaming machine is turned on and the time it takes to execute the program); for patrons and players, the RDC is able to detect authorized casino personnel in possession of the key and an associated password for confirmation (optional). There is an option to automatically record all information related to the transaction (user identity, changes/modifications implemented) in order to create an audit trail.

In addition, the system is capable of casino-wide operations by utilizing the RDC in each stand-alone device or components in other available devices. The system can provide centralized, centrally administered, efficient management of additional casino operations such as hotel check-in/out, restaurant/store transactions, hotel room key replacement, and parking garage management. Customers and players can be automatically, efficiently and consistently identified, addressed, marketed, tracked and billed wherever they are in the casino (or casino chain). In addition, the security features and functionality of the system can provide secure centralized EFT system management across a property's operations.

The system also enables casinos and hotels to The system can provide a greatly enhanced player and patron tracking system and experience. Additionally, the system can provide centralized, centrally administered, efficient management of additional property operations such as hotel check-in/checkout, restaurant/store transactions, hotel room key usage, and parking garage management. In addition, any personal PDK key may be used for any and all other functions/uses specified in relation to the PDK.

Other uses of the technology may include customer convenience features, including automatic login and logout of PTS, and the use of keys (and secure transaction technology) to conduct any cash transactions on a given system/property (including property of unrelated entities) or room deals. Additional features include securely and confidentially paying for any service on a property using a single key, unlocking hotel doors, automatically notifying cars in garages to be retrieved, automating hotel check-in/check-out procedures , Automatic access to the touch query all-in-one machine (to obtain account information), and any standard requirements based on PTS. It can also be used to automatically display and/or select user-specific preferences, such as game/stakes options or favorite games/groups of games (in a downloadable gaming environment), and favorite liquors and dishes in a restaurant.

Market capture functionality (automatic capture when a person's key is in proximity to the RDC) includes any data available through current standard PTS installations, and optionally any other business-based transactions on property, in unconnected (not directly Player data on games (e.g. poker, blackjack) connected to the PTS network. It can also collect passive viewer (browser) statistics - tracking how many people watch a new game for how long (but choose not to play) and how many people travel through a specific part of the casino, a "hot spot" within the casino. General customer and browser demographics may be collected, including game/game type and game library data, as well as shopping and restaurant preference data.

Marketplace delivery capabilities that automate delivery to individuals based on their key approach to an RDC using previously captured known preferences include automating downloadable games (where the games are actually stored in a centralized server and downloaded from the centralized server rather than Local Game Device Retrieval) where games, groups of games/game types may be offered to customers based on their known preferences, pre-collected statistics, and/or advertising and market demand for properties. Additional features include automatic provisioning and setting of customer preference items (default bet information, color or text size options), which enhance the customer experience and extend their play time, automatic location and/or identification and greeting of customers, including By displaying the "viewer's" name (or nickname), providing incentives, automatically delivering targeted marketing promotional videos (such as offering bonuses to individuals who play certain games or at certain times, offering dinner at a favorite restaurant or Gifts purchased at favorite stores and third-party products based on known preferences) to attract the attention of "browsers".

Property management-oriented functions include enabling patrons and players to be automatically, efficiently and consistently identified, addressed, marketed, observed and researched (at their own discretion), tracked and billed at any point in the property, providing a greatly enhanced player and customer experience. Added functions include: the ability to provide centralized, unified control, and efficient management of additional property operations (such as hotel check-in/out checkout, restaurant/store transactions, hotel room key utilization, and parking garage management).

Additional features include: Provides secure, system-wide uniform type of access to customer-related account information; optionally utilizes a separate passphrase (or equivalent) for a further added level of security, e.g. for cash balances, EFT Functionality, game results data, user preferences (such as preferred games and game settings), marketing preferences (favored restaurants, beverages, and shows), and status information (such as the location of a car in a parking garage and hotel room number). In addition, other functions include: dynamic reconfiguration of the game layout in the casino floor based on the known history and preferences of patrons and browsers and the specific number of patrons and browsers in a given part of the casino floor at a given time Configuration (via downloadable gaming technology) so that part of the casino floor can be dynamically configured for card games and another part for slot games.

Many of the functions described above can be accomplished without requiring internal access to the device and without the use of mechanical keys (minimizing the number of times the console is opened and the time spent executing programs), automatically detecting, locating, and tracking keys. The physical location/activity of the keyholder (while in the vicinity of the relevant system) (applicable to customers and employees), and automatic control of access to digital and physical entities. Additional features include: managing effective time and access controls, and automatically recording and creating an audit trail of all transactional information (user identity, changes/modifications made, and transactions completed) related to the system.

The system provides security-oriented functions and products for defending and protecting digital transactions for use as an electronic payment (EFT) tool; for protecting digital files, enabling system and non-system data files (such as a database, Word or Excel files) for secure access; and for secure downloading of digital content/data on the system, such as downloadable games or marketing promotional data. The system can also: secure and provide secure access to data on digital storage devices such as hard drives, customer database data, and individual digital hard drives to which digital files and digital transaction data can be associated Key association and linking; encryption and security of content/devices; enable custom, gaming-specific hard drive devices designed for direct integration into gaming machines such as a slot machine. The system provides an integrated device RDC and a regulatory agency approved secure storage unit (for downloadable/preloaded electronic games, game/player tracking system data).

While the particular system shown and disclosed in detail herein is fully capable of achieving the objectives and providing the aforementioned aspects and advantages, it should be understood that this is merely illustrative of the presently preferred No limitations are imposed on details of construction or design other than those described in the accompanying patent application.

Summary of Instructions (Appendix)

One embodiment of the invention includes a system comprising a personal digital key and a computer readable medium accessible when authenticated by the personal digital key.

Claims (Appendix)

CLAIMS 1. A system comprising: a personal digital key and a computer readable medium accessible when authenticated by the personal digital key.

2. The system of claim 1, further comprising a reader/decoder circuit, wherein the personal digital key is a tangible object capable of wireless communication with the reader/decoder circuit.

3. The system of claim 2, further comprising a computer with a computer hard drive, wherein the reader/decoder circuit is located within the computer hard drive.

4. The system of claim 2, further comprising a swipe unit, wherein the reader/decoder circuit is located within the swipe unit.

5. The system of claim 1, further comprising a second personal digital key, wherein the second digital key also authenticates a user attempting to access the computer readable medium.

6. The system of claim 1, wherein the personal digital key is a tangible item.

7. The system of claim 3, wherein the reader/decoder circuit is integrated with the computer.

8. The system of claim 3, wherein the computer includes a personal digital key hard drive.

9. The system of claim 3, wherein the computer further comprises a reader/decoder circuit card.

10. The system of claim 3, wherein data from the personal digital key is transmitted and data is received through a secure radio frequency port on the computer.

11. The system of claim 3, wherein the computer transmits and receives data from the provider via an Internet connection.

12. The system of claim 3, further comprising a database, wherein the database includes account identifiers and personal digital key identifiers.

13. The system of claim 3, wherein data transmitted by the personal digital key to the computer is authenticated by personal digital key data stored in the database.

14. The system of claim 4, wherein the swiping unit transmits and receives data from the provider via an Internet connection.

15. The system of claim 4, wherein data transmitted by the personal digital key to the reader is authenticated by personal digital key data stored in the database.

16. A method of preventing unauthorized access to a computer readable medium, comprising:

providing a user with a tangible personal digital key, wherein said personal digital key stores information unique to said user;

and,

If the information transmitted from the personal digital key matches the separately provided identification data, the user is authenticated.

17. A method as claimed in claim 16, wherein the identification data is data from a credit card.

18. The method of claim 16, wherein said personal digital key transmits said unique information via a wireless link.

Manual (Appendix)

Linked Account System Using Personal Digital Keys (PDK-LAS)

technical field

The present invention generally relates to an embodiment of a linked account system (PDK-LAS) using a personal digital key.

Background technique

The market for downloading digital content online is growing rapidly because it is cheap, fast and easy to distribute said content and the quality of said content itself is acceptable. However, the market remains chaotic due to competing standards, competing companies, unsatisfactory art and vendors, and outright theft of digital content.

Digital rights management (DRM) seeks to solve the above problems by delivering digital content from the physical vendor to the appropriate customer and ensuring that everyone who is due gets paid.

DRM seeks to get everyone paid by managing the multiple steps of publishing digital content (music, video, software) online: watermarking, encryption, transaction management, and rights management.

Some DRM companies perform all of the above steps, while others specialize in one or two steps of the described process.

First, watermarks are used to imprint a digital stamp on each piece of digital content, allowing said digital content to be tracked wherever it goes. Digital watermarks are almost the same as paper watermarks, except that they cannot be seen or heard by humans. Reading digital watermarks requires specialized software.

Second, encryption scrambles the watermarked digital content and stores it inside a digital safe for transmission over the Internet. The digital locker protects the digital content by allowing only persons with the appropriate software key for the safe locker to decrypt and use the digital content.

Third, transaction management processes physical payments by using credit card technology available elsewhere in e-commerce. The processing sequence is: place the order; fetch the credit card number; check the account status; and authorize the transaction.

Finally, rights management is used to manage information about the digital content itself: what the digital content is, who gets it, how it is delivered, how many times the digital content is used, how long the copyright lasts, who Get paid, how much to pay, and how to pay. The information is sent with the digital content in an item called a digital license. The license is placed on top of the digital content when sent over the Internet, enabling legitimate users to use the digital content for the duration of the copyright.

