U.S. patent application number 14/244697 was filed with the patent office on 2014-10-16 for electronic single action software distribution.
This patent application is currently assigned to Apple Inc.. The applicant listed for this patent is Apple Inc.. Invention is credited to Eduardo Cue, Glenn Epis, Thomas Alan Fitzgerald, Judy Halchin, Chris Sharp.
Application Number | 20140310821 14/244697 |
Document ID | / |
Family ID | 50481943 |
Filed Date | 2014-10-16 |
United States Patent
Application |
20140310821 |
Kind Code |
A1 |
Epis; Glenn ; et
al. |
October 16, 2014 |
ELECTRONIC SINGLE ACTION SOFTWARE DISTRIBUTION
Abstract
Deep linking to a URL of a download is obviated by the
generation of a dynamic symbolic system link. When a user is at a
download page, the HTML source for the displayed download button
does not contain the URL of the download site. Selection of the
button sends as form values the product ID and a session ID to the
server which generates a dynamic link. This link is returned to the
browser to redirect it to the download site. The link is further
set to expire after the session so that, even if the link is
captured, after expiration it will be unable to reach the download
site.
Inventors: |
Epis; Glenn; (Sunnyvale,
CA) ; Halchin; Judy; (Cupertino, CA) ; Sharp;
Chris; (San Jose, CA) ; Cue; Eduardo;
(Mountain View, CA) ; Fitzgerald; Thomas Alan;
(Cupertino, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Apple Inc. |
Cupertino |
CA |
US |
|
|
Assignee: |
Apple Inc.
Cupertino
CA
|
Family ID: |
50481943 |
Appl. No.: |
14/244697 |
Filed: |
April 3, 2014 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
09945208 |
Aug 31, 2001 |
8706649 |
|
|
14244697 |
|
|
|
|
Current U.S.
Class: |
726/27 |
Current CPC
Class: |
G06F 21/10 20130101;
G06F 16/958 20190101; G06F 8/60 20130101; G06Q 30/06 20130101 |
Class at
Publication: |
726/27 |
International
Class: |
G06F 21/10 20060101
G06F021/10 |
Claims
1. A virtual store system comprising: a computer network; a client
being selectively connected to said network; a download server
including at least one electronically stored file locatable by a
URL and further being connected to said network; an ESD server
being connected to said network; and a store server including a
first alphanumeric identification and a plurality of web pages and
further being connected to said network; wherein a first one of
said web pages includes a second alphanumeric identification
associated with said file and a first indicia selectable at said
client when said first one of said web pages is viewed at said
client; wherein said first identification and said second
identification are transmitted to said ESD server upon selection of
said first indicia and in response said ESD server transmits to
said store server an alphanumeric string generated as a function of
said first identification and said second identification; and
wherein a second one of said web pages includes a second indicia
selectable at said client when said second one of said web pages
made viewable at said client subsequent to said alphanumeric string
being generated; and wherein said client is connected to said
download computer to access said file at said URL upon selection of
said second indicia, said URL including said alphanumeric
string.
2. A system as set forth in claim 1 wherein said computer network
is a public computer network.
3. A system as set forth in claim 1 wherein said client is a user
computer having a browser.
4. A system as set forth in claim 1 wherein said electronically
stored file is an executable software program.
5. A system as set forth in claim 1 wherein said first alphanumeric
identification is a session ID.
6. A system as set forth in claim 5 wherein a third one of said web
pages includes a login form and a third indicia, said login form
being adapted to receive a login name and password when said third
one of said web pages is viewed at said client, said third indicia
being selectable when said third one of said web pages is viewed at
said client, said login name and said password being transmitted to
said store server upon selection of said third indicia, said store
server in response generating said session ID.
7. A system as set forth in claim 1 wherein said second
alphanumeric identification is a name of said file.
8. A system as set forth in claim 1 wherein said second
alphanumeric identification is an encoded name of said file.
9. A system as set forth in claim 1 wherein said first one of said
pages includes an html input tag to generate said first
indicia.
10. A system as set forth in claim 1 wherein said first indicia is
a one-click button.
11. A system as set forth in claim 1 wherein said first indicia is
an add to cart button.
