Abstract: An enhanced telephony (ET) computer user interface that seamlessly integrates features of a personal computer (PC) and a telephone into a coherent user interface. The user is provided with a rich variety of functionality that leverages the fact that the PC has considerably more processing power and greater access to variety of data than the ordinary telephone. This processing power and data access is used to the user's advantage as the telephone's capabilities and functionality are greatly expanded. In general, the ET user interface includes a plurality of environments for the user to choose. These environments include a My Contacts environment, a communication preferences environment, and a Call History environment. Each of these environments contains certain available processes and features for controlling and managing telephones.

Abstract: An enhanced telephony (ET) computer user interface that seamlessly integrates features of a personal computer (PC) and a telephone into a coherent user interface. The user is provided with a rich variety of functionality that leverages the fact that the PC has considerably more processing power and greater access to variety of data than the ordinary telephone. This processing power and data access is used to the user's advantage as the telephone's capabilities and functionality are greatly expanded. In general, the ET user interface includes a plurality of environments for the user to choose. These environments include a My Contacts environment, a communication preferences environment, and a Call History environment. Each of these environments contains certain available processes and features for controlling and managing telephones.

Abstract: A licensor receives a request from a requestor including an identifier identifying the requestor and rights data associated with digital content, where the rights data lists at least one identifier and rights associated therewith. The licensor thereafter locates the identifier of the requestor in a directory, and locates in the directory based thereon an identifier of each group which the requestor is a member of. Each of the located requestor identifier and each located group identifier is compared to each identifier listed in the rights data to find a match, and a digital license to render the content is issued to the requestor with the rights associated with the matching identifier.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A digital license corresponds to encrypted digital content and includes a content key for decrypting same. The content key is encrypted and is decryptable by a decryption key available only to the first persona, the license thereby being tied to the first persona. The license is a first license and further includes referral information specifying a first location at which a second persona may obtain a second license for the content tied thereto. The second persona requests to render the content by way of the first license and the request is denied because the first license is not tied to the second persona. The referral information is obtained from the first license and employed to initiate contact with the specified first location and obtain the second license tied to the second persona.

Abstract: Content is encrypted according to a content key (CK) ((CK(content))), (CK) is protected according to a license server public key (PU-DRM), and rights data associated with the content is protected according to (PU-DRM). The protected items are submitted as a rights label to the license server for signing. The license server validates the rights label and, if valid, digitally signs based on the protected rights data to result in a signed rights label (SRL), and returns same. The SRL is concatenated with (CK(content)) and both are distributed to a user. To render the content, the user submits the SRL to the license server to request a license. The license server verifies the SRL signature and reviews the SRL protected rights data to determine whether the user is entitled to the license, and if so issues the license, including (CK) in a protected form accessible to the user.

Abstract: A first trusted component on a first computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a first user-machine certificate associated with the first computing device is tied to a user. Correspondingly, a second trusted component on a second computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a second user-machine certificate associated with the second computing device is also tied to the user. The first trusted component obtains the content for rendering on the first computing device by way of the first user-machine certificate and the license, and the second trusted component obtains the content for rendering on the second computing device by way of the second user-machine certificate and the same license.

Abstract: A first device is used to initiate and direct a rights-management transaction, such as content licensing, acquisition, or activation, on behalf of a second device. The first device may, for example, be a desktop computer, laptop computer, or electronic kiosk at a bricks-and-mortar store. The second device may, for example, be a handheld computer that is cradled to establish communicative connectivity with the first device. A user interacts with the first device to initiate a transaction on behalf of the second device. The first device then obtains the information from the second device that is necessary to perform the transaction on behalf of the second device, communicates with a server, and provides the result of the server communication to the first device. Thus, the first device acts as a proxy for the second device.

Abstract: A method and system for providing an electronic shopping service integrated into a software application, and for controlling the set of web sites that are reachable from within the shopping service. Each web site is represented by data which is signed by a private key, and the data together with this signature is delivered to a plurality of computing devices that provide the shopping service. Each of the computing devices has access to the public key that corresponds to the private key, and uses the public key to verify the signature. The computing device displays links to those web sites whose representative data validates against the signature.

Abstract: A method and system for generating and/or servicing requests for information requested across networks, such as the Internet, is disclosed. In some embodiments, supplemental request header information is included with HyperText Transfer Protocol (HTTP) requests for a web page. The supplemental request header information may identify one or more characteristics of an application for which the HTTP request was generated. In further embodiments, the Internet server servicing the HTTP request having such a supplemental request header may extract and use information from this header to select and/or modify the requested web page to best suit the requesting application's status and/or current characteristic.

Abstract: This invention describes a system and method for branding software deployed over computer networks. A user contacts the distributor's web site and initiates a download of the software. When the user visits the download website, the identity of the particular web site from which the download was initiated is transmitted to a branding server and captured on the user's computer, preferably in the form of a cookie. Subsequently, the user contacts the branding server and branding instructions are provided to the user's computer in accordance with the cookie. Branding may take the form of featuring the distributor's web site more prominently in an “integrated shopping service” or in a directory, or it may perform other alterations to the software. Branding is controlled by the software manufacturer's branding server, and can be modified at any time after the software is released.

Abstract: A first device is used to initiate and direct a rights-management transaction, such as content licensing, acquisition, or activation, on behalf of a second device. The first device may, for example, be a desktop computer, laptop computer, or electronic kiosk at a bricks-and-mortar store. The second device may, for example, be a handheld computer that is cradled to establish communicative connectivity with the first device. A user interacts with the first device to initiate a transaction on behalf of the second device. The first device then obtains the information from the second device that is necessary to perform the transaction on behalf of the second device, communicates with a server, and provides the result of the server communication to the first device. Thus, the first device acts as a proxy for the second device.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A method and system for generating and/or servicing requests for information requested across networks, such as the Internet, is disclosed. In some embodiments, supplemental request header information is included with HyperText Transfer Protocol (HTTP) requests for a web page. The supplemental request header information may identify one or more characteristics of an application for which the HTTP request was generated. In further embodiments, the Internet server servicing the HTTP request having such a supplemental request header may extract and use information from this header to select and/or modify the requested web page to best suit the requesting application's status and/or current characteristic.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A secure first process uses a non-secure software object by hosting said non-secure software object in a separate second process, where the first process's address space is inaccessible to the second process. The first process communicates with the second process, preferably by means of a COM API that the second process exposes to the first process. The application that runs in the second process may expose APIs of the hosted non-secure object to the first process, and the first process may communicate with the non-secure object hosted in the second process through this API. In a preferred embodiment, the second process renders its output in a child window of the first process, so that the use of a second process to host non-secure software objects is transparent to a user of the first process.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A system and process for tracking users' usage of content in computer systems. The tracking and accumulation of content usage information allows content providers to understand more about their user base. In a computer system having numerous users, it is advantageous to provide relevant customized content in addition to any specifically requested content. By storing and processing content usage information for users in a computer system, customized content may be provided to a user based on the user's previous usage of similar content. In operation, a computer system hosting various content creates a unique identifier, having data storage space, for a given user of the computer system. When a user sends a request for content to the computer system, a unique identifier is created and/or updated with information relevant to a user's content request. The identifier is passed back to the user with the specifically desired content.

Abstract: A secure first process uses a non-secure software object by hosting said non-secure software object in a separate second process, where the first process's address space is inaccessible to the second process. The first process communicates with the second process, preferably by means of a COM API that the second process exposes to the first process. The application that runs in the second process may expose APIs of the hosted non-secure object to the first process, and the first process may communicate with the non-secure object hosted in the second process through this API. In a preferred embodiment, the second process renders its output in a child window of the first process, so that the use of a second process to host non-secure software objects is transparent to a user of the first process.