The main goal of DRM companies is to deploy technologies for protecting digital content when said content is distributed online. The aforementioned technologies and DRM as proposed are generally discussed in an article titled "Digital Rights Management May Solve the Napster Problem" in Technology Investor (October 2000), pp. 24-27. While the techniques described above should reduce the amount of digital theft, they generally benefit the content provider if the consumer pays or benefit the consumer if the content provider pays. That is, the rights of either the content provider or the consumer will be damaged. For example, certain technologies severely limit a consumer's ability to make additional copies of digital content, even if said digital content is intended for personal use. Other techniques facilitate duplication of digital content that can be used by multiple consumers without each consumer paying the provider of the digital content. The present inventors have discovered an improved DRM system and method that effectively balances and protects the rights of both consumers and content providers. In addition, the present inventors have discovered a related digital content security system for preventing unauthorized use of computers and other storage devices and for preventing unauthorized access to digital content stored on computers and other storage devices, Reproduction and/or Distribution.

With the advent of the Internet, online shopping, online banking, etc., the Internet has dramatically increased the incidence of theft of credit card, bank account details, and similar data. Such fees can be prohibitively high for providers performing transactions for stolen items as described above, and subject customers to higher transaction fees and product prices, since providers are usually responsible for the cost of stolen account information.

Also, the inconvenience and inconsequence that the victim, the consumer suffers from the said crime is usually a traumatic but minor one. Current technologies and procedures for securing account-based transaction processing are inadequate and do little to prevent the crimes described above. The problems described are most pronounced in the case of the largest growth sectors of the above transactions and the online environment.

Contents of the invention

One embodiment of the invention includes a system consisting of a personal digital key and a computer readable medium that is accessible when the digital key is authenticated.

Description of drawings

These and other advantages of the present invention will become apparent upon reading the foregoing detailed description and upon reference to the accompanying drawings.

Fig. 1 is the flowchart of the method for managing digital rights according to the present invention;

Figures 2, 3 and 4 are block diagrams of parts of a DRM system for implementing the method described in Figure 1;

Figure 5 is a conceptual model of core options for acquiring digital content that can be encoded to generate key-protected content and for playback of said key-protected content;

FIG. 6 is a block diagram for implementing core acquisition options for downloaded content;

Figure 7 is a block diagram of core acquisition options for implementing store-purchased content;

Figure 8 is a block diagram for implementing core acquisition options for broadcast content;

Figures 9a and 9b are block diagrams for implementing the core playback option of a stand-alone device;

Figure 10 is a block diagram for implementing the core playback option of a networked device;

Figure 11 is a block diagram of a standard computer hard drive incorporating an integrated PDK-RDC (receiver/decoder circuit) for enabling various methods of protecting digital content;

Figure 12 is a block diagram for implementing drive level protection and sector level protection associated with the computer hard drive;

Figure 13 is a flowchart of the logic executed by the PDK-RDC for implementing drive level protection and sector level protection;

Figure 14 is a block diagram for implementing file layer protection associated with the computer hard drive; and

Figure 15 is a block diagram for implementing network layer protection by extending file layer protection to network environments.

Figure 16 is a simplified diagram of an embodiment of the PDK key system of the present invention.

Fig. 17 is a schematic diagram of an embodiment of the PDK key system of the present invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and described in detail herein. It should be understood, however, that the invention is not intended to be limited to the particular forms disclosed. On the contrary, this specification is intended to cover all modifications, equivalents and alternatives falling within the spirit and scope of the invention as defined by the appended claims.

Detailed ways

definition

Herein, "PDK key or key" means a PDK-compliant wireless key that provides access to objects protected by the PDK. The acronym "PDK" means "Personal Digital Key".

A "PDK" hard drive means a physical or "electronic" hard drive that includes an integrated RDC.

"TDK-protected product/object" means a hard drive or account or content protected by PDK technology.

A "distribution key" is a PDK key that is distributed to one or more protected objects.

"RDC" means a reader/decoder circuit installed in the user's computer, or built into a computer hard drive or point-of-sale (POS) credit card swipe unit, that communicates with the PDK key and PDK data is decoded.

"POS RCD" means a reader/decoder circuit integrated into a standard point of sale (POS) credit card swipe unit.

"Manufacturer" as used herein means a PKD key manufacturer.

"Provider" as used herein means the institution that issues the PDK-linked account, PDK hard drive, etc.

"Customer" or "User" means a person who owns or uses a PDK key.

"Master Key" or "Master Key" means the PDK key that is initially assigned to a PDK-protected object and that needs to be presented when configuring a transaction.

manual

A system embodiment of the present invention (number 1000 in FIG. 16 ) includes a personal digital key PDK 1010, a point-of-sale reader decoder circuit (POS RDC, 1012), a PDK reader connected to a provider 1016 with a database 1018 Decoder circuit 1014 . For some embodiments, the PDK reader decoder circuit and POS RDC 1014 are in a single unit 1020, which in some embodiments is a standard credit card swipe unit with an RDC.

For some embodiments, a standard credit card 1022 is readable in the reader 1020 . Provider 1016 may be a credit card processor, bank, or other similar institution. The account database maintains the user's account number, PDK key number and other identifiers.

In another embodiment (2000 in Figure 17), the PDK 1010 interfaces with the computer 2002 via a secure RF link 2004. Computer 2002 is a standard personal computer with an integrated RDC, PDK hard drive or RDC adapter card. The computer 2002 communicates with the provider 1016 via a standard Internet connection 2006 . Provider 1016 communicates with database 1018 in the manner described in the above embodiments.

After the user has the PDK key, he can choose to register with the key manufacturer or the centralized key database. No usage data, credit or bank account numbers, hard drive IDs, etc. are maintained in the manufacturer's database, only user authentication information. The information includes a customer account number, which in some embodiments indicates a customer record within the manufacturer's database, including customer name, address and phone number, key number and key status (in use, stolen , lost), etc. Said information is mainly used for authentication purposes when carrying out the replacement procedure in case of loss of the key.

The data segment stored within the PDK key includes a user tag including a user text tag in an unprotected field. The data field also includes an account number, which is the user manufacturer's account number, in a protected field. The data segment also includes a key number, which is a unique key identification and is in a protected field.

The PDK key communicates with one of three basic implementations of PDK-RDC including POS RDC, standard credit card swipe device with integrated RDC. The second embodiment is an RDC adapter, and the RDC adapter is an additional PC board RDC connected through USB, firewall, PC card, expansion slot and the like. A third implementation is a PDK hard drive, which is a standard hard drive with an integrated RDC.

POS RDC devices are used in checkout counters, purchasing counters, hand-held card readers, etc. in stores. RDC adapters or PDK hard drives are designed for use in PC-based applications.

Physical cards designed to use PDK LAS technology, such as credit/debit accounts, bank accounts, membership accounts, or similar types of accounts, are conventional cards. No modifications are required to the above cards in order to use PDK LAS technology. From the customer's point of view, the features, together with the PDK keys, can be procured at any time and distributed for the functionality of a certain target, making the technology easy to accept.

In addition, PDK-LAS technology has enormous flexibility in how to issue, distribute and use PDK keys. For example, the provider can optionally make the key dynamically assignable, assign the key at a certain time in the future, assign multiple keys to the same account, etc., and the user can choose to use a PDK key for his PDK-based All needs for security, i.e. one PDK key can be assigned to multiple accounts, PDK hard drives and other PDK based products.

Specific exemplary uses of several PDK-linked account embodiments are discussed below. These examples are used to illustrate specific uses of PDK linked accounts and are not intended to limit embodiments of the invention.

In the first instance, the user wishes to assign a key to a new PDK-linked account. In one embodiment, the user logs into the provider's site via the Internet on their personal computer. The user enters any authentication information normally required by the provider. During this transaction, the provider requires enough data to authenticate the user. An RDC reads the user's PDK key data and transmits the data to the provider. The provider confirms the user's request to link the PDK key to the account. After confirming the request, the PDK key data is permanently stored in the provider's database as a master PDK key and can only be modified by directly contacting the provider.

In another embodiment, the user calls the provider directly and verbally answers all the information required, including the master PDK key data printed on the card provided with the PDK key at the time of purchase. For users with Internet access but no RDC, the information is manually entered on the provider's website.

In the second instance, the user wishes to assign a secondary key to a PDK linked account. The user logs into the provider's site and enters any authentication information normally required by the provider. The user ensures that the assigned master PDK key is near the RDC. The RDC reads the data of the master PDK key and the additional PDK key and transmits the data to the provider. The provider confirms the user's request to link additional PDK keys to the account number, or to change or remove PDK keys. After confirming the above request, the updated PDK key data is stored in the provider's database together with the master PDK key data.

In another embodiment, for the convenience of users who do not have an RCD but are equipped with a personal computer and Internet access, the user can call the provider directly and verbally answer all information required, including the printed Master PDK key and additional PDK key data on card (or similar). For users with Internet access but no RDC, the information can be entered manually on the provider's website.

In a third example, a user wishes to purchase an item at a store using a PDK linked account. Said user ensures that the assigned PDK key is near the POS RDC at the checkout counter. The RDC reads the user's PDK key and transmits the data to the provider for verification, along with the user's account number obtained using currently accepted procedures. If more than one PDK key is read at the counter, either data from all PDK keys can be transmitted to the provider, or a user tag can be displayed on the POS RDC, allowing the user or salesperson to choose the appropriate the PDK key. The provider uses the transmitted account number to locate the account record in its database and compares the transmitted PDK key data with the information stored in the record. If it is confirmed that the above data matches, the sales transaction will be completed normally. If it is confirmed that the above data do not match, the transaction cannot be completed.

