Abstract: An audio/video distribution system with enhanced digital rights management. configured for use with a source of programming, a third party responsible for authorization, and an audio/video output device at a recipient location, includes a source encryptor and a receiver and authentication device disposed at a recipient location. The source encryptor is responsible for transmitting the programming (including any applicable plus policies, rights and/or rules) in encrypted form with missing content to the recipient location. The receiver includes an input for receiving the programming, a decryptor, an output for delivering the programming to the audio/video output device, a bi-directional link for communicating with a third party authenticator, a sensor for receiving a programming request from the programming request device, and a processor.

Abstract: An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with specific input devices, namely a light sensor/DTMF/infrared and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications.

Abstract: A “flat” network architecture facilitates direct connections between nodes so that information may be retrieved more efficiently. Agent software is loaded on each participating node, and this code is sufficiently intelligent to share and relay information appropriately in accordance with user requests. The invention is particularly advantageous in situations where communication bottlenecks are likely to occur, such as between corporate intranets and the Internet, in conjunction with requests to international servers, and in other configurations wherein only a limited number of data pipelines are available. A method of accessing information in a client-server network architecture according to the invention includes the step of maintaining a database on the server which keeps track of where desired information is stored on the network. When such information is requested from the server, the database is queried to determine whether the information is available from one or more participating clients.

Abstract: Improved approaches for accessing secured digital assets (e.g., secured items) are disclosed. In general, digital assets that have been secured (secured digital assets) can only be accessed by authenticated users with appropriate access rights or privileges. Each secured digital asset is provided with a header portion and a data portion, where the header portion includes a pointer to separately stored security information. The separately stored security information is used to determine whether access to associated data portions of secured digital assets is permitted. These improved approaches can facilitate the sharing of security information by various secured digital assets and thus reduce the overall storage space for the secured digital assets. These improved approaches can also facilitate efficient management of security for digital assets.

Abstract: Improved approaches for accessing secured digital assets (e.g., secured items) are disclosed. In general, digital assets that have been secured (secured digital assets) can only be accessed by authenticated users with appropriate access rights or privileges. Each secured digital asset is provided with a header portion and a data portion, where the header portion includes a pointer to separately stored security information. The separately stored security information is used to determine whether access to associated data portions of secured digital assets is permitted. These improved approaches can facilitate the sharing of security information by various secured digital assets and thus reduce the overall storage space for the secured digital assets. These improved approaches can also facilitate efficient management of security for digital assets.

Abstract: Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e.g., a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.

Abstract: Methods and apparatus enabling dissimilar devices to exchange information over a computer network stores a database of permissible sending and receiving devices at a verification server. A first device generates a request send authorization signel, which is compared at the server to the stored database and, in the event of a correspondence, a send authorization signel is generated by the server. Before a complete exchange may occur, however, a request receive authorization signal is generated at the second device in response to receiving the communication signal from the first device. The request receive authorization signal is compared to the database at the server and, in the event of a correspondence, a receive authorization signal is generated by the server, causing the second device to receive the message from the first device.