A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding t
A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.
대표청구항▼
1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization c
1. A rights-based system, comprising one or more computing hardware devices operating in a network, the one or more computing hardware devices being configured with computer program instructions to implement a plurality of rights-based system components including a mint component, an authorization component, a lockbox component, an escrow component, and a protected resource component; the mint component being configured to issue a plurality of vouchers, each voucher comprising a possession-based rights representation representing one or more corresponding rights, first vouchers of the plurality of vouchers each having encoded therein a refresh value and a sequence number, the refresh value being a pseudo-random value, a particular one of the first vouchers representing multiple different but related access rights for a corresponding resource, the mint component being configured to configure each of a first subset of the first vouchers to require submission of corresponding user credentials to enable redemption of the one or more corresponding rights, the mint component being further configured to configure each of a second subset of the first vouchers to enable redemption of the one or more corresponding rights by only a single holder but without requiring submission of corresponding user credentials, the mint component being further configured to configure second vouchers of the plurality of vouchers to enable redemption of the one or more corresponding rights by anyone having a copy of the second voucher and without requiring submission of corresponding credentials;the authorization component being configured to validate the vouchers and issue corresponding tokens, each of the tokens being configured to enable redemption of at least one of the one or more corresponding rights for the corresponding voucher;the lockbox component being configured to enable one or more users to manage corresponding collections of the vouchers, the lockbox component being further configured to submit the vouchers to the authorization component in response to user input from the one or more users, the user input representing attempts by the one or more users to redeem the rights corresponding to the vouchers, the lockbox component being further configured to transmit the tokens issued by the authorization component to the protected resource component;the escrow component being configured to coordinate trades of the vouchers according to rules specified by one or more entities involved in the trades;the protected resource component being configured to provide access to digital resources in response to presentation of corresponding ones of the tokens issued by the authorization component, and in accordance with the at least one of the one or more corresponding rights represented by each token;wherein the authorization component is configured to generate initial refresh values and provide the initial refresh values to the mint component to enable issuance of the first vouchers by the mint component, to store separate from the first vouchers the initial refresh values as most recent values for the first vouchers, to validate the first vouchers by matching the corresponding refresh values to the corresponding most recent values maintained by the authorization component as identified with reference to the corresponding sequence numbers, to determine that the user credentials submitted in conjunction with presentation of each of the first subset of first vouchers correspond to the first voucher being presented, to generate the tokens in response to validation of the corresponding first vouchers, and to transmit the tokens to the lockbox component, a first one of the tokens generated in response to validation of the particular one of the first vouchers that represent multiple access rights being configured to provide access to a subset of fewer than all of the multiple access rights, the authorization component being further configured to generate new refresh values for insertion in the corresponding first vouchers each time the first vouchers are redeemed, and to update the corresponding most recent values maintained by the authorization component to match the new refresh values encoded in the corresponding first vouchers each time the corresponding first vouchers are redeemed, the authorization component being further configured to increment the sequence numbers encoded in the first vouchers each time the corresponding first vouchers are redeemed. 2. The rights-based system of claim 1, wherein each of the system components has one or more network addresses associated therewith and is configured to communicate with one or more of the other system components using Hyper-Text Transfer Protocol (HTTP) requests and responses directed to the network addresses associated with the one or more other system components. 3. The rights-based system of claim 1, wherein at least some of the vouchers also include a signed component for verifying the validity of the corresponding voucher, the signed component not being modifiable. 4. The rights-based system of claim 1, wherein at least some of the vouchers are not transferable, the authorization component being further configured to authenticate owners of the at least some of the vouchers. 5. The rights-based system of claim 1, wherein at least some of the vouchers include strings of text representing descriptive information regarding the corresponding voucher. 6. The rights-based system of claim 1, wherein the mint component is further configured to generate new vouchers and to request initial refresh values for the new vouchers from another one of the system components. 7. The rights-based system of claim 6, wherein the mint component is configured to generate one or more of the new vouchers only after validation of an existing one of the vouchers. 8. The rights-based system of claim 6, wherein the mint component is further configured to generate voucher templates from which the new vouchers are generated. 