`Client Reference No.: PN759544USF
`
`PATENT
`
`DATA STORAGE AND ACCESS SYSTEMS
`
`CROSS-REFERENCES TO RELATED APPLICATIONS
`
`[0001]
`
`This application is a continuation of US. Patent Application Number 12/943,872, filed
`
`on November 10, 2010; which is a continuation of US. Patent Application Number 12/014,558,
`
`filed on January l5, 2008, now issued US. Patent Number 7,942,317; which is a continuation of
`US. Patent Application No. 11/336,758, filed on January 19, 2006, now issued US. Patent
`
`Number 7,334,720; which is a continuation of US. Patent Application No. 10/111,716, filed on
`
`September 17, 2002, which application is a national stage application under 35 U.S.C. 371,
`
`claiming the priority of international PCT Application No. GB00104110, filed on October 25,
`
`2000; which claims priority to UK Application No. 99252272, filed on October 25, 1999, each
`
`of which is incorporated by reference in its entirety for all purposes.
`
`BACKGROUND OF THE INVENTION
`
`[0002]
`
`This invention is generally concerned with data storage and access systems. More
`
`particularly, it relates to a portable data carrier for storing and paying for data and to computer
`systems for providing access to data to be stored. The invention also includes corresponding
`
`methods and computer programs. The invention is particularly useful for managing stored audio
`
`and video data, but may also be applied to storage and access of text and software, including
`
`10
`
`15
`
`2O
`
`games, as well as other types of data.
`
`[0003] One problem associated with the increasingly wide use of the internet is the growing
`
`prevalence of so—called data pirates. Such pirates obtain data either by unauthorized or
`
`legitimate means and then make this data available essentially world-wide over the intemet
`
`without authorization. Data can be a very valuable commodity, but once it has been published
`
`25
`
`on the intemet it is difficult to police access to and use of it by internet users who may not even
`
`realize that it is pirated. This is a particular problem with audio recordings, and, once the
`
`bandwidth becomes available, is also likely to be evident with video.
`
`[0004] Over the past three or four years compressed audio sources have become increasingly
`
`widely available on web pages. One widely used audio data compression format is MP3 (MPEG
`
`1
`
`SAMSUNG-1026
`
`SAMSUNG-1026
`
`
`
`- Audio Layer 3 of the MPEG1 compression algorithm), which is an internationally defined
`
`standard including a definition of compressed audio information such as speech or music. It
`
`relies on psycho-acoustic properties of human hearing to achieve very large data compression
`
`factors. It is thus feasible to download usefully long passages of music in a practically
`
`convenient short time. Pirate data suppliers have not been slow to realize the potential of this,
`
`and many unauthorized websites have sprung up offering popular music, including recent
`
`releases by world—famous bands. This has caused the recording industry considerable concern
`
`and there is an urgent need to find a way to address the problem of data piracy.
`
`SUMMARY OF THE INVENTION
`
`10
`
`[0005] According to the present invention there is therefore provided a method of providing
`
`portable data comprising providing a portable data storage device comprising downloaded data
`
`storage means and payment validation means; providing a terminal for internet access; coupling
`
`the portable data storage device to the terminal; reading payment information from the payment
`
`validation means using the terminal; validating the payment information; and downloading data
`
`15
`
`into the portable storage device from a data supplier.
`
`[0006] Another aspect of the invention provides a corresponding mobile data retrieval device
`
`for retrieving and outputting data such as stored music and/or noise from the data storage device.
`
`[0007]
`
`The payment validation means is, for example, means to validate payment with an
`
`external authority such as a bank or building society. The combination of the payment validation
`
`20
`
`means with the data storage means allows the access to the downloaded data which is to be
`
`stored by the data storage means, to be made conditional upon checked and validated payment
`
`being made for the data. Binding the data access and payment together allows the legitimate
`
`owners of the data to make the data available themselves over the internet without fear of loss of
`
`revenue, thus undermining the position of data pirates.