A fourth example is when a user wishes to purchase goods online using a PDK linked account or the user wishes to access account information online. Said user must ensure that the assigned PDK key is near the RDC. The RDC reads the user's PDK key and transmits the data to the provider for verification, along with the user's account number obtained using conventional techniques. If more than one PDK key is read at the RDC, then either data from all PDK keys is transmitted to the provider, or a user tab is displayed on a computer screen, allowing the user to select the appropriate PDK key key. The provider uses the transmitted account number to locate the account record in its database and compares the transmitted PDK key data with the information stored in the record. If it is confirmed that the above data matches, the transaction/task will be completed normally. If it is confirmed that the above data does not match, then the transaction/task cannot be completed.

A fifth instance is when the user loses the PDK key. Immediately after an initial setup of the master PDK key, users are encouraged to assign an additional PDK key to be used as a daily key and store the master PDK key in a safe location. If the daily key is lost, the master key can be used to assign a new daily key. When the user loses all PDK keys, as a last resort, the key manufacturer can be contacted, and after verification, the key manufacturer is instructed to ship a replacement PDK key.

Returning now to the drawings and referring initially to Figure 1, there is shown a method of managing digital rights consistent with the present invention. First, a new user requests a physical electronic key or data unit from a key provider (step 10). The key provider may provide a website on the Internet, a toll-free number, and/or a retail store where the key can be obtained. Alternatively, the key provider may request keys in writing, preferably using a form designed by the key provider. For a certain type of key, users can obtain as many keys as they need, while for another type of key, each user is entitled to only one key.

Second, in response to the user's request for a physical key, the key provider establishes a new secure account for the new user in a secure user account database (step 12). The new account may include the following data fields: account number, password, software key, user tag, user number (linked to account), address, phone number, email address, and custom fields. The custom fields may, for example, include personal information such as the user's age, gender, marital status, income level, interests, hobbies, and the like. The physical key may include the following data segments: user tag, account number, software key, and custom storage area. The user tag and account number are used as the first activation code (key code) for the physical key obtained. All fields on the physical key (except the user tag) are preferably encrypted. In order for the user to view his or her account in the future, it is preferable to assign the user a login name and the aforementioned password.

Third, the key provider ships the physical electronic key to the new user via a package delivery company such as USPS, UPS or FedEx (step 14). In one pricing model, the physical key is shipped to the user for free, while in another pricing model, the physical key must be purchased by the user. If the user must purchase a physical key, the user must provide the key provider with credit/debit card information in step 10 to pay with the credit/debit card; or the key provider must ship the key in step 14. Key provides an invoice.

Figure 2 is a block diagram of a system for implementing steps 10, 12 and 14 of the method of managing digital rights. The system includes a new user 100 , a key provider's website 102 and a user account database 104 .

Referring back to FIG. 1, the user transmits the activation code in his/her digital key to the data content provider (who may have a cooperative relationship with the key provider) and requests a request from the Digital content (music, video or software) is purchased from a content provider (step 16). The content provider may provide a website on the Internet that contains a listing of digital content available for purchase. To transmit the activation code to the content provider via the website, the user may manually enter the activation code on a secure page of the website. Alternatively, the activation code may be transmitted automatically using wireless technology. Specifically, the user's computer may be equipped with a detector for detecting the activation code in the user's physical key, and then transmit the activation code to the content provider through the website. The content provider may be a subsidiary of the key provider, or may be independent of, but have an agreement with, the key provider.

Fifth, the content provider requests the key provider to verify the activation code transmitted by the user (step 18). The content provider may send the request to the key provider's website. Sixth, the key provider then accesses the user's account in a user account database and determines whether the activation code is actually valid (step 20). The key provider may also determine whether the activation code is associated with the user who transmitted the activation code to the content provider. If the activation code is rejected as invalid, the content provider will be notified, and the content provider will ignore any request by the user to purchase digital content. However, if the activation code is accepted as valid, the content provider will be notified and the purchase transaction will proceed. The term "key provider" as used herein refers generically to an entity (or entities) that manufactures, issues, and verifies physical keys. These functions may in fact be carried out by multiple agencies at different locations, or by one agency at one location.

Seventh, after ensuring that the first activation code in the physical key is valid, the content provider pulls the requested digital content from the digital content database/library and uses it with all activation codes in the physical key. Mark the digital content with a second activation code (or unlock code) related to the first activation code, and encrypt the marked digital content (step 22). The second activation code in the digital content may simply be the same as the first activation code in the physical key, but should be at least partially encrypted to ensure security. In one embodiment, a "key secret" content file includes the following data segments: user tag, account number, and digital content. The user tag and account number are used as a second activation code for the digital content. If the content is to be used as a sample only (depicted in Figure 6), the file may include additional data segments such as receiver/decoder circuit identification number, hour stamp and valid hours. All data segments (except user tags) on said content files are preferably encrypted.

Eighth, the content provider delivers the encrypted digital content to the user (step 24). The encrypted digital content may be delivered by: downloading the encrypted digital content to the user's computer while the user is online at the content provider's website; Attached to the e-mail sent to the user; or a disk containing the encrypted digital content is shipped to the user by a parcel courier company. The user may pay for the digital content by either providing credit/debit card information to the content provider in step 16, or by providing an invoice with the delivered digital content. If the digital content is delivered online, the user is preferably required to provide credit/debit card information and have that information approved as a condition of delivery of the digital content. If a user has more than one physical electronic key and wants acquired digital content to work with each of said user's keys, then all activation codes are applied to said digital content. The content provider charges the user based on the number of keys the user desires to enable the digital content. For example, the user may be charged the same amount for each activation code, or may be charged a higher amount for one activation code and a smaller amount (eg, a surcharge) for another activation code.

Figure 3 is a block diagram of a system for implementing steps 16, 18, 20, 22 and 24 of the method of managing digital rights. The system includes a new user 100 , a content provider 106 , a key provider's website 102 , a digital content database 108 and acquired digital content 110 .

Ninth, returning to FIG. 1 , the user inputs the encrypted digital content into a playback device of a model suitable for playing the digital content (step 26 ). The device may, for example, be an MP3 player, personal computer, DVD player, a CD player, a cell phone, or other portable device. In an embodiment, the device includes a wireless transceiver adapted to receive a radio frequency signal transmitted by a corresponding wireless transceiver in the user's physical electronic key. By including in the wireless transceiver a unique identifier assigned by the device manufacturer, the wireless transceiver within the device can optionally be tracked and "secret" for verification purposes.

Tenth, when the user's physical electronic key is in the vicinity of the playback device (eg, a few meters), the playback device reads: (1) the message sent by the transceiver in the physical key A secure radio frequency signal transmits a first activation code to a transceiver within the device; (2) a second activation code stamped on the encrypted digital content (step 28). The device includes software or hardware for decrypting the encrypted digital content to the extent necessary to read any encrypted portion of the second activation code.

Eleventh, the playing device compares the first activation code with the second activation code, and determines whether the first activation code is associated with the second activation code (step 30). Steps 29 and 30 may be performed, for example, when the user presses a "play" button on the playback device or when the user first enters encrypted digital content into the playback device. The device decrypts and plays the digital content if the first activation code is associated with the second activation code. The device will not play the digital content if the first activation code is not associated with the second activation code. If the second activation code is simply the same as the first activation code, the above comparison determines whether the first activation code matches the second activation code. In a preferred embodiment, only if the physical key is close enough to the device to transmit the first activation code to the device and make the device aware of the first activation code even while playing The device continues to play the digital content when the digital content is also at least partially encrypted with the second activation code of the digital content for comparison. If the physical key moves out of the range, the device can no longer decrypt and play the digital content. In another embodiment, when said device is initially able to decrypt and play said digital content, even if said physical key is moved out of said range such that said key is no longer able to send said first activation code to The device, the device also remains powered on until the "play" function is stopped, the segment/song being played ends, or the digital content is withdrawn from the device.

Figure 4 is a block diagram of a system for implementing steps 26, 28 and 30 of the method of managing digital rights. The system includes encrypted digital content 110, a key-activated playback device 112, and the user's physical electronic key 114.

As mentioned above, the user's physical electronic key and the playback device activated by the key each contain a wireless transceiver to transmit the activation code in the key to the device. In a preferred embodiment, the transceivers are all small and cheap Bluetooth wireless chips, and the Bluetooth wireless chips operate in the 2.4GHz ISM band that does not need to apply for a license. Change to a new frequency to avoid interference from other signals. The wireless chip is inserted into an electronic device, which can then use radio waves to communicate over short distances and through obstacles. "Bluetooth" is a term used to describe a protocol for a short-range (eg, about 10 meters) frequency-hopping radio link between devices that include wireless chips. The device is then referred to as a "Bluetooth enabled" device. The secure radio link replaces a cable that would otherwise connect the devices. More details on "Bluetooth" wireless technology are available at www.bluetooth.com .

Wireless technologies other than "Bluetooth" may be used to send an activation code from the user's physical electronic key to the playback device. An example of other wireless technologies is the industry term "Wi-Fi," which is short for "Wireless Fidelity," and is another name for IEEE 802.11b. Products certified as Wi-Fi by the Wireless Ethernet Compatibility Alliance (WECA) are interoperable with each other even from different manufacturers. Users of Wi-Fi products may use any kind of access point with any other kind of custom hardware manufactured to the Wi-Fi standard.

