Abstract: A method for allowing content protected by a first DRM system to be accessed by a second DRM system is disclosed. In one embodiment, a request is received from a host application for a license for content protected by a first DRM system, the first DRM system being different from the host application's DRM system. A license supported by the host application's DRM system is then generated from a license supported by the first DRM system. In another embodiment, a request is received to store content protected by a first DRM system. In response to the request, a portable license for the content is generated from a license supported by the first DRM system. Alternatively or additionally, a portable file format for the content is generated from a file format supported by the first DRM system. The request can come from a first computing platform, and the portable license and/or file format can be generated by a second computing platform.

Abstract: A system and computer-readable media storing operational instructions for allowing content protected by a first DRM system to be accessed by a second DRM system are disclosed. In one embodiment, a request is received from a host application for a license for content protected by a first DRM system, the first DRM system being different from the host application's DRM system. A license supported by the host application's DRM system is then generated from a license supported by the first DRM system. In another embodiment, a request is received to store content protected by a first DRM system. In response to the request, a portable license for the content is generated from a license supported by the first DRM system. Alternatively or additionally, a portable file format for the content is generated from a file format supported by the first DRM system. The request can come from a first computing platform, and the portable license and/or file format can be generated by a second computing platform.

Abstract: Computer-readable media storing operational instructions for allowing multiple users to access preview content is disclosed. In one embodiment, a user is provided with preview content and is allowed to access the preview content even if another user's access to the preview content has expired. In another embodiment, a user is provided with content that he is not allowed to access but is allowed to access a preview version of the content by creating a license that specifies the user's access to the preview content, wherein the license is stored on a memory device that stores the preview content. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: An apparatus is provided. The apparatus includes a memory and a processor in communication with the memory. The processor is configured to: transmit a request to a memory device to access content stored in the memory device; receive a session ticket; and access the content based on the session ticket. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a number that is configured to change at a session.

Abstract: A method for interfacing with a memory card is provided. In this method, a selection of a program instruction is provided and the program instruction associated with the selection is read from the memory card. The program instruction thereafter is executed. Systems and computing devices for interfacing with the memory card also are described.

Abstract: A portable mass storage device is used to store large files such as digital pictures, movies and music. The mass storage device has firmware with security mechanisms that limit access to read write operations to ensure reliable operation of the device to prevent unwanted copying or storing of secure content such a copyrighted material. Although the security mechanisms generally limit access, the firmware is operable to work with a virtual machine and allows the virtual machine to access the secure content and work in conjunction with the firmware to read and write data to the mass storage memory, if the virtual machine is present. The virtual machine is either loaded but not activated at the time of manufacture, or is downloaded and activated post manufacture. Any royalty for the virtual machine is paid for only if and when the virtual machine is both present and activated in the device.

Abstract: A system that includes a memory, a memory card, a processor, and a power supply is provided. The memory is configured to store a program instruction driver and the memory card is configured to store a program instruction. The power supply is configured to generate a voltage and is connected to the processor. The processor, which is in communication with the memory and the memory card, is configured to execute the program instruction driver stored in the memory. The program instruction driver comprises program instructions for providing a selection of the program instruction, reading the program instruction associated with the selection, and executing the program instruction.

Abstract: At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object.

Abstract: A memory storing public and confidential information is removably connected to a host device. General information on data stored in memory devices is accessible to the host device without authentication. Only a portion of confidential information stored in the memory device is accessible through the host device to an authenticated entity, where the entity has access rights to such portion. The entity is not able to access other portions of confidential information to which it has no rights. The public and confidential information is stored in a non-volatile storage medium, and a controller controls the supply of information. Preferably, the non-volatile storage medium and the controller are enclosed in a housing.

Abstract: A memory storing public and confidential information is removably connected to a host device. General information on data stored in memory devices is accessible to the host device without authentication. Only a portion of confidential information stored in the memory device is accessible through the host device to an authenticated entity, where the entity has access rights to such portion. The entity is not able to access other portions of confidential information to which it has no rights. The public and confidential information is stored in a non-volatile storage medium, and a controller controls the supply of information. Preferably, the non-volatile storage medium and the controller are enclosed in a housing.

Abstract: Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Abstract: Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Abstract: At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object.

Abstract: Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Abstract: The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium.

Abstract: Method for executing application program code is provided. The method includes loading a first segment of the application program code from a memory storage device to a host system memory; executing the first segment, wherein a host system processor executes the first segment; and authenticating application program code execution by requiring a memory controller of the memory storage device to participate in application program code execution.

Abstract: A mass storage memory card adds functionality to host devices with which it is used. In addition to the ability to store large amounts of user files and protect them from unauthorized duplication, a mass storage device according to the present invention enables near field communications with a portable electronic device that otherwise does not have such functionality. In a preferred embodiment the mass storage device has a mother/daughter configuration wherein the daughter card is a fully functioning micro-SD card that can be used independently. The mother card can be accepted in an SD card slot and communicates via the SD protocol. Whether or not the daughter card is present in the mother card, a host with the mass storage device therein will be capable of near field communications. These communications can be peer to peer or can be used to purchase goods or services as a sort of electronic wallet.