`
`25
`
`3O
`
`[0008] A further advantage of the system is that it allows users under the age of 18 to make
`
`internet purchases. Currently internet users pay for goods and/or services by credit card. Since
`
`credit cards cannot legitimately be used by persons under the age of 18 (at least in the UK), a
`
`significant fraction of adventurous internet users are excluded from e-commerce, one of the most
`
`significant predicted uses of the internet. In one embodiment of the invention, however, the
`
`payment validation means comprises e—cash; that is, the payment validation means stores
`
`transaction value information on a cash value of transactions validatable by the data storage
`
`2
`
`
`
`means. In simple terms, the data storage means can be a card which is charged up to a desired
`
`cash value (if necessary limited to a maximum value) at a suitable terminal. This might be an
`
`intemet access terminal but could, more simply, be a device to accept the data storage card and
`
`to receive and count money deposited by the user to charge the card, writing update cash value
`
`information onto the card. More sophisticated ways of updating the cash value on the card are
`
`also possible, such as direct bank transfer. Since, with this type of embodiment, the data storage
`
`means is, essentially, precharged with cash rather than acting as a credit card, it can be used by
`
`young people without the risk of their incurring large debts.
`
`[0009]
`
`In one embodiment the data storage means is powered by the retrieval device when it is
`
`10
`
`connected to the device and retains a memory of the downloaded data when it is unpowered.
`
`This can be achieved by the use of Flash RAM or, more generally, any form of programmable
`
`read-only memory. Alternatively the data storage means may incorporate a rechargeable cell or
`
`capacitor and store information in battery backed-up static RAM.
`
`[0010]
`
`The downloaded data may be entered into the data storage device by means of an
`
`15
`
`interface such as a magnetically or capacitatively coupled connection or an optical connection,
`
`but preferably the interface comprises contacts for direct electrical connection to the storage
`
`means. The payment validation means may likewise have one of a variety of interfaces but again
`
`preferably comprises a set of electrical contacts. The payment validation means could, however,
`
`comprise a magnetic or holographic data—strip such as is known for use with credit cards and
`
`20
`
`phone cards. The interface to receive the downloaded data may be separate from the interface to
`
`the payment validation means, to facilitate separate and simultaneous access to both these
`
`systems. In other embodiments a single interface may serve for both data storage and payment.
`
`_ Advantageously the payment validation means includes memory storing information to identify
`
`the person who is paying for the downloaded data.
`
`25
`
`[0011']
`
`For additional security the downloaded data may be encrypted. In this case data
`
`decryption may be necessary at some stage, either in the data storage means or in the retrieval
`
`device or in an information delivering apparatus such as a data access terminal. Alternatively the
`
`data decryption function can be shared amongst one or more of these devices. The skilled person
`
`will be aware of a range of suitable encryption/decryption techniques, including Pretty Good
`
`30
`
`Privacy (Registered Trade Mark) and PKI (Public Key Infrastructure). Normally, when the
`
`downloaded data is encrypted, a decryption key must be supplied. This can be generated
`
`
`
`automatically by the data access terminal or data access service provider or it can be entered by
`
`the user into the data access terminal or into the mobile data retrieval device.
`
`[0012]
`
`The data storage means and/or the retrieval device can be provided with access control
`
`means to prevent unauthorized access to the downloaded data. Additionally or alternatively, use
`
`control means can be provided to stop or provide only limited access of the user to the
`
`downloaded data in accordance with the amount paid. These access and use control functions
`
`may in some embodiments be combined, permitted use controlling access or permitted access
`
`controlling use. Thus, for example, a complete set of data information relating to a particular
`
`topic, a particular music track, or a particular software package might be downloaded, although
`
`10
`
`access to part of the data set might thereafter be controlled by payments made by a user at a later
`
`stage. In this way, a user could pay to enable an extra level on a game or to enable further tracks
`
`of an album.
`
`[0013]
`
`In embodiments where the access or use control means is responsive to the payment
`
`validation means, access or use control information may be stored with the downloaded data or
`
`15
`
`in a separate storage area, for example in the payment validation means. The user’s access to the
`
`downloaded data could advantageously be responsive to the payment validation means, for
`
`example, by means of a control line coupling the payment validation means with a memory
`
`access or decryption control element.
`
`[0014]
`
`In one embodiment the data storage means comprises an electronic memory card or
`
`20
`
`smart card and the mobile data retrieval device is provided with a slot to receive the card.
`
`Preferably the card is a push-fit within the retrieval device, and retention of the card may be
`
`effected by pressure from electrical interface connections and/or resilience of the housing, or by
`
`using a resilient retaining means. In a preferred embodiment the retrieval device includes an
`
`audio output and a display, to play a downloaded track and to Show information about the track
`
`25
`
`and/or an accompanying video.
`
`[0015]
`
`To download data onto the data storage means the user can employ a data access
`
`terminal coupled to the internet. The terminal can directly validate payment; for example in the
`
`case of a smart card charged with electronic cash it can deduct a cash value from the card.