In another embodiment, the communication between the user's physical electronic key and the playback device is not wireless. In another embodiment, the user's physical electronic key sends the activation code to the playback device through a transmission line (eg, one end is inserted into the key, and the other end is inserted into a serial cable of the playback device). In another embodiment, the key is a smart or magnetic card having an activation code encoded therein, and the key is configured to physically fit within a card reader slot on the playback device.

The above-described DRM method and system for implementing said method is advantageous in that it provides key holders with great versatility in copying and using encrypted digital content for personal private use. At the same time, the copyright of the content provider is protected because only the key holder with the key activation device can use the encrypted digital content. The keyholder is able to make as many copies of the encrypted digital content as desired, but can only play the encrypted digital content on the key-initiating device using a key coded to decrypt the encrypted digital content Physical electronic key activation. Thus, the digital content, even after being copied, can only be used exclusively by the key holder. Individuals other than the key holder cannot use the encrypted digital content even if they copy the encrypted digital content, because both the original version and the copy of the encrypted digital content are still encrypted, and the individual does not hold the code for the encryption of the encrypted digital content. A physical electronic key to decrypt said digital content.

A central component of the invention is the concept of a portable physical electronic key that is dedicated to a particular user. The physical key represents a DRM solution that comprehensively addresses the needs of consumers and publishers of digital content. The physical key is permanently associated with the user's digital content library. When the content is acquired, the physical key is permanently associated with the latest acquired content. The user is now "linked" to the retrieved content. A user (such as an individual or family) can have as many physical keys as they want, but each portion of purchased encrypted digital content is associated with a specific key. The user may copy or transfer the acquired content to any medium or device for playback as many times as desired - as long as the associated physical key exists. Therefore, the present invention guarantees that the obtained content can only be played by users who have paid legally. The present invention gives customers unprecedented freedom and convenience to legally use purchased content while still fully protecting the content provider's copyright.

Referring to Figure 5, the present invention fully supports the use of "key protected" digital content 125 with all core content acquisition options and all core playback options. Key protected digital content 125 is encoded with a second activation code associated with the first activation code stored on the user's physical electronic key. The core acquisition options include download content 120 , store purchase content 122 and broadcast content 124 . The core playback options include standalone devices 126 and networked devices 128 . Each of the options is described in further detail below.

Referring generally to Figure 6, as described in Figures 1 to 4, the primary application of the present invention is the downloading of digital content from the Internet. Customers shop on the content distributor's website and select the content they want to buy (music, movies, software, e-books, etc.). The customer then provides the website with standard online shopping information, including the selected product title and payment method, as well as its physical electronic key information. It is obvious to the customer that the reseller's website links to the key provider's website and transmits the physical key's information for verification. The key provider's website then provides the dealer's website with the information (or notification that the physical key is invalid) needed to prepare for safe shipping of the acquired content to the customer. The key provider's website records the transaction for future payment. Finally, the reseller's website retrieves a copy of the digital content from its repository, permanently linking it to the customer's physical key (by using the key's information on the digital content encrypted) and transmit the encrypted content to the customer. The customer is now free to copy the content as often as desired and play it on any key-enabled playback device.

Referring to Figure 6 for details, the process of implementing the core acquisition option for downloading digital content 120 (see Figure 5) is described below. At step 130, the receiver/decoder circuit 140 retrieves the account number from the customer's physical key (transponder) over a secure RF link. In step 131, the customer inputs data such as a password, an item to be purchased, and a payment method through his personal computer 144 . The data is transmitted from the customer's personal computer 144 to the website 146 where the content is sold. At step 132 , the content distributor's website 146 transmits the account number and password to the key provider's website 148 . In step 133, the key provider's website 148 verifies all data against its database 150, and if the data is authentic, the website returns information such as account number, user tag, user number to the dealer's website 146 and software keys etc. If the data is invalid, the key provider's website will send a message to the dealer's website 146 indicating that the data is invalid. A counter for accounting purposes of the key provider will be incremented. In step 134, when the dealer's website 146 pulls the purchased content file from its database 152, it encrypts the content file using the software key it received in step 133 and creates a final The key protects the content file and the final key protected content file is then transferred to the customer's personal computer 144 . Fees are assessed based on the number of users, etc., and said customers are charged according to the payment method. At step 135, the key provider's website 148 periodically generates an invoice 154 and sends it to the content distributor.

As an option, a dedicated "enhanced" version of the receiver/decoder circuit 140 can be created in order for content providers to provide sample content (e.g., for a defined period of time to limit playback to the device that originally downloaded the content) . Each of the described "enhanced" receiver/decoder circuits (used primarily in personal computers) contains a unique identification number and an additional Function. A sample file can contain the following information (within its encrypted header segment):

The identification number of the enhanced receiver/decoder circuit for downloading, which is sent by the receiver/decoder circuit to the website of the key provider when purchasing the content;

an hour stamp (i.e. the hour at which the content in question was downloaded); and

·Valid hours (that is, the number of hours that the content remains valid, such as permanent, 1 hour, 24 hours, 48 hours, etc.).

The above information is used by the "enhanced" receiver/decoder circuitry during playback to determine if the content file has "expired" or attempted to be uploaded on an unauthorized device (i.e., any device other than the device that originally downloaded the content) play on .

The functionality enables content reseller sites to publish limited-use samples using an associated tiered pricing model.

Referring generally to Figure 7, the present invention can be extended to store purchased content. To incorporate store-bought content into the present invention, traditional store-bought content is modified in two ways. First, the content is published in a copy-protected format (eg, using any effective copy-protection technology). The second way is that the content contains a unique content serial number. The content serial number is either included directly in the digital content, or as a physical tag. Each content serial number is assigned by the content distributor during production and stored in the key provider's database. The database is later used to verify that each content serial number is unique and can only be used a defined number of times. For customers, a content serial number on their newly purchased content in the store represents a free or fixed price download of a key-protected version of said content. Said key-protected copy provides the customer with exactly the same advantages and degrees of freedom as any other key-protected content. From the customer's perspective, the download process is identical to any other standard key-protected content download, except for how payment is handled. "Payment" is the content serial number. By providing all the benefits of the present invention to traditional store-bought content consumers (by way of "content serial number download"), this solution provides the industry's first complete DRM solution. Referring to Figure 7 for details, the core acquisition options for implementing store-bought digital content 122 (see Figure 5) are described below. In step 160, the receiver/decoder circuit 170 retrieves the account number from the customer's physical key (transponder) over a secure RF link, and the customer's personal computer 174 reads the content serial number from the store purchased content 122 . Store purchased content 122 includes a content serial number that uniquely identifies the content. The format of the content serial number may be, for example, PPPP.FFF.0123456789, where PPPP is the provider's identification number, FFF is the factory identification number, and the number represents the serial number. Store purchased content 122 uses a copy protection scheme such as Macrovision ^™ , key2audio ^™ or SafeAudio ^™ . The disk "copy flag" (specified in the SDMI standard) can also be set to further disable copying operations.

In step 161, the customer enters data such as a password and purchased goods through his personal computer 174 . The Content Serial Number read earlier specifies that the payment method is a "Content Serial Number Credit" (i.e., no payment is required for this download because the Content Serial Number confirms that the ongoing download is content that the customer has legitimately purchased) . The data is transmitted from the customer's personal computer 174 to the content distributor's website 176 . In step 162, the reseller's website 176 transmits the content serial number, account number and password to a key provider's website 178. In step 163, the key provider's website 178 verifies all data against its databases 180 and 182, and if the data is authentic, returns items such as account number, user tag, software key, etc. to the dealer's website 176 and a paid flag indicating that the content serial number has been verified. The key provider's website 178 now sets the paid flag to disable any further downloads and records the account number field in the content serial number database for verification purposes. If the data is invalid, the key provider's website 178 sends a message to the dealer's website 176 indicating that the data is invalid. A counter for accounting purposes of the key provider will be incremented. Each entry in the content serial number database 182 may contain the following data fields: CDC number, paid token, and account number. In step 164, the dealer's website 176 pulls the content file from its database 184, encrypts the content file using the software key it received in step 163, and creates a final key key protection file, the final key protection file is then transferred to the customer's personal computer 174. Typically, no charge is assessed because the content serial number acts as "payment" for the download. In step 165, the key provider's website 178 periodically generates an invoice 186 and sends it to the content distributor.

Referring generally to Figure 8, the present invention can be extended to broadcast content. To fully integrate broadcast content into the present invention, only minimal modifications to conventional broadcast content are required. The modification is that the broadcast content is transmitted in a copy-protected format such as the DVD standard known as Content Disruption System (CSS). The rest of the program is described below. A key-activated recording device with a unique identifier is used to receive copy-protected broadcast content. If only the broadcast content needs to be played back, basic decoding (such as CSS) is performed and the broadcast content is forwarded for playback. However, if the customer wishes to record the broadcast content, the recording device will perform additional steps before forwarding the broadcast content for playback. The recording device connects to the key provider's website to authenticate the recording device, internal identifier, and the customer's physical key. If both are valid, the recording device converts the broadcast content into a key-protected format by encoding the broadcast content with the customer's activation code, and then converts the key-protected content file (internally permanently Embed identifiers) are stored for later use. The end result is that key-protected broadcast content provides the owner of the associated physical key with all the degrees of freedom and advantages of the present invention. Although the content is originally broadcast, it cannot be copied or distributed illegally. The invention can be applied to on-demand services as well as standard broadcast material.

