Abstract: A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories.

Abstract: A licensor receives a request from a requestor including an identifier identifying the requestor and rights data associated with digital content, where the rights data lists at least one identifier and rights associated therewith. The licensor thereafter locates the identifier of the requestor in a directory, and locates in the directory based thereon an identifier of each group which the requestor is a member of. Each of the located requestor identifier and each located group identifier is compared to each identifier listed in the rights data to find a match, and a digital license to render the content is issued to the requestor with the rights associated with the matching identifier.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: Content is encrypted according to a content key (CK) ((CK(content))), (CK) is protected according to a license server public key (PU-DRM), and rights data associated with the content is retrieved from a rights template and protected according to (PU-DRM). The protected items and a digital signature from the rights template are submitted as a rights label to the license server for signing. The license server verifies the rights template signature, and if such signature verifies signs the rights label to result in a signed rights label (SRL), and returns same. The SRL is concatenated with (CK(content)) and both are distributed to a user. To render the content, the user submits the SRL to the license server to request a license.

Abstract: A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories.

Abstract: Systems and methods for visually representing scripted behaviors are provided. A system is disclosed that includes an authoring program executable on a computing device and configured to display a visual scripting interface. The visual scripting interface may be configured to display a plurality of user-selectable graphical building blocks. Each graphical building block may represent a respective component of a script, and may be spatially arrangable within the visual scripting interface to visually represent a script for a target scripted object. Input selectors may be provided on the graphical building blocks to enable users to input script information, and status indicators and messages may also be displayed on the graphical building blocks to inform users whether script information has been properly inputted. Propagation tools may be provided to enable users to successively add new graphical building blocks to build a tree that represents a script sentence.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content.

Abstract: A Digital Rights Management (DRM) system has a plurality of DRM servers performing DRM functionality and an entering DRM-E server is enrolled into the system by an enrolling DRM-R server such that the entering DRM-E server is to be trusted within the system. The DRM-E server sends an enrollment request to the DRM-R server including a proffering identification and a public key (PU-E). The DRM-R server validates the proffering identification, and, if the request is to be honored, generates a digital enrollment certificate with (PU-E) for the DRM-E server to enroll such DRM-E server into the DRM system. The now-enrolled DRM-E server with the generated enrollment certificate is able to employ same to issue DRM documents within the DRM system.

Abstract: Content is encrypted according to a content key (CK) ((CK(content))), (CK) is protected according to a license server public key (PU-DRM), and rights data associated with the content is protected according to (PU-DRM). The protected items are submitted as a rights label to the license server for signing. The license server validates the rights label and, if valid, digitally signs based on the protected rights data to result in a signed rights label (SRL), and returns same. The SRL is concatenated with (CK(content)) and both are distributed to a user. To render the content, the user submits the SRL to the license server to request a license. The license server verifies the SRL signature and reviews the SRL protected rights data to determine whether the user is entitled to the license, and if so issues the license, including (CK) in a protected form accessible to the user.

Abstract: A first trusted component on a first computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a first user-machine certificate associated with the first computing device is tied to a user. Correspondingly, a second trusted component on a second computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a second user-machine certificate associated with the second computing device is also tied to the user. The first trusted component obtains the content for rendering on the first computing device by way of the first user-machine certificate and the license, and the second trusted component obtains the content for rendering on the second computing device by way of the second user-machine certificate and the same license.

Abstract: A presentation application provides for authoring and playback of multi-media presentations. Each page of the presentation may contain one or more types of media, including video, text, images and other media. A user may interact with the presentation during playback by selecting different instances of the media. Media elements of the presentation may be tagged with meta-data. Tagged media elements may generate a tag event associated with meta-data in response to being selected, perform an action when a tag event with a particular meta-data occurs, or both. When a user selects a tagged media instance during presentation playback, the tagged media generates a tag event with a particular meta-data. The application detects the tag event, determines one or more other media instances (if any) configured to perform an action upon detection of the tag event with the particular meta-data, and carries out the corresponding action.

Abstract: A presentation application provides for authoring and playback of a presentation. A presentation is an interactive collection of activities. An activity may include one or more frames, wherein each frame includes one or more modules. A module may consist of media content such as video, text, images or other content. A user may provide input during playback of the presentation. In response to the input, the module or frame receiving the input may call an action on a presentation activity, frame or module, thereby allowing the user to navigate through the presentation and accomplish objectives. When authoring a presentation, a user may associate a user initiated event or internally generated event with a module action. Authoring may be performed through an authoring interface provided by an authoring tool. The authoring tool may save a presentation as a package which can be distributed.

Abstract: A Digital Rights Management (DRM) system has a plurality of DRM servers performing DRM functionality and an entering DRM-E server is enrolled into the system by an enrolling DRM-R server such that the entering DRM-E server is to be trusted within the system. The DRM-E server sends an enrollment request to the DRM-R server including a proffering identification and a public key (PU-E). The DRM-R server validates the proffering identification, and, if the request is to be honored, generates a digital enrollment certificate with (PU-E) for the DRM-E server to enroll such DRM-E server into the DRM system. The now-enrolled DRM-E server with the generated enrollment certificate is able to employ same to issue DRM documents within the DRM system.

Abstract: Operating system roles may be defined to provide users access to computer resources, such as files, computer setup and configuration tasks, application programs and specific features within applications, separately from the permissions associated with the user's login. Permission levels may be designated directly to roles, providing a level of abstraction beyond user login access permissions. Thus, role members may gain access to a resource through the permissions of a role, and similarly, other authorized users will not be denied access to a resource based on a change to the role.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site. The fulfillment site includes an asynchronous fulfillment pipeline which logs information about processed transactions using a store-and-forward messaging service. The fulfillment site may be implemented as several server devices, each having a cache which stores frequently downloaded content items, in which case the asynchronous fulfillment pipeline may also be used to invalidate the cache if a change is made at one server that affects the cached content items.

Abstract: A trusted component on a device includes a secure HWID therein and is verified by obtaining a key from the device, and verifying each signed component of the operating system of the device therewith. A driver table is examined to locate a HWID driver which is verified as containing a pointer back to an address inside a kernel. The verified operating system is called to obtain the secure HWID from a HWID component by way of the HWID driver and to return same to the trusted component. Thereafter, the returned HWID is verified as matching the HWID included with the trusted component.

Abstract: A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface.

Abstract: A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.