`
`Alternatively it can communicate with a bank or other financial services provider to control
`
`3O
`
`payment. In a preferred embodiment, however, the terminal connects to a data access service
`
`provider which provides a portal to other sites and which validates payment and then forwards
`
`4
`
`
`
`data from a data supplier to the user’s local access terminal. The data access service provider
`
`may alternatively forward payment validation information and/or information from the payment
`
`validation authority to the data supplier for control by the supplier of the data supplied. Thus,
`
`access to the payment validation system and/or data for downloading may be entirely controlled
`
`by the data supplier.
`
`[0016] Data held on the data storage means may advantageously include data relating to the
`
`user’s or payer’s usage of the system. This information may include, for example, information
`
`on a user’s spending pattern, information on data suppliers used and information on the
`
`downloaded data. This information may be accessed by the data supplier and/or data access
`
`service provider and can be used for targeted marketing or loyalty—based incentive schemes such
`
`as air miles or the like.
`
`[0017]
`
`The data access terminal may be a conventional computer or, alternatively, it may be a
`
`mobile phone. Wireless Application Protocol (WAP) and i—mode allow mobile phones to
`
`efficiently access the internet and this allows a mobile phone to be used to download data to the
`
`data storage means, advantageously, directly. The data storage means can, if desired, incorporate
`
`the functionality of a mobile phone SIM (Subscriber Identity Module) card, which cards already
`
`include a user identification means, to allow user billing through the phone network operator.
`
`10
`
`15
`
`[0018]
`
`In a preferred embodiment the downloaded data is MP3 or other encoded audio data,
`
`but the system finds more general application for other data types. For example, download data
`
`20
`
`can include software, and particularly games, share price information, current news information,
`
`transport timetable information, weather information and catalog shopping information. The
`
`downloaded information may also include compressed video data. The storage capacity of the
`
`data storage means is adaptable to suit the type of data intended to be downloaded; for example,
`
`32 megabytes is sufficient for CD quality music, but for video it is preferable that the data
`
`25
`
`storage means has a capacity of 128 megabytes or greater.
`
`[0019}
`
`In another aspect, the invention provides a portable data carrier comprising an interface
`
`for reading and writing data from and to the carrier; non—volatile data memory, coupled to the
`
`interface, for storing data on the carrier; non-volatile payment data memory, coupled to the
`
`interface, for providing payment data to an external device.
`
`
`
`[0020]
`
`These features allow the data carrier to store both payment data and content data, thus
`
`providing the advantages outlined above. Depending upon the payment system used, the
`
`payment data memory may also store code for validating or confirming a payment to an external
`
`payment system. The payment data will normally be linked to a card or card holder
`
`identification data for payment by the card holder. The non—volatile memory ensures that stored
`
`content and payment data is retained in the data carrier when the data carrier is not receiving
`
`power from an external source. Thus ”non—volatile" encompasses, for example, low-power
`
`memory whose contents are retained by a battery back—up system. In one embodiment the
`
`payment data memory comprises EEPROM and the content data memory comprises Flash
`
`memory, but other types of content data memory, such as optical, for example, holographic, data
`
`memory can also be used. The data carrier may also be integrated into other apparatus, such as a
`
`mobile communications device.
`
`[0021]
`
`Preferably, the portable data carrier further comprises a program store for storing code
`
`implementable by a processor; and a processor, coupled to the content data memory, the payment
`
`data memory, the interface and to the program store for implementing code in the program store,
`
`wherein the code comprises code to output payment data from the payment data memory to the
`
`interface and code to provide external access to the data memory.
`
`10
`
`15
`
`[0022] Normally, the (content) data memory allows both write and read access for both storing
`
`and retrieving data, but in some embodiments the content data memory may be read—only
`
`20
`
`memory (ROM). In such embodiments, content may be pre-loaded onto the carrier and payment
`
`may then be made for permission to access the pre—loaded data.
`
`[0023]
`
`Preferably, the data carrier also stores a record of access made to the content data and
`
`updates this in response to external access, preferably read access, made to the data memory.
`
`The carrier may also store content use rules pertaining to allowed use of stored data items. These
`
`25
`
`» use rules may be linked to payments made from the card to provide payment options such as
`
`access to buy content data outright; rental access to content data for a time period or for a
`
`specified number of access events; and/or rental/purchase, for example where rental use is
`
`provided together with an option to purchase content data at the reduced price after rental access
`
`has expired.
