Abstract: A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.

Abstract: A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.

Abstract: A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.

Abstract: A device renders content on a medium by obtaining a table from the medium, obtaining a device key (DK) of the device and an index value of such (DK), indexing into an entry of the table based on the obtained index value, selecting an encrypted secret from the indexed-into entry, applying the obtained device key (DK) to the selected encrypted secret to expose the secret, and applying the exposed secret to render the content.

Abstract: Digital content is encrypted according to a content key (CK) to form (CK(content)) and such (CK(content)), a license generator, a start-up file, and license-generating information are placed on a digital storage medium. The license generator is for generating a digital license corresponding to the placed content, where the generated license has the content key (CK) therein. The start-up file is read and executed when the medium is mounted to a computing device, and the executed start-up file executes the license generator The license generating information includes the content key (CK) and any terms, conditions, rules, and/or requirements to be built into the license.

Abstract: A device has a symmetric device key (DK) and a copy of (DK) encrypted according to a public key (PU) of an entity (PU(DK)). The device receives an object from a host computer, at least a portion of which is encrypted according to (DK). The device sends (PU(DK)) to the host computer, and the host computer sends (PU(DK)) to the entity. The entity applies a corresponding private key (PR) to (PU(DK)) to obtain (DK) and sends (DK) to the host computer. The host computer may then encrypt the object according to (DK) and download same to the device, and the device may decrypt the encrypted object based on (DK).

Abstract: A computing device has a running real-time secure clock adjustable only according to trusted time as received from an external trusted time authority, a time offset within which is stored a time value adjustable by at least one of the user and the trusted time authority, and a time display for displaying a running real-time display time calculated as the trusted time from the secure clock plus the stored time value in the time offset. Reference thus may be made to the secure clock to evaluate a temporal requirement without concern that the user has adjusted the secure clock to subvert the temporal requirement. The computing device sends a request for secure time and the trusted time authority sends same. The computing device receives the secure time, sets the secure clock according to same, and sends confirmation to the trusted time authority that the secure time has been received.

Abstract: Digital content is encrypted according to a content key (CK) to form (CK(content)) and such (CK(content)), a license generator, a start-up file, and license-generating information are placed on a digital storage medium. The license generator is for generating a digital license corresponding to the placed content, where the generated license has the content key (CK) therein. The start-up file is read and executed when the medium is mounted to a computing device, and the executed start-up file executes the license generator The license generating information includes the content key (CK) and any terms, conditions, rules, and/or requirements to be built into the license.

Abstract: A computing device has a running real-time secure clock adjustable only according to trusted time as received from an external trusted time authority, a time offset within which is stored a time value adjustable by at least one of the user and the trusted time authority, and a time display for displaying a running real-time display time calculated as the trusted time from the secure clock plus the stored time value in the time offset. Reference thus may be made to the secure clock to evaluate a temporal requirement without concern that the user has adjusted the secure clock to subvert the temporal requirement. The computing device sends a request for secure time and the trusted time authority sends same. The computing device receives the secure time, sets the secure clock according to same, and sends confirmation to the trusted time authority that the secure time has been received.

Abstract: A device has a symmetric device key (DK) and a copy of (DK) encrypted according to a public key (PU) of an entity (PU(DK)). The device receives an object from a host computer, at least a portion of which is encrypted according to (DK). The device sends (PU(DK)) to the host computer, and the host computer sends (PU(DK)) to the entity. The entity applies a corresponding private key (PR) to (PU(DK)) to obtain (DK) and sends (DK) to the host computer. The host computer may then encrypt the object according to (DK) and download same to the device, and the device may decrypt the encrypted object based on (DK).

Abstract: A device renders content on a medium by obtaining a table from the medium, obtaining a device key (DK) of the device and an index value of such (DK), indexing into an entry of the table based on the obtained index value, selecting an encrypted secret from the indexed-into entry, applying the obtained device key (DK) to the selected encrypted secret to expose the secret, and applying the exposed secret to render the content.

Abstract: A host securely transmits content to a peripheral thereof. The peripheral has a symmetric key (PK) and a copy of (PK) encrypted according to a public key (PU) of an entity ((PU(PK))). In the method, the host receives (PU(PK)) from the peripheral, and sends (PU(PK)) to the entity. The entity has a private key (PR) corresponding to (PU), applies (PR) to (PU(PK)) to obtain (PK), and sends (PK) back to the host. The host receives (PK) from the entity, encrypts at least a portion of the content according to (PK), and transmits the encrypted content to the peripheral. The peripheral may then decrypt the encrypted content based on (PK). A bind key (BK) encrypted by (PK) ((PK(BK))) may accompany (PU(PK)), where the content is to be encrypted according to (BK). Thus, (PK) is not revealed to the host.