9. The rights-based system of claim 1, wherein the escrow component is configured to execute secure trades of the vouchers. 10. The rights-based system of claim 1, wherein at least some of the vouchers are configured to control access to others of the vouchers. 11. A computer-implemented method, comprising: using one or more computing devices, issuing first, second, and third vouchers, each of the vouchers being a digital possession-based rights representation, the second and third vouchers each having encoded therein a corresponding refresh value and a corresponding sequence number, the refresh value being a pseudo-random value, the third voucher representing multiple different but related access rights for a corresponding digital resource, the first voucher being configured to enable redemption of a corresponding right by anyone having a copy of the first voucher and without requiring submission of corresponding user credentials, the second voucher being configured to enable redemption of a corresponding right by only a single holder but without requiring submission of corresponding user credentials, and the third voucher being configured to require submission of corresponding user credentials to enable redemption of the corresponding rights;using one or more computing devices, validating the first voucher;using the one or more computing devices, issuing a first token corresponding to the first voucher in response to validation of the first voucher, the first token being configured to enable redemption of the right corresponding to the first voucher;using the one or more computing devices, redeeming the right corresponding to the first voucher in response to presentation of the first token;using the one or more computing devices, validating the second voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the second voucher as identified with reference to the corresponding sequence number;using the one or more computing devices, issuing a second token corresponding to the second voucher in response to validation of the second voucher, the second token being configured to enable redemption of the right corresponding to the second voucher;using the one or more computing devices, generating a new refresh value for the second voucher;using the one or more computing devices, inserting the new refresh value in the second voucher;using the one or more computing devices, updating the most recent value for the second voucher to match the new refresh value for the second voucher;using the one or more computing devices, incrementing the sequence number encoded in the second voucher;using the one or more computing devices, redeeming the right corresponding to the second voucher in response to presentation of the second token;using the one or more computing devices, determining that the user credentials submitted in conjunction with presentation of the third voucher correspond to the third voucher;using the one or more computing devices, validating the third voucher by matching the corresponding refresh value to a corresponding most recent value stored separately from the third voucher as identified with reference to the corresponding sequence number;using the one or more computing devices, issuing a third token corresponding to the third voucher in response to validation of the third voucher, the third token being configured to enable access to the digital resource in accordance with a subset of fewer than all of the multiple access rights;using the one or more computing devices, generating a new refresh value for the third voucher;using the one or more computing devices, inserting the new refresh value in the third voucher;using the one or more computing devices, updating the most recent value for the third voucher to match the new refresh value for the third voucher;using the one or more computing devices, incrementing the sequence number encoded in the third voucher; andusing the one or more computing devices, providing access to the digital resource according to the subset of the multiple access rights in response to presentation of the third token. 12. The computer-implemented method of claim 11, wherein issuing the first, second, and third vouchers, validating the first, second, and third vouchers, issuing the first, second, and third tokens, generating the new refresh values, inserting the new refresh values in the second and third vouchers, updating the most recent values for the second and third vouchers, and incrementing the sequence numbers for the second and third vouchers are effected using Hyper-Text Transfer Protocol (HTTP) requests and responses directed to network addresses associated with the one or more computing devices. 13. The computer-implemented method of claim 11, wherein the first voucher includes a signed component for verifying the validity of the first voucher, the signed component not being modifiable. 14. The computer-implemented method of claim 11, wherein each of the first, second, and third vouchers includes a string of text representing descriptive information regarding the corresponding voucher. 15. The computer-implemented method of claim 11, further comprising generating a new voucher in response to validation of one of the first voucher, second voucher, or third voucher. 16. The computer-implemented method of claim 15, wherein the new voucher is generated using a voucher template. 17. The computer-implemented method of claim 11, further comprising executing a secure trade of the second voucher and a fourth voucher. 18. The computer-implemented method of claim 11, wherein one of the first voucher, second voucher, or third voucher is configured to control access to a fourth voucher. 19. The computer-implemented method of claim 11, further comprising enabling a user to manage a corresponding collections of vouchers including one of the first voucher, second voucher, or third voucher.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (89)
Laferriere,Leo; Chang,Sharon; Gudipati,Ravi Kumar; Mishra,Prateek, Access control for federated identities.