12. A system as set forth in claim 11 wherein a third one of said
pages is a shopping cart page viewable at said client in response
to selecting said add to cart button and including textual
information concerning said file and a download indicia in
association with said textual information wherein said second one
of said web pages is viewable at said client in response to
selection of said download button.
13. A system as set forth in claim 1 wherein said client further
includes a third alphanumeric identification.
14. A system as set forth in claim 13 wherein said third
alphanumeric identification is a cookie.
15. A system as set forth in claim 13 wherein said store server
further includes a database adapted to contain at least one entry
wherein said entry includes said third alphanumeric identification
and said second alphanumeric identification subsequent to selection
of said second indicia.
16. A system as set forth in claim 15 wherein said third
identification from each of said client and said database are read
by said download server, said client being enabled to connect to
said download server only in the event said third identification
from each of said client and said database are identical.
17. A system as set forth in claim 12 wherein said shopping cart
page further includes additional textual information concerning at
least one non-ESD item and a purchase indicia in association with
said additional textual information.
18. A system as set forth in claim 17 wherein a fourth one of said
web pages includes information relating to said at least one
non-ESD item, a fourth alphanumeric identification and a fourth
indicia.
19. A method for electronic software distribution comprising:
displaying at a client a download page having a download button;
sending to a first server an alphanumeric identification
identifying electronically stored software title in response to
selection of said download button; sending to a second server from
said first server said alphanumeric identification and a session
ID; generating at said second server said dynamic symbolic system
link as a function of said alphanumeric identification and said
session ID; redirecting said client to a URL identified by said
symbolic system link at a download server, said URL being the
location from which an electronically stored software title may be
downloaded.
20. A method as set forth in claim 19 further comprising: setting
at said client a user cookie upon connection to said store server;
writing said user cookie and said alphanumeric identification into
a database in association with each other; reading said user cookie
by said second server in response to receiving said alphanumeric
identification and said session ID; comparing said user cookie at
said client to said user cookie in said database, said generating
being performed only in the event of match occurs between said user
cookie at said client and said user cookie in said database.
Description
RELATED APPLICATION
[0001] The instant application is a continuation application of,
and hereby claims priority to, pending U.S. patent application Ser.
No. 09/945,208, which is titled "Electronic Single Action Software
Distribution," by inventors Glenn Epis, Judy Halchin, Chris Sharp,
Eduardo Cue, and Thomas Alan Fitzgerald, which was filed on 31 Aug.
2001, and which is incorporated by reference.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates generally to electronic
software distribution (ESD) and, more particularly, to ESD methods
an apparatus wherein a temporary URL is dynamically generated by an
ESD server to provide a web page link to a download server.
[0004] 2. Description of the Related Art
[0005] Electronic software distribution generally refers to the
purchase and sale of software products or titles through a virtual
store over the Internet and the subsequent electronic download of
the purchased title from a download server to a client computer.
The software titles available through ESD typically include
executable program code and multimedia content. The virtual store
is typically a website consisting of one or more web pages located
at a merchant's web server that, when viewed at the client through
the web browser executing at the client, display the store's
contents, i.e., a listing of the available titles along with a
brief description and price for each.
[0006] Although ESD is a highly preferable method and means for
distributing electronically stored titles, ESD has also given rise
to an entirely new set of problems and solutions in the protection
of a software publisher's rights to its respective titles, as
compared to distribution of "boxed" titles stored on disk or other
readable medium and distributed through retail outlets. Without any
protection of the publisher's rights incorporated into the ESD
method or apparatus, after an initial copy of a title has been
downloaded, such title would be capable of being freely copied and
distributed without further payment to the publisher in violation
of the publisher's rights.
[0007] To provide maximum protection to the publisher, when the
client computer has accessed the virtual store and a title
selection has been made, a sequence of events occurs which obtains
payment information for the title, authenticates such information,
and then makes the purchased title available for download. The
availability for download is typically made through a web page that
displays the purchased title and a download button. Selection of
the download button through the client computer graphic user
interface, i.e., a mouse click with the cursor placed on such
button, sends a request to the download server with the URL of the
purchased product.
