WO2002073380A1 - Digital identity device - Google Patents
Digital identity device Download PDFInfo
- Publication number
- WO2002073380A1 WO2002073380A1 PCT/US2001/007213 US0107213W WO02073380A1 WO 2002073380 A1 WO2002073380 A1 WO 2002073380A1 US 0107213 W US0107213 W US 0107213W WO 02073380 A1 WO02073380 A1 WO 02073380A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- identity
- identity information
- license key
- information
- Prior art date
Links
- 238000004891 communication Methods 0.000 claims abstract description 49
- 238000000034 method Methods 0.000 claims description 89
- 230000015654 memory Effects 0.000 claims description 45
- 238000009434 installation Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000011900 installation process Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000005530 etching Methods 0.000 description 2
- 210000003813 thumb Anatomy 0.000 description 2
- 238000010348 incorporation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 229910000679 solder Inorganic materials 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
Definitions
- the present invention relates generally to the privacy and security of digital information, and in particular to the privacy and security of electronic communication.
- the authentication of the parties involved is generally required. Each party should be clearly identifiable and distinguishable.
- the electronic communication between parties should also be secure.
- the parties should also be able to grant various levels of permission for access to their respective information.
- the present invention is a microprocessor identity device for use in a digital identity
- the digital identity device will contain identity information that will function with the microprocessor identity device to create a unique digital identity for all individuals or corporations.
- a digital identity device for identifying individuals includes a microprocessor identity device, a digital identity, and means for
- an apparatus for globally registering digital identity devices includes one or more digital identity devices, a database of digital identity device information, and means for communications between the digital identity devices and the database.
- a method of licensing a software program to a computer includes the steps of starting the installation of the software program to the computer, transmitting a license key and the identity information about the computer to a central database, receiving information to bind the license key to the identity
- a method of licensing a software program to a computer includes the steps of receiving a license key and the identity
- 35 information about the computer into a central database, transferring a status of the license key and the identity information in the central database to the computer, accepting the license key and the identity information, and binding the license key to the identity information in the central database.
- a method of de-licensing a software program to a computer includes starting the de-installation of the software program to the computer, transmitting a license key and the identity information about the computer to a central database, receiving information to unbind the license key to the identity information, unbinding the license key to the identity information in the computer, and completing the reinstallation.
- a method of de-licensing a software program to a computer includes receiving a license key and the identity information about the computer into a central database, transferring a status of the license key and the identity information in the central database to the computer, accepting the license key and the identity information, and unbinding the license key to the identity information in the central database.
- a method of tracking software usage by a computer includes receiving a usage profile from the computer and storing the usage profile in a central database.
- Fig. 1 is a schematic view illustrating an embodiment of a system for a digital identity device.
- Fig. 2 is a schematic view illustrating an embodiment of the digital identity device of
- Fig. 3 is a schematic view illustrating an alternate embodiment of the digital identity device of Fig. 1.
- Fig. 4 is a schematic view illustrating an embodiment of the microprocessor identity device of Fig. 2.
- Fig. 5 is a schematic view of an alternate embodiment of the microprocessor identity device of Fig. 2.
- Fig. 6 is a schematic view of an alternate embodiment of the microprocessor identity device of Fig. 2.
- Fig. 7 is a schematic view of an embodiment of the computer card of Fig. 1.
- Fig. 8 is a schematic view of an alternate embodiment of the computer card of Fig. 1.
- Fig. 9 is a schematic view of a system for globally authenticating the digital identity devices.
- Fig. 10 is a schematic view of a system for communication between one or more of the digital identity devices of Fig. 1.
- Fig. 11 A is a schematic view of a system for licensing software.
- Fig. 1 IB is a schematic view of an alternate system for licensing software.
- Fig. 12 is a schematic view of a method for licensing software, using the system of Fig. 11 A.
- Fig. 13 is a schematic view of a method for de-licensing software using the system of Fig. 1 1 A.
- Fig. 14 is a schematic view of a method for monitoring software usage using the system of Fig. 11 A.
- I/O input/output integrity the guarantee that a message has not changed in the process of transmission license key an encrypted code that grants permission to use a software program on a fixed amount of computers non-repudiation the inability of the author of a message to deny sending the message
- a system 100 for digitally identifying individuals or corporations includes a digital identity device 105 (further illustrated in Fig. 2), a computer card 110, and a connection 115.
- the connection 115 couples the digital identity device 105 to the computer 5 card 110.
- the digital identity device 105 contains the identity information of either an individual or a corporation.
- the digital identity device 105 contains one or more passwords. The passwords are encrypted.
- the computer card 110 contains the digital identity device 105.
- the computer card l ⁇ 110 has input/output capabilities for a connection to a separate computer.
- the computer card 110 is a computer board.
- the computer card 110 is a standard computer card which can be plugged to a computer bus or any computer device with an input output port.
- the computer card 110 displays the identity information within the digital identity device 105.
- the computer card 1 10 is are a Personal Computer Memory Card International Association (PCMCIA) card, a PCI card for a personal computer, an Sbus card for a Sun Microsystems computer, a VME card, a Multibus card or any card that attaches to a Universal Serial Bus (USB), to a FireWire, or to another computer input/output (I/O) port.
- PCMCIA Personal Computer Memory Card International Association
- Sbus Sbus card for a Sun Microsystems computer
- VME VME card
- Multibus card Multibus card or any card that attaches to a Universal Serial Bus (USB), to a FireWire, or to another computer input/output (I/O) port.
- USB Universal Serial Bus
- FireWire FireWire
- I/O computer input/output
- connection 115 couples the digital identity device 105 to the computer card 110.
- connection 115 is solder. In an alternate embodiment, the connection 115 is connector pins.
- the connection 1 15 depends on the computer card 110 of the system 100. In an alternate embodiment, the digital identity device 105 is also soldered to other discrete components on a printed circuit of the computer card 110.
- the digital identity device 105 is a Universal Serial Bus 25 (USB) device.
- the connection 115 couples the digital identity device 105 into the USB port of a separate computer.
- the computer card 110 is optional.
- the digital identity device 105 includes a microprocessor identity device 205 (further illustrated in Fig. 4), one or more memories 210, and one or more communication interfaces 215.
- the communication interfaces 215 couple the microprocessor 3 ⁇ identity device 205 to the memories 210.
- the microprocessor identity device 205 includes microprocessor identity information
- the microprocessor identity information 230 distinguishes the microprocessor identity device 205 from other microprocessors in the world.
- the microprocessor identity information 230 is unique to the microprocessor identity device 205.
- identity information 230 consists of one-hundred-twenty-eight (128) bits of information.
- the microprocessor identity information 230 is a combination of a six (6) character code of the manufacturer (the company's stock ticker symbol, if a public company), a three character city airport code of the place of manufacture, a time (consisting of the month, day, year, hour, minute, second, millisecond) of manufacture, and extra bits for encryption purposes.
- the microprocessor identity information 230 consists of two-hundred- fifty-six (256) bits of information.
- the microprocessor identity information 230 is a mathematically generated number or a series of alphanumeric characters that satisfy certain encryption criteria.
- the microprocessor identity information 230 consists of even multiples of the microprocessor identity device 205 register length.
- the memories 210 are any commercially available memory, such as non-volatile random access memory (NVRAM).
- NVRAM non-volatile random access memory
- the memories 210 are non- volatile when the power to the system 100 is turned off, but are electrically erasable.
- the first memory 210a includes digital identity data 220.
- the digital identity data 220 is etched onto the first memory 210a using any conventional etching method.
- the digital identity data 220 is for an individual or a corporation.
- the digital identity data 220 includes one or more of the following: a name, a digital picture, an address, a date of birth, a social security number, a driver's license number, a digital photograph, a digital thumb print, a DNA code, one or more credit cards' information, one or more bank accounts' information, an inco ⁇ oration name, a date and a place of incorporation, one or more corporate officers, one or more corporate partners, or one or more D.B.A. names.
- the second memory 210b includes an operating system 225.
- the operating system 225 binds the digital identity data 220 to the microprocessor identity device 205 by encoding the digital identity data 220 with passwords input by an owner of the digital identity device 105.
- the digital identity data 220 is encoded by an algorithm that uses the microprocessor identity information 230.
