The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device.

Systems and computer-implemented methods are provided for publicly verifiable authorization using a distributed public data structure. A central authorization system may include a database storing authorization records and may be configured to receive a first grant request from an origin device. The grant request may include contact information for a second user. The central authorization system may publish an encrypted message documenting the first grant request for incorporation into the distributed public data structure. The central authorization system may also provide a perfection code for decrypting the message to the second user. The central authorization system may receive a request to perfect the first grant request from a destination device. The central authorization system may publish a message documenting perfection of the first grant request for incorporation into the distributed public data structure. The central authorization system may grant the authorization to the second user.

Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control.

A computerized process is described for transferring content from a first entity to a second entity including first transferring separately and via a database entity for each content: a content identifier, content rights, a content encryption key, a content initialization vector, a content encryption count, and a first entity identifier. Included with the transferred content is a transfer identifier, which is encrypted. After transferred content is received by the second entity, the transfer identifier is used to retrieve the content rights, content encryption key, content encryption initialization vector, content encryption count, and first entity identifier from the database entity. After receiving the content, both actions taken on the content and disposition of the content at the second entity are controlled according to the content rights by the first entity and the status of the content is reported to the first entity via a database entity.

The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc., This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

A user device may strengthen the protection level of a digital content by dividing the security and normal modes and performing an operation. In order to further strengthen the protection level of the digital content, the user device may determine whether the main operating system is hacked or not, and blocks the operation in the secure mode. Otherwise, the device authorization information indicating the device security level of the user device is authorized by the content service server, and the user device blocks the operation in the secure mode according to the result.

A method for protecting an encryption key for a block storage device is provided. The includes reading from a superblock of the block storage device a secure key, referring to a clear key only accessible by a hardware security module, and a type indicator indicating that the secure key refers to the clear key which is only accessible by the hardware security module. The method also includes associating the block storage device with the hardware security module and converting the secure key into a protected clear key using the hardware security module, wherein the protected key refers to the clear key accessible by a central processing unit of a related computer system.

A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.

The disclosure is directed to an access permission system that manages provisioning of access to an electronic resource through various types of access permissions. The access permission system provisions access by provisioning a license entitlement of a specified type. A provisioning optimization technique determines a combination of different types of license entitlements to be provisioned according to an optimization criterion associated with an attribute of a