[0008] Prior to the title being downloaded, download authorization
may also have had to be obtained by using one of various digital
rights management schemes. Generally, these techniques obtain and
verify license information. Although the known digital rights
management techniques provide a high degree of security, these
techniques may also disadvantageously add significant overhead cost
to ESD and, accordingly, limit their use to only such titles
wherein maximum protection against unauthorized use is
required.
[0009] Example of such costs include the establishment and
programming of licensing and email servers typically used in the
known digital rights management schemes. Although the overhead cost
(as prorated against all such purchased titles) may be minimal when
compared to the purchase price of an individual title, as in the
case of expensive complex programs or widely distributed multimedia
content, a limitation of such digital rights management schemes is
that such overhead costs may significantly raise the purchase price
of lower cost titles wherein some degree of unauthorized use may be
tolerated by the publisher.
[0010] Although, the publisher may not be desirous of providing
robust protection on certain titles, the publisher may also not be
desirous of distributing such titles freely, such titles commonly
known as "freeware." The publisher may nonetheless only be
interested in minimizing and not eliminating the number of pirated
copies of the software. In effect, the publisher relies upon the
honesty of a purchaser of a copy of a title, and thus being out of
pocket for the purchase price, would not be induced to record a
copy of the title on tangible computer readable media and provide
such media to others.
[0011] Another disadvantage and limitation of digital rights
management is that once a user has paid for a protected copy of
software, certain events may occur which could cause such user to
lose access to such software. These events include a crash of the
hard disk in the client computer upon which purchased titles have
been stored, thereby requiring a new copy of each of the titles to
be loaded. However, even if the user maintained an archive copy of
the original downloaded title, some digital rights management
schemes will not allow the title to be reloaded on a new disk as a
form of copy protection. Accordingly, the user either has to
contact the publisher or vendor with proof of purchase to obtain a
replacement copy of the title, or its "keys" to unlock the archived
copy, or be forced to buy an entirely new copy altogether.
[0012] Another disadvantage and limitation of known ESD virtual
stores is that once the download page is provided to the client
computer with the URL of the title at the download site, such URL
may be recorded for later unauthorized use. Typically, the URL is a
static address of the location of the title at the download server
that needs to remain active, such that the URL can be provided to
legitimate subsequent purchasers of the title. In a problem called
deep linking, the URL after it has been recorded may be distributed
through email, Usenet or other websites, such that unauthorized
users may freely download the title that another has paid for
located at this URL.
[0013] Accordingly, deep linking enables a greater degree of
unauthorized access and use in that the static URL may now be
freely obtained worldwide, as compared to the limited distribution
of unauthorized copies of a title distributed through tangible
media. Although the aforementioned digital rights management
schemes may render the unauthorized copies obtained through deep
linking to be generally unusable, such schemes do nothing to
prevent deep linking. Even with digital rights management,
unauthorized copies of titles obtained through deep linking may be
vulnerable to being unlocked and then freely distributed.
[0014] Yet another disadvantage and limitation of known ESD virtual
stores is that products of different types, namely boxed software
titles, hardware and ESD titles, are generally not capable of being
ordered or paid for in a single on-line transaction. For example,
although the virtual store's contents may list these different
types of products on one or more pages, typically the selection of
the non-ESD items (the boxed software titles and hardware) results
in a shopping cart style transaction to occur, whereas selection of
one or more ESD titles results in a redirect to another web server.
The redirect is typically made to a digital rights management web
server operated by a provider (or its licensee) of a particular
digital rights management scheme, such as discussed above.
[0015] A further disadvantage and limitation relating to this type
of virtual store is that the redirect may either open a new second
window for the ESD transaction, or may cause the shopping cart
window to close and have only the ESD window active. In either
event, two transactions are then required at the client, the
purchase of the shopping cart items at the virtual store for
subsequent physical delivery, and the purchase of the ESD title
from the digital rights server to effect the electronic
download.
[0016] Therefore, a need exists for a virtual store which overcomes
one or more disadvantages and limitations of the prior art
hereinabove set forth. There exists a need wherein a virtual store
can provide a subsequent copy of an ESD title to a purchaser of
such title in the event of loss of the original copy of such title.
