Abstract: Digital products are delivered to a client computer through a wide area network such as the Internet only upon determination that the client computer is located in a geopolitical territory, such as a country or state, for which delivery of the digital product is authorized. A server computer estimates the geopolitical location of the client computer from the client computer's network address through contact information in a network address allocation database. Alternatively, the server computer estimates the geopolitical location of the client computer from the client computer's custom name, e.g., domain name. The domain name itself can specify a country within which the client computer is located. Such can be conventional or can be parse according to ad hoc patterns developed by large, international organizations identified by a root domain name. In addition, contact information for the domain name can be retrieved and geopolitical territory information parsed from the contact information.

Abstract: Content such as computer software, data representing audiovisual works, and electronic documents can converted from a machine-bound state to user-bound state without modification to the content data itself. Instead, keys used to access the content are converted from the machine-bound state to the user-bound state. In particular, the keys are kept in a passport data structure which can represent either a machine-binding or a user-binding. A machine-bound passport can be upgraded to a user-bound passport without modifying the bound content. The private key of the machine-bound passport, in cleartext form, is included in the user-bound passport and encrypted using a user-supplied password to bind the private key to the user. In addition, private user information is collected and verified and included in the user-bound passport.

Abstract: A secure music distribution system securely distributes digital products such as music, video, and/or computer software along with related media over a public telecommunications network, such as the Internet, employing a client-server architecture. The digital products are stored and controlled by a content manager computer system and are sold by separate merchant computer systems. The secure music distribution system includes a music distribution center which operates with any number of client systems and with any number of merchant systems. The music distribution center includes a content manager and at least one delivery server. The content manager maintains a media information database, a master media file system, and a transaction database. In addition, the music distribution center interfaces with a media licensing center, which in turn communicates with one or more distributed rights agent servers and the merchant servers.

Abstract: A computer implemented online music distribution system provides for the secure delivery of audio data and related media, including text and images, over a public communications network. The online music distribution system provides security through multiple layers of encryption, and the cryptographic binding of purchased audio data to each specific purchaser. The online music distribution system also provides for previewing of audio data prior to purchase. In one embodiment, the online music distribution system is a client-server system including a content manager, a delivery server, and an HTTP server, communicating with a client system including a Web browser and a media player. The content manager provides for management of media and audio content, and processing of purchase requests. The delivery server provides delivery of the purchased media data. The Web browser and HTTP server provide a communications interface over the public network between the content manager and media players.

Abstract: Digital products are delivered to a client computer through a wide area network such as the Internet only upon determination that the client computer is located in a geopolitical territory, such as a country or state, for which delivery of the digital product is authorized. A server computer estimates the geopolitical location of the client computer from the client computer's network address through contact information in a network address allocation database. Alternatively, the server computer estimates the geopolitical location of the client computer from the client computer's custom name, e.g., domain name. The domain name itself can specify a country within which the client computer is located. Such can be conventional or can be parse according to ad hoc patterns developed by large, international organizations identified by a root domain name. In addition, contact information for the domain name can be retrieved and geopolitical territory information parsed from the contact information.

Abstract: Content such as computer software, data representing audiovisual works, and electronic documents can converted from a machine-bound state to user-bound state without modification to the content data itself. Instead, keys used to access the content are converted from the machine-bound state to the user-bound state. In particular, the keys are kept in a passport data structure which can represent either a machine-binding or a user-binding. A machine-bound passport can be upgraded to a user-bound passport without modifying the bound content. The private key of the machine-bound passport, in cleartext form, is included in the user-bound passport and encrypted using a user-supplied password to bind the private key to the user. In addition, private user information is collected and verified and included in the user-bound passport.

Abstract: A computer implemented online music distribution system provides for the secure delivery of audio data and related media, including text and images, over a public communications network. The online music distribution system provides security through multiple layers of encryption, and the cryptographic binding of purchased audio data to each specific purchaser. The online music distribution system also provides for previewing of audio data prior to purchase. In one embodiment, the online music distribution system is a client-server system including a content manager, a delivery server, and an HTTP server, communicating with a client system including a Web browser and a media player. The content manager provides for management of media and audio content, and processing of purchase requests. The delivery server provides delivery of the purchased media data. The Web browser and HTTP server provide a communications interface over the public network between the content manager and media players.

Abstract: Data such as a musical track is stored as a secure portable track (SPT) which can be bound to one or more players and can be bound to a particular storage medium, restricting playback of the SPT to the specific players and ensuring that playback is only from the original storage medium. The SPT is bound to a player by encrypting data of the SPT using a storage key which is unique to the player, is difficult to change, and is held in strict secrecy by the player. The SPT is bound to a particular storage medium by including data uniquely identifying the storage medium in a tamper-resistant form, e.g., cryptographically signed. The SPT can also be bound to the storage medium by embedding cryptographic logic circuitry, e.g., integrate circuitry, in the packaging of the storage medium. The SPT is bound by encrypting an encryption key using the embedded logic.

Abstract: A device securely decrypts and writes an encrypted digital file to a local recordable storage medium. The device uses two decryption engines. The first decryption engine incrementally decrypts the encrypted digital file, which is then preprocessed and re-encrypted to form an intermediate file. The second decryption engine then incrementally decrypts the intermediate file and writes the decrypted results to a local recordable storage medium. Both decryption engines perform incremental decryption, such that substantially less than all of the digital file is in decrypted form at any instant. A device in accordance with a second embodiment includes a single decryption engine. The encrypted digital file includes individually encrypted portions, and the decryption engine incrementally decrypts the encrypted portions. These portions are buffered for subsequent writing to the recordable storage medium, but substantially less than all of the individually encrypted portions are stored in decrypted form at any instant.

Abstract: Digital products are delivered to a client computer through a wide area network such as the Internet only upon determination that the client computer is located in a geopolitical territory, such as a country or state, for which delivery of the digital product is authorized. A server computer estimates the geopolitical location of the client computer from the client computer's network address through contact information in a network address allocation database. Alternatively, the server computer estimates the geopolitical location of the client computer from the client computer's custom name, e.g., domain name. The domain name itself can specify a country within which the client computer is located. Such can be conventional or can be parse according to ad hoc patterns developed by large, international organizations identified by a root domain name. In addition, contact information for the domain name can be retrieved and geopolitical territory information parsed from the contact information.