A method, apparatus, media and data structure for rendering a wrapper. The wrapper includes at least one data structure in a format that is renderable by a standard rendering engine and containing censored content comprising source content identification information. When the wrapper is opened by a standard rendering engine, the censored content is rendered. When opened by a trusted rendering engine, the source content is rendered.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
G06Q 10/06 - Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
H04L 12/24 - Arrangements for maintenance or administration
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
2.
System and method for specifying and processing legality expressions
A system and method are provided for specifying a legality expression for use in a system for processing the legality expression. The system and method include providing a legality expression language, including at least one of a duty element specifying an obligation that a principal must perform an act, a ban element specifying a prohibition that a principal must not perform an act, an intent element specifying an intention that a principal wants to perform an act, and a claim element specifying an assertion that a principal does perform an act. The system and method further include interpreting by the system a legality expression specified using the legality expression language.
A method, system, and device for license-centric content use or distribution, including a pre-existing digital rights management (DRM) system having a unique interface to a repository of data thereof to govern use of content; a shared license repository configured to access the data to govern the use of the content and to communicate with the unique interface of the pre-existing DRM system; and a user interface configured to interact with the pre-existing DRM system, and configured to allow the user to send a license associated with the content from the shared license repository to the pre-existing DRM system or to another shared license repository.
System and methods for manipulating rights expressions for use in connection with a rights management system include one or more tokenized templates. Each tokenized template includes one or more rights expression language statements and one or more tokens associated with at least one of the rights expression language statements. Further, the tokens can be place holders for data items or rights expression elements. The system further includes a license template module that creates the tokenized templates, and a license instance creation module that replaces at least one of the tokens in one or more selected license templates with one or more of the data items or rights expression elements to generate a license instance. Additionally, the system includes a license instance analysis module having sub-modules for validating and interpreting license instances, and a data parsing module for extracting data from created license instances.
A system and method for creating a rights expression for association with an item for use in a system for controlling use of the item in accordance with the rights expression, including specifying rights expression information indicating a manner of use of an item, the rights expression information including at least one element, the element having a variable and corresponding value for the variable; and performing an encoding process, including determining an identifier associated with a template corresponding to the rights expression information, extracting from the rights expression information the value for the variable corresponding to the element, and encoding a license adapted to be enforced on a device based on the variable and the identifier, the license including an identification of the template and the value for the variable.
The invention relates to method for deriving a sub-right from a right, the right comprising a plurality of components, each of which specifies an aspect of the right. A component may be, for example, a principal, an action, a resource, and a condition. The invention also relates to a method for integrating a first right with a second right. Furthermore, the invention relates to a method of sharing rights by deriving a sub-right from a right, allowing use of the sub-right, and integrating the sub-right with the right. In addition, the invention relates to a system to support rights sharing by enabling the derivation of a sub-right from a right, the right comprising plural components each of which specifies an aspect of the right, the system comprising a receiving module for receiving a sub-right, the sub-right comprising plural components each of which specifies an aspect of the sub-right, and a confirmation module for confirming that the values of the components of the sub-right can be derived from the values of the corresponding components of the right. The invention further relates to a method for deriving a sub-right from a pool of rights granted by a grantor to a grantee for controlling use of resources within a computing environment, the computing environment having a mechanism for enforcing rights within the environment to control use of resources in accordance with the rights.
A self-contained device for protecting content, the content having usage rights associated therewith, includes a usage rights portion having usage rights that control the use of the content; a rights management module that authorizes a request to access to the content based on the usage rights; a rights assignment module that generates and updates the usage rights based on the content access; and an interface module that allows accessing of the content.
A method, system, and device for license-centric content use or distribution, including a pre-existing digital rights management (DRM) system having a unique interface to a repository of data thereof to govern use of content; a shared license repository configured to access the data to govern the use of the content and to communicate with the unique interface of the pre-existing DRM system; and a user interface configured to interact with the pre-existing DRM system, and configured to allow the user to send a license associated with the content from the shared license repository to the pre-existing DRM system or to another shared license repository.
Legality expressions are systematically pre-processed, organized, and stored to achieve faster real-time response, improved predictability, and increased reliability for queries against a large volume of legality expressions. Exponential improvements in both the time to locate the set of legality expressions matching specified search criteria and the processing costs of evaluating the request against the matching legality expressions are achieved using the disclosed systems, devices, and methods. The systems, devices, and methods are unique to the optimization of legality expression processing, but they can also enable the use of other optimization techniques for processing large amounts of data.
A method, system and device for transferring rights adapted to be associated with items from a rights supplier to a rights consumer, including obtaining a set of rights associated with an item, the set of rights including meta-rights specifying derivable rights that can be derived from the meta-; determining whether the rights consumer is entitled to the derivable rights specified by the meta-rights; and deriving at least one right from the derivable rights, if the rights consumer is entitled to the derivable rights specified by the meta-rights, wherein the derived right includes at least one state variable based on the set of rights and used for determining a state of the derived right.
A system and method for controlling a rights expression specifying a manner of use of an item, including specifying by a provider of an item a rights expression indicating a manner of use of the item by a recipient of the item and a condition for use of the item by the recipient, the condition indicating that the use by the recipient of the item is subject to control; associating the rights expression with the item; and controlling the use by the recipient of the item based on the condition in the rights expression. In further exemplary embodiments, the use by the recipient of the item is subject to control by a stakeholder and/or a provider of the item and can be used to provide consumer protection based on parameters of use.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
12.
System and method for granting access to an item or permission to use an item based on configurable conditions
A method, system, device, and computer program product for processing plural rights expressions associated with an item for use in a system for controlling use of the item in accordance with the rights expressions, including receiving a request to use an item, the item having associated rights expressions governing use of the item; returning one or more rights expressions including conditions that must be satisfied in order to use the item; and processing the returned rights expressions in a manner to facilitate selection of the returned rights expressions in order to use the item in accordance with the selected rights expressions.
A system and method are provided for specifying a legality expression for use in a system for processing the legality expression. The system and method include providing a legality expression language, including at least one of a duty element specifying an obligation that a principal must perform an act, a ban element specifying a prohibition that a principal must not perform an act, an intent element specifying an intention that a principal wants to perform an act, and a claim element specifying an assertion that a principal does perform an act. The system and method further include interpreting by the system a legality expression specified using the legality expression language.
A system and method for creating a rights expression for association with an item for use in a system for controlling use of the item in accordance with the rights expression, including specifying rights expression information indicating a manner of use of an item, the rights expression information including at least one element, the element having a variable and corresponding value for the variable; and performing an encoding process, including determining an identifier associated with a template corresponding to the rights expression information, extracting from the rights expression information the value for the variable corresponding to the element, and encoding a license adapted to be enforced on a device based on the variable and the identifier, the license including an identification of the template and the value for the variable.
A method and apparatus for dynamically protecting content in a system for managing use of the content in accordance with usage rights. A request is received from a user device for content stored on a server. Information is gathered from at least one source to build the content in accordance with the request and the content is mapped to usage rights. A reply including the usage rights is sent to the user device, and use of the content is permitted based on the usage rights under control of a security module for enforcing usage rights.
A system and method for controlling use of content in accordance with usage rights associated with the content and determined in accordance with the environment of a user device. A request is received for secure content from a user device and the integrity of the environment of the user device is verified. Appropriate usage rights are retrieved based upon the results of the verification of integrity and the content is rendered on the user device in accordance with the appropriate usage rights.
System and methods for manipulating rights expressions for use in connection with a rights management system include one or more tokenized templates. Each tokenized template includes one or more rights expression language statements and one or more tokens associated with at least one of the rights expression language statements. Further, the tokens can be place holders for data items or rights expression elements. The system further includes a license template module that creates the tokenized templates, and a license instance creation module that replaces at least one of the tokens in one or more selected license templates with one or more of the data items or rights expression elements to generate a license instance. Additionally, the system includes a license instance analysis module having sub-modules for validating and interpreting license instances, and a data parsing module for extracting data from created license instances.
Extensible grammar-based rights expression system for processing rights expressions including an interpreter with plug-in subcomponents, a validator, and a framework. In another embodiment, system includes a framework having an extensible architecture with extensibility points for adding extensions to the grammar, and an interpreter, the extensions defining semantics and syntax of new rights expressions. A method for processing rights expressions is also provided having the steps of registering plug-in components, making a programmatic call, finding and invoking appropriate plug-in components, evaluating the request against the grant, and returning an authorization result. In another embodiment, method includes the steps of providing an extensible grammar-based rights expression system having an extensible architecture with an interpreter, evaluating the request against the grant using the interpreter, and returning an authorization result. The method may include the step of adding new extensions to the rights expression system to allow processing of new rights expressions.
A method and system for managing use of items having usage rights associated therewith including a point of capture system adapted to generate content of a future event when the event occurs, a content distributor adapted to generate a rights label having usage rights associated with content of the future event before the content is created, the rights label having a distribution key for encrypting the content as the content is generated, the distribution key being encrypted with a public key. The system also includes a license server adapted to generate a license associate with the content from the rights label before the content is generated, the license including the distribution key encrypted with the public key, and a content distributor adapted to distribute the license before the content is generated.
Processes and systems for offering and granting digital rights that govern distribution and usage of content, services and resources. The processes and systems provide a basis for flexible business models and negotiation transactions between content providers and users. The concept of meta-rights, which permit digital rights to be derived, permits upstream parties in a content distribution chain to dictate rights granted and received by downstream parties. Therefore, each transaction can be considered as a two party transaction between a rights supplier and a rights consumer.
Digital rights management method and system for items having usage rights. A first activation device defines a first trust zone. A first license device associated with the first trust zone generates an open license having usage rights associated with a first item. A second activation device defines a second trust zone and is adapted to issue a software package that enforces usage rights. A user device associated with the second trust zone is adapted to receive the software package from the second activation device, to receive the open license associated with the first item, and to use the first item in accordance with the open license. In addition, a method is provided for enforcing a license granting usage rights associated with a protected item, and for classifying a license, the license being an open license or a closed license.
A system and method for managing use of items having usage rights associated therewith. The system includes an activation device adapted to issue a software package having a public and private key pair, the public key being associated with a user, a license device adapted to issue a license, a usage device adapted to receive the software package, receive the license and allow the user to access the item in accordance with the license, and a subscription managing device adapted to maintain a subscription list including the public key associated with the user. License's is issued by the license device upon verifying presence of the public key in the subscription list corresponding to requested content.