Abstract: A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.

Abstract: A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.

Abstract: A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.

Abstract: A method for managing rights in digital content includes generating rights data for a piece of digital content and forming a piece of rights managed digital content by associating the rights data with the piece of digital content. The rights data includes parameters that govern the terms on which the content may be licensed, and may include a list of entities to which the content may be licensed, a respective set of one or more rights that each such entity has in the digital content, and any conditions that may be placed on those rights. A method for licensing rights managed digital content includes receiving a license request for a license to use the piece of rights managed digital content, where the license request includes such a signed rights label. The digital signature on the signed rights label is validated to determine whether a trusted entity issued the signed rights label.

Abstract: A method is disclosed for rendering content encrypted according to a cryptographic key, where the content has corresponding rights data including a decryption key (KD) for decrypting the encrypted content, and where (KD) in the rights data is encrypted according to a public key of a rights management (RM) server (PU-RM) to result in (PU-RM(KD)). The RM server normally delivers (KD) within a license, but upon being decommissioned can no longer issue such license. In the method, a notification is received that the RM server has been decommissioned, and thereafter an attempt is made to render a piece of content. Such content is determined to be protected to the decommissioned RM server, and a request is sent to the decommissioned RM server for the content key (KD) for the content rather than any license. Thereafter (KD) is received from the decommissioned RM server.

Abstract: A method, apparatus, and software are disclosed for delivering customized content to clients with diverse content needs, such as clients from diverse geographical areas an language backgrounds. Customizable content is separated from the underlying code, which is used as a template for inserting localized content into a basic document framework as represented by the template. Both electronic mail and Web community customization techniques are disclosed.

Abstract: A method, apparatus, and software are disclosed for delivering customized content to clients with diverse content needs, such as clients from diverse geographical areas an language backgrounds. Customizable content is separated from the underlying code, which is used as a template for inserting localized content into a basic document framework as represented by the template. Both electronic mail and Web community customization techniques are disclosed.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A scalable computing system for managing annotations is capable of handling requests for annotations to millions of documents a day. The computing system consists of multiple tiers of servers. A tier I server indicates whether there are annotations associated with a content source. A tier II server indexes the annotations. A tier III server stores the body of the annotation.

Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

Abstract: An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.

Abstract: A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.

Abstract: A method is disclosed for rendering content encrypted according to a cryptographic key, where the content has corresponding rights data including a decryption key (KD) for decrypting the encrypted content, and where (KD) in the rights data is encrypted according to a public key of a rights management (RM) server (PU-RM) to result in (PU-RM(KD)). The RM server normally delivers (KD) within a license, but upon being decommissioned can no longer issue such license. In the method, a notification is received that the RM server has been decommissioned, and thereafter an attempt is made to render a piece of content. Such content is determined to be protected to the decommissioned RM server, and a request is sent to the decommissioned RM server for the content key (KD) for the content rather than any license. Thereafter (KD) is received from the decommissioned RM server.

Abstract: A method for managing rights in digital content includes generating rights data for a piece of digital content and forming a piece of rights managed digital content by associating the rights data with the piece of digital content. The rights data includes parameters that govern the terms on which the content may be licensed, and may include a list of entities to which the content may be licensed, a respective set of one or more rights that each such entity has in the digital content, and any conditions that may be placed on those rights. A method for licensing rights managed digital content includes receiving a license request for a license to use the piece of rights managed digital content, where the license request includes such a signed rights label. The digital signature on the signed rights label is validated to determine whether a trusted entity issued the signed rights label.