Abstract: In order to allow for security beyond revocation lists, a policy regarding when permissions may be granted (in the form of a rights document, e.g. a use license or a certificate) is enforced. When a request is made for a rights document, the requester submits an account certificate which includes certain metadata regarding the requester. This metadata is analyzed to determine whether it meets a specific policy before the request is granted. If the request is not granted, the cause of the rejection may be overcome, for example by updating or upgrading some system component (hardware or software) in the requesting system. In certain cases, such an update to overcome a policy-based rejection may be performed transparently to the user.

Abstract: A first trusted component on a first computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a first user-machine certificate associated with the first computing device is tied to a user. Correspondingly, a second trusted component on a second computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a second user-machine certificate associated with the second computing device is also tied to the user. The first trusted component obtains the content for rendering on the first computing device by way of the first user-machine certificate and the license, and the second trusted component obtains the content for rendering on the second computing device by way of the second user-machine certificate and the same license.

Abstract: In order to allow for security beyond revocation lists, a policy regarding when permissions may be granted (in the form of a rights document, e.g. a use license or a certificate) is enforced. When a request is made for a rights document, the requester submits an account certificate which includes certain metadata regarding the requester. This metadata is analyzed to determine whether it meets a specific policy before the request is granted. If the request is not granted, the cause of the rejection may be overcome, for example by updating or upgrading some system component (hardware or software) in the requesting system. In certain cases, such an update to overcome a policy-based rejection may be performed transparently to the user.

Abstract: A first trusted component on a first computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a first user-machine certificate associated with the first computing device is tied to a user. Correspondingly, a second trusted component on a second computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a second user-machine certificate associated with the second computing device is also tied to the user. The first trusted component obtains the content for rendering on the first computing device by way of the first user-machine certificate and the license, and the second trusted component obtains the content for rendering on the second computing device by way of the second user-machine certificate and the same license.