`
`30
`
`[0024]
`
`Thus where the data carrier stores, for example, music, the purchase outright option
`
`may be equivalent to the purchase of a compact disc (CD), preferably with some form of content
`
`6
`
`
`
`copy protection such as digital watermarking. In this example, the rental or subscription
`
`payment option may be a pay-per-play option, and with this option payment may either be before
`
`or after access to the stored data so that the carrier may operate in either a debit or credit
`
`payment mode.
`
`[0025]
`
`The portability of the data carrier potentially allows it to be used to access content or, in
`
`the example, play music without the need to be linked to a communications system or to be on-
`
`line to the internet. By providing a use record memory on the data carrier, use of the stored data
`
`can be tracked while off-line and then any necessary payment can be made when the data carrier
`
`is next coupled to a communication system. This allows the data carrier to operate in a credit
`
`mode. In a debit mode, the additional storage of use rules facilitates the regulation of access to
`
`content data stored on the carrier without the need for further exchange of payment/use data with
`
`an external system to validate the use.
`
`[0026] By combining digital rights management with content data storage using a single
`
`carrier, the stored content data becomes mobile and can be accessed anywhere while retaining
`
`control over the stored data for the data content provider or data copyright owner. Preferably,
`
`the data carrier also stores access control data, such as a user ID and a password, as the stored
`
`data may be valuable. The access control data may be combined with access control to the
`
`payment data, which is typically by means of a PIN (Personal Identification Number) to simplify
`
`access to valued content stored on the carrier.
`
`[0027]
`
`In one embodiment the stored content data is encrypted and a unique password or PIN
`
`and/or biometric data is required for decryption. The data carrier may be arranged so that the
`
`content is erased after a predetermined number of incorrect access attempts. Additionally or
`
`alternatively, a permanently stored flag may be set and/or a hardware modification (such as a
`
`.
`
`fusable link) may be made to prevent the data carrier from functioning for further data
`
`storage/retrieval. Preferably, however, access to any stored value/payment data is nevertheless
`
`retained.
`
`10
`
`15
`
`20
`
`25
`
`[0028]
`
`Supplementary data may also be stored on the carrier in association with stored content
`
`data. This supplementary data may comprise customer reward management data and/or
`
`advertising data. The supplementary data may comprise a pointer to an external data source
`
`30
`
`from which data is downloaded either to the data carrier or to a data access device or content
`
`
`
`player, so that advertising or other data can be displayed when reviewing or accessing the stored
`
`content.
`
`[0029] Additional data security and/or a mechanism for rewarding operators at different levels
`
`in the data supply chain may be provided using a content synthesis fimction. The content
`
`synthesis function combines partial content information from two or more sources to provide
`
`content data items for storage and/or output. Thus, for example, a first percentage of a content
`
`data item could be provided by a content retailer,iwhile a remaining percentage could be
`provided by an on-line data supplier. This would provide an incentive for a user to register with
`
`a content retailer or distributor as well as with an on-line system owner and so could encourage
`
`10
`
`the use of existing retailers and could provide a mechanism for paying commission to such
`
`retailers. The two portions of data combined to provide a content data item could comprise
`
`encryption data and a key but preferably comprise separate parts of a complete data item, for
`
`example, least significant bits and most significant bits or high frequencies and low frequencies
`
`(for audio). This arrangement also facilitates customer reward and loyalty management.
`
`15
`
`[0030]
`
`In one embodiment the data carrier further comprises memory for storing data for
`
`accessing a mobile communications network, for example to receive content data over the
`
`network. For such an embodiment, the data carrier may replace a SIM (Subscriber Identity
`
`Module) card in a mobile communications device, thus providing a single card for both network
`
`access and valued content retrieval and storage. Additionally or alternatively the card may also
`
`20
`
`store the web address of a data supplier from whom data may be downloaded onto the carrier.
`
`[0031]
`
`The data memory for storing content data may be optic, magnetic or semiconductor
`
`memory, but preferably comprises Flash memory. Preferably, the data memory has a large
`
`capacity for storing large data files such as compressed video data. Preferably, the data memory
`is partitioned for lock access, that is, for read and/or write access to blocks of, for example, 1K,
`
`25
`
`4K, 16K or 64K databytes for faster data access, particularly Where the stored content data will
`
`normally be accessed serially, as is normally the case with audio and video data. Preferably the
`
`card is configured as an IC card or smart card and has a credit card-type format, although other
`
`formats such as the "memory stick" format may also be used. This provides a small and
`
`convenient portable format and facilitates removable interfacing with a variety of devices.
