Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: Methods, computer-implemented systems, and apparatus provide for a DRM Migrator that extracts embedded first license information that enables licensed access to content according to a first licensing system. The DRM Migrator sends the first license information to a server compatible with a second licensing system. After sending the first license information to the server, the DRM Migrator receives second license information that enables an end user to create a request for a license that provides access to the content according to the second licensing system. Another embodiment of the DRM Migrator also receives the first license information from a source and generates the second license information. After generating the second license information, the DRM Migrator sends the second license information to the source to enable creation of a request for a license that provides access to the content according to the second licensing system.

Abstract: Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.

Abstract: A vendor-operated server can be configured to receive requests from one or more customers to return corresponding sets of (one or more) software licenses for financial credit. In response to receiving a request to return a set of software licenses, the vendor-operated server verifies the return of the set of software licenses to ensure that the customer (making the request) no longer uses the software licenses to operate the vendor's software application(s). After receiving and confirming a return of the set of software licenses back to the vendor-operated server, the vendor-operated server provides notification to, for example, a vendor's corresponding order management system (e.g., financial/license management system) to indicate that the customer has returned the set of software licenses. This verification ensures that the customer does not inadvertently or intentionally continue to use the vendor's software application after obtaining credit for the returned licenses.

Abstract: Various embodiments of a system and method for decentralized management of keys and policies are described. Various embodiments may include a computer system configured to receive a request from a remote computer system associated with a recipient of content. Such request may include an encrypted content encryption key that is encrypted with a packaging key utilized by a packaging entity. The request may also include an identifier identifying the packaging entity. In some embodiments, the request may also include policy information specifying one or more usage rights of the content. The computer system may be configured to, in response to determining the recipient is authorized to access the content, generate the packaging key based on the identifier and a secret root seed, utilize the generated packaging key to decrypt the encrypted content encryption key, and provide the decrypted content encryption key to the remote computer system.

Abstract: Various embodiments of a system and method for decentralized management of keys and policies are described. Various embodiments may include a computer system configured to receive a request from a remote computer system associated with a recipient of content. Such request may include an encrypted content encryption key that is encrypted with a packaging key utilized by a packaging entity. The request may also include an identifier identifying the packaging entity. In some embodiments, the request may also include policy information specifying one or more usage rights of the content. The computer system may be configured to, in response to determining the recipient is authorized to access the content, generate the packaging key based on the identifier and a secret root seed, utilize the generated packaging key to decrypt the encrypted content encryption key, and provide the decrypted content encryption key to the remote computer system.

Abstract: Methods, computer-implemented systems, and apparatus provide for a DRM Migrator that extracts embedded first license information that enables licensed access to content according to a first licensing system. The DRM Migrator sends the first license information to a server compatible with a second licensing system. After sending the first license information to the server, the DRM Migrator receives second license information that enables an end user to create a request for a license that provides access to the content according to the second licensing system. Another embodiment of the DRM Migrator also receives the first license information from a source and generates the second license information. After generating the second license information, the DRM Migrator sends the second license information to the source to enable creation of a request for a license that provides access to the content according to the second licensing system.

Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: Various embodiments of a system and method for digital rights management with system individualization are described. In various embodiments, a DRM component may generate a request for machine-specific credentials specific to the system on which the DRM component is implemented. This request may include device information of component(s) of such system. The DRM component may also receive an encrypted response that includes the machine-specific credentials. This encrypted response may be encrypted with a machine-specific encryption key generated from the device information. In various embodiments the response may be generated by an individualization server that verified the request for machine-specific credentials. The DRM component may also, based on the device information of the system on which the DRM component is implemented, generate an encryption key equivalent to the machine-specific encryption key with which the received response is encrypted.

Abstract: Various embodiments of a system and method for digital rights management with delegated authorization for content access are described. Such embodiments may include a runtime component configured to receive protected content. The runtime component may be configured to submit a request for a delegation token to a first entity, such as a content merchant or some other entity. The runtime component may be configured to receive the delegation token from the first entity. The runtime component may also be configured to submit a request for a content license for the protected content to a second entity, such as an access coordinator or some other entity. The submitted request may include the received delegation token. The runtime component may be configured to receive the content license from the second entity. The runtime component may also be configured to provide access to the protected content in accordance with the received content license.

Abstract: Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.

Abstract: One embodiment of the present invention provides a system that facilitates the transfer of a software license from a first client to a second client. The system operates by receiving a request at the first client to deactivate the software license for an associated application installed on the first client. The system then receives a deactivation request that includes an identifier for the license at a license activation server from the first client. Next, the system validates the identifier on the license activation server to determine if the identifier is a valid identifier. If so, the system sends a deactivation message to the first client, receives a deactivation response from the first client, and increments a count of license instances available for the identifier on the license activation server.

Abstract: Techniques, systems, and apparatus, including medium-encoded computer program products, for protecting a document with multiple digital rights management systems are presented. A described technique includes encrypting content in accordance with a first digital rights management scheme using a key and an encryption scheme, generating a first header associated with the encrypted content in accordance with the first digital rights management scheme, generating a second header associated with the encrypted content in accordance with a second digital rights management scheme, and creating a protected document that includes the first header, the second header, and the encrypted content.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for protecting a document with multiple digital rights management systems are presented. One or more aspects of the subject matter described in this specification can be embodied in one or more methods of protecting a document with multiple digital rights management systems, the one or more methods including: obtaining a document, wherein the document includes encrypted content and a first header, wherein the encrypted content has been encrypted in accordance with a first digital rights management scheme using a key and an encryption scheme, wherein the first header was generated in accordance with the first digital rights management scheme in association with the encrypted content; producing a second header associated with the encrypted content in accordance with a second digital rights management scheme; and creating a protected document including the first header, the second header, and the encrypted content.

Abstract: In response to receiving an order (e.g., including payment for one or more software licenses), a license distribution manager allocates a specified number of software licenses for distribution to a corresponding customer's clients that utilize the licenses to operate software associated with a corresponding vendor software application. The license distribution manager can allocate one or more overdraft licenses for distribution to the customer in addition to the specified number of software licenses associated with the order. Accordingly, the license distribution manager can allocate extra software licenses (e.g., the overdraft licenses) and distribute more software licenses than are actually purchased by a respective customer. This enables the customer to use one or more provisional licenses (e.g., overdraft licenses) that support restricted use of the vendor's software application such as until the customer can replace the provisional licenses with corresponding purchased licenses.

Abstract: A licensing manager server enables distribution of multiple software licenses from multiple separately located and/or different types of licensing server sources. Based on communications with the licensing manager server, a customer can control how a group of purchased software licenses can be distributed to members in a corresponding organization (e.g., company). For example, upon receiving a query about the order from a customer, a web portal of a vendor managed server provides a notification to the customer that the multiple software licenses can be selectively apportioned for distribution by multiple different licensing server sources. In response to the notification, the licensing manager server receives customer input indicating to allocate one portion of the multiple software licenses for distribution by a first licensing server source and to allocate another portion of the multiple software licenses for distribution by a second licensing server source.