Abstract: An enforcement architecture and method for implementing digital rights management are disclosed. Digital content is distributed from a content server to a computing device of a user and received, and an attempt is made to render the digital content by way of a rendering application. The rendering application invokes a Digital Rights Management (DRM) system, and such DRM system determines whether a right to render the digital content in the manner sought exists based on any digital license stored in the computing device and corresponding to the digital content. If the right does not exist, a digital license that provides such right and that corresponds to the digital content is requested from a license server, and the license server issues the digital license to the DRM system. The computing device receives the issued digital license and stores the received digital license thereon.

Abstract: An enforcement architecture and method for implementing digital rights management are disclosed. Digital content is distributed from a content server to a computing device of a user and received, and an attempt is made to render the digital content by way of a rendering application. The rendering application invokes a Digital Rights Management (DRM) system, and such DRM system determines whether a right to render the digital content in the manner sought exists based on any digital license stored in the computing device and corresponding to the digital content. If the right does not exist, a digital license that provides such right and that corresponds to the digital content is requested from a license server, and the license server issues the digital license to the DRM system. The computing device receives the issued digital license and stores the received digital license thereon.

Abstract: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.

Abstract: Digital content is rendered on a device by transferring the content to the device and obtaining a digital license corresponding to the content. A sub-license corresponding to and based on the obtained license is composed and transferred to the device, and the content is rendered on the device only in accordance with the terms of the sub-license. The content is encrypted and decryptable according to a content key, and the sub-license includes the content key encrypted and decryptable according to a secret. The sub-license also includes indexing information identifying the secret to the device. The indexing information in the sub-license is obtained to identify the secret, and the secret is acquired based at least in part on the indexing information. The secret is then applied to the encrypted content key to decrypt and obtain the content key, and the obtained content key is applied to the encrypted content to decrypt and obtain the content.

Abstract: To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The encrypted content key (KD) from the digital license is decrypted to produce the content key (KD), and the public key (PU1) of the first device is obtained therefrom. The content key (KD) is then encrypted according to the public key (PU1) of the first device (PU1 (KD)), and a sub-license corresponding to and based on the obtained license is composed, where the sub-license includes (PU1 (KD)). The composed sub-license is then transferred to the first device.

Abstract: A counter is provided which can be implemented in flash memory allowing longer life through fewer erasures. The counter is incremented using a method that minimizes bit transitions from 1 to 0. In one embodiment, the counter is implemented in m+n bits. The bits of the counter are grouped into a binary portion of the counter of m bits and a unary portion of the counter of n bits. In order to increment the counter, the unary portion of the counter is incremented first. When the unary portion of the counter reaches a specific value, the binary portion of the counter is incremented. This limits 1 to 0 bit transitions and allows a large range of unique values to be read from the counter. In another embodiment, two unary counters are formed, which dynamically change in size as the counter is incremented.

Abstract: A device for securely recording protected content to a portable memory, and for reading the protected content therefrom. The device includes a feature that makes it adapted to read or write specially-configured portable memories that are incompatible with standard read/write devices. For example, the device may be designed to work with memories having an unusual shape or size, or may manipulate the data in a non-standard way before storing it on the memory. The read/write devices are trusted components that will only handle the protected content in accordance with rules governing the content. The feature included in the device is preferably a proprietary and/or hardware feature, so that counterfeit devices incorporating the feature cannot be built without overcoming economic and/or legal hurdles.

Abstract: Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.

Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

Abstract: A digital rights management (DRM) system operates on a computing device and requires a black box for performing decryption and encryption functions. To obtain the black box from a black box server, the DRM system requests such black box from such black box server. The black box server in response generates the black box, where such black box is unique and has a public/private key pair. The black box server then delivers the generated black box to the DRM system and the DRM system installs the delivered black box in such DRM system.

Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

Abstract: A digital rights management (DRM) system operates on a computing device when a user requests that a protected piece of digital content be rendered by the computer device in a particular manner. The DRM system has a license store, a license evaluator, and a state store. The license store stores digital licenses on the computing device. The license evaluator determines whether any licenses stored in the license store correspond to the requested digital content and whether any such corresponding licenses are valid, reviews license rules in each such valid license, and determining based on such reviewed license rules whether such license enables the requesting user to render the requested digital content in the manner sought. The state store maintains state information corresponding to each license in the license store, where the state information is created and updated by the license evaluator as necessary.

Abstract: To encrypt a digital object, a key ID is selected for the digital object, and a function ƒ( ) having an input and an output is selected. The selected key ID is then employed as the input to the function ƒ( ), and the output of such function ƒ( ) is employed as the key (KD) for the digital object: ƒ(key ID) key (KD). The digital object is then according to such key (KD), and the encrypted digital object is distributed.

Abstract: Digital content is rendered on a device by transferring the content to the device and obtaining a digital license corresponding to the content. A sub-license corresponding to and based on the obtained license is composed and transferred to the device, and the content is rendered on the device only in accordance with the terms of the sub-license. The content is encrypted and decryptable according to a content key, and the sub-license includes the content key encrypted and decryptable according to a secret. The sub-license also includes indexing information identifying the secret to the device. The indexing information in the sub-license is obtained to identify the secret, and the secret is acquired based at least in part on the indexing information. The secret is then applied to the encrypted content key to decrypt and obtain the content key, and the obtained content key is applied to the encrypted content to decrypt and obtain the content.

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Abstract: A method describes user interaction in combination with sending a send item from an application of a computing device to a recipient. The computing device has an attestation unit thereon for attesting to trustworthiness. The application facilitates a user in constructing the send item, and pre-determined indicia are monitored that can be employed to detect that the user is in fact expending effort to construct the send item. The attestation unit authenticates the application to impart trust thereto, and upon the user commanding the application to send, a send attestation is constructed to accompany the send item. The send attestation is based on the monitored indicia and the authentication of the application and thereby describes the user interaction. The constructed send attestation is packaged with the constructed send item and the package is sent to the recipient.

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.