- the operating system 225 is secure by using commercially available encryption methods. In an alternate embodiment, the operating system 225 encrypts and stores other types of information in the memories 210. This information may be, for example, the digital identity device 105 owner's medical information or the digital identity device 105 owner's medical history.
- the operating system 225 also validates one or more passwords of the digital identity device 105, and one or more external systems 100 which request information from the digital identity device 105.
- the operating system 225 also authenticates the digital identity device 105 to the external systems 100.
- the operating system 225 also regulates the flow of information to and from the digital identity device 105.
- the operating system 225 is programmed to perform functions within the capabilities of the microprocessor identity device 205 of the digital identity device 105.
- the microprocessor identity information 230 is bound to the digital identity data 220 by the operating system 225.
- the microprocessor identity information 230 provides a shortcut reference to the digital identity data 220 of the digital identity device 105.
- the microprocessor identity information 230 is used in the validation and authentication of external systems 100 to secure the privacy of electronic data exchange and transactions of the system 100.
- the microprocessor identity information 230 serves as a surrogate for the digital identity data 220.
- the microprocessor identity information 230 tags all electronic transmissions with regard to the microprocessor identity device 205.
- the communication interfaces 215 couple the memories 210 to the microprocessor identity device 205, via one or more printed circuits on the computer card 110.
- the communication interfaces 215 include address, data, and control electrical lines.
- the first communication interface 215a couples the first memory 210a to the microprocessor identity device 205.
- the second communication interface 215b couples the second memory 210b to the microprocessor identity device 205.
- an "Identity" or similar instruction is issued to the microprocessor identity device 205.
- the microprocessor identity device 205 responds by returning the microprocessor identity information 230.
- the microprocessor identity information 230 is returned in two or four registers.
- the microprocessor identity information 230 is retrieved using a single instruction or command.
- the microprocessor identity device 205 is a component of a computer.
- the microprocessor identity device 205 identifies the computer where it resides.
- the microprocessor identity device 205 acts as a property tag of the computer.
- the microprocessor identity device 205 may also act as a property tag for other components of the computer, for example, a hard disk, a zip drive, and a sound card.
- the content of the components are encrypted with the microprocessor identity information 230.
- the integrity of the computer is set up using a security structure defined by the operating system of the computer. The operating system of the computer allows the components of the computer to work together.
- the digital identity device 105 includes the microprocessor identity device 205, a memory 310, and a communication interface 215c.
- the memory 310 is erasable and non-volatile to store information when the power is off to the system 100.
- the memory 310 is any commercially available NVRAM memory.
- the memory 310 includes the digital identity data 220 and the operating system 225.
- the digital identity data 220 is etched onto the memory 310 by an external microprocessor.
- the communication interface 215c electrically couples the memory 310 to the microprocessor identity device 205 through one or more printed circuits, etched on the 5 computer card 110.
- the memory 310 is external to a housing of the microprocessor identity device 205.
- the memory 310 is, for example, the Sony memory stick available from Sony, Inc.
- the contents of the memory 310 are encrypted using the microprocessor identity information 230 as a parameter of encryption.
- the contents of the l ⁇ memory 310 are secure and can only be read by authorized digital identity devices 105.
- the digital identity device 105 is a single computer chip.
- the digital identity device 205 houses the microprocessor identity device 205 with the microprocessor identity information 230.
- the digital identity device 205 also houses the memory 310 with the digital identity data 220.
- the digital identity device 205 also houses is the memory 310 with the operating system 225.
- the microprocessor identity device 205 is a microprocessor component 405.
- the microprocessor component 405 includes the microprocessor identity information 230.
- the microprocessor component 405 is any commercially available microprocessor unit.
- the microprocessor identity information 230 is etched onto the 20 microprocessor component 405 using any conventional etching method.
- the microprocessor identity information 230 is etched at the time the microprocessor component 405 is etched.
- microprocessor identity device in an alternate embodiment, the microprocessor identity device
- the 205 includes a microprocessor component 505, a memory 510, and one or more communication interfaces 515.
- the microprocessor component 505 is any commercially
- RISC Computing
- the memory 510 is programmable, non-erasable, and read-only.
- the memory 510 is any commercially available memory, such as Programmable Read-Only Memory (PROM).
- PROM Programmable Read-Only Memory
- the memory 510 includes the microprocessor identity information 230.
- 3 ⁇ identity information 230 is etched onto the memory 510 using any commercially available
- the communication interfaces 515 electrically couple the microprocessor component 505 and the memory 510.
- the communication interfaces 515 include address, data, and control electrical lines.
- the microprocessor identity device 205 includes a microprocessor component 605.
- the microprocessor component 605 is any commercially available microprocessor unit, for example, such as the StrongARM RISC SA-1110 available from Intel, Inc.
- the microprocessor component 605 is specially 5 manufactured to further include an on-die PROM memory 610.
- the memory 610 includes the microprocessor identity information 230.
- the microprocessor identity information 230 is etched onto the memory 610 using any standard means for programming.
- the microprocessor identity information 230 is etched at the time of manufacturing of the microprocessor component 605.
- the computer card 110 is a ⁇ Universal Identity Card (UID) 705.
- the UID 705 is the size of a standard credit card.
- the digital identity device 105 is embedded in the circuitry of the UID 705.
- the digital identity device 105 supplies intelligence to the UID 705 via the microprocessor identity device 205.
- the UID 705 includes a display area 715, one or more user keys 720, and a connector 725.
- the display area 715 is an LCD display.
- the display area 715 includes a graphics area 730 is and an alphanumeric area 735. .Current technology allows the display area 715 to display both graphics and alphanumeric data.
- the display area 715 is used to display, for example, photos, thumb prints, driver's license information, social security numbers, financial information from banks, and such other data as may be deemed appropriate in the future.
- the user keys 720 are used to enter information or user options. The information or user options
- the connector 725 connects the UID 705 to one or more computers or systems 100.
- the connector 725 is a set of fins. In an alternate embodiment, the connector 725 may be pins, sockets, or other suitable connecting means appropriate to the computers or systems 100 it is being connected to.
- the UID 705 is any card used to access personal computers, ATMs, and other public transaction devices for electronic transactions.
- the digital identity device 105 validates systems 100 that request information from the UID 705.
- the digital identity device 105 stores relevant microprocessor identity information 230 or digital identity data 220 of the
- the digital identity device 105 of the UID 705 also authenticates itself to other systems 100 that request information.
- the display area 715 may be touch-sensitive and capable of inputting information, similar to the technology used by the Palm Pilot Illxe by Palm, Inc.
- the computer card 110 is a corporate resource provisioned by the Palm Pilot Illxe by Palm, Inc.
- the Corporate Identity Card 805 is any commercially available computer card.
- the Corporate Identity Card 805 has the digital identity device 105 on-board.
- the Corporate Identity Card 805 includes a set of electrical fins 815 and a connector 820.
- the connector 820 connects the digital identity device 105 to the electrical fins 815.
- the electrical fins 815 couple the Corporate Identity Card 805 to a main computer bus.
- the electrical fins 5 815 are, for example, fins or other suitable connecting means.
- the Corporate Identity Card 805 validates all digital transactions of the corporation.
- the Corporate Identity Card 805 authenticates the corporation in all transactions to one or more systems 100.
- the computer card 1 10 is a computer, such as a Personal l ⁇ Digital Assistant (PDA) like the Palm Pilot Illxe available from Palm, Inc.
- PDA Personal l ⁇ Digital Assistant
- the computer card 110 hosts the digital identity device 105.
- the computer card 110 uses the microprocessor identity device 205 for its computer functions.
- the digital identity device 105 may be, for example, in the form of a modified FlashCard.
- the FlashCard may be a form of NVRAM with PROM (Programmable Read-Only Memory).
- documents in a computer are encrypted using the microprocessor identity information 230 or the digital identity data 220. Only by using the microprocessor identity information 230 or the digital identity data 220 can the documents be decrypted. This is known as a symmetric cryptographic system.
- 20 devices 105 include one or more systems 100, a Global Registry of Digital Identity Devices (GRID) 905, and one or more communication links 910 to the Internet.
- GID Global Registry of Digital Identity Devices
- the systems 100 include a digital identity device 105.