Referring to Figure 8 for details, the process of implementing the core acquisition option for broadcast digital content 124 (see Figure 5) is described below. In step 180, receiver/converter/recorder 190 receives digital broadcast content in a copy-protected format from a source 192 (eg, satellite, cable, Internet, or over the air). The broadcast content may be copy protected using copy protection techniques such as the Enhanced CSS scheme. If the customer wishes to just play (not record) the broadcast content, basic decoding (eg, CSS decoding) is performed and the broadcast content is played back through the presentation device 194 . The remaining steps described below can be skipped.

However, if the customer wishes to record the broadcast content, the following additional steps should be performed prior to forwarding the broadcast content for playback. In step 181, the receiver/converter/recorder 190 retrieves the account number from the customer's physical key (transponder) over a secure RF link. In step 182 the receiver/converter/logger 190 transmits the account number and its logger serial number to the key provider's website 198 . Each device 190 includes a recorder serial number that uniquely identifies the device. The format of the recorder serial number may be, for example, MMMM.FFF.0123456789, where MMMM is the manufacturer identification number, FFF is the factory identification number, and the numbers represent the serial number. In step 183, the key provider's website 198 verifies the data against its databases 200 and 202 and returns an "agree" or "deny" response. A counter for accounting purposes of the key provider will be incremented. In step 184, if a "decline" response is received, the broadcast content cannot be recorded. If an "Agree" response is received, the receiver/converter/recorder 190 converts the decoded content into a key-protected format by encoding the decoded content using the customer's activation code, and converts the key-protected content (internal permanent permanently embedded in the recorder identifier) to a storage device (optionally an external device). The broadcast content can now be copied to or played back on any key-enabled playback device. In step 185, the key provider's website 198 periodically generates an invoice 199 and sends it to the content distributor. While providing excellent conventional security and protection, steps 182 and 183 are not mandatory for manipulating broadcast content in the present invention. For cost purposes, it may be necessary to produce a receiver/converter/recorder 190 that cannot communicate with the key provider's website 198 .

Referring generally to Figures 9a and 9b, after the customer has acquired the key-protected digital content and produced copies for playback on various devices (such as portable CD players, personal computers, home theaters, etc.), it is now ready to use the digital content. Key-protected content is played back as follows. The key-enabled playback device transparently reads information from the customer's physical key and the content file that the customer has requested to be played. The pieces of information are then compared to verify that the physical key "matches" the content to be played. If the components match, the device starts playing the content. If the components do not match, the device will not play the content and, depending on the capabilities of the device, an "invalid content" message may be displayed. From the customer's point of view, the process is completely transparent, easy and non-intrusive when used for legally acquired content. Customers are free to use their content on any key-enabled playback device, with the only restriction being that the content can only be played with the associated physical key. As previously described, the present invention gives consumers unprecedented freedom and convenience to use legally purchased content while still protecting the copyright of the content provider.

Referring to Figures 9a and 9b for details, the process of implementing the core playback option of the standalone device 126 (see Figure 5) is described below. In step 210 , the customer plays back the key-protected content file through the playback device 220 . The playback device 220 can be, for example, a customer's personal computer with an integrated optical disc reader/player (FIG. 9a) or a stereo amplifier (FIG. 9b). In step 211 , receiver/decoder circuit 222 searches for physical key (transponder) 224 . The circuit 222 can be a separate component from the playback device 220 (as shown in FIG. 9a ), or integrated into the playback device 220 (as shown in FIG. 9b ). If the physical key is not found, the playback device 220 displays an "invalid content" message. If the physical key is found, the receiver/decoder circuit 222 retrieves all available information from the physical key 224 over a secure RF link. In step 212, the physical key 224 is compared to the user tag in the key-protected content file. If the user tags do not match, playback device 220 displays an "invalid" message. If the user tags match, the receiver/decoder circuit 222 retrieves the software key from the physical key 224 via a secure RF link between the physical key 224 and the playback device 220, and begins to key protect the encrypted portion of the file to decrypt. When the account number is decrypted, it is matched against the account number retrieved from the physical key 224 . If the account numbers do not match, the playback device 220 displays an "Invalid Content" message. If the account numbers do not match, the playback device 220 uses the software key to decrypt the remaining data of the key-protected file for playback. The user label and account number in the physical key are used as the first activation code, and the user label and account number in the content file are used as the second activation code. These activation codes must match (or have some other pre-specified association) in order for playback to continue.

Referring generally to Figure 10, although stand-alone playback devices (e.g., CD players, personal computers, DVD players, etc.) are standard devices in use today, the combination of such devices with the Internet will result in a centralized digital distribution system that rapidly increased environment. The security of content in this environment is critical but challenging, and difficult to achieve without imposing significant restrictions. The present invention can provide security to a centralized digital distribution system, and can also provide a number of important improvements that can greatly enhance the convenience and usability of said system. The improvements include integrating the physical key into a portable hand-held computer, which doubles as a system remote. In addition to controlling all networked components, the remote machine is used for tasks such as purchasing content from the Internet, tracking user movements throughout the facility to provide automatic "content following" (i.e., content playback follows all user). The centralized nature of the digital content distribution system means that only one storage device is required to maintain a customer's entire library of digital content (eg, music, movies, software, e-books, etc.) and make that content available to any networked playback device.

See Figure 10 for details, which shows a centralized digital content distribution system for implementing the core playback options of networked devices 128 (see Figure 5). The system is used within an institution, such as a residential or recreational facility. The system includes a digital content server 310 , a plurality of remote clients 314 and a portable remote control 316 . The digital content server 310 stores digital content obtained from a source 318 such as satellite, cable, Internet, or over the air. Additionally, digital content server 310 may store digital content uploaded from standard components 324 . Multiple remote client machines 314 are located in different rooms of the facility and are connected to the digital content server 310 through a distribution hub 312 or switch. The remote client 314 is connected to the hub 312 through the backbone transmission network 315, the backbone transmission network 315 can be a wireless network or use a fiber optic cable, a coaxial cable or a twisted pair cable to connect, such as Ethernet, Wi-Fi, Arcnet or ATM ( Asynchronous transfer mode) networking protocol, a communication protocol such as TCP/IP may be used. Each remote client 314 includes a network interface card (NIC) for connecting to a backbone transport network 315 .

Remote control 316 is adapted to communicate with each remote client 314 and to select digital content stored in digital content server 310 . Remote control 316 is essentially a personal digital assistant (ie, a hand-held computer), including a display and added remote control circuitry. The display may, for example, be a liquid crystal display (LCD). The added remote control circuits include "system remote" circuits and "universal remote" circuits.

The "system remote" circuitry within remote control 316 is used to establish a first wireless transmission link 320 with each remote client 314 . The first wireless transmission link 320 can be a secure radio link (RF) or an infrared link (IR) as shown in the figure. When establishing the first wireless transmission link 320 with the remote client machine 314, the remote control 316 acts as a system remote machine, and the system remote machine can: (1) display, scan and select digital content provided on the digital content server 310 and downloading selected digital content from the digital content server 310 to the linked remote client; and (2) controlling the digital content server 310 to acquire or download the digital content from a source such as satellite, cable, Internet or air. As used herein, the term "download" or similar variations of said term (e.g., downloaded, downloading, etc.) is intended to refer to the transfer of content from a device to a receiving device, whether or not said content is stored on said receiving device, Or just "stream" to the receiving device for instant playback. Remote control 316 preferably includes a display for displaying digital content. The display may, for example, be a liquid crystal display (LCD). As the user moves from one room of the facility to another with the remote control 316, the remote control 316 continuously establishes a wireless transmission link 320 with the remote client 314 in each room. In this way, the digital content available on the digital content server 310 follows the user as he moves from room to room.

In the preferred embodiment, the first wireless transmission link 320 is a secure wireless link established with each remote client 314 through a matching transceiver in the remote control 316 . The matching transceiver is preferably a small, cheap Bluetooth ^TM wireless chip. The Bluetooth ^TM wireless chip operates in the 2.4GHz ISM band that does not need to apply for a license, by jumping to a new frequencies to avoid interference from other signals. The wireless chip is integrated into each remote control 316 and each remote client 314, allowing the devices to communicate using radio waves over short distances and through obstacles. Remote control signals may be transmitted between the remote control 316 and each remote client 314 using wireless technologies other than Bluetooth, such as Wi-Fi.

"Universal Remote" circuitry within remote control 316 is used to establish a second wireless transmission link 322 with a standard component 324 connected to remote client 314 . The second wireless transmission link 322 is preferably an infrared link (IR) as shown. When establishing the second wireless transmission link 322 with the standard component 324 , the remote control 316 serves as a universal remote control capable of operating the standard component 324 . Standard components 324 may be, for example, audio receivers (stereo amplifiers), audio-visual receivers, video monitors (televisions), and the like. Standard component 324 may be physically separate from, but linked to, associated remote client 314, or may be physically integrated within associated remote client 314, as integrated appliance 324c.