There also exists a need for a virtual store wherein ESD titles can
not be obtained through deep linking by unauthorized users. There
exists a further need for a virtual store in which ESD and non-ESD
items may be purchased in a single transaction.
SUMMARY OF THE INVENTION
[0017] It is an object of the present invention to overcome one or
more disadvantages of the prior art hereinabove set forth. It is
another object of the present invention to provide an ESD method
and apparatus wherein a subsequent copy of an ESD title may be
provided to a purchaser of such title in the event of loss of the
original copy of such title. It is also an object of the present
invention to provide an ESD method and apparatus wherein ESD titles
can not be obtained through deep linking by unauthorized users. It
is a further object of the present invention to provide an ESD
method and apparatus wherein ESD and non-ESD items may be purchased
in a single transaction.
[0018] According to the present invention, deep linking to a URL of
a download is obviated by the generation of a dynamic symbolic
system link. When a user is at a download page, the HTML source for
the displayed download button does not contain the URL of the
download site. Selection of the button sends as form values the
product ID and a session ID to the server which generates a dynamic
link. This link is returned to the browser to redirect it to the
download site. The link is further set to expire after the session
so that, even if the link is captured, after expiration it will be
unable to reach the download site.
[0019] A feature of the present invention is that the link is
derived from a combination of parameters unique to a user session,
it is advantageous that it can not be later used for deep linking.
Another feature of the present invention is the persistence of user
activity at the store. Since deep linking, even if by an authorized
user is minimized, the persistence advantageously allows the
authorized user to obtain copies of prior purchased software in the
event the original has become corrupted or lost.
[0020] These and other objects, advantages and features of the
present invention will become readily apparent to those skilled in
the art from a study of the following Description of the Exemplary
Preferred Embodiments when read in conjunction with the attached
Drawing and appended Claims.
BRIEF DESCRIPTION OF THE DRAWING
[0021] FIG. 1 is a schematic diagram of a computer system
constructed according to the principles of the present
invention;
[0022] FIGS. 2-6 are exemplary web pages showing in greater detail
the web pages of FIG. 1; and
[0023] FIG. 7A-B is a flowchart useful to describe the operation of
the system of FIG. 1.
DESCRIPTION OF THE EXEMPLARY PREFERRED EMBODIMENTS
[0024] Referring now to FIG. 1, there is shown a computer system 10
including a client computer 12, a store server 14, an ESD server 16
and a download server 18. Each of the client 12, the store server
14, the ESD server 16 and the download server 18 are selectively in
communication with each other over a computer network 20. Although
the computer network 20 may be any public or private network which
allows selective communication between clients and servers, the
network 20 is preferably the Internet.
[0025] As is well known, internal within the client 12 is a
computer readable medium on which may be stored a browser program
22 and a cookie 24. Generally, the cookie 24 is an alphanumeric
identification written to the client 12 when the client 12 connects
to a server, for example store server 14, over the computer network
20. The server upon the client 12 being connected thereto writes
the cookie such that upon each subsequent visit by the client 12 to
such server, the server can read the cookie 24 and identify the
client 12.
[0026] Also as is well known, the store server 14 generates a
session ID 26 upon initial connection thereto by another device,
for example client 12, connecting to the store server 14 over the
computer network 20. The session ID 26 is typically an alphanumeric
identification. The store server 14 also includes a plurality of
web pages 28. Each of web pages 28 are selectively viewable at the
client 12 through the browser program 22, also as is conventionally
known. The web pages 28 may be used within the system 10 to
construct a virtual store, as described below. The session ID 26
and the web pages 28 are typically stored on a computer readable
medium internal to the store server 16.
[0027] The ESD server 16 includes an ESD database 30 and one or
more scripts 32. The scripts 32 are small executable programs
stored at a computer readable medium internal within the server 16,
wherein such scripts 32 execute the below described method and
functions of the present invention. The ESD database 30, in a
virtual store environment, maintains a record of transactions
between the client 12 and store server 14. The ESD database 30 is
also stored on such computer readable medium.
[0028] The download server 18 includes a plurality of
electronically stored software titles 34 and one or more scripts
36. Similarly as described above, the software titles 34 and the
scripts 36 are stored at a computer readable medium internal within
the download server 18.