- a digital identity device 105 there is a first system 100a with a first digital identity device 105a and a second system 100b with a second digital identity device 105b.
- Each system 100 has unique digital identity data 220 and unique microprocessor identity information 230.
- the GRID 905 is a computer.
- the GRID 905 includes a database 915 and a digital identity device 105c.
- the database 915 stores microprocessor identity information 230 and digital identity data 220 for all systems 100.
- the database 915 is formed by each digital
- 3 ⁇ identity device 105 registering with the GRID 905 using the communication links 910 to the Internet.
- the digital identity device 105c verifies and authenticates all communications between the systems 100.
- the GRID 905 is the universal keeper of all digital identity devices 105. If a digital identity device 105 is lost, the information within the digital identity device 105 is secure. Only the registered owner of the digital identity device 105 can extract
- the GRID 905 has minimal low security information that is not encrypted, such as name and address tied to the external markings of the digital identity devices 105 or to the microprocessor identity devices 205, to enable this function. 5
- the communication links 910 couple the GRID 905 and the systems 100 to the
- the communication links 910 are only necessary when there is an exchange of information between the systems 100 and/or the GRID 905.
- the communication links 910 are Internet connections. There is a first communication link 910a coupling the first system 100a to the Internet, a second communication link 910b coupling l ⁇ the second system 100b to the Internet, and a third communication link 910c coupling the GRID 905 to the Internet.
- the systems 100 are coupled through the Internet directly.
- the systems 100 are coupled to the Internet via computers that host the digital identity devices 105.
- the digital identity data 220 is entered directly onto the digital identity device 105 using the system 100 or by attaching the system 100 to an external computer and using communication links 910.
- a user of the system 100 determines the digital identity data 220 necessary to identify the owner of the system 100.
- the user of the system 100 also determines levels of security for the system 100.
- the 20 100 transmits the digital identity data 220 and the microprocessor identity information 230 via the communication links 910 to the GRID 905 via the Internet.
- An administrator of the GRID 905 verifies the digital identity data 220 provided by the owners of the system 100.
- the database 915 stores the digital identity data 220 and the microprocessor identity information 230 of the system 100.
- the GRID 905 may be used by the system 100 as a
- This backup is useful for restoring the digital identity information 220 in case of loss of the system 100, a hard reset, or inadvertent erasure of data.
- a system 1000 for transactions between digital identities includes one or more systems 100 and one or more communication links 1005. There is a first system
- the communication link 1005 is any communication means, for example, an Internet connection, keycard access, or an ATM digital identity device jack.
- the digital identity data 220 of the systems 100 include information that are particular to the individuals or corporations involved in the transactions.
- the individual digital identity devices 105 allows only
- the authorized access to the digital identity data 220 of each system 100 is relayed to the GRID 905 during set up of the database 915.
- the system 100 is used for transactions, such as, Internet retailing, banking, business-to-business, electronic permission, and secure communications. This would be similar to the process of establishing an account with a bank or establishing credit 5 with a financial institution.
- the digital identity devices 105 contain information for the transactions, for example, bank balances, credit card balances, payments, electronic travelers checks, and security transactions.
- the transaction may be electronic communication, for example, e-mail.
- a digital signature encrypts the e-mail.
- the digital signature may be the ⁇ microprocessor identity information 230.
- the systems 100 authenticate the e-mail by decrypting the e-mail using the previously stored security access maintained in the GRID 905 or in the digital identity device.
- a system 1100 for licensing software includes a first licensee computer 1 105a, a vendor computer 1 110, and a connection 1 1 15.
- the connection 1 1 15 is couples the licensee computer 1105 to the vendor computer 1 110.
- the connection 1 1 15 is the Internet.
- the first licensee computer 1 105a includes a first microprocessor identity device 205a and a digital identity device 105.
- the digital identity device 105 includes a second microprocessor identity device 205b.
- the microprocessor identity devices 205 include the
- microprocessor identity information 230 for their respective microprocessor identity devices 205.
- the vendor computer 1 110 includes a software program 1120 and a software key database 1 140.
- the software program 1 120 is distributed via the Internet. In an alternate embodiment, the software program 1 120 is distributed via a CD-ROM or some other media.
- the software key database 1 140 is generated by the vendor computer 1 110 and contains one or more license keys 1125 available for installation. Each license key 1125 has a one-to-one relationship with a copy of the software program 1 120. After installation, the license key 1125 binds the microprocessor identity information 230 of the first licensee computer 1 105a in the software key database 1 140. In an alternate embodiment, the
- 3 ⁇ microprocessor identity information 230 is encrypted using an algorithm that uses the license key 1 125 in the arguments.
- connection 11 15 are any data connection used to transfer information between computers, for example, an Internet connection.
- connection 1 115 is a high-speed data connection.
- the system 1 100 further includes a second licensee computer 1 105b and an internal network connection 1 150.
- the second licensee computer 1 105b includes a third microprocessor identity device 205c.
- the second licensee computer 1 105b is coupled to the first licensee computer 1 105a by the internal
- the second licensee computer 1 105b is directly coupled to the connection 1 115.
- the second licensee computer 1 105b operates through a gateway controlled by the first licensee computer 1 105a.
- a method 1200 for licensing software includes: in step 1205, l ⁇ initiating the software installation; in step 1210, sending information; in step 1215, verifying the license status; in step 1220, binding information; and in step 1225, completing the installation.
- the method 1200 may be used to license software to a computer, an individual, or a corporation.
- step 1205 the first licensee computer 1 105a initiates the installation process by 15 downloading the software program 1 120 via the connection 1115.
- the installation process is automatically initiated by the downloading process.
- the first licensee computer 1 105a initiates the installation process by running a setup program within the software program 1 120.
- step 1210 the first licensee computer 1 105a sends the microprocessor identity
- the license key 1 125 issues to the first licensee computer 1 105a during step 1205.
- the software program 1 120 licenses to the first licensee computer 1 105a.
- the software license key 1 125 issues on the software 25 media or a container for the software media.
- the first licensee computer 1 105a sends the microprocessor identity information 230 of the microprocessor identity device 205b and the license key 1 125 to the vendor computer 11 10 via the connection 1 1 15.
- the software program 1 120 licenses to the digital identity device 105.
- step 1215 the vendor computer 1 1 10 verifies the microprocessor identity information 230 from the first licensee computer 1 105a.
- the vendor computer 1 1 10 confirms the presence of the license key 1125 in the software key database 1 140 to determine if the license key 1 125 is valid.
- the vendor computer 1 1 10 further determines if the license key
- the vendor computer 1 1 10 requests alternate microprocessor identity information 230 from the first licensee computer 1105a and establishes multiple links to the license key 1125. In an alternate embodiment, the vendor computer 1110 halts the method 1200 if the license key 1125 is coupled. In an alternate embodiment, the vendor computer 1 110 chooses to halt the method 1200 and take actions outside this automated 5 licensing method 1200.
- step 1220 the vendor computer 11 10 binds the license key 1 125 to the microprocessor identity information 230.
- the software key database 1 140 associates the microprocessor identity information 230 to the license key 1125.
- the microprocessor identity device 205a is encrypted using the license key 1125.
- ⁇ the license key 1235 is encrypted using the microprocessor identity device 205a.
- the first licensee computer 1105a completes the installation of the software program 1120.
- the first licensee computer 1 105a also stores the bound microprocessor identity information 230 and the license key 1 125 from step 1220.
- a second licensee 15 computer 1105b installs the software program 1 120 from the first licensee computer 1105a using the method 1200.
- the software key database 1140 associates the microprocessor identity information 230 of the microprocessor identity device 205a, 205b, or 205c to the license key 1 125.
- the association of the license, whether to the first licensee computer 1105a or the digital identity device 105, is determined by the licensing terms of the software 20 program 1120.
- the method 1200 applies to other types of intellectual property, such as MP3 music, which runs on computers with microprocessor identity devices 205.
- a method 1300 for de-licensing software includes: in step 1305, 25 de-installing software; in step 1310, verifying the license status; in step 1315, un-binding identity device and software license key; and in step 1320, completing de-installation.
- the method 1300 is the logical reverse of the method 1200.
- step 1305 the first licensee computer 1105a starts the de-installation of the software program 1120.
