A method, apparatus, and computer-readable media for creating a private social network (PSN). Channels in the PSN can be created based on connections in existing social networks and based on other interactions between the users. Channels can be dynamically managed based on various interactions and attributes. Channels of the PSN are defined by a data structure indicating the users and relationships therebetween. The data structure can be manipulated to change the attributes of the channels. A user interface can be provided to facilitate aggregation of existing channels.
A method apparatus and media for distributing protected content. An exemplary embodiment, including receiving a selection of content, packaging the selected content to generate packaged content, encrypting the packaged content to generate an encrypted content package, transmitting the encrypted content package to a content server, receiving content location information corresponding to the location of the encrypted content package on the content server, receiving a selection of one or more rights, combining the one or more rights with the content location information to generate a rights package including the content location information, transmitting the rights package to a license server, receiving license location information corresponding to the location of the rights package on the license server, and distributing the license location information.
A method, apparatus, media and data structure for rendering a wrapper. The wrapper includes at least one data structure in a format that is renderable by a standard rendering engine and containing censored content comprising source content identification information. When the wrapper is opened by a standard rendering engine, the censored content is rendered. When opened by a trusted rendering engine, the source content is rendered.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
G06Q 10/06 - Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
H04L 12/24 - Arrangements for maintenance or administration
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
A method, apparatus, media and data structure for rendering a wrapper. The wrapper includes at least one data structure in a format that is renderable by a standard rendering engine and containing censored content comprising source content identification information. When the wrapper is opened by a standard rendering engine, the censored content is rendered. When opened by a trusted rendering engine, the source content is rendered.
Exemplary embodiments relate to rendering content using obscuration techniques. An exemplary method comprises receiving source content, identifying a mask that segments the source content, identifying masking techniques, associating the source content with obscuration information and usage rules, and transmitting the source content, the usage rules, and the obscuration information to a recipient computing device. Another exemplary method comprises receiving source content, constructing a mask that segments the source content, identifying a masking technique, generating first and second transformed images by applying the masking technique, and displaying the first and second transformed images as frames in a repeating series of frames to approximate the source content. Yet another exemplary method relates to providing frames for rendering on a display, the frames including pixel data, the pixel data comprising input values for one or more color components.
A system and method are provided for specifying a legality expression for use in a system for processing the legality expression. The system and method include providing a legality expression language, including at least one of a duty element specifying an obligation that a principal must perform an act, a ban element specifying a prohibition that a principal must not perform an act, an intent element specifying an intention that a principal wants to perform an act, and a claim element specifying an assertion that a principal does perform an act. The system and method further include interpreting by the system a legality expression specified using the legality expression language.
An apparatus, computer-readable medium, and computer-implemented method for granting access to content are disclosed. The method includes receiving user credentials associated with a user from a device which has authorization to access content in a first content domain, determining whether the user associated with the user credentials has a license to access content in a second content domain, and granting temporary authorization to the device which allows it to access content in the second content domain based at least in part on the determination that the user associated with the user credentials has a license to access content in the second content domain.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
8.
Method, system, and device for license-centric content consumption
A method, system, and device for license-centric content use or distribution, including a pre-existing digital rights management (DRM) system having a unique interface to a repository of data thereof to govern use of content; a shared license repository configured to access the data to govern the use of the content and to communicate with the unique interface of the pre-existing DRM system; and a user interface configured to interact with the pre-existing DRM system, and configured to allow the user to send a license associated with the content from the shared license repository to the pre-existing DRM system or to another shared license repository.
System and methods for manipulating rights expressions for use in connection with a rights management system include one or more tokenized templates. Each tokenized template includes one or more rights expression language statements and one or more tokens associated with at least one of the rights expression language statements. Further, the tokens can be place holders for data items or rights expression elements. The system further includes a license template module that creates the tokenized templates, and a license instance creation module that replaces at least one of the tokens in one or more selected license templates with one or more of the data items or rights expression elements to generate a license instance. Additionally, the system includes a license instance analysis module having sub-modules for validating and interpreting license instances, and a data parsing module for extracting data from created license instances.
A system and method for creating a rights expression for association with an item for use in a system for controlling use of the item in accordance with the rights expression, including specifying rights expression information indicating a manner of use of an item, the rights expression information including at least one element, the element having a variable and corresponding value for the variable; and performing an encoding process, including determining an identifier associated with a template corresponding to the rights expression information, extracting from the rights expression information the value for the variable corresponding to the element, and encoding a license adapted to be enforced on a device based on the variable and the identifier, the license including an identification of the template and the value for the variable.