`
`30
`
`[0032]
`
`The invention also provides a related method of controlling access to data on a data
`
`carrier, the data carrier comprising non-volatile data memory and non-volatile parameter
`
`8
`
`
`
`memory storing use status data and use rules, the method comprising receiving a data access
`
`request; reading the use status data and use rules from memory; and evaluating the use status
`
`data using the use rules to determine whether access to the stored data is permitted.
`
`[0033] According to another aspect of the invention, there is provided a computer system for
`
`providing data to a data requester, the system comprising a communication interface; a data
`
`access data store for storing records of data items available from the system, each record
`
`comprising a data item description and a pointer to a data provider for the data item; a program
`
`store. storing code implementable by a processor; a processor coupled to the communications
`
`interface, to the data access data store, and to the program store for implementing the stored
`
`10
`
`code, the code comprising code to receive a request for a data item from the requester; code to
`
`receive from the communications interface payment data comprising data relating to payment for
`
`the requested data item; code responsive to the request and to the received payment data, to read
`
`data for the requested data item from a content provider; and code to transmit the read data to the
`
`requester over the communications interface.
`
`15
`
`[0034]
`
`The computer system is operated by a data supplier or data supply "system owner" for
`
`providing content data to the data carrier described above. The payment data received may
`
`either be data relating to an actual payment made to the data supplier, or it may be a record of a
`
`payment made to an e-payment system relating either to a payment to the data supplier, or to a
`
`payment to a third party. The data from the content provider, preferably without permanent
`
`20
`
`(local) storage of the forwarded data, improves data security as the content provider retains
`
`control over a content data item, and the data supplier, a copy of a data item, is unable to supply
`
`data for the item without the content provider's assistance. The computer system may provide
`
`temporary storage for a requested data item, for example using a disk cache, but preferably the
`
`computer system does not store a complete data item, even temporarily.
`
`25
`
`[0035]
`
`Preferably, the computer system includes payment distribution information so that
`
`when payment is made for a data item, the payment can be distributed for reimbursing royalties
`
`and making other payments. Typically a large fraction of the payment for a data item will be
`
`transferred to a copyright owner or "content provider" for the item while smaller payments will
`
`go to the artist and/or publisher and/or retailer/distributor. Payment may be made directly by the
`
`30
`
`computer system to the computer systems of other relevant parties using, for example, a
`
`signature—transporting type e-payment system. Alternatively, the computer system can issue
`
`
`
`appropriate instructions to a third party e-payment system for making the transfers. The
`
`computer system allows automatic distribution of payments either before, during or after content
`
`data download, or after content data access by a user. Instructions for distributing the payments
`
`may be issued substantially simultaneously, thereby avoiding long delays in the payment of some
`
`parties; for example, it can presently take a year or more for an artist generating content to be
`
`paid by conventional methods.
`
`[0036]
`
`Preferably, the computer system also stores content data item access rule data, for
`
`downloading in association with a content data item. The rule data may be stored by a content
`
`provider but is preferably held by the computer system, and links a content identifier with an
`
`10
`
`access rule, typically based upon a required payment value, as outlined above in the context of
`
`the data carrier. Normally, each content data item will have an associated access rule, but a
`
`single rule may apply to a large number of data items. The computer system also, preferably,
`stores requester reward data for customer reward/loyalty management. This data may again
`
`comprise one or more rules linking a payment value and/or content data item type to a specified
`
`15
`
`reward, such as a number of air miles or retailer value points. The computer system preferably
`
`also keeps a record of an identified user's or data's carriers content item downloads and payments
`
`for market research purposes.
`
`[0037]
`
`The computer system, in one embodiment, also stores access control data, such as an
`
`access request identity and password which can be employed, for example, to create an extranet
`
`20
`
`of system users, which again can be linked to stored access record data for marketing purposes.
`
`When further linked to content item type data, such an arrangement can be used to construct a
`
`club of users of content data items of a particular type, for example country and western or rock
`
`and roll music. As described in connection with the portable data carrier, the computer system
`
`may also comprise content synthesis code for additional data security and for more secure
`
`25
`
`management of payment distributions.
`
`[0038]
`
`The invention also provides a related method of providing data to a data requester
`
`comprising receiving a request for a data item from the requester; receiving payment data from
`
`the requester relating to payment for the requested data; reading the requested data from a
`
`content provider responsive to the received payment data; and transmitting the read data to the
`
`3O
`
`requester.
`
`10
`
`
`
`[0039] According to a further aspect of the present invention, there is provided a data access
`
`terminal for retrieving data from a data supplier and providing the retrieved data to a data carrier,
`
`the terminal comprising a first interface for communicating with the data supplier; a data carrier
`
`interface for interfacing with the data carrier; a program store storing code implementable by a
`
`processor; and a processor, coupled to the first interface, to the data carrier interface and to the
`
`program store for implementing the stored code, the code comprising: code to read payment data
`
`from the data carrier and to forward the payment data to a payment validation system; code to
`
`receive payment validation data from the payment validation system; code responsive to the
`
`payment validation data to retrieve data from the data supplier and to write the retrieved data into
`
`10
`
`the data carrier.
`
`[0040]
`
`This terminal can be used for retrieving data from the above—described computer
`
`system and for downloading the retrieved data to the above—described portable data carrier. As
`
`with the data supply computer system, it is preferable that there is no (local) storage of content
`
`item data forwarded from the data supplier to the data carrier. The data access terminal is not
`
`15
`
`restricted to use with the above—described status supplier and could, for example, retrieve data for
`
`downloading to the data carrier from a local data source, such as a CD (Compact Disc) or DVD
`
`(Digital Versatile Disc), or from a third party such as a cable TV company.
`
`[0041]
`
`The terminal reads payment data from the data carrier and transmits this to a payment
`
`validation system for validating the data and authorizing the payment. This may be part of the
`
`20
`
`data supplier's computer system or it may be a separate system such as an e—payment system.
`
`Thus, the terminal operates with a data carrier storing payment (validation) data and, in some
`
`embodiments, additional payment validation code for validating payment to the payment
`
`validation system. Again, the terminal is preferably configured to provide a data item use rule to
`
`the carrier in conjunction with a data item. As before, the data item use rule will normally be
`
`25
`
`dependent upon payment value information embodied in the payment data read from the data
`
`carrier. The terminal is preferably also configured for user input of access control data. This
`
`access control data may be forwarded to the data carrier for access permission verification and/or
`
`it may be passed to the data supplier computer system for a similar purpose. The terminal may
`
`be configured to warn a user of content access or data carrier function inhibition after a
`
`30
`
`predetermined number of access requests have been refused. The terminal may also incorporate
`
`content synthesis code as described above.
`
`11
`
`
`
`[0042]
`
`The terminal may comprise code to output supplementary data when downloading data
`
`to the data carrier. Identity data on the data carrier can be used to retrieve the supplementary
`
`data, or a pointer to the supplementary data, from the data supplier computer system, or the
`
`supplementary data or a pointer thereto can be retrieved directly from the data carrier.
`
`Preferably, however, identification data on the card is used to retrieve characterizing data such as
`
`card user preference data from the data supplier computer system, and this characterizing data is
`
`then used by the terminal to retrieve and output supplementary data to a terminal user. When the
`
`terminal is associated with a contact distributor or retailer, the supplementary data may be
`
`retrieved over a network associated with the retailer/distributor such as a local area network
`
`10
`
`(LAN), wide area network (WAN) or extranet.
`
`[0043]
`
`The invention also provides a method of providing data from a data supplier to a data
`
`carrier, the method comprising reading payment data from the data carrier; forwarding the
`
`payment data to a payment validation system; retrieving data from the data supplier; and writing
`
`the retrieved data into the date carrier.
`
`15
`
`[0044]
`
`The payment validation system may be part of the data supplier's computer systems or
`
`it may be a separate e-payment system. In one embodiment the method further comprises
`
`receiving payment validation data from the payment validation system; and transmitting at least
`
`a portion of the payment validation data to the data supplier. Alternatively the payment
`
`validation system may comprise a payment processor at the data supplier or at a destination
`
`20
`
`retrieved from the data supplier. The payment processor may also provide payment distribution
`
`data for distributing a payment represented by the payment data.
`
`[0045]
`
`In a further aspect, the invention provides a data access device for retrieving stored data
`
`from a data carrier, the device comprising a user interface; a data carrier interface; a program
`
`store storing code implementable by a processor; and a processor coupled to the user interface, to
`
`25
`
`the data carrier interface and to the program store for implementing the stored code, the code
`
`comprising code to retrieve use status data indicating a use status of data stored on the carrier,
`
`and use rules data indicating permissible use of data stored on the carrier; code to evaluate the
`
`use status data using the use rules data to determine whether access is permitted to the stored
`
`data; and code to access the stored data when access is permitted.
`
`30
`
`[0046]
`
`The data access device uses the use status data and use rules to determine what access
`
`is permitted to data stored on the data carrier. As described above, the use rules will normally be
`
`12
`
`
`
`dep