Rawat, Jai; Bhatia, Ajoy Kumar; Zissimopoulos, Vasileios Bill, Client-side form filler that populates form fields based on analyzing visible field labels and visible display format hints without previous examination or mapping of the form.
Steele,Nick; Hawkins,Stan; Maranville,Joe; Bradnan,Andrew, Consumer-controlled limited and constrained access to a centrally stored information account.
Lindsey James D. (Lubbock TX) Hutton Charles D. (Lubbock TX) Tubb Joe W. (Lubbock TX) Shipman Carol L. (Lubbock TX) Kyle ; III Albert S. (Lubbock TX), Goods database employing electronic title or documentary-type title.
Mellmer, Joseph Andrew; Young, Russell T.; Perkins, Arn D.; Robertson, John M.; Sabin, Jeffrey Neil; McDonald, Michael C.; Phillips, Douglas; Sheridan, Robert Michael; Nazeer, Nadeem Ahmad; Higley, DeeAnne Barker; Carter, Stephen R.; Earl, Douglas G.; Sonderegger, Kelly E.; Ferguson, Daniel T.; Brough, Farrell Lynn, Managing digital identity information.
Snyder J. Gary ; Brooks Peter P. ; Bliss Steven, Method and system for copy-tracking distributed software featuring tokens containing a key field and a usage field.
Shrader, Theodore Jack London; Nadalin, Anthony Joseph; Rich, Bruce Arland; Yarsa, Julianne, Method and system for presentation and manipulation of PKCS signed-data objects.
Roberts Neal ; Franklin Michael ; Runnels Charles ; Andrews James, Methods and investment instruments for performing tax-deferred real estate exchanges.
Shear, Victor H.; Van Wie, David M.; Weber, Robert P., Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Roever, Stefan; Collins, Kevin; Ding, Josh C.; Clark, Alex F.; Bruce, James, Methods of facilitating merchant transactions using a computerized system including a set of titles.
Roever, Stefan; Collins, Kevin; Ding, Josh C.; Clark, Alex F.; Bruce, James, Methods of facilitating merchant transactions using a computerized system including a set of titles.
Matyas, Jr., Stephen Michael; Peyravian, Mohammad; Roginsky, Allen Leonid; Zunic, Nevenko, Secure data storage and retrieval with key management and user authentication.
Iannacci,Gregory Fx, System and method for an automated benefit recognition, acquisition, value exchange, and transaction settlement system using multivariable linear and nonlinear modeling.
Rusnak David J. ; Zientara John T., System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet.
Gregory D. Linden ; Michael D. McDaniel ; Ryan J. Snodgrass ; Joel R. Spiegel, System and method for providing secure URL-based access to private resources.
Desai, Nimesh; Udani, Sanjay; Kimble, Jr., James David; Werges, Thomas P.; Richardson, David Dean; Gustafson, Jeffrey A., System and method for selective information exchange.
Mjolsnes Stig Frode,NOX ; Michelsen Rolf,NOX ; Revillet Marie-Josephe,FRX ; De Solages Aymeric,FRX, System of secured payment by the transfer of electronic money through an interbank network.
Bishop,Fred; Barrett,Michael R.; Armes,David; Wojciechowski,Lee A.; Madhineni,Madhukar; Krishnan,Vilayanur Parameswaran; McKay,Joshua B.; Gebb,Lucas, Systems and methods for facilitating commercial transactions between parties residing at remote locations.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Rosen Sholom S., Trusted agents for open electronic commerce where the transfer of electronic merchandise or electronic money is provisional until the transaction is finalized.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.