Digital content stored on the content server 310 may be in the format of compact disc (CD), digital video disc (DVD), MP3, e-book, software, and the like. When the remote control 316 is linked to a remote client 314, the user can scan and select standard audio files that will be downloaded from the digital content server 310 to the remote client 314 and converted by the remote client 314 to be played on the associated standard component 324. Play digital content in formats such as analog. The selected digital content is downloaded from digital content server 310 to remote client 314 as raw digital data packages. The remote client 314 in turn converts the downloaded digital content to a standard component output that is compatible with the standard component 324 connected to the remote client 314, and the standard component 324 plays the digital content. Ports may, for example, include bright color split video ports, remote control adapter jacks, serial ports, Universal Serial Bus, Internet, Wi-Fi, Firewire ^™ , Bluetooth, radio frequency, or other similar outputs. Standard components 324 contain or are connected to: audio speakers for broadcasting any audio signals received from remote clients 314; and video monitors for displaying any video signals received from remote clients 314. All content is digitally stored on the digital content server 310 and secured with a key after being obtained through the download or broadcast acquisition options shown in FIGS. 6 and 8 . If the digital content is protected using a key, plurality of remote clients 314 includes decryption circuitry (ie, receiver/decoder circuitry) for unlocking the digital content. Digital content selected for download from digital content server 310 to remote client 314 preferably remains encrypted until converted within remote client 314 to standard component output. Remote client 314 acts as a translator between key-protected digital content from digital content server 310 and standard component output. To decrypt selected digital content, remote control 316 contains a physical key originally obtained from a key provider in accordance with the present invention. The digital content is initially obtained from a content provider 326, which signs the digital content with an activation code associated with the physical key. Decryption circuitry within remote client 314 receives the activation code from remote control 316 via wireless transmission link 320 and is activated to unlock the digital content and convert it to a playable format (if the activation code within remote control 316 matches the associated with the activation code within the digital content). If the activation code in the remote control 316 is not associated with the activation code in the digital content, the remote client will not unlock and convert the digital content.

In another embodiment, the remote client 314 is eliminated and the modular assembly 324 is directly linked to the modular assembly output of the distribution hub 312 through the backbone transmission network 315 . In this case, distribution hub 312 acts as a switch, and digital content server 310 contains decryption circuitry for unlocking the digital content. When the digital content is decrypted, it is converted to a playable format and delivered to distribution switch 312 for provision to appropriate standard components 324 . Decryption circuitry within the digital content server 310 receives the activation code from the remote control 316 and is enabled to unlock the digital content and only if the activation code within the remote control 316 is associated with the activation code within the digital content Convert it to a playable format. The digital content may be downloaded (or "streamed") in its encrypted format to a storage device (eg, media recorder 324a or computer hard drive 324b) for storage, rather than decrypting the digital content for playback. When the user finally needs to play the stored digital content on the media player, the media player must contain a decryption circuit for unlocking the digital content. After unlocking the digital content, the media player converts the unlocked digital content into a playable format for playing. Decryption circuitry within the media player receives the activation code from the remote control 316 or a physical key with the same activation code. Only when the activation code in the remote control 316 or physical key is associated with the activation code in the digital content is the media player activated to unlock the digital content and convert it to a playable format.

In addition to downloading selected digital content from digital content server 310 to remote client 314, data from component 324 (such as MP3, CD, DVD, software, etc.) can also be uploaded to and digitally stored on digital content server 310 . This facilitates storage of legacy content on the digital content server 310 .

Referring generally to FIG. 11 , a digital content security system and method prevents unauthorized use of a computer and prevents improper access, copying and/or distribution of digital content stored on a computer. The basic components of a Personal Digital Key Digital Content Security System (PDK-DCSS) are: (1) a standard hard disk drive device 330 with a PDK receiver/decoder circuit (PDK-RDC) 332 integrated in a controller 334; and (2) PDK key 336 related to the above PDK-RDC. A standard computer hard drive 330 includes an integrated PDK-RDC 332, enabling multiple methods for protecting digital content. Hard drive 330 includes a PDK-RDC 332, referred to herein as a PDK hard drive. Although the PDK-DCSS diagram shows that the PDK-RDC 332 is integrated in the hard drive's controller 334, all of the OS layer protections described below can be implemented using an external PDK-RDC. PDK hard drive 330 is similar to any standard, currently available hard drive, with the exception of PDK-RDC 332 (which is integrated into the drive's controller circuit 334). The PDK-RDC 332 is an integrated circuit capable of processing PDK key information and encrypting/decrypting PDK-compliant digital content. In addition, the circuit 332 can protect the hard disk drive 330 itself. This is accomplished by circuitry 332 by enabling or disabling the hard drive's controller 334 depending on the presence or absence of an associated PDK key 336 (uniquely and permanently associated with the PDK hard drive 330). Each PDK hard drive 330 is typically delivered with its own PDK key 336 .

Secure RF communications between the Secure RF communications PDK key 336 and its associated hard drive 330 in the same manner as described above. It should be noted that the software driver can optionally be designed to allow dynamic key distribution (distribution of keys after purchase to initiate key exchange, or distribution of a single key to multiple devices).

Two types of protection are provided using PDK keys and RDC technology:

1) Hard Drive Access Control - In this case, the entire drive 330 is either fully accessible (unlocked) or completely inaccessible (locked), and/or individual data areas or clusters of data areas are selectively encrypted/decrypted , depending on whether the particular PDK key 336 associated with (or shipped with) the drive 330 is within range. Such protection can be done transparently by the operating system (OS) responsible for managing the drive.

2) Operating System Layer Independent File Protection - In this case, the driver's RDC 332 works independently of the driver 330 to protect individual files (usually copyrighted material) from illegal copying. In this role, the RDC 332 can manipulate any PDK key 336 (not just the PDK key 336 delivered with the hard drive 330) and any PDK-compliant file (which does not necessarily have to be stored on the hard drive 330 or associated with hard drive 330). Such protection requires an operating system layer software driver to run under the operating system responsible for managing the driver. By using the two types of protection in different ways, four layers of unique content protection are possible. Two of the protection layers (driver layer and sector layer) do not require external software support, while the remaining two layers (file layer and network layer) require software drivers and separate applications for network layer implementation. Each of the four layers is defined as follows.

Referring to Figures 12 and 13 for drive layer protection, when the drive layer protection is implemented, the PDK hard drive 330 will only work if the associated PDK key 336 is within range. Whenever the PDK key 336 is not present, the drive's controller 334 is disabled. The contents of files stored on drive 330 are not encrypted. The drive layer protection function is designed so that, whenever the associated PDK key 336 does not exist (i.e., when the owner of the hard drive is away from the computer temporarily, if the computer is stolen, etc.), Access to the PDK hard drive 330 is locked to protect the owner of the hard drive.

See Figures 12 and 13 for sector level protection, when the protection is enabled, each sector (or cluster of sectors) read or written is encrypted by the RDC 332 using the drive's associated PDK key 336 /decrypt. Since the encryption is done at the sector level rather than the file level, the encoding can be done without any changes, involvement or confirmation from the operating system responsible for managing the drive. The sector level protection feature is designed to further protect the hard drive owner (drive layer protection). The security advantage is that if drive access fails in some way, the contents of the files on the drive are still protected. It should be noted that if the user retrieves the file from the drive and specifically sends it (via email, memory stick, etc.) to any other location, the number will no longer be protected. Drive-level protection and sector-level protection can be used separately or in combination. Additionally, as noted above, it should be appreciated that sector level protection may be applied to individual data regions or clusters of data regions. Figure 13 shows the logic executed by the RDC 332 to implement drive-level protection and sector-level protection. The logic ensures that operating system layer commands (save entire file, read entire file, etc.) are given long enough time to complete. This makes it possible to implement logic without requiring operating system modifications, involvement, or validation.

Referring to the file layer protection shown in FIG. 14, when implemented as an operating system layer software driver utilizing the PDK-RDC 332 integrated in the PDK hard drive 330, the file layer protection provides standard PDK digital rights management services and functions. The driver instructs the RDC332 to obtain PDK key information as needed, verify that the key matches the file, and use the key information to perform physical encryption/decryption of the file (as a whole, not at the sector level). In the illustrated example, file ABC 338 (which may reside on any storage device, in memory, etc.) is compared to any PDK keys 336 within the scope of PDK-RDC 332. If the two match, the PDK-RDC 332 decrypts the file 338 for any playback mechanism that made the request. Any PDK key 336 may be used, not just the key 336 associated with the PDK hard drive 330 . When using the PDK-RDC 332 for file layer protection (and network layer protection as described below), the PDK-RDC 332 works independently of the hard drive 330 on which it resides. While the PDK-compliant files encrypted or decrypted by the PDK-RDC 332 may reside on the resident hard drive 330 and may be associated with the drive's PDK key 336, this need not be the case. PDK-RDC 332 is capable of manipulating other PDK keys and files residing on other media. When used in this manner, the PDK-RDC 332 can be viewed as if it happens to reside within the hard drive 330 at the same time. For file layer and network layer protection, RDC 332 can be implemented as a separate circuit board (not integrated in hard drive 330), and still provide the same function.

The main purpose of file-level protection is to prevent private or copyrighted material from being illegally copied and distributed. File-level protection makes it possible to easily and securely generate backups (designed only for use by the holder of the associated key) since any backup conforming to a PDK file can only be accessed if the associated PDK key exists. In addition to distributing copyrighted content such as music and movies as described above, software developers can also distribute their software via the Internet with the same ease of operation and security. Software distributed in this way enables unrestricted copying by legitimate recipients (e.g. for backup purposes, use on a home computer, etc.), however, backups will only work if the associated key is present to prevent unauthorized backups were illegally distributed and used.

The file layer protection feature is designed to protect publishers of private or copyrighted material. Users are able to protect any file by converting it to a PDK compliant format; however, the security of the document file may be compromised by key holders who do not wish to preserve the integrity of the file. Because, although a Microsoft Word file (as an example) can be stored using a PDK-compliant protected format, when said file is opened, the contents can be cut and pasted into another application (e.g., an email program ), thereby rendering the protection ineffective. Therefore, the use of file-level protection for documents is only suitable for delegated recipients (individuals who wish to protect the content they own). However, non-document files are not subject to the above restrictions.

