Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information.

Abstract: A method and apparatus for invoking system resources directly from within a mark-up language document. Links referencing a pre-defined system command to be invoked may be embedded within the document. The specific system command may be identified in the link by an alias, such as, for example, a numeric code. By clicking on the link, the system will analyze the contents of the link. If the link calls for invoking a system command, the system will extract the alias, determine the appropriate pre-defined system command referred to by the alias, and execute the system command.

Abstract: Bifurcated processes, in which a shadow process in a first environment is controlling thread scheduling for a trusted agent in a second, high assurance environment, can be debugged via a two-phase initialization of the debugger. In the first phase, initial set up is accomplished for the trusted agent, but no shadow process will schedule execution for any thread of the trusted agent. The debugger will then be attached. In a second phase, the shadow process will begin scheduling threads for the trusted agent. In order to allow the debugger access to the process memory of the trusted agent or to set or get information regarding a particular thread of the trusted agent, a thread which is either a thread belonging to the trusted agent or belonging to the second execution environment and matched with the trusted agent is used.

Abstract: A technique for obfuscating code. A list of one-byte instructions for a particular processor is created. Bytes in a function to be obfuscated are randomly selected, and these bytes are replaced with one-byte instructions from the list. A table that identifies the replaced bytes and their original values is inserted into the executable that contains the function. When the function is called, the function is deobfuscated by consulting the table to restore the replaced bytes to their original values.