- the software program 1120 is de-installed using a standard de-
- the first licensee computer 1105a transmits the license key 1125 and the microprocessor identity information 230 to the vendor computer
- the first licensee computer 1105a sends the microprocessor identity information 230 of the microprocessor identity device 205b and the
- the second licensee computer 1105b sends the microprocessor identity information 230 of the microprocessor identity device 205c and the license key 1125 to the vendor computer 1110 via the first licensee computer 1105a.
- step 1310 the vendor computer 1110 verifies the binding of the license key 1125 5 and the microprocessor identity information 230 in the software key database 1140. If the license key 1 125 and the microprocessor identity information 230 do not match the values stored in the software key database 1140, the vendor computer 11 10 halts the method 1300. In an alternate embodiment, there are other corrective actions the vendor computer 1 110 may take to correct an exception to its licensing agreement. l ⁇ In step 1315, the vendor computer 1110 un-binds the license key 1 125 to the microprocessor identity information 230 in the software key database 1140. The software key database 1 140 un-associates the microprocessor identity information 230 to the license key 1125.
- the software key database 1140 leaves a blank field for the microprocessor identity information 230. is In step 1320, the vendor computer 1110 completes the reinstallation process by updating the software key database 1140. The first licensee computer 1105a removes the software program 1120.
- the second licensee computer 1105b performs the method 1300 to de-install the software program 1120.
- the method 1300 de-installs the software from 20 the second licensee computer 1105b, but not the first licensee computer 1 105a (such as in a private network).
- the methods 1200 and 1300 are done on an individual computer basis, especially when software resides on the computers in which they are used.
- a method 1400 for tracking software usage includes: in step
- step 1410 creating usage information
- step 1415 transmitting the usage information. Tracking software usage determines licensing fees by the vendor computer 1110. The method 1400 assumes the first licensee computer 1105a has already performed the method 1200.
- step 1405 the first licensee computer 1105a starts and uses the software program 3 ⁇ 1120.
- the software program 1 120 creates usage information.
- the usage information may include, for example, start time, stop time, and users.
- the usage information is stored in a file on the first licensee computer 1105a.
- the first licensee computer 1 105a transmits the usage information to the vendor computer 1110 via the connection 1115.
- the first licensee computer 1105a transmits the file of the usage information when the connection 1115 is in place.
- the first licensee computer 1 105a further deletes the file after transmission to prevent backlogs of old files.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications.
Description
DIGITAL IDENTITY DEVICE Technical Field
The present invention relates generally to the privacy and security of digital information, and in particular to the privacy and security of electronic communication.
5 Background of the Invention
In electronic communication, the authentication of the parties involved is generally required. Each party should be clearly identifiable and distinguishable. The electronic communication between parties should also be secure. The parties should also be able to grant various levels of permission for access to their respective information.
IΘ What is needed is a method of identifying microprocessors and using this method of microprocessor identification in a digital identity device for entities to use in electronic communications.
Summary of the Invention
The present invention is a microprocessor identity device for use in a digital identity
15 device. The digital identity device will contain identity information that will function with the microprocessor identity device to create a unique digital identity for all individuals or corporations.
According to one aspect of the invention, a digital identity device for identifying individuals includes a microprocessor identity device, a digital identity, and means for
2ø binding the microprocessor identity device to the digital identity.
According to another aspect of the invention, an apparatus for globally registering digital identity devices includes one or more digital identity devices, a database of digital identity device information, and means for communications between the digital identity devices and the database.
25 According to another aspect of the invention, a method of licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, includes the steps of starting the installation of the software program to the computer, transmitting a license key and the identity information about the computer to a central database, receiving information to bind the license key to the identity
3ø information, binding the license key to the identity information in the computer, and completing the installation.
According to another aspect of the invention, a method of licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, includes the steps of receiving a license key and the identity
35 information about the computer into a central database, transferring a status of the license key
and the identity information in the central database to the computer, accepting the license key and the identity information, and binding the license key to the identity information in the central database.
According to another aspect of the invention, a method of de-licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, includes starting the de-installation of the software program to the computer, transmitting a license key and the identity information about the computer to a central database, receiving information to unbind the license key to the identity information, unbinding the license key to the identity information in the computer, and completing the reinstallation.
According to another aspect of the invention, a method of de-licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, includes receiving a license key and the identity information about the computer into a central database, transferring a status of the license key and the identity information in the central database to the computer, accepting the license key and the identity information, and unbinding the license key to the identity information in the central database.
According to another aspect of the invention, a method of tracking software usage by a computer, the computer having a microprocessor containing identity information about the computer, includes receiving a usage profile from the computer and storing the usage profile in a central database.
Brief Description of Drawings Fig. 1 is a schematic view illustrating an embodiment of a system for a digital identity device. Fig. 2 is a schematic view illustrating an embodiment of the digital identity device of
Fig. 1.
Fig. 3 is a schematic view illustrating an alternate embodiment of the digital identity device of Fig. 1.
Fig. 4 is a schematic view illustrating an embodiment of the microprocessor identity device of Fig. 2.
Fig. 5 is a schematic view of an alternate embodiment of the microprocessor identity device of Fig. 2.
Fig. 6 is a schematic view of an alternate embodiment of the microprocessor identity device of Fig. 2. Fig. 7 is a schematic view of an embodiment of the computer card of Fig. 1.
Fig. 8 is a schematic view of an alternate embodiment of the computer card of Fig. 1. Fig. 9 is a schematic view of a system for globally authenticating the digital identity devices.
Fig. 10 is a schematic view of a system for communication between one or more of the digital identity devices of Fig. 1.
Fig. 11 A is a schematic view of a system for licensing software. Fig. 1 IB is a schematic view of an alternate system for licensing software. Fig. 12 is a schematic view of a method for licensing software, using the system of Fig. 11 A.
Fig. 13 is a schematic view of a method for de-licensing software using the system of Fig. 1 1 A.
Fig. 14 is a schematic view of a method for monitoring software usage using the system of Fig. 11 A.
Detailed Description of the Preferred Embodiment To assist in this detailed description a glossary of terms and acronyms follows: authentication the ability of the receiver of a message to positively identity the author of the message digital signature a digital code that can be attached to an electronically transmitted message that uniquely identifies the sender e-mail electronic mail
GRID global registry of digital identity devices
I/O input/output integrity the guarantee that a message has not changed in the process of transmission license key an encrypted code that grants permission to use a software program on a fixed amount of computers non-repudiation the inability of the author of a message to deny sending the message
NVRAM non-volatile random access memory
PCI peripheral component interconnect
PCMCIA personal computer memory card international association
PDA personal digital assistant
PROM programmable read-only memory
RISC reduced instruction set computer
UID universal identity card
USB universal serial bus
VME VersaModule Eurocard
Referring to Fig. 1 , a system 100 for digitally identifying individuals or corporations includes a digital identity device 105 (further illustrated in Fig. 2), a computer card 110, and a connection 115. The connection 115 couples the digital identity device 105 to the computer 5 card 110.
The digital identity device 105 contains the identity information of either an individual or a corporation. The digital identity device 105 contains one or more passwords. The passwords are encrypted.
The computer card 110 contains the digital identity device 105. The computer card lø 110 has input/output capabilities for a connection to a separate computer. The computer card 110 is a computer board. In an alternate embodiment, the computer card 110 is a standard computer card which can be plugged to a computer bus or any computer device with an input output port. In an alternate embodiment, the computer card 110 displays the identity information within the digital identity device 105. Some examples of the computer card 1 10 is are a Personal Computer Memory Card International Association (PCMCIA) card, a PCI card for a personal computer, an Sbus card for a Sun Microsystems computer, a VME card, a Multibus card or any card that attaches to a Universal Serial Bus (USB), to a FireWire, or to another computer input/output (I/O) port.
The connection 115 couples the digital identity device 105 to the computer card 110.
20 The connection 115 is solder. In an alternate embodiment, the connection 115 is connector pins. The connection 1 15 depends on the computer card 110 of the system 100. In an alternate embodiment, the digital identity device 105 is also soldered to other discrete components on a printed circuit of the computer card 110.
