Abstract: Access to digital content may be controlled by determining a digital content specification and associated authenticated rights locker access request, sending the authenticated rights locker access request and the digital content specification, and receiving a new authenticated rights locker access request and a Web page with clickable links in response to the sending, where at least one of the clickable links is associated with an authenticated digital content request. When an indication of a user selection of one of the clickable links is received, an authenticated digital content request associated with the user-selected clickable link is sent to a digital content repository. The digital content is received in response to the sending of the authenticated digital content request.

Abstract: Access to digital content may be controlled by receiving a rights locker enrollment request from a user device associated with a user, where the rights locker enrollment request comprises a digital content request and enrollment authentication data. A determination of whether the user is authorized comprises determining the rights of the user to access the rights locker and the rights of the user to digital content specified by the digital content request. If the user is authorized, the rights locker is initialized with rights to the digital content. If a first token used to create the authenticated rights locker access request has been fully redeemed, a new token that authenticates future access to a rights locker corresponding to the digital content is obtained. An authenticated rights locker access request that is based at least in part on the new token is created and then sent.

Abstract: Access to digital content may be controlled by determining digital content to be made accessible via a rights locker, determining enrollment authentication data, and sending a rights locker enrollment request to a rights locker provider, where the rights locker enrollment request comprises a digital content request and the enrollment authentication data. One or more authenticated rights locker access requests are received in response to the sending, where the one or more authenticated rights locker access requests are for subsequent use in accessing digital content associated with the rights locker. When an indication of a selection of one of the one or more authenticated rights locker access requests is received, the authenticated rights locker access request is sent to a rights locker provider, and a result is received in response to sending the authenticated rights locker access request.

Abstract: A content provisioner controls access to digital content by receiving a digital content request comprising a request for digital content, creating an authenticated digital content request if a user associated with the digital content request is authorized to access the digital content, determining one or more delivery parameters identifying a target device to receive the digital content, and sending the authenticated digital content request including the one or more delivery parameters. A content repository validates the authenticated digital content request, determines a session key if the authenticated digital content request is valid, encrypts the digital content using the session key, and sends the encrypted digital content. Determining a session key includes determining a target key based at least in part on a target ID, and applying a cryptographic process to a first key based at least in part on the authenticated digital content request, together with the target key.

Abstract: Access to digital content may be controlled by sending a digital content request comprising a request for digital content, receiving an authenticated digital content request in response to the request, and sending the authenticated digital content request including one or more delivery parameters to a content repository that provides storage for the digital content, receiving encrypted digital content in response to sending the authenticated digital content request, and sending the encrypted digital content to a target device identified by the one or more delivery parameters and configured for decrypting the encrypted digital content and for rendering the decrypted digital content on the target device. According to one aspect, the encrypted digital content is sent directly from the content repository to the target device based at least in part on the one or more delivery parameters.

Abstract: A method for enhanced privacy protection in identification in a data communications network includes enrolling for a service on the data communications network, receiving a randomized identifier (ID) in response to the enrolling, storing the randomized ID and using the randomized ID to obtain services on the data communications network. An apparatus for obtaining a service on a data communications network includes an enrollment authority configured to accept an enrollment request. The enrollment authority is further configured to return enrollment results in response to the enrollment request. The enrollment results include user data and the enrollment results may be used obtaining a service from a service provider.

Abstract: A method for enhanced quality of identification in a data communications network includes obtaining a user identifier that includes an identification server ID and an identification randomized ID. The identification server ID identifies an identification server peer group. The identification server peer group includes at least one server that maintains a mapping between an identification randomized ID and a user authentication peer group capable of authenticating a user associated with a particular randomized ID, and a mapping between the identification randomized ID and user information. The method also includes requesting authorization of the user by presenting the user identifier to a corresponding identification server peer group. Each server in the identification server peer group is configured to search for one or more matching entries including the randomized ID.

Abstract: A method for browsing a data communications network includes requesting user data from a user-controlled secure device if a network site that requires the user data is accessed. The request is performed prior to requesting the user data from another device. The method also includes sending the user data to a network server associated with the network site if the user data is received from the user-controlled secure device. According to another aspect, a method for servicing data communications network information units includes receiving user data associated with a network site, using the user data if the user data includes static user data and reconstructing the user data before using the user data if the user data includes dynamic user data.

Abstract: A method for controlling user access to distributed resources on a data communications network includes receiving a resource request. The request includes a rights key credential that includes at least one key to provide access to a resource on the data communications network. The rights key credential also includes a resource identifier that includes a resource server peer group ID and a randomized ID. The resource server peer group ID identifies a resource server peer group. The resource server peer group includes at least one server that maintains a mapping between a randomized ID and the at least one key. The method also includes providing access to the resource using the at least one key.

Abstract: A method for managing identification in a data communications network includes receiving a user-controlled secure storage device and enrolling the user with an authority network site. The enrolling includes providing information requested by the authority network site. The method also includes receiving user data in response to the enrolling, storing the user data in the user-controlled secure storage device, enabling the user-controlled secure storage device to release the user data and using the user data at a service provider network site to obtain a service.