Database usage metering and protection system and method

Claims

What is claimed is:

1. A secure database access system comprising:

a storage medium storing encrypted textual information;

means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium;

means, connected to said selecting and reading means, for decrypting said read encrypted information; and

control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location, said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium,

wherein said control means measures the number of contiguous blocks of said textual information decrypted by said decrypting means and prevents said decrypting means from decrypting more than a certain number of said contiguous blocks.

2. A system as in claim 1 wherein said control means measures the time at which said decrypting means decrypts said information and the duration of usage of said decrypted information, and wherein said metering means includes means for storing said measured time and duration.

3. A secure database access system comprising:

a storage medium storing encrypted textual information;

means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium;

means, connected to said selecting and reading means, for decrypting said read encrypted information; and

control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location, said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium,

said control means including:

means for communicating signals over a communications path to said centralized billing facility; and

electronic monitoring means, connected to said decrypting means and to said communicating means, for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal communicating means to communicate said count to said billing facility,

wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility.

4. A secure database access system comprising:

non-volatile storage means for storing a text-oriented database in digital form;

means connected to said storage means for selecting and reading portions of said stored database;

means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means;

further non-volatile storage means connected to said determining means for storing information representing said determined quantity;

communicating means connected to said further storage means for periodically transmitting said stored information to a location remote thereto; and

means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database.

5. A secure data base access system comprising:

a storage medium storing a textual data base comprising characters in encrypted form, said storage medium also storing index information, said index information correlating portions of said encrypted database with unencrypted search information;

a host digital signal processor, operatively connected to said storage medium, said processor pre-programmed so as to: (a) generate unencrypted search information, (b) read said index information from said storage medium, (c) identify, in accordance with said index information, the portions of said encrypted database which satisfy said search information, and (d) read said identified encrypted database portions from said storage medium;

a non-volatile memory device;

means for decrypting portions of said encrypted database to produce corresponding decrypted information;

decoder control logic means, coupled to said host processor, said decrypting means, and said memory device, for receiving said encrypted database portions read by said host processor, for controlling said decrypting means to decrypt said portions, for measuring the quantity of information decrypted by said decrypting means, and for storing said measured quantity in said memory device; and

telecommunications means connected to said non-volatile memory for periodically communicating said stored measured quantity to a distant location over a telecommunications network, for transmitting said same search information over said network, and for accessing a further, related portion of said same database over said telecommunication network in accordance with said same search information.

6. A system as in claim 5 wherein said decoder control logic means also transmits said decrypted information produced by said decrypting means to said host processor.

7. A system as in claim 5 further including means for preventing tampering with at least one of said memory device, decrypting means and decoder control logic means.

8. A system as in claim 5 further including a replaceable module adapted for disengageable connection with said decoder control logic means, said memory device being contained in said module.

9. A system as in claim 5 wherein said telecommunications means also receives certain additional information from said distant location, said decoder control logic means including means for inhibiting said decrypting means from further decrypting said database whenever said memory device becomes filled and means for resetting said memory device in response to said certain information received from said distant location.

10. A system as in claim 9 wherein:

said decoder control logic means automatically prevents said decrypting means from decrypting database portions after a predetermined event occurs unless said certain information is received by said telecommunications means.

11. A system as in claim 5 wherein:

said system further includes real time clock means connected to said decoder control logic means for producing digital signals representing the current date;

said memory device stores digital signals representing a predetermined date; and

said decoder control logic means inhibits said decrypting means from operating whenever the date represented by said stored date signals is earlier than the date represented by said real time date signals.

12. A system as in claim 5 wherein said decoder control logic means includes means for causing said system to be non-functional after a predetermined event occurs unless said host processor transmits predetermined antidote information thereto.

13. A system as in claim 5 wherein:

said storage medium stores a plurality of different discrete data bases, said data bases having different selectable usage cost rates associated therewith;

said host processor selects at least one of said databases in response to said search information;

said decoder control logic means stores a designation of said selected database in said memory device with said measured quantity; and

said telecommunications means communicates said stored designations to said distant location.

14. A method of accessing information comprising the steps of:

(i) providing a storage medium storing encrypted text information organized into a database thereon;

(ii) selecting portions of said encrypted information;

(iii) reading said selected portions from said storage medium;

(iv) decrypting said read information;

(v) measuring the amount of information decrypted by said decrypting step;

(vi) calculating a usage fee in response to said measured amount; and

(vii) preventing decryption of more than a predetermined quantity of contiguous database information.

15. A method as in claim 14 further including the steps of:

counting the number of predetermined length contiguous database blocks of information decrypted by said decrypting step (iv);

storing said count in a non-volatile memory device; repeating said counting and storing steps each time said selecting, reading and decrypting steps are performed, and

preventing selection of further blocks contiguous with previously decrypted blocks once said counted number exceeds a preset number.

16. A method as in claim 14 wherein said method further includes the steps of:

counting the number of predetermined length blocks of information decrypted by said decrypting step (vi);

storing said count in a non-volatile memory device;

periodically telecommunicating said stored count information to a centralized billing facility, said facility performing said calculating step (vi) in response to said telecommunicated information;

periodically telecommunicating further information from said centralized billing facility and storing said further information in said memory device; and

conditioning performance of said reading step (iii) on the presence of said further information stored in said memory device.

17. A method as in claim 14 wherein:

said storage medium also stores unencrypted index information thereon; and

said selecting step includes the following steps:

(a) inputting an unencrypted, user-defined search request,

(b) reading said unencrypted index information from said storage medium, and

(c) identifying portions of said stored encrypted information in response to said read index information and said inputted request.

18. A method as in claim 14 wherein:

said storage medium also stores encrypted index information thereon; and

said selecting step includes the following steps:

(a) inputting an unencrypted, user-defined search request,

(b) reading said encrypted index information from said storage medium,

(c) decrypting said read index information, and

(d) identifying portions of said stored encrypted information in response to said decrypted index information and said inputted request.

19. A method of accessing databases comprising the steps of:

storing digital information organized into plural discrete databases on a random access non-volatile storage device;

selecting one of said plural databases;

selecting discrete portions of said selected database;

using said selected discrete portions of said selected database;

metering said usage of each of said databases individually and generating signals indicating said usage;

storing said usage-indicating signals in a further non-volatile storage device;

periodically communicating said stored usage-indicating signals to a remote location; and

inhibiting said using step whenever said metering step indicates a significant percentage of any of said plural databases has been used within a given time period.

20. A method of securing access to a database comprising the steps of:

providing a read only random access storage medium having a database in encrypted form stored thereon and also having index information stored thereon said index information correlating portions of said encrypted database with unencrypted search information;

generating unencrypted search information;

reading said index information from said storage medium;

identifying, in accordance with said index information, the specific database portions of said encrypted database which satisfy said generated search information;

reading said identified encrypted database portions from said storage medium;

decrypting said read portions of said encrypted database to produce corresponding decrypted information;

measuring the quantity of information decrypted by said decrypting step;

storing said measured quantity in a non-volatile memory device; and

inhibiting said decrypting step from decrypting more than a certain percentage of said encrypted database in response to said quantity measured by said measuring step thereby preventing copying of a significant portion of said database.

21. A method of securing access to a database comprising the steps of:

providing a random access mass storage medium having a database stored thereon and also having index information correlating portions of said database with encrypted source information stored thereon;

generating search information;

reading said index information from said storage medium;

identifying, in accordance with said index information, the specific portions of said database which correspond to said generated search information;

reading said specific identified database portions from said storage medium;

decrypting said specific identified portions of said encrypted source to produce corresponding decrypted information;

measuring the quantity of information decrypted by said decrypting step;

storing said measured quantity in a non-volatile memory device; and

inhibiting said decrypting step from decrypting more than a predetermined percentage of said source in response to said quantity measured by said measuring step, thereby preventing copying of a significant portion of said database.

22. A method as in claim 21 wherein:

said index information decrypting step comprises decrypting said index information using a first decryption technique; and

said encrypted database portions decrypting step comprises decrypting said database portions using a predetermined second decryption technique different from said first technique.

23. A method as in claim 21 further including:

generating a real time clock signal; and

storing said clock signal along with said measured information in said memory device.

24. A method of distributing literary properties comprising the steps of:

(i) providing, to a user at a user site, a storage medium having plural different text-oriented literary properties stored thereon in digital form, rights in said text-oriented properties being owned by different property owners;

(ii) permitting the user to select and electronically access said stored properties and preventing the user from copying more than a certain percentage of said stored properties using a digital signal processor at said user site connected to a non-volatile storage device also at said user site;

(iii) storing with said digital processor digital signals identifying said selected properties in said non-volatile storage device in response to database accesses by the user in accordance with said permission provided by said permitting step (ii);

(iv) periodically communicating said stored digital signals from said digital processor to a central billing facility remote to said user site via a telecommunications network;

(v) determining, in response to said communicated digital signals communicated by said communicating step (iv), a user charge based on actual access of the properties stored on said storage medium by the user in accordance with said permission provided by said permitting step (ii);

(vi) subsequent to said determining step (v), collecting the user charge determined by said determining step (v) from said user; and

(vii) apportioning said user charge collected in said collecting step (vi) between said different property owners in accordance with said actual access of said properties by said user in accordance with said permission provided by said permitting step (ii).

25. A method as in claim 24 further including the step of preventing information stored in said non-volatile storage device from being tampered with.

26. A method as in claim 24 wherein:

said method further includes the step, performed prior to said permitting step, of telecommunicating certain information from a distant location and storing said certain information into said non-volatile storage device;

said communicating step includes telecommunicating said digital signals stored by said storing step (iii) to said distant location periodically; and

said method further includes inhibiting said preventing step whenever said certain information is not stored in said storage device.

27. A method as in claim 24 further including:

coding at least portions of said properties so that said portions cannot be readily understood; and

decoding portions of said properties selected by said user so that said portions can be readily understood only when said certain information is stored in said storage device.

28. A secured browsing workstation comprising:

means, connected to receive encrypted information transmitted thereto by a host digital signal processor, for decrypting said encrypted information;

display means, operatively coupled to said decrypting means, for displaying selected portions of said decrypted information;

user interface means, manipulable by a user, for selecting information portions to be displayed and for selecting information portions to be further processed;

data transmitting means, connected to said interface means and operatively connected to said decrypting means, for transmitting said portions selected for further processing by said host digital signal processor; and

billing information generating means, connected to said user interface means, for generating billing information in response to information use, said generating means applying different billing rates for display of decrypted information and for further processing of decrypted information, said billing information generating means including means for generating an indication of total charges, and means for comparing said total charges to a predetermined credit and for inhibiting said data transmitting means from transmitting said portions to said host processor whenever said total charges exceed said predetermined credit.

29. A workstation as in claim 28 further including means for preventing electronic access to said information decrypted by said decrypting means and not transmitted by said transmitting means.

30. A workstation as in claim 28 further including:

non-volatile memory means for storing said billing information and said predetermined credit; and

means for communicating said stored billing information to a location remote from said browsing workstation location and for communicating said credit from said remote location to said non-volatile memory means.

31. A workstation as in claim 28 wherein:

said workstation further includes non-volatile memory means, connected to said billing information generating means, for storing said billing information; and

means for periodically connecting said memory means to a location remote from said browsing workstation location via a telephone line.

32. A method of securing access to a database comprising the steps of:

(a) providing a storage medium having digital signals representing a database stored thereon;

(b) selecting portions of said database;

(c) extracting signals representing said selected database portions from said storage medium;

(d) storing at least one characteristic of said selected portions in a non-volatile memory device;

(e) repeating said selecting step (b);

(f) reading stored characteristics from said memory device;

(g) determining whether a database portion selected by said repeated selecting step (b) has a logical relationship with database portions earlier selected by said selecting step (b); and

(h) inhibiting said extracting step (c) if said determining step reveals said logical relationship exists to thereby prevent copying of any substantial portion of information of said database,

wherein said determining step (g) includes the step of determining whether signals representing more than a predetermined percentage of said database have been extracted.

33. A method as in claim 32 wherein said method further includes the step of dynamically specifying said logical relationship.

34. A method as in claim 32 wherein said non-volatile memory device stores data portion characteristics associated with data signals extracted by said extracting step during a predetermined period of time.

35. A method of securing access to a database comprising the steps of:

(a) providing a storage medium having digital signals representing a database stored thereon;

(b) selecting portions of said database;

(c) extracting signals representing said selected database portions from said storage medium;

(d) storing at least one characteristic of said selected portions in a non-volatile memory device;

(e) repeating said selecting step (b);

(f) reading stored characteristics from said memory device;

(g) determining whether a database portion selected by said repeated selecting step (b) has a logical relationship with database portions earlier selected by said selecting step (b); and

(h) inhibiting said extracting step (c) if said determining step reveals said logical relationship exists to thereby prevent copying of any substantial portion of information of said database,

wherein said data is organized in sequential blocks, and said determining step (g) includes the step of determining whether signals representing more than a predetermined number of sequential blocks of said database have been extracted.

36. A method of securing access to a database comprising the steps of:

(a) providing a storage medium having digital signals representing a database stored thereon;

(b) selecting relatively small portions of said database;

(c) extracting signals representing said selected database portions from said storage medium;

(d) storing at least one characteristic of said selected portions in a non-volatile memory device;

(e) repeating said selecting step (b);

(f) reading stored characteristics from said memory device;

(g) determining whether a database portion selected by said repeated selecting step (b) has a logical relationship with database portions earlier selected by said selecting step (b); and

(h) inhibiting said extracting step (c) if said determining step reveals said logical relationship exists to thereby prevent copying of any substantial portion of information of said database,

said method further including the step of specifying a maximum cost value;

wherein said determining step includes the steps of:

calculating a total cost based on the quantity of extracted data portions associated with said stored characteristics, and

determining whether said calculated total cost exceeds said specified cost value; and

wherein said inhibiting step inhibits said extracting step whenever said calculated total cost exceeds said specified cost value.

37. Apparatus for accessing a stored database comprising:

a storage medium having digital signals representing a database stored thereon;

means operatively associated with said storage medium for selecting portions of said database and for non-destructively extracting signals representing said selected database portions from said storage medium;

non-volatile memory means connected to said selecting and extracting means for storing at least one characteristic of said selected portions in a non-volatile memory device and for retaining said stored characteristics; and

means connected to said non-volatile memory means and to said selecting and extracting means for determining whether a characteristic of data portions selected by said selecting and extracting means has a predetermined relationship with characteristics retained by said memory means and for inhibiting said selecting and extracting means from extracting said selected data portions if said testing reveals said predetermined relationship exists to thereby prevent copying of a substantial portion of said database over time,

wherein said determining means includes means for determining whether signals representing more than a predetermined percentage of said data has been extracted.

38. Apparatus as in claim 37 further including means for permitting a user to specify said preprogrammed relationship.

39. Apparatus as in claim 37 wherein:

said apparatus further includes means for permitting a user to specify a maximum cost value; and

said determining means comprises a digital signal processor preprogrammed so as to perform the following functions:

calculate a total cost based on the quantity and other usage parameter of extracted data portions associated with said stored characteristics, and

determining whether said calculated total cost exceeds said user-specified cost value.

40. Apparatus as in claim 37 wherein said non-volatile memory means stores data portion characteristics associated with data signals extracted by said extracting step during a predetermined period of time.

41. Apparatus for accessing a stored database comprising:

a storage medium having digital signals representing a database stored thereon;

means operatively associated with said storage medium for selecting portions of said database and for non-destructively extracting signals representing said selected database portions from said storage medium;

non-volatile memory means connected to said selecting and extracting means for storing at least one characteristic of said selected portions in a non-volatile memory device and for retaining said stored characteristics; and

means connected to said non-volatile memory means and to said selecting and extracting means for determining whether a characteristic of data portions selected by said selecting and extracting means has a predetermined relationship with characteristics retained by said memory means and for inhibiting said selecting and extracting means from extracting said selected data portions if said testing reveals said predetermined relationship exists to thereby prevent copying of a substantial portion of said database over time,

wherein said data is organized in sequential blocks, and said determining means includes means for determining whether signals representing more than a predetermined number of sequential blocks of said data have been extracted.

The present invention relates to regulating usage of a computer database. More particularly, the invention relates to techniques for preventing unauthorized use of an electronic digital information database and for measuring the utilization of the database by authorized users.

Information conveyed in electronic form is rapidly becoming the most valuable of commodities. Electronic digital databases now exist for a variety of different applications and fields of endeavor, and many businesses presently rely heavily on their ability to access those databases.

The value of being able to instantaneously, electronically access important, accurate information cannot be overestimated. Many of our daily activities depend on our ability to obtain pertinent information in a timely fashion. While printed publications and electronic mass media together fulfill most of the average person's informational needs and most often are the only source for full-text reference information, just about any effort to access information can benefit from the vast information handling capabilities of the computer. In today's fast-paced world, we quickly come to insist on and rely upon the most thorough and up-to-the-minute information available --often made possible only by electronic data processing and informational management technology. On-line, public databases, now a two billion dollar a year industry, are a case in point.

As the "information explosion" continues its course, more and more people will become dependent on electronically-stored information and people will continue to be willing to pay premium prices (when necessary) for access to and use of such information because of its usefulness and value to them. Currently, the principal resource for large, electronic information data bases are on-line (public) data base services such as Dialog Information Services, Mead Data Central, Dow Jones Information Services, Source, Compuserve, and many others. Most on-line data bases are abstract and/or bibliographic in content, and many are used primarily to access the document locations of specified information, rather than for the recall of the original document full-text.

Historically, personal computers have been used primarily for word-processing, modeling, and, to a lesser extent, the structured data base management of records. Technology that enables the user of, for example, a personal computer to search for, locate, and retrieve topically related full-text information from vast full-text data bases would be extremely useful and valuable.

The only viable way to make some kinds of information (e.g., information which must be constantly updated) available is to maintain centralized databases and permit users to access the centralized databases through telephone lines or other communication means. Until very recently, this method has been the most cost-effective way to offer access to electronic databases. Access to a centralized database can be controlled relatively easily, and users can be charged for using a centralized database in accordance with parameters which are relatively easy to measure (i.e., the amount of time the user is connected to the database computer, the number and type of tasks the user requests, etc.). Moreover, because the database never leaves the central computer (each user is typically given access to only small portions of the database at a time), there is no danger of someone making unauthorized copies of the database.

However, centralized databases have important disadvantages. For example, it takes a relatively long time to manipulate information in a centralized database due to the relatively slow data transmission rates of standard communications channels and because the centralized database computer typically shares its resources among hundred or thousands of users at once. This can be a serious drawback if the user wishes to access a large volume of information or wishes to perform particularly complex data manipulation tasks. Also, it may take a long time during periods of peak database usage before communication can be successfully established with a centralized database computer, decreasing the utilization of the database and causing some users to become frustrated. Further disadvantages include the expense of establishing long-distance communications paths (e.g., WATS telephone line maintenance charges, long-distance direct-dial telephone charges, satellite channel costs, etc.) between distant user terminals and the central database computer, and the reliability problems associated with such communications paths. Moreover, the centralized computer facility needed to handle the access requests of many distant users simultaneously is extremely expensive to purchase and maintain.

With the advent of cheaper computer hardware and new, high density information storage devices (such as the optical disk and the bubble memory), it has become practical to give users their own copies of large and complex databases and permit users to access and manipulate the databases using their own computer equipment. Optical disks are capable of storing vast amounts of information at relatively low cost, are small enough to be sent through the mails, and can provide data at extremely rapid rates. Bubble memory devices provide some similar capabilities.

CD and related digital disk drives can currently store up to 225,000 pages of full-text information per removable diskette and can inexpensively maintain in excess of 1,800,000 pages of text simultaneously on-line. These technologies are ideal for personal computer information base libraries. CD drives use removable compact disks (essentially identical to an audio compact disk) the very low cost and enormous storage capacity has been predicted to result in an installed base of as large as one million drives to 10 million drives (including non-CD but related optical storage technology) by the end of 1990. Owners of "CD-ROM" and related drives will create an enormous demand for both lexical software and electronically published information base products. Mitsubishi Research Institute of Japan, for example, estimates that between 8,000 and 12,000 different CD-ROM publication titles will be on the market by the end of 1990.

Hence, it is now possible to store some databases on transportable, high-density information storage devices, and simply mail each user his own copy of the databases. The user can in this way be given exclusive access, via his own computer system, to local, on-site databases. Rapid access time is provided because access to the databases is exclusive rather than shared, and because data can be read from the database storage device by local high-speed I/O devices and transmitted over local high-speed I/O channels or networks. The stored databases can be updated periodically if necessary by sending the user storage devices containing a new version of (or new portions of) the databases.

It is very expensive to build a database. One way to recover the costs of constructing and maintaining a database ("Return On Investment", or ROI) is to charge a flat subscription or access fee to each user subscribing to use the database. If this is the only billing method used, however, infrequent users of the database may be discouraged from subscribing, because they would be asked to pay the same cost a frequent user pays. Thus, many database owners charge subscribers a nominal subscription fee, and then periodically (e.g., monthly) charge users a fee calculated in accordance with the amount the user has used the database.

While it is easy to measure the amount someone uses a centralized database (e.g., simply time each access session length and store the time information with user identification information), there is no convenient way to measure the usage of a database residing on a user's own computer, or to convey such usage information to the owner of the database. Techniques are known for automatically, electronically measuring consumption of a commodity such as electricity, water or gas, storing the measurements in a memory device, and periodically downloading the stored measurements over a telephone line to a central billing computer. Unfortunately, these known techniques are not readily adaptable to database usage metering, and moreover, are neither secure enough nor provide the security against database piracy that most database owners demand.

The prevention of unauthorized database usage becomes a huge problem whenever a stored database leaves the possession and control of the database owner. Computer program manufacturers lose millions of dollars each year to "pirates" who make unauthorized copies of software and distribute those copies for profit. Complex databases are often even more expensive to produce than programs, so that potential contributors of data base properties, as well as database owners themselves, may be extremely hesitant to permit electronic copies of their properties or databases to leave their control unless they can be absolutely sure no unauthorized copies will be made. The copyright laws and contractual licensing agreements may deter, but will not prevent, unauthorized use and copying of database.

SUMMARY OF THE INVENTION

The present invention provides a database access system and method at a user site which permits unauthorized users to access and use the database and absolutely prevents unauthorized database use and copying. The present invention also provides a facility for measuring usage of the on-site database for the purpose of billing the user according to the amount he has used the database, and for periodically conveying the measured usage information to the database owner (or his agent) --while preventing the user from tampering with the measured usage information.

The invention solves fundamental media based electronic publishing issues including:

Security of the information base. The present invention provides a code/decode Interlock System which includes both software and a tamper proof hardware module that prevents unauthorized and/or unmetered use of a protected information base. The present invention also supports a multi-level coded security access system limi