In an alternate embodiment, the digital identity device 105 is a Universal Serial Bus 25 (USB) device. The connection 115 couples the digital identity device 105 into the USB port of a separate computer. The computer card 110 is optional.
Referring to Fig. 2, the digital identity device 105 includes a microprocessor identity device 205 (further illustrated in Fig. 4), one or more memories 210, and one or more communication interfaces 215. The communication interfaces 215 couple the microprocessor 3ø identity device 205 to the memories 210.
The microprocessor identity device 205 includes microprocessor identity information
230. The microprocessor identity information 230 distinguishes the microprocessor identity device 205 from other microprocessors in the world. The microprocessor identity information 230 is unique to the microprocessor identity device 205. The microprocessor
35 identity information 230 consists of one-hundred-twenty-eight (128) bits of information. The
microprocessor identity information 230 is a combination of a six (6) character code of the manufacturer (the company's stock ticker symbol, if a public company), a three character city airport code of the place of manufacture, a time (consisting of the month, day, year, hour, minute, second, millisecond) of manufacture, and extra bits for encryption purposes. In an alternate embodiment, the microprocessor identity information 230 consists of two-hundred- fifty-six (256) bits of information. In an alternate embodiment, the microprocessor identity information 230 is a mathematically generated number or a series of alphanumeric characters that satisfy certain encryption criteria. In an alternate embodiment, the microprocessor identity information 230 consists of even multiples of the microprocessor identity device 205 register length.
The memories 210 are any commercially available memory, such as non-volatile random access memory (NVRAM). The memories 210 are non- volatile when the power to the system 100 is turned off, but are electrically erasable. There is a first memory 210a and a second memory 210b. The first memory 210a includes digital identity data 220. The digital identity data 220 is etched onto the first memory 210a using any conventional etching method. The digital identity data 220 is for an individual or a corporation. The digital identity data 220 includes one or more of the following: a name, a digital picture, an address, a date of birth, a social security number, a driver's license number, a digital photograph, a digital thumb print, a DNA code, one or more credit cards' information, one or more bank accounts' information, an incoφoration name, a date and a place of incorporation, one or more corporate officers, one or more corporate partners, or one or more D.B.A. names.
The second memory 210b includes an operating system 225. The operating system 225 binds the digital identity data 220 to the microprocessor identity device 205 by encoding the digital identity data 220 with passwords input by an owner of the digital identity device 105. The digital identity data 220 is encoded by an algorithm that uses the microprocessor identity information 230. The operating system 225 is secure by using commercially available encryption methods. In an alternate embodiment, the operating system 225 encrypts and stores other types of information in the memories 210. This information may be, for example, the digital identity device 105 owner's medical information or the digital identity device 105 owner's medical history. The operating system 225 also validates one or more passwords of the digital identity device 105, and one or more external systems 100 which request information from the digital identity device 105. The operating system 225 also authenticates the digital identity device 105 to the external systems 100. The operating system 225 also regulates the flow of information to and from the digital identity device 105. In an alternate embodiment, the operating system 225 is programmed to perform functions
within the capabilities of the microprocessor identity device 205 of the digital identity device 105.
The microprocessor identity information 230 is bound to the digital identity data 220 by the operating system 225. The microprocessor identity information 230 provides a shortcut reference to the digital identity data 220 of the digital identity device 105. The microprocessor identity information 230 is used in the validation and authentication of external systems 100 to secure the privacy of electronic data exchange and transactions of the system 100. The microprocessor identity information 230 serves as a surrogate for the digital identity data 220. The microprocessor identity information 230 tags all electronic transmissions with regard to the microprocessor identity device 205.
The communication interfaces 215 couple the memories 210 to the microprocessor identity device 205, via one or more printed circuits on the computer card 110. The communication interfaces 215 include address, data, and control electrical lines. There is a first communication interface 215a and a second communication interface 215b. The first communication interface 215a couples the first memory 210a to the microprocessor identity device 205. The second communication interface 215b couples the second memory 210b to the microprocessor identity device 205.
To extract the identity of the system 100, an "Identity" or similar instruction is issued to the microprocessor identity device 205. The microprocessor identity device 205 responds by returning the microprocessor identity information 230. The microprocessor identity information 230 is returned in two or four registers. The microprocessor identity information 230 is retrieved using a single instruction or command.
In an alternate embodiment, the microprocessor identity device 205 is a component of a computer. The microprocessor identity device 205 identifies the computer where it resides. The microprocessor identity device 205 acts as a property tag of the computer. The microprocessor identity device 205 may also act as a property tag for other components of the computer, for example, a hard disk, a zip drive, and a sound card. The content of the components are encrypted with the microprocessor identity information 230. The integrity of the computer is set up using a security structure defined by the operating system of the computer. The operating system of the computer allows the components of the computer to work together.
Referring to Fig. 3, in an alternate embodiment, the digital identity device 105 includes the microprocessor identity device 205, a memory 310, and a communication interface 215c. The memory 310 is erasable and non-volatile to store information when the power is off to the system 100. The memory 310 is any commercially available NVRAM
memory. The memory 310 includes the digital identity data 220 and the operating system 225. The digital identity data 220 is etched onto the memory 310 by an external microprocessor. The communication interface 215c electrically couples the memory 310 to the microprocessor identity device 205 through one or more printed circuits, etched on the 5 computer card 110.
In an alternate embodiment, the memory 310 is external to a housing of the microprocessor identity device 205. The memory 310 is, for example, the Sony memory stick available from Sony, Inc. The contents of the memory 310 are encrypted using the microprocessor identity information 230 as a parameter of encryption. The contents of the lø memory 310 are secure and can only be read by authorized digital identity devices 105.
In an alternate embodiment, the digital identity device 105 is a single computer chip.
The digital identity device 205 houses the microprocessor identity device 205 with the microprocessor identity information 230. The digital identity device 205 also houses the memory 310 with the digital identity data 220. The digital identity device 205 also houses is the memory 310 with the operating system 225.
Referring to Fig. 4, the microprocessor identity device 205 is a microprocessor component 405. The microprocessor component 405 includes the microprocessor identity information 230. The microprocessor component 405 is any commercially available microprocessor unit. The microprocessor identity information 230 is etched onto the 20 microprocessor component 405 using any conventional etching method. The microprocessor identity information 230 is etched at the time the microprocessor component 405 is etched.
Referring to Fig. 5, in an alternate embodiment, the microprocessor identity device
205 includes a microprocessor component 505, a memory 510, and one or more communication interfaces 515. The microprocessor component 505 is any commercially
25 available microprocessor unit, for example, the low power Reduced Instruction Set
Computing (RISC) processor available from a variety of U.S. or Japanese manufacturers.
The memory 510 is programmable, non-erasable, and read-only. The memory 510 is any commercially available memory, such as Programmable Read-Only Memory (PROM).
The memory 510 includes the microprocessor identity information 230. The microprocessor
3ø identity information 230 is etched onto the memory 510 using any commercially available
PROM programming device.
The communication interfaces 515 electrically couple the microprocessor component 505 and the memory 510. The communication interfaces 515 include address, data, and control electrical lines.
Referring to Fig. 6, in another alternate embodiment, the microprocessor identity device 205 includes a microprocessor component 605. The microprocessor component 605 is any commercially available microprocessor unit, for example, such as the StrongARM RISC SA-1110 available from Intel, Inc. The microprocessor component 605 is specially 5 manufactured to further include an on-die PROM memory 610. The memory 610 includes the microprocessor identity information 230. The microprocessor identity information 230 is etched onto the memory 610 using any standard means for programming. The microprocessor identity information 230 is etched at the time of manufacturing of the microprocessor component 605. Referring to Fig. 7, in an alternate embodiment, the computer card 110 is a ιø Universal Identity Card (UID) 705. The UID 705 is the size of a standard credit card. The digital identity device 105 is embedded in the circuitry of the UID 705. The digital identity device 105 supplies intelligence to the UID 705 via the microprocessor identity device 205. The UID 705 includes a display area 715, one or more user keys 720, and a connector 725. The display area 715 is an LCD display. The display area 715 includes a graphics area 730 is and an alphanumeric area 735. .Current technology allows the display area 715 to display both graphics and alphanumeric data. The display area 715 is used to display, for example, photos, thumb prints, driver's license information, social security numbers, financial information from banks, and such other data as may be deemed appropriate in the future. The user keys 720 are used to enter information or user options. The information or user options
2ø that are entered include, for example, organizer type information such as appointments, phone numbers, and address book information. The connector 725 connects the UID 705 to one or more computers or systems 100. The connector 725 is a set of fins. In an alternate embodiment, the connector 725 may be pins, sockets, or other suitable connecting means appropriate to the computers or systems 100 it is being connected to. The connector 725
25 utilizes common connector standards such as PCMCIA, Universal Serial Bus (USB) and RS232. The UID 705 is any card used to access personal computers, ATMs, and other public transaction devices for electronic transactions. The digital identity device 105 validates systems 100 that request information from the UID 705. The digital identity device 105 stores relevant microprocessor identity information 230 or digital identity data 220 of the
3ø systems 100 to validate the systems 100 requests. The digital identity device 105 of the UID 705 also authenticates itself to other systems 100 that request information.