The invention relates to method for deriving a sub-right from a right, the right comprising a plurality of components, each of which specifies an aspect of the right. A component may be, for example, a principal, an action, a resource, and a condition. The invention also relates to a method for integrating a first right with a second right. Furthermore, the invention relates to a method of sharing rights by deriving a sub-right from a right, allowing use of the sub-right, and integrating the sub-right with the right.
The invention relates to method for deriving a sub-right from a right, the right comprising a plurality of components, each of which specifies an aspect of the right. A component may be, for example, a principal, an action, a resource, and a condition. The invention also relates to a method for integrating a first right with a second right. Furthermore, the invention relates to a method of sharing rights by deriving a sub-right from a right, allowing use of the sub-right, and integrating the sub-right with the right. In addition, the invention relates to a system to support rights sharing by enabling the derivation of a sub-right from a right, the right comprising plural components each of which specifies an aspect of the right, the system comprising a receiving module for receiving a sub-right, the sub-right comprising plural components each of which specifies an aspect of the sub-right, and a confirmation module for confirming that the values of the components of the sub-right can be derived from the values of the corresponding components of the right. The invention further relates to a method for deriving a sub-right from a pool of rights granted by a grantor to a grantee for controlling use of resources within a computing environment, the computing environment having a mechanism for enforcing rights within the environment to control use of resources in accordance with the rights.
A system, method and computer program product for a digital content player having a DRM agent to perform rights management operations on a digital content package, including loading rights management instructions to be executed by the digital content player, the rights management instructions being associated with the digital content package, executing the rights management instructions on the digital content player, and loading supporting licenses associated with the digital content package for processing by the DRM agent. The DRM agent deciding whether to permit the rights management operations requested by the rights management instructions. Further exemplary embodiments include systems, methods and computer program products for associating usage rights with digital content packages, managing of digital rights tokens, managing of digital content packages having predetermined broadcast dates, preserving of usage rights when content is transferred between DRM environments, and distributing content packages.
A self-contained device for protecting content, the content having usage rights associated therewith, includes a usage rights portion having usage rights that control the use of the content; a rights management module that authorizes a request to access to the content based on the usage rights; a rights assignment module that generates and updates the usage rights based on the content access; and an interface module that allows accessing of the content.
A method and system for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors, including determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components; determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and determining access rights to the one or more applications, systems or system components based on the step of determining the compliance.
A trust policy (1188) is constructed based upon a social relationship between real-world entities (1110-1112, 1114, 1116, 1118). The trust policy (1188) may determined based upon a social network and social network maps (1100). The social network map (1100) provides a framework to determine social distances. The trust policy (1188) provides quick and secure access to desired or trusted nodes while providing security from entities (1110-1112, 1114, 1116, 1118) outside the trusted sphere of nodes. The trust policy (1188) determined by the social distance may be used for various types of applications including filtering unwanted e-mail, providing secure access to resources, and accessing protected services. File sharing, referral querying, advertisement targeting, announcement targeting, access control, and various applications may be limited using the constructed trust policy (1188).
G06F 7/04 - Identity comparison, i.e. for like or unlike values
G06F 17/30 - Information retrieval; Database structures therefor
G06K 9/00 - Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
H03M 1/68 - Digital/analogue converters with conversions of different sensitivity, i.e. one conversion relating to the more significant digital bits and another conversion to the less significant bits
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
H04N 7/16 - Analogue secrecy systems; Analogue subscription systems
17.
METHOD, SYSTEM, AND DEVICE FOR INDEXING AND PROCESSING OF EXPRESSIONS
A method, system, and device for indexing expressions for use in a system for processing the expressions, and including indexing an expression using a semantic value; receiving a query; generating a list of prospective expressions from indexed expressions based on the query; and processing the prospective expressions.
Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created.
Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created.
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
A method, system, and device for handling creation of derivative works and for assigning usage rights to the derivative works for enforcing usage rights associated with digital works, including detecting computer-related events that are indicative of manipulations of an original work for creating a derivative work; and maintaining a history of information, including at least one of rights associated with electronic content related to each of the events, origin of electronic content related to each of the events, and event related information that can be used to determine the origin of and rights associated with electronic content.
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
A method, system, and device for verifying authorized issuance of a statement or expression (303), including determining if a statement or expression is associated with a statement of trusted issuance (309); determining if the statement of trusted issuance applies (319); determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized (321).
A method, system, and device for license-centric content use or distribution, including a pre-existing digital rights management (DRM) system having a unique interface to a repository of data thereof to govern use of content; a shared license repository configured to access the data to govern the use of the content and to communicate with the unique interface of the pre-existing DRM system; and a user interface configured to interact with the pre-existing DRM system, and configured to allow the user to send a license associated with the content from the shared license repository to the pre-existing DRM system or to another shared license repository.
A method, system (100), and device (100) for license-centric content use or distribution, including a user interface (104) configured to enable a user (102) to manage content by managing a license associated with the content instead of a specific instance of the content, wherein the use or distribution of the content is granted from the license.
A method, system, and device for license-centric content use or distribution, including a pre-existing digital rights management (DRM) system having a unique interface to a repository of data thereof to govern use of content; a shared license repository configured to access the data to govern the use of the content and to communicate with the unique interface of the pre-existing DRM system; and a user interface configured to interact with the pre-existing DRM system, and configured to allow the user to send a license associated with the content from the shared license repository to the pre-existing DRM system or to another shared license repository.
A method, system and device for transferring rights adapted to be associated with items from a rights supplier to a rights consumer, including obtaining a set of rights associated with an item, the set of rights including meta-rights specifying derivable rights that can be derived from the meta-; determining whether the rights consumer is entitled to the derivable rights specified by the meta-rights; and deriving at least one right from the derivable rights, if the rights consumer is entitled to the derivable rights specified by the meta-rights, wherein the derived right includes at least one state variable based on the set of rights and used for determining a state of the derived right.
G06F 1/14 - Time supervision arrangements, e.g. real time clock
G06F 13/372 - Handling requests for interconnection or transfer for access to common bus or bus system with decentralised access control using a time-dependent priority, e.g. individually loaded time counters or time slot
G06F 12/14 - Protection against unauthorised use of memory
26.
SYSTEM AND METHOD FOR RIGHTS OFFERING AND GRANTING USING SHARED STATE VARIABLES
A method, system and device for sharing rights adapted to be associated with items, the method and system including generating at least one of usage rights and meta-rights for the items; defining, via the usage rights, a manner of use for the items; and defining, via the meta-rights, a manner of rights transfer for the items. The device including receiving at least one of usage rights and meta-rights for the items; interpreting, via the usage rights, a manner of use for the items; and interpreting, via the meta-rights, a manner of rights transfer for the items. The usage rights or the meta-rights include at least one state variable that is shared by one or more rights.
Legality expressions are systematically pre-processed, organized, and stored to achieve faster real-time response, improved predictability, and increased reliability for queries against a large volume of legality expressions. Exponential improvements in both the time to locate the set of legality expressions matching specified search criteria and the processing costs of evaluating the request against the matching legality expressions are achieved using the disclosed systems, devices, and methods. The systems, devices, and methods are unique to the optimization of legality expression processing, but they can also enable the use of other optimization techniques for processing large amounts of data.
Legality expressions are systematically pre-processed, organized, and stored to achieve faster real-time response, improved predictability, and increased reliability for queries against a large volume of legality expressions. Exponential improvements in both the time to locate the set of legality expressions matching specified search criteria and the processing costs of evaluating the request against the matching legality expressions are achieved using the disclosed systems, devices, and methods. The systems, devices, and methods are unique to the optimization of legality expression processing, but they can also enable the use of other optimization techniques for processing large amounts of data.
A method, system and device for transferring rights adapted to be associated with items from a rights supplier to a rights consumer, including obtaining a set of rights associated with an item, the set of rights including meta-rights specifying derivable rights that can be derived from the meta-; determining whether the rights consumer is entitled to the derivable rights specified by the meta-rights; and deriving at least one right from the derivable rights, if the rights consumer is entitled to the derivable rights specified by the meta-rights, wherein the derived right includes at least one state variable based on the set of rights and used for determining a state of the derived right.
A system and method for controlling a rights expression specifying a manner of use of an item, including specifying by a provider of an item a rights expression indicating a manner of use of the item by a recipient of the item and a condition for use of the item by the recipient, the condition indicating that the use by the recipient of the item is subject to control; associating the rights expression with the item; and controlling the use by the recipient of the item based on the condition in the rights expression. In further exemplary embodiments, the use by the recipient of the item is subject to control by a stakeholder and/or a provider of the item and can be used to provide consumer protection based on parameters of use.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
31.
System and method for granting access to an item or permission to use an item based on configurable conditions
A method, system, device, and computer program product for processing plural rights expressions associated with an item for use in a system for controlling use of the item in accordance with the rights expressions, including receiving a request to use an item, the item having associated rights expressions governing use of the item; returning one or more rights expressions including conditions that must be satisfied in order to use the item; and processing the returned rights expressions in a manner to facilitate selection of the returned rights expressions in order to use the item in accordance with the selected rights expressions.
A system and method are provided for specifying a legality expression for use in a system for processing the legality expression. The system and method include providing a legality expression language, including at least one of a duty element specifying an obligation that a principal must perform an act, a ban element specifying a prohibition that a principal must not perform an act, an intent element specifying an intention that a principal wants to perform an act, and a claim element specifying an assertion that a principal does perform an act. The system and method further include interpreting by the system a legality expression specified using the legality expression language.
A system and method for creating a rights expression for association with an item for use in a system for controlling use of the item in accordance with the rights expression, including specifying rights expression information indicating a manner of use of an item, the rights expression information including at least one element, the element having a variable and corresponding value for the variable; and performing an encoding process, including determining an identifier associated with a template corresponding to the rights expression information, extracting from the rights expression information the value for the variable corresponding to the element, and encoding a license adapted to be enforced on a device based on the variable and the identifier, the license including an identification of the template and the value for the variable.
A method and apparatus for dynamically protecting content in a system for managing use of the content in accordance with usage rights. A request is received from a user device for content stored on a server. Information is gathered from at least one source to build the content in accordance with the request and the content is mapped to usage rights. A reply including the usage rights is sent to the user device, and use of the content is permitted based on the usage rights under control of a security module for enforcing usage rights.
A system and method for controlling use of content in accordance with usage rights associated with the content and determined in accordance with the environment of a user device. A request is received for secure content from a user device and the integrity of the environment of the user device is verified. Appropriate usage rights are retrieved based upon the results of the verification of integrity and the content is rendered on the user device in accordance with the appropriate usage rights.
System and methods for manipulating rights expressions for use in connection with a rights management system include one or more tokenized templates. Each tokenized template includes one or more rights expression language statements and one or more tokens associated with at least one of the rights expression language statements. Further, the tokens can be place holders for data items or rights expression elements. The system further includes a license template module that creates the tokenized templates, and a license instance creation module that replaces at least one of the tokens in one or more selected license templates with one or more of the data items or rights expression elements to generate a license instance. Additionally, the system includes a license instance analysis module having sub-modules for validating and interpreting license instances, and a data parsing module for extracting data from created license instances.
Extensible grammar-based rights expression system for processing rights expressions including an interpreter with plug-in subcomponents, a validator, and a framework. In another embodiment, system includes a framework having an extensible architecture with extensibility points for adding extensions to the grammar, and an interpreter, the extensions defining semantics and syntax of new rights expressions. A method for processing rights expressions is also provided having the steps of registering plug-in components, making a programmatic call, finding and invoking appropriate plug-in components, evaluating the request against the grant, and returning an authorization result. In another embodiment, method includes the steps of providing an extensible grammar-based rights expression system having an extensible architecture with an interpreter, evaluating the request against the grant using the interpreter, and returning an authorization result. The method may include the step of adding new extensions to the rights expression system to allow processing of new rights expressions.
A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated.
Processes and systems for offering and granting digital rights that govern distribution and usage of content, services and resources. The processes and systems provide a basis for flexible business models and negotiation transactions between content providers and users. The concept of meta-rights, which permit digital rights to be derived, permits upstream parties in a content distribution chain to dictate rights granted and received by downstream parties. Therefore, each transaction can be considered as a two party transaction between a rights supplier and a rights consumer.
Digital rights management method and system for items having usage rights. A first activation device defines a first trust zone. A first license device associated with the first trust zone generates an open license having usage rights associated with a first item. A second activation device defines a second trust zone and is adapted to issue a software package that enforces usage rights. A user device associated with the second trust zone is adapted to receive the software package from the second activation device, to receive the open license associated with the first item, and to use the first item in accordance with the open license. In addition, a method is provided for enforcing a license granting usage rights associated with a protected item, and for classifying a license, the license being an open license or a closed license.
A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.