Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: An application is installed on a computing device from an application package. An origin of the application (e.g., a managed installer for an enterprise, a reputation checking service) is propagated to files written to a storage device of the computing device as part of the installation, such as by writing origin information to the storage device as metadata associated with the file. The origin information for a file, in conjunction with a policy on the computing device specifying one or more trusted origins for applications on the computing device, is used to identify whether a particular action can be taken with and/or by the file. These actions can include, for example, execution of an application from an executable file. If the origin information for a file indicates an origin that is a trusted origin specified by the policy, then the action can be performed.

Abstract: A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.

Abstract: A Web browser of a computing device downloads or otherwise obtains a file. File information identifying the file is obtained and is sent to a remote reputation service. Client information identifying aspects of the computing device can also optionally be sent to the remote reputation service. In response to the file information (and optionally client information), a reputation indication for the file is received from the remote reputation service. A user interface for the Web browser to present at the computing device is determined, based at least in part on the reputation indication, and presented at the computing device.

Abstract: A retailer facilitates issuance of a digital license from a licensor to a customer for a corresponding piece of digital content. The retailer receives payment for the license from the customer, where the payment is to be shared with the licensor in a pre-determined manner. The retailer also receives customer-based information from the customer. The retailer then composes an actual license request including the obtained customer-based information, and including retailer-based information identifying the retailer to the licensor and acknowledging to the licensor that the retailer owes a portion of the received payment to the licensor. Thereafter, the retailer forwards the actual license request to the licensor. The licensor notes based on the retailer-based information in the actual license request that the retailer identified thereby owes the licensor at least a portion of the forwarded payment.

Abstract: A source generates a medium key (KM) and a media secret table including a plurality of entries, each entry including (KM) encrypted by a public key (PU-PD) of a plurality of devices, obtains the medium ID of a medium therefrom, generates a content key (KD) for a piece of content, encrypts the content with (KD) to result in (KD(content)), encrypts (KD) with (KM) to result in (KM(KD)), generates a package for the content including (KD(content)), (KM(KD)), the medium ID, and a signature based on at least the medium ID and verifiable with (KM), and copies the generated package and the media secret table to the medium. Thus, a device with the medium and a private key (PR-PD) corresponding to an entry of the media secret table can access and render the content.

Abstract: A list of computing components to be disabled can be distributed through a computer readable medium to computing devices. A process on these computing devices can read the list and disable listed components. The components can be permanently disabled, or disabled for a limited purpose. A list or list update may be provided with a digital media object that specifies a more or less stringent revocation policy for that object. A media object may also specify a maximum age for the list. This allows owners of digital media to control the stringency of media protection for their property. The process that accesses the list may prompt updates to the list, informing users of component disabling, and prompt replacement of disabled components. Finally, the invention provides techniques for securely transmitting and storing the list to protect it from alteration by unauthorized entities.

Abstract: An enforcement architecture and method for implementing roaming digital rights management are disclosed. A license distributed from a license server to a computing device of a user may be uploaded to a license synchronization server, and rebound to other devices registered with the service, thereby enabling access to the licensed content from other computing devices. A second digital license of a second computing device is set to expire prior to a first digital license of a first computing device. Reactivating a decayed first digital license, that is deactivated during transmission of the second digital license, to the second device to access content of the first computing device.

Abstract: A rollback of a clock on a computing device is detected and responded to. A current time from the clock and a stored time from a secure store are obtained and compared to determine whether the obtained current time is earlier than the obtained stored time. If so, a predetermined course of action is taken based on the determination.

Abstract: A rendering application on a computing device requests a digital rights management (DRM) system on the computing device to authorize digital content rendering based on a corresponding digital license. If unavailable, the DRM system attempts to silently acquire the license from a license server without the intervention of a user. In the course thereof, the rendering application receives status information from the DRM system relating to the attempted license acquisition thereby and displays the received status information in a rendering application status display portion. If silent acquisition fails, the rendering application hosts a browser, causes the browser to navigate to a license server, allows a user to communicate with the license server by way of the hosted browser to acquire the license, and shuts down the hosted browser upon reception of the license from the license server.

Abstract: A retailer facilitates issuance of a digital license from a licensor to a customer for a corresponding piece of digital content. The retailer receives payment for the license from the customer, where the payment is to be shared with the licensor in a pre-determined manner. The retailer also receives customer-based information from the customer. The retailer then composes an actual license request including the obtained customer-based information, and including retailer-based information identifying the retailer to the licensor and acknowledging to the licensor that the retailer owes a portion of the received payment to the licensor. Thereafter, the retailer forwards the actual license request to the licensor. The licensor notes based on the retailer-based information in the actual license request that the retailer identified thereby owes the licensor at least a portion of the forwarded payment.

Abstract: An enforcement architecture and method for implementing roaming digital rights management are disclosed. A license distributed from a license server to a computing device of a user may be uploaded to a license synchronization server, and rebound to other devices registered with the service, thereby enabling access to the licensed content from other computing devices.

Abstract: A rendering application on a computing device requests a digital rights management (DRM) system on the computing device to authorize digital content rendering based on a corresponding digital license. If unavailable, the DRM system attempts to silently acquire the license from a license server without the intervention of a user. In the course thereof, the rendering application receives status information from the DRM system relating to the attempted license acquisition thereby and displays the received status information in a rendering application status display portion. If silent acquisition fails, the rendering application hosts a browser, causes the browser to navigate to a license server, allows a user to communicate with the license server by way of the hosted browser to acquire the license, and shuts down the hosted browser upon reception of the license from the license server.

Abstract: A rollback of a clock on a computing device is detected and responded to. A current time from the clock and a stored time from a secure store are obtained and compared to determine whether the obtained current time is earlier than the obtained stored time. If so, a predetermined course of action is taken based on the determination.