In an alternate embodiment, the display area 715 may be touch-sensitive and capable of inputting information, similar to the technology used by the Palm Pilot Illxe by Palm, Inc. Referring to Fig. 8, in an alternate embodiment, the computer card 110 is a Corporate
35 Identity Card 805. The Corporate Identity Card 805 is any commercially available computer
card. The Corporate Identity Card 805 has the digital identity device 105 on-board. The Corporate Identity Card 805 includes a set of electrical fins 815 and a connector 820. The connector 820 connects the digital identity device 105 to the electrical fins 815. The electrical fins 815 couple the Corporate Identity Card 805 to a main computer bus. The electrical fins 5 815 are, for example, fins or other suitable connecting means. In a preferred embodiment, there is a single Corporate Identity Card 805 for a corporation. The Corporate Identity Card 805 validates all digital transactions of the corporation. The Corporate Identity Card 805 authenticates the corporation in all transactions to one or more systems 100.
In an alternate embodiment, the computer card 1 10 is a computer, such as a Personal lø Digital Assistant (PDA) like the Palm Pilot Illxe available from Palm, Inc. The computer card 110 hosts the digital identity device 105. The computer card 110 uses the microprocessor identity device 205 for its computer functions. The digital identity device 105 may be, for example, in the form of a modified FlashCard. The FlashCard may be a form of NVRAM with PROM (Programmable Read-Only Memory).
15 In an alternate embodiment, documents in a computer are encrypted using the microprocessor identity information 230 or the digital identity data 220. Only by using the microprocessor identity information 230 or the digital identity data 220 can the documents be decrypted. This is known as a symmetric cryptographic system.
Referring to Fig. 9, a system 900 for registering and authenticating digital identities
20 devices 105 include one or more systems 100, a Global Registry of Digital Identity Devices (GRID) 905, and one or more communication links 910 to the Internet.
The systems 100 include a digital identity device 105. In a preferred embodiment, there is a first system 100a with a first digital identity device 105a and a second system 100b with a second digital identity device 105b. The first system 100a and the second system 100b
25 reside in separate computers. Each system 100 has unique digital identity data 220 and unique microprocessor identity information 230.
The GRID 905 is a computer. The GRID 905 includes a database 915 and a digital identity device 105c. The database 915 stores microprocessor identity information 230 and digital identity data 220 for all systems 100. The database 915 is formed by each digital
3ø identity device 105 registering with the GRID 905 using the communication links 910 to the Internet. The digital identity device 105c verifies and authenticates all communications between the systems 100. The GRID 905 is the universal keeper of all digital identity devices 105. If a digital identity device 105 is lost, the information within the digital identity device 105 is secure. Only the registered owner of the digital identity device 105 can extract
35 the information within the digital identity device 105. Lost digital identity devices 105 are
mailed to the administrator of the GRID 905 and are returned to the owner. The GRID 905 has minimal low security information that is not encrypted, such as name and address tied to the external markings of the digital identity devices 105 or to the microprocessor identity devices 205, to enable this function. 5 The communication links 910 couple the GRID 905 and the systems 100 to the
Internet. The communication links 910 are only necessary when there is an exchange of information between the systems 100 and/or the GRID 905. In a preferred embodiment, the communication links 910 are Internet connections. There is a first communication link 910a coupling the first system 100a to the Internet, a second communication link 910b coupling lø the second system 100b to the Internet, and a third communication link 910c coupling the GRID 905 to the Internet. The systems 100 are coupled through the Internet directly. In an alternate embodiment, the systems 100 are coupled to the Internet via computers that host the digital identity devices 105.
Upon acquisition of the systems 100, the respective owners enter unique digital
15 identity data 220 to the digital identity device 105. The digital identity data 220 is entered directly onto the digital identity device 105 using the system 100 or by attaching the system 100 to an external computer and using communication links 910. A user of the system 100 determines the digital identity data 220 necessary to identify the owner of the system 100. The user of the system 100 also determines levels of security for the system 100. The system
20 100 transmits the digital identity data 220 and the microprocessor identity information 230 via the communication links 910 to the GRID 905 via the Internet. An administrator of the GRID 905 verifies the digital identity data 220 provided by the owners of the system 100. The database 915 stores the digital identity data 220 and the microprocessor identity information 230 of the system 100. The GRID 905 may be used by the system 100 as a
25 backup to the digital identity data 220 and the microprocessor identity information 230. This backup is useful for restoring the digital identity information 220 in case of loss of the system 100, a hard reset, or inadvertent erasure of data.
Referring to Fig. 10, a system 1000 for transactions between digital identities includes one or more systems 100 and one or more communication links 1005. There is a first system
3ø 100a and a second system 100b coupled by the communication link 1005. The communication link 1005 is any communication means, for example, an Internet connection, keycard access, or an ATM digital identity device jack. The digital identity data 220 of the systems 100 include information that are particular to the individuals or corporations involved in the transactions. The individual digital identity devices 105 allows only
35 authorized access to the digital identity data 220 of each system 100. The authorized access
to the digital identity data 220 of each system 100 is relayed to the GRID 905 during set up of the database 915. The system 100 is used for transactions, such as, Internet retailing, banking, business-to-business, electronic permission, and secure communications. This would be similar to the process of establishing an account with a bank or establishing credit 5 with a financial institution. The digital identity devices 105 contain information for the transactions, for example, bank balances, credit card balances, payments, electronic travelers checks, and security transactions.
In an alternate embodiment, the transaction may be electronic communication, for example, e-mail. A digital signature encrypts the e-mail. The digital signature may be the ιø microprocessor identity information 230. The systems 100 authenticate the e-mail by decrypting the e-mail using the previously stored security access maintained in the GRID 905 or in the digital identity device.
Referring to Fig. 11 A, a system 1100 for licensing software includes a first licensee computer 1 105a, a vendor computer 1 110, and a connection 1 1 15. The connection 1 1 15 is couples the licensee computer 1105 to the vendor computer 1 110. The connection 1 1 15 is the Internet.
The first licensee computer 1 105a includes a first microprocessor identity device 205a and a digital identity device 105. The digital identity device 105 includes a second microprocessor identity device 205b. The microprocessor identity devices 205 include the
20 microprocessor identity information 230 for their respective microprocessor identity devices 205.
The vendor computer 1 110 includes a software program 1120 and a software key database 1 140. The software program 1 120 is distributed via the Internet. In an alternate embodiment, the software program 1 120 is distributed via a CD-ROM or some other media.
25 The software key database 1 140 is generated by the vendor computer 1 110 and contains one or more license keys 1125 available for installation. Each license key 1125 has a one-to-one relationship with a copy of the software program 1 120. After installation, the license key 1125 binds the microprocessor identity information 230 of the first licensee computer 1 105a in the software key database 1 140. In an alternate embodiment, the
3ø microprocessor identity information 230 is encrypted using an algorithm that uses the license key 1 125 in the arguments.
The connections 11 15 are any data connection used to transfer information between computers, for example, an Internet connection. In an alternate embodiment, the connection 1 115 is a high-speed data connection.
Referring to Fig. 1 IB, in an alternate embodiment, the system 1 100 further includes a second licensee computer 1 105b and an internal network connection 1 150. The second licensee computer 1 105b includes a third microprocessor identity device 205c. The second licensee computer 1 105b is coupled to the first licensee computer 1 105a by the internal
5 network connection 1 150.
In an alternate embodiment, the second licensee computer 1 105b is directly coupled to the connection 1 115. The second licensee computer 1 105b operates through a gateway controlled by the first licensee computer 1 105a.
Referring to Fig. 12, a method 1200 for licensing software includes: in step 1205, lø initiating the software installation; in step 1210, sending information; in step 1215, verifying the license status; in step 1220, binding information; and in step 1225, completing the installation. The method 1200 may be used to license software to a computer, an individual, or a corporation.
In step 1205, the first licensee computer 1 105a initiates the installation process by 15 downloading the software program 1 120 via the connection 1115. The installation process is automatically initiated by the downloading process.
In an alternate embodiment, the first licensee computer 1 105a initiates the installation process by running a setup program within the software program 1 120.
In step 1210, the first licensee computer 1 105a sends the microprocessor identity
20 information 230 of the microprocessor identity device 205a and the license key 1 125 to the vendor computer 1 1 10 via the connection 11 15. The license key 1 125 issues to the first licensee computer 1 105a during step 1205. The software program 1 120 licenses to the first licensee computer 1 105a.
In an alternate embodiment, the software license key 1 125 issues on the software 25 media or a container for the software media.
In an alternate embodiment, the first licensee computer 1 105a sends the microprocessor identity information 230 of the microprocessor identity device 205b and the license key 1 125 to the vendor computer 11 10 via the connection 1 1 15. The software program 1 120 licenses to the digital identity device 105.
3ø In step 1215, the vendor computer 1 1 10 verifies the microprocessor identity information 230 from the first licensee computer 1 105a. The vendor computer 1 1 10 confirms the presence of the license key 1125 in the software key database 1 140 to determine if the license key 1 125 is valid. The vendor computer 1 1 10 further determines if the license key
1125 is already coupled in the software key database 1240. If coupled, there may be a breach
35 of the licensing agreement. The vendor computer 1 1 10 requests alternate microprocessor
identity information 230 from the first licensee computer 1105a and establishes multiple links to the license key 1125. In an alternate embodiment, the vendor computer 1110 halts the method 1200 if the license key 1125 is coupled. In an alternate embodiment, the vendor computer 1 110 chooses to halt the method 1200 and take actions outside this automated 5 licensing method 1200.
In step 1220, the vendor computer 11 10 binds the license key 1 125 to the microprocessor identity information 230. The software key database 1 140 associates the microprocessor identity information 230 to the license key 1125. The microprocessor identity device 205a is encrypted using the license key 1125. In an alternate embodiment, ιø the license key 1235 is encrypted using the microprocessor identity device 205a.
In step 1225, the first licensee computer 1105a completes the installation of the software program 1120. The first licensee computer 1 105a also stores the bound microprocessor identity information 230 and the license key 1 125 from step 1220.
In an alternate embodiment, if the licensee agreement allows, a second licensee 15 computer 1105b installs the software program 1 120 from the first licensee computer 1105a using the method 1200. The software key database 1140 associates the microprocessor identity information 230 of the microprocessor identity device 205a, 205b, or 205c to the license key 1 125. The association of the license, whether to the first licensee computer 1105a or the digital identity device 105, is determined by the licensing terms of the software 20 program 1120.
In an alternate embodiment, the method 1200 applies to other types of intellectual property, such as MP3 music, which runs on computers with microprocessor identity devices 205.
Referring to Fig. 13, a method 1300 for de-licensing software includes: in step 1305, 25 de-installing software; in step 1310, verifying the license status; in step 1315, un-binding identity device and software license key; and in step 1320, completing de-installation. The method 1300 is the logical reverse of the method 1200.
In step 1305, the first licensee computer 1105a starts the de-installation of the software program 1120. The software program 1120 is de-installed using a standard de-
3ø installation program supplied by the vendor. The first licensee computer 1105a transmits the license key 1125 and the microprocessor identity information 230 to the vendor computer
1110 via the connection 1115.
In an alternate -embodiment, the first licensee computer 1105a sends the microprocessor identity information 230 of the microprocessor identity device 205b and the
35 license key 1 125 to the vendor computer 1110 via the connection 1115.
In an alternate embodiment, the second licensee computer 1105b sends the microprocessor identity information 230 of the microprocessor identity device 205c and the license key 1125 to the vendor computer 1110 via the first licensee computer 1105a.
In step 1310, the vendor computer 1110 verifies the binding of the license key 1125 5 and the microprocessor identity information 230 in the software key database 1140. If the license key 1 125 and the microprocessor identity information 230 do not match the values stored in the software key database 1140, the vendor computer 11 10 halts the method 1300. In an alternate embodiment, there are other corrective actions the vendor computer 1 110 may take to correct an exception to its licensing agreement. lø In step 1315, the vendor computer 1110 un-binds the license key 1 125 to the microprocessor identity information 230 in the software key database 1140. The software key database 1 140 un-associates the microprocessor identity information 230 to the license key 1125. The software key database 1140 leaves a blank field for the microprocessor identity information 230. is In step 1320, the vendor computer 1110 completes the reinstallation process by updating the software key database 1140. The first licensee computer 1105a removes the software program 1120.
In an alternate embodiment, the second licensee computer 1105b performs the method 1300 to de-install the software program 1120. The method 1300 de-installs the software from 20 the second licensee computer 1105b, but not the first licensee computer 1 105a (such as in a private network).
In a networked environment, the methods 1200 and 1300 are done on an individual computer basis, especially when software resides on the computers in which they are used.
Referring to Fig. 14, a method 1400 for tracking software usage includes: in step
25 1405, starting the software; in step 1410, creating usage information; and in step 1415, transmitting the usage information. Tracking software usage determines licensing fees by the vendor computer 1110. The method 1400 assumes the first licensee computer 1105a has already performed the method 1200.
In step 1405, the first licensee computer 1105a starts and uses the software program 3ø 1120.
In step 1410, the software program 1 120 creates usage information. The usage information may include, for example, start time, stop time, and users.
In an alternate embodiment, the usage information is stored in a file on the first licensee computer 1105a.
In step 1415, the first licensee computer 1 105a transmits the usage information to the vendor computer 1110 via the connection 1115.
In an alternate embodiment, the first licensee computer 1105a transmits the file of the usage information when the connection 1115 is in place. The first licensee computer 1 105a further deletes the file after transmission to prevent backlogs of old files.
Although illustrative embodiments of the invention have been shown and described, a wide range of modification, changes and substitution is contemplated in the foregoing disclosure. In some instances, some features of the present invention may be employed without a corresponding use of the other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.
Claims
1. A digital identity device for identifying legal entities, comprising: a. a microprocessor identity device;
5 b. a digital identity; and c. means for binding the microprocessor identity device to the digital identity.
2. The digital identity device of claim 1, wherein the microprocessor identity device comprises a microprocessor having a unique microprocessor identity. lø
3. The digital identity device of claim 1, wherein the microprocessor identity device comprises a microprocessor and a memory; and wherein the memory has a unique microprocessor identity.
4. The digital identity device of claim 3, wherein the memory is programmable and readonly. is
5. The digital identity device of claim 4, wherein the memory is on-die or off board the microprocessor.
6. The digital identity device of claim 1, wherein the digital identity is for one of the group consisting of an individual and a corporation; and wherein the digital identity is unique. 20
7. The digital identity device of claim 1, wherein the means for binding is a secure operating system.
8. The digital identity device of claim 1, wherein the digital identity device further comprises a computer device and means for communicating between the computer device and the digital identity device. 25
9. The digital identity device of claim 8, wherein the computer device is a computer board, a computer card, or a computer device with an input/output port.
10. An apparatus for globally registering digital identity devices, comprising: a. one or more digital identity devices; b. a database of digital identity device information; and
3ø c. means for communications between the digital identity devices and the database.
1 1. A method of licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, the method comprising the steps of:
35 a. starting the installation of the software program to the computer; b. transmitting a license key and the identity information about the computer to a central database; c. receiving information to bind the license key to the identity information; d. binding the license key to the identity information in the computer; and 5 e. completing the installation.
12. The method of claim 11, wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
13. The method of claim 11, wherein the identity information resides in a digital identity lø device.
14. The method of claim 11, wherein starting the installation of the software program comprises any standard installation method.
15. The method of claim 11, wherein transmitting the license key and the identity information comprises any standard communication transmission method.
15 16. The method of claim 11, wherein receiving information to bind the license key to the identity information comprises receiving information from a central database regarding a status of the license key using any standard communication reception method.
17. The method of claim 11, wherein binding the license key to the identity information 20 in the computer comprises using a secure operating system.
18. A method of de-licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, the method comprising the steps of: a. starting the de-installation of the software program to the computer;
25 b. transmitting a license key and the identity information about the computer to a central database; c. receiving information to unbind the license key to the identity information; d. unbinding the license key to the identity information in the computer; and e. completing the reinstallation.
3ø
19. The method of claim 18, wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
20. The method of claim 18, wherein the identity information resides in a digital identity device.
21. The method of claim 18, wherein starting the de-installation of the software program comprises any standard de-installation method.
22. The method of claim 18, wherein transmitting the license key and the identity information comprises any standard communication transmission method.
5 23. The method of claim 18, wherein receiving information to unbind the license key to the identity information comprises receiving information from a central database regarding a status of the license key using any standard communication reception method.
24. The method of claim 18, wherein unbinding the license key to the identity information lø in the computer comprises using a secure operating system.
25. A method of tracking software usage by a computer, the computer having a microprocessor containing identity information about the computer, the method comprising the steps of: a. receiving a usage profile from the computer; and
15 b. storing the usage profile in a central database.
26. The method of claim 25, wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
27. The method of claim 25, wherein the identity information resides in a digital identity 20 device.
28. The method of claim 25, wherein receiving a usage profile from the computer comprises receiving the identity information and a usage time stamp by any standard electronic communication reception method.
29. The method of claim 25, further comprising calculating a usage fee from the usage 25 profile.
30. A method of identifying an origin of electronic communication, comprising tagging the electronic communication, wherein the origin comprises a microprocessor containing identity information about the origin, wherein tagging the electronic communication comprises encrypting the electronic communication using the identity
3ø information in the encryption algorithm, and wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
31. The method of claim 30, wherein the identity information resides in a digital identity device.
l i
32. A method of identifying property, the property having a microprocessor containing identity information about the property, the method comprising binding the property to the microprocessor, wherein binding the property comprises binding the identity information to the property using a secure operating system, wherein the identity
5 information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
33. The method of claim 32, wherein the identity information resides in a digital identity device.
34. A method of securing one or more electronic documents, comprising encrypting the lø documents, wherein the electronic documents are stored on a computer having a microprocessor containing identity information, wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
35. The method of claim 34, wherein the identity information resides in a digital identity is device.
36. The method of claim 35, wherein encrypting the documents comprises using the identity information in the encryption algorithm.
37. A method of licensing a software program to a computer, the computer having a microprocessor containing identity information about the computer, the method
20 comprising the steps of: a. receiving a license key and the identity information about the computer into a central database; b. transferring a status of the license key and the identity information in the central database to the computer;
25 c. accepting the license key and the identity information; and d. binding the license key to the identity information in the central database.
38. The method of claim 37, wherein the identity information is for one of the group consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
3ø 39. The method of claim 38, wherein the identity information resides in a digital identity device.
40. The method of claim 39, wherein receiving a license key and the identity information about the computer into a central database comprises any standard communication reception method.
41. The method of claim 40, wherein transferring a status of the license key and the identity information in the central database to the computer comprises looking up the status of the license key in the central database.
42. The method of claim 41, wherein accepting the license key and the identity 5 information comprises updating the central database to include the license key and the identity information.
43. The method of claim 42, wherein binding the license key to the identity information in the central database comprises linking the license key to the identity information.
44. A method of de-licensing a software program to a computer, the computer having a ιø microprocessor containing identity information about the computer, the method comprising the steps of: a. receiving a license key and the identity information about thecomputer into a central database; b. transferring a status of the license key and the identity information in the 15 central database to the computer; c. accepting the license key and the identity information; and d. unbinding the license key to the identity information in the central database.
45. The method of claim 44, wherein the identity information is for one of the group 20 consisting of an individual, a computer, and a corporation; and wherein the identity information is unique.
46. The method of claim 45, wherein the identity information resides in a digital identity device.
47. The method of claim 46, wherein receiving a license key and the identity information 25 about the computer into a central database comprises any standard communication reception method.
48. The method of claim 47, wherein transferring a status of the license key and the identity information in the central database to the computer comprises looking up the status of the license key in the central database.
3ø 49. The method of claim 48, wherein accepting the license key and the identity information comprises updating the central database to exclude the license key and the identity information.
50. The method of claim 49, wherein unbinding the license key to the identity information in the central database comprises de-registering the license key to the identity
35 information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2001/007213 WO2002073380A1 (en) | 2001-03-07 | 2001-03-07 | Digital identity device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2001/007213 WO2002073380A1 (en) | 2001-03-07 | 2001-03-07 | Digital identity device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002073380A1 true WO2002073380A1 (en) | 2002-09-19 |
Family
ID=21742380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/007213 WO2002073380A1 (en) | 2001-03-07 | 2001-03-07 | Digital identity device |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2002073380A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11921868B2 (en) | 2021-10-04 | 2024-03-05 | Bank Of America Corporation | Data access control for user devices using a blockchain |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
WO1997029416A2 (en) * | 1996-02-09 | 1997-08-14 | Integrated Technologies Of America, Inc. | Access control/crypto system |
US5781723A (en) * | 1996-06-03 | 1998-07-14 | Microsoft Corporation | System and method for self-identifying a portable information device to a computing unit |
US5857024A (en) * | 1995-10-02 | 1999-01-05 | International Business Machines Corporation | IC card and authentication method for information processing apparatus |
-
2001
- 2001-03-07 WO PCT/US2001/007213 patent/WO2002073380A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5857024A (en) * | 1995-10-02 | 1999-01-05 | International Business Machines Corporation | IC card and authentication method for information processing apparatus |
WO1997029416A2 (en) * | 1996-02-09 | 1997-08-14 | Integrated Technologies Of America, Inc. | Access control/crypto system |
US5781723A (en) * | 1996-06-03 | 1998-07-14 | Microsoft Corporation | System and method for self-identifying a portable information device to a computing unit |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11921868B2 (en) | 2021-10-04 | 2024-03-05 | Bank Of America Corporation | Data access control for user devices using a blockchain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8489895B2 (en) | Microprocessor identity device | |
US20090198618A1 (en) | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce | |
CN101496024B (en) | Net settlement assisting device | |
US5850442A (en) | Secure world wide electronic commerce over an open network | |
US20100095130A1 (en) | Smartcards for secure transaction systems | |
US20100094754A1 (en) | Smartcard based secure transaction systems and methods | |
EP1207503A2 (en) | System and method of authenticating a credit card using a fingerprint | |
US20120273578A1 (en) | Federated ID Secure Virtual Terminal Emulation Smartcard | |
KR100411448B1 (en) | public-key infrastructure based digital certificate methods of issuing and system thereof | |
KR20090006831A (en) | Authentication for a commercial transaction using a mobile module | |
WO2010019706A1 (en) | Trusted card system using secure exchange | |
CN1373958A (en) | Secure transaction modem | |
WO2005117527A2 (en) | An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication | |
JP4911595B2 (en) | Identification device, identification system and identification method | |
EP2834766A1 (en) | Authentication in computer networks | |
US20020120585A1 (en) | Action verification system using central verification authority | |
EP1542135B1 (en) | A method which is able to centralize the administration of the user registered information across networks | |
JP2002312326A (en) | Multiple authentication method using electronic device with usb interface | |
JP2008198032A (en) | Right-to-use transaction system, token transaction method and program | |
WO2002073380A1 (en) | Digital identity device | |
KR20230044953A (en) | Computing method and system for managing files through account authentication of blockchain | |
KR101329879B1 (en) | Method of Certificating User in Online Banking Service Using Smart Card | |
US20240070662A1 (en) | Non-fungible token document platform | |
KR20060043953A (en) | Access method for electronic certificate stored in storage medium | |
JP2021044780A (en) | System for preventing alteration in electronic authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |