Abstract: A method for managing rights in digital content includes generating rights data for a piece of digital content and forming a piece of rights managed digital content by associating the rights data with the piece of digital content. The rights data includes parameters that govern the terms on which the content may be licensed, and may include a list of entities to which the content may be licensed, a respective set of one or more rights that each such entity has in the digital content, and any conditions that may be placed on those rights. A method for licensing rights managed digital content includes receiving a license request for a license to use the piece of rights managed digital content, where the license request includes such a signed rights label. The digital signature on the signed rights label is validated to determine whether a trusted entity issued the signed rights label.

Abstract: Content is encrypted according to a content key (CK) ((CK(content))), (CK) is protected according to a license server public key (PU-DRM), and rights data associated with the content is protected according to (PU-DRM). The protected items are submitted as a rights label to the license server for signing. The license server validates the rights label and, if valid, digitally signs based on the protected rights data to result in a signed rights label (SRL), and returns same. The SRL is concatenated with (CK(content)) and both are distributed to a user. To render the content, the user submits the SRL to the license server to request a license. The license server verifies the SRL signature and reviews the SRL protected rights data to determine whether the user is entitled to the license, and if so issues the license, including (CK) in a protected form accessible to the user.

Abstract: A digital license corresponds to encrypted digital content and includes a content key for decrypting same. The content key is encrypted and is decryptable by a decryption key available only to the first persona, the license thereby being tied to the first persona. The license is a first license and further includes referral information specifying a first location at which a second persona may obtain a second license for the content tied thereto. The second persona requests to render the content by way of the first license and the request is denied because the first license is not tied to the second persona. The referral information is obtained from the first license and employed to initiate contact with the specified first location and obtain the second license tied to the second persona.

Abstract: This invention describes a system and method for branding software deployed over computer networks. A user contacts the distributor's web site and initiates a download of the software. When the user visits the download website, the identity of the particular web site from which the download was initiated is transmitted to a branding server and captured on the user's computer, preferably in the form of a cookie. Subsequently, the user contacts the branding server and branding instructions are provided to the user's computer in accordance with the cookie. Branding may take the form of featuring the distributor's web site more prominently in an “integrated shopping service” or in a directory, or it may perform other alterations to the software. Branding is controlled by the software manufacturer's branding server, and can be modified at any time after the software is released.

Abstract: A method and system for generating and/or servicing requests for information requested across networks, such as the Internet, is disclosed. In some embodiments, supplemental request header information is included with HyperText Transfer Protocol (HTTP) requests for a web page. The supplemental request header information may identify one or more characteristics of an application for which the HTTP request was generated. In further embodiments, the Internet server servicing the HTTP request having such a supplemental request header may extract and use information from this header to select and/or modify the requested web page to best suit the requesting application's status and/or current characteristic.

Abstract: An architecture for an integrated shopping service that enables electronic shopping from within a software application. The software application includes web browsing functionality, with the capability to navigate to a limited set of web sites. The client machine on which the software runs maintains a local list of the limited set of web sites that can be accessed from within the software application. A directory server maintains a list of retail web sites that can be added to the client's local list of accessible web sites. Each client machine that runs the software application connects to the directory server in order to add web sites to the locally-maintained list of sites that can be accessed from within the integrated shopping service.

Abstract: A secure first process uses a non-secure software object by hosting said non-secure software object in a separate second process, where the first process's address space is inaccessible to the second process. The first process communicates with the second process, preferably by means of a COM API that the second process exposes to the first process. The application that runs in the second process may expose APIs of the hosted non-secure object to the first process, and the first process may communicate with the non-secure object hosted in the second process through this API. In a preferred embodiment, the second process renders its output in a child window of the first process, so that the use of a second process to host non-secure software objects is transparent to a user of the first process.

Abstract: A method and system for providing an electronic shopping service integrated into a software application, and for controlling the set of web sites that are reachable from within the shopping service. Each web site is represented by data which is signed by a private key, and the data together with this signature is delivered to a plurality of computing devices that provide the shopping service. Each of the computing devices has access to the public key that corresponds to the private key, and uses the public key to verify the signature. The computing device displays links to those web sites whose representative data validates against the signature.