[0029] Referring now to FIG. 2, there is shown an exemplary web
page 38, being one of the web pages 28. The web page 38 is adapted
to list a plurality of ESD software titles 40, along with a
conventional description 42 of the software title 40 as well as its
price 44. Associated with each software title 40 is a first indicia
46 and an alphanumeric identification included in the HTML text of
the web page 38. The first indicia 46 is typically displayed as an
"Add to Order" button as best seen in FIG. 2. The alphanumeric
identification associated with the title 40 uniquely identifies the
title 40 within the system 10.
[0030] More particularly, the first indicia 46 is selectable
through the user interface of the client 12 when the web page 38 is
being viewed thereat. Upon the first indicia being selected, the
alphanumeric identification associated with the title 40 is
transmitted from the client 12. Conventionally, the first indicia
46 is generated by an HTML input tag of the form <INPUT
TYPE="image" SRC="_" NAME="_">, herein the SRC parameter
contains a URL of a source image for the button and the
alphanumeric identification associated with the title 40 is
included in the NAME parameter. The alphanumeric identification of
the NAME parameter is sent as a form value to a form processing
script upon selection of the indicia 46.
[0031] In another embodiment of the present invention, the web page
38 may also includes a second indicia 48 associated with each
software title 40, which may be displayed as a "One-Click" button.
The alphanumeric identification associated with the software title
40 is also contained in the name parameter of the HTML input tag
used to generate the second indicia 48. As described in greater
detail hereinbelow, the second indicia 48 is only made visible when
one click features have been enabled.
[0032] In one particular embodiment of the present invention, the
web pages 28 may also include a web page 50, as best seen in FIG.
3. The web page 50 includes a listing of non-ESD products 52,
similarly with a description 54 and price 56 of each product 52.
Also associated with each non-ESD product 52 is a third indicia 58,
similar to the first indicia 46 of FIG. 2, except that the name
parameter of the input tag used to generate the third indicia 58
will contain an alphanumeric identification unique to the non-ESD
product 52.
[0033] Within reference now to FIG. 4, one of the web pages 28 may
also be a shopping cart page 60. The shopping cart page 60 when
viewed will display all of the heretofore selected items, for
example, each selected ESD software title 40 and each selected
non-ESD product 52. Conventional within the art, and associated
with each selected items, is an ordered quantity indicator 62, a
remove button 64, a continue shopping button 66 and a checkout
button 68. In the embodiment of the present invention wherein the
one click feature is active, the one click button 48, described in
conjunction with FIG. 2, is also present.
[0034] With reference now to FIG. 5, another one of the web pages
28 may also be a download page 70. As described in further detail
hereinbelow, the download page 70 is viewed at the client 12 upon
selection of either the checkout button 68 from the shopping cart
page 60 or from the one click button 48 from the either of the web
page 38 (FIG. 2) or the shopping cart page 60. The download page 70
includes a listing of each selected ESD software title 40 and a
download button 72. Selection of the download button 72 initiates a
process as described below, wherein a link to the URL at the
download server 18 where the software titles 34 to be downloaded
are located is not visible in the HTML source of the download page
70. The download button 72 is also generated from a HTML input tag
with the alphanumeric identification of the associated software
title 40 contained in the name parameter.
[0035] With reference to FIG. 6, another one of the web pages 28
may also be a login page 74. Conventionally, the login page 74
contains a username field 76, a password field 78 and a send button
80. Selection of the send button 80 transmits the username and
password from the client 12 to the store server 14. The store
server 14 authenticates the username and password, and if
authenticated, writes to the client 12 the cookie 24. In the event
a user profile for this user indicates that the one click option is
enabled, the one click button 48 will be made visible on the web
pages 38 and 60 described hereinabove. Otherwise, the one click
button 48 will be suppressed.
[0036] With reference now to FIG. 7A-B, there is shown a flowchart
100 useful to describe the operation of the system 10 hereinabove
described. As indicated at step 102, the user at the client 12 may
login into the store server 14 from the login page 74. Upon the
user successfully executing a login, the store server 14 writes the
user cookie 24 to the client 12 and store is the session ID 26 at
the store server 14, as indicated at step 104.
[0037] Alternatively, the user need not log in to initiate the
process of the flowchart 100, but may begin the process at step 106
were at the user selects items from the virtual store from the web
pages of FIG. 2 or FIG. 3. However, the user will be required to
establish a log in upon selection of the checkout button 68 or the
one click button 48.
[0038] At step 108, the decision is made whether the user desires
to purchase the ESD item by selection of the one click button 48,
if one click is enabled. If no, the a path is taken to step 110
were at the selected items added to the shopping cart page 60. At
step 112, a decision is made whether the user has selected checkout
button 68. If no, the passes taken in returning to step 106 to
select more items, for example by selecting the continue shopping
button 66. If yes, a path is taken to step 114 wherein an
electronic order is generated for the ESD software titles 40 within
the shopping cart page 60. Orders for non-ESD items are
conventionally processed and need not be further discussed. If one
click had been enabled, and the users selected the one click button
48 at step 108, a path is also taken to step 114, thereby bypassing
step 110 and step 112.
[0039] As is known, a user who has one click enabled, would be to
have credit card and related purchase information on file at the
store server 14 such that payment for the selected ESD software
title 40 can be authenticated. Otherwise, as is also known, upon
selection of the checkout button 68 at step 112, the user will be
prompted through other web pages 28 to enter credit card and
payment information so that payment can be authenticated.
[0040] The electronic order written to the ESD database 30 at step
114 includes the alphanumeric identification of the selected
software title 40 and the alphanumeric identification used to
generate the cookie 24. It is to be noted that the user when logged
in to the store server 14 can, through another one of the web pages
28, view the entries for such user within the database 30. In such
way, the user has a history of all titles order and also of
software keys purchased, such that the user may obtain additional
copies thereof. At step 116, the user initiates the download by
selecting the download button 72 from the download page 70.
[0041] As best seen in FIG. 7B, the store server 14 sends the
alphanumeric identification for the selected software title 40 and
the session ID 26 to the ESD server 16, as indicated at step 118.
The scripts 32 running at the ESD server 16 and read the use or
cookie 24, as indicated at step 120. Furthermore, the scripts 32 at
the ESD server 16 compare, as indicated at the decision step 122,
the user cookie 24 read from the client 12 to the alphanumeric
identification stored for such user in the database 30. If the
cookie 24 as read matches the information within the ESD database
30, then a path is taken to step 124, otherwise an error is
displayed as indicated at step 126.
[0042] At step 124, the ESD server 16 sends a message to the
download server 18 over a different port from the current
connection with information of the alphanumeric identification for
the software title 40 and the session ID which is then check-summed
by the scripts 36, as indicated at the decision step 126. If the
check sum is okay, a path is taken to step 128, otherwise in error
is displayed as indicated that step 129. Alternatively, a different
server (not shown) may perform this function.
[0043] As indicated at step 128, a dynamic symbolic system link is
generated wherein this link point to the URL of the desired
software titles 40 as electronically stored among the software
titles 34 at download server 18. A make link script requires to
command line arguments, being the directory name of the source file
and the directory name of the target file. A message sent to the
make link script includes the source file name and the target file
name. If the make link script is successful, a link is returned
pointing to the URL at the download server of the purchase software
title 40 within the software titles 34.
[0044] The browser 22 is then redirected to this URL at the
download server 18, as indicated at step 130. Upon the browser 22
being redirected, the download of the purchase software title 40
from the download server 18 commences to the client 12. To prevent
deep linking, the generated URL may expire after said period of
time as indicated at step 132. Accordingly, even if the user at the
client 12 was able to capture the URL during the download, such
link will expire and not be able to an the utilized to reach the
download server 18 in the future. As indicated at step 140, the
user will then log out of store server 14.
[0045] There has been described above novel methods and apparatus
for a virtual store. Those skilled in the art may now make numerous
uses of and departures from the hereinabove described embodiments
without departing from the inventive concepts disclosed herein.
Accordingly, the present invention is to be defined solely by the
permissible scope of the appended Claims.
* * * * *