Referring to network layer protection in FIG. 15, file layer protection can be extended to network environments by employing a centralized software application/database called PDK Document Controller (DC) running on server 342. DC 340 can create groups 342 that list which PDK keys 344 are allowed to access files in specific directories. All files stored in directories controlled by the DC 340 are automatically encrypted using the DC administrator's PDK key, thereby becoming PDK-compliant files. The process puts all files stored in DC 340 into a unified encrypted format.

Each request made by a user for a file residing in a directory listed in DC group 342 will result in the following steps. The RDC located in the requester's workstation 346 obtains information from the user's PDK key 344 and transmits the information to the DC 340. The DC then enables the appropriate access, as defined in the DC group database information. Specifically, DC 340 locates the requestor's PDK key 344 in the appropriate set of tables. If DC 340 determines that PDK key 344 is listed in group 342 and group 342 also lists the directory containing the file the user wishes to access, then DC 340 knows a valid PDK key 344 was used in the file request And authorized access. The requested file is first decrypted using the administrator's PDK key, rekeyed using the requester's key 344, and then downloaded to the user's workstation 346. When using the PDK to download digital media files from the Internet, the same process as previously described is used.

The network layer protection features are designed to protect publishers of private or copyrighted material. Users are able to protect any file by converting it to a PDK compliant format; however, the security of the document file may be compromised by key holders who do not wish to preserve the integrity of the file. Because, although a Microsoft Word file (as an example) can be stored using a PDK-compliant protected format, when said file is opened, the contents can be cut and pasted into another application (e.g., an email program ), thereby rendering the protection ineffective. Therefore, the use of file-level protection for documents is only suitable for delegated recipients (individuals who wish to protect the content they own). However, non-document files are not subject to the above restrictions. The system may be well suited for establishing a centralized database of secure documents intended for release to delegated recipients, such as personnel within a law firm or medical institution.

While the invention has been described with reference to one or more particular embodiments, those skilled in the art will recognize that various modifications can be made therein without departing from the spirit and scope of the invention. Many improvements and variations can be implemented/utilized that would effectively broaden the scope and utility of the described PDK technology. The improvements and other embodiments are summarized below.

Integrate RDC into other storage devices. This embodiment involves integrating the RDC into other storage mechanisms than basic hard drives. Such storage mechanisms include purely RAM/ROM based storage mechanisms contained/used within the following devices: PDAs, cell phones, printers, copiers, fax machines, scanners, MP3 players , GPS systems, digital cameras, computer motherboards and DVR players, and portable storage devices such as memory sticks, secure digital memory cards or any similar product, in which case the RDC is either mounted directly on said device or integrated to the device in which the memory card/memory stick is inserted.

When RDC is used in this way, file-level and network-level security functions in the same way as previously described for PDK hard drives. Drive-level and sector-level security functions in the same way as the logic of a hard drive, but the physical implementation changes to control the bus structure used to provide the communication path between the storage mechanism and its hosting device. For PDK hard drives, the storage mechanism is enabled/disabled by interrupting the communication path, signaling the storage mechanism as "ready" or "busy" to the hosting device, effectively enabling/disabling the device itself. To save battery, an RDC used in this way can only check for the existence of the associated PDK key periodically (rather than every read or write procedure). Similar to PDK hard drives, sector-level security can optionally be used to encrypt/decrypt data transmitted over the bus before writing and after reading to provide PDK's standard sector-level data encoding capabilities.

The security features of the PDK provide the same convenient, non-intrusive, wireless security mechanisms for the above-mentioned devices as when used in PDK hard drives. The security mechanism can protect any data stored on the device in case it has been stolen, left unattended, or even deliberately "forbidden" to prevent access to sensitive content (i.e., prevent minors accessing adult files, websites, etc.). Without the associated PDK key, the device and its storage mechanism are locked and disabled.

Dynamic PDK Key Management By utilizing dynamic PDK key management, users can assign PDK keys to RDCs (either integrated within the PDK hard drive or some other managed device, or implemented separately) (rather than at the point of production the allocation). The functionality is implemented by including the required logic in the RDC's internal firmware (rather than using an external software driver to provide the functionality).

Using this feature, the user can optionally assign any PDK key as the master key for the RDC (the first key assigned to the device). Then, using the master key (to prove the initial "owner's" verification of the program), the user can assign a secondary key to (or remove from) the PDK device. The basic benefits of the described features include:

o Individuals who have the key can create a backup key (stored for later retrieval in case the master key is lost) enabling other users (those who have the secondary key) to also access their RDK installation.

o Optionally ship the PDK-RDC (in any configuration, hosted device, etc.) without any PDK keys. And make the device (such as PDK hard disk drive) containing the above-mentioned RDC optionally work under the condition that all or part of the PDK technology is never activated or utilized. For example, users can choose not to enable drive-level and sector-level security features, but still use file-level and network-level security features.

o Give users the option to purchase an associated PDK key at a later date, or importantly, distribute one of their already used PDK keys to another PDK-based device. This enables users to use a single PDK key to provide access to all of their PDK-based devices.

The built-in (firmware based) PDK key configuration/management functionality greatly enhances the overall flexibility and ease of setup/use of the PDK.

Independent RDC configuration. While there are many advantages to integrating an RDC within a hard drive, the RDC can also exist independently of the hard drive mechanism. In this configuration (as defined above), the RDC physical circuit can exist in the form of a PC card, a PC expansion board that plugs into a standard PC expansion slot, a USB plug-in board, or any other similar design capable of interfacing with a hosting device.

When used in this way, RDC provides all of the aforementioned functionality in addition to basic hard drive access control.

The buffer is flushed and notified to the software driver. This improvement involves using a simple software device driver to recognize when a PDK key is out of range (by "watching" messages from the RDC) and when this is detected to flush (drain) the host system's "read" buffer (effectively clearing any data the system may have cached in internal memory to speed up data access) and display a simple message indicating that the PDK key is within/out of range. The optional mechanism can be used on any RDC configuration and on any PDK protection device.

Each of the above-described embodiments and obvious variations thereof are encompassed within the spirit and scope of the claims set forth in the following claims.

Claims (55)

1, a kind of system, it is used for starting the automatic checking of described personal digital key and being used for starting linking of described personal digital key and account based on described automatic checking based on the degree of approach of personal digital key, wherein said personal digital key can be associated with personnel, and described system comprises:

Personal digital key, it can be associated with personnel, and described personal digital key comprises its unique encrypted digital data, and its degree of approach based on described personal digital key and account's link system starts checking automatically; And

Account's link system based on the automatic checking of described personal digital key, described account's link system comprises the receiver/decoder circuit, when described personal digital key during near described receiver/decoder circuit, described account's link system can be verified described personal digital key automatically, and described thus personal digital key can be linked to the account and is associated with described account.

2, system according to claim 1, wherein said personal digital key and described receiver/decoder circuit can be verified each other.

3, system according to claim 1, wherein said personal digital key comprises the permanent safe unique identifier that can not be modified, upgrade or handle.

4, system according to claim 1, wherein said personal digital key arrives described receiver/decoder circuit with described unique encrypted digital data by safe transmission of radio links.

5, system according to claim 1, the described unique encrypted digital data in the wherein said personal digital key comprises the unique individual's digital cipher identifier that can not change.

6, system according to claim 1, wherein said receiver/decoder circuit comprises the unique identifier that can not change.

7, system according to claim 1, wherein said receiver/decoder circuit can detect, verify described personal digital key and communicate by letter safely with described personal digital key.

8, system according to claim 1, wherein said receiver/decoder circuit further can carry out encryption and decryption to content.

9, system according to claim 1 comprises data in the wherein said linked accounts, and described receiver/decoder circuit can be based on the data in the described linked accounts of automatic authentication-access of described personal digital key.

10, system according to claim 1, wherein said personal digital key can be regulated with the scope that starts account's link as required near described receiver/decoder circuit.

11, system according to claim 1, wherein said personal digital key comprises internal electric source.

12, system according to claim 1, wherein said system can provide one or more customize services for described linked accounts.

13, system according to claim 1, wherein said linked accounts is positioned near described receiver/decoder circuit place and being unlocked when it is verified at described personal digital key, and described linked accounts is shifted when keeping off described receiver/decoder circuit place by locking at described personal digital key.

14, system according to claim 2, wherein said personal digital key and described reader/decoder circuit comprise embedded enquirement-answer logic and cryptographic algorithm, to be used to starting described personal digital key and described receiver/decoder circuit is original, non-checking through authorization device of duplicating.

15, system according to claim 6, it further comprises slot machine or similar devices, and can be downloaded to the recreation of described slot machine, described slot machine comprises described receiver/decoder circuit, described linked accounts can by described system follow the tracks of about the recreation preference, and based on described recreation preference and the unique identifier that can not change by described receiver/decoder circuit, described system can encrypt described recreation and it be downloaded on the described slot machine.

16, system according to claim 8, wherein said receiver/decoder circuit can parallel detection, checking is many manyly communicates by letter personal digital key safely personal digital key and with described.

17, system according to claim 8; wherein said system comprises network; described network comprises server and device; each device comprises reader/decoder circuit; and wherein transaction data can be by network at described server and have between the described device of its relative recording device/demoder and flow; and the reader/decoder circuit in the described device can the described transaction data of encryption and decryption, thereby protects described transaction data.

18, system according to claim 12, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the gambling house property provides.

19, system according to claim 12, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the hotel property provides.

20, system according to claim 15, wherein said receiver/decoder circuit comprises the unique identifier that can not change, described system further comprises game server, described game server comprises the recreation that described game server can be encrypted, and the recreation that the receiver/decoder circuit in the wherein said slot machine can accept to have used the unique identifier of described reader/decoder circuit to encrypt as encryption key from described game server, and wherein said receiver/decoder circuit can be decrypted to play on described slot machine described recreation.

21, system according to claim 17, described receiver/decoder circuit in the wherein said slot machine can be encrypted the transaction data that is sent to described slot machine, and can be decrypted described transaction data when the approaching described slot machine of described personal digital key.

22, system according to claim 18, wherein said gambling house property customize services comprise the quantity of following the tracks of the personal digital key that approaches the receiver/decoder circuit.

23, a kind of degree of approach based on personal digital key starts the automatic checking of described personal digital key and is used for combining with the system that comprises personal digital key and described personal digital key is linked to account's method based on described automatic checking, wherein said personal digital key can be associated with personnel, and described system comprises the personal digital key that can be associated with personnel and based on account's link system of the automatic checking of described personal digital key, described personal digital key comprises the encrypted digital data that it is unique, and it approaches account's link system and starts automatic checking based on described personal digital key, described account's link system comprises the receiver/decoder circuit, described receiver/decoder circuit can be verified described personal digital key automatically when described personal digital key approaches described receiver/decoder circuit, and described thus personal digital key can be linked to the account and be associated with described account, and wherein said method comprises:

Locate near the described personal digital key of described receiver/decoder circuit;

When described personal digital key during, verify described personal digital key automatically near described receiver/decoder circuit; And

In case after verifying described personal digital key automatically, make described personal digital key can be linked to the account and be associated with described account.

24, method according to claim 23, wherein said personal digital key and described receiver/decoder circuit can verify each other, and the automatic checking in the wherein said method further comprises by the described personal digital key of described receiver/decoder Circuit verification and verifies described receiver/decoder circuit by described personal digital key.

25, method according to claim 23, wherein said personal digital key comprise the permanent safe unique identifier that can not be modified, upgrade or handle, and wherein said method further comprises described permanent safe unique identifier is provided.

26, method according to claim 23, wherein said personal digital key is transferred to described receiver/decoder circuit by the Radio Link of safety with described unique encrypted digital data, and described unique encrypted digital data that wherein said method further comprises described personal digital key is wirelessly linked to described receiver/decoder circuit safely.

27, method according to claim 23, described unique encrypted digital data in the wherein said personal digital key comprises the unique individual's digital cipher identifier that can not change, and the automatic checking in the wherein said method further comprises based on the described unique individual's digital cipher identifier that can not change in the described personal digital key and verifying automatically.

28, method according to claim 23, wherein said receiver/decoder circuit comprises the unique identifier that can not change, and the automatic checking in the wherein said method comprises that further the unique identifier that can not change is incorporated in the described receiver/decoder circuit.

29, method according to claim 23, wherein said receiver/decoder circuit can detect, verify described personal digital key and communicate by letter safely with described personal digital key, and the automatic checking in the wherein said method further comprises by described receiver/decoder electric circuit inspection, the described personal digital key of checking and with described personal digital key and communicating by letter safely.

30, method according to claim 23, wherein said receiver/decoder circuit further can the encryption and decryption contents, and wherein said method further comprises by described receiver/decoder circuit encryption and decryption content.

31, method according to claim 23, comprise data in the wherein said linked accounts, and described receiver/decoder circuit can be based on the data in the described linked accounts of automatic authentication-access of described personal digital key, in case and wherein said method further comprise and verify automatically behind the described personal digital key by described receiver/decoder circuit and visit data in the described linked accounts.

32, method according to claim 23, wherein said personal digital key can be regulated with the scope that starts account's link as required near described receiver/decoder circuit, and wherein said method further comprises and regulates described scope as required.

33, method according to claim 23, wherein said personal digital key comprises internal electric source, and wherein said method comprises that further the described internal electric source of use is to described personal digital key power supply.

34, method according to claim 23, wherein said system can provide one or more customize services for described linked accounts, and wherein said method further is included as described linked accounts one or more customize services are provided.

35, method according to claim 23, wherein said linked accounts is positioned at described personal digital key and is unlocked when approaching described receiver/decoder circuit place, and described linked accounts is positioned at when keeping off in described receiver/decoder circuit place by locking at described personal digital key, and wherein said method further is included in described personal digital key and is positioned at the described linked accounts of release when approaching described receiver/decoder circuit place; And be positioned at the described linked accounts of locking when keeping off in described receiver/decoder circuit place at described personal digital key.

36, method according to claim 23, wherein said personal digital key and described reader/decoder circuit comprise embedded enquirement-answer logic and cryptographic algorithm, with the checking that to be used to start described personal digital key and described receiver/decoder circuit be original, the non-authorization device that duplicates, and wherein said method further comprises the described personal digital key of checking and described receiver/decoder circuit is original, the non-authorization device that duplicates.

37, method according to claim 29, it further comprises slot machine or similar devices, and the recreation that can be downloaded to described slot machine, described slot machine comprises described receiver/decoder circuit, described linked accounts can be by the preference of system keeps track about recreation, and based on described recreation preference and the unique identifier that can not change by described receiver/decoder circuit, described system can encrypt described recreation and download to described slot machine, and wherein said method further comprises and makes described system described slot machine can be encrypted and be downloaded to described recreation.

38, method according to claim 30, wherein said receiver/decoder circuit can parallel detection, checking is many manyly communicates by letter personal digital key safely personal digital key and with described, and wherein said method further comprise make described receiver/decoder circuit can parallel detection, verify and manyly many personal digital key communicated by letter safely personal digital key and with described.

39; method according to claim 35; wherein said system comprises network; described network comprises server and device; each device includes the receiver/decoder circuit; and wherein transaction data can flow between described server and the described device that has its related receiver/decoder by network; and the receiver/decoder circuit in the described device can the described transaction data of encryption and decryption protecting described transaction data, and wherein said method further comprises by described receiver/decoder circuit described transaction data to be encrypted and protects described transaction data.

40, method according to claim 35, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the gambling house property provides, and wherein said method further is included as the gambling house property one or more customize services are provided.

41, method according to claim 34, wherein the described customize services that provides for described linked accounts is included as one or more customize services that the hotel property provides, and wherein said method further is included as the hotel property one or more customize services are provided.

42, method according to claim 36, wherein said receiver/decoder circuit comprises the unique identifier that can not change, described system further comprises game server, described game server comprises the recreation that described game server can be encrypted, and the recreation that the described receiver/decoder circuit in the wherein said slot machine can accept to have used the unique identifier of described receiver/decoder circuit to encrypt as encryption key from described game server, and wherein said receiver/decoder circuit can be decrypted playing on described slot machine described recreation, and wherein said method further comprises by described receiver/decoder circuit start the deciphering of described recreation to play on described slot machine.

43, method according to claim 34, described receiver/decoder circuit in the wherein said slot machine can be encrypted the described transaction data that is transferred to described slot machine, can described transaction data being decrypted when the described slot machine when described personal digital key, and wherein said method further comprises when the approaching described slot machine of described personal digital key described transaction data is decrypted.

44, according to the described method of claim 39, wherein said gambling house property customize services comprises follows the tracks of the quantity that is positioned at the personal digital key that approaches receiver/decoder circuit place, and wherein said method further comprises the quantity that tracking is positioned at the personal digital key that approaches receiver/decoder circuit place.

45, a kind of system, it comprises personal digital key and computer-readable media, after described personal digital key being verified by described reader/decoder circuit, can be by the described computer-readable media of described reader/decoder accesses.

46, according to the described system of claim 45, it further comprises the receiver/decoder circuit, and wherein said personal digital key is tangible object, can carry out radio communication with described receiver/decoder circuit.

47, according to the described system of claim 45, wherein said personal digital key is tangible object.

48, according to the described system of claim 46, it further comprises the computing machine that has computer hard disc driver, and wherein said receiver/decoder circuit is positioned at described computer hard disc driver.

49, according to the described system of claim 47, wherein said receiver/decoder circuit and described computing machine are integrated.

50, according to the described system of claim 47, wherein said computing machine further comprises the receiver/decoder circuit card.

51, according to the described system of claim 47, it further comprises database, and wherein said database comprises account identifier and personal digital key identifier.

52, according to the described system of claim 47, wherein the described unique identifier that is transferred to the receiver/decoder circuit of described computing machine by described personal digital key is verified by the personal digital key data that the receiver/decoder circuit utilization of described computing machine is stored in the described database.

53, a kind of method of protecting computer-readable media to exempt from unauthorized access, it comprises:

Provide tangible personal digital key to the user, wherein said personal digital key comprises can be by the unique identifying information of receiver/decoder circuit as key, make described receiver/decoder circuit described medium can be associated with described personal digital key, thus described medium of encryption and decryption as required; And,

If, then verified described user and the described personal digital key that is associated from described personal digital key information transmitted and the recognition data coupling that before provided or stored.

54, according to the described method of claim 53, wherein described recognition data is linked to credit card or other accounts, could use described account number so that have only when the described personal digital key that is associated exists.

55, according to the described method of claim 53, wherein said personal digital key is by the described unique information of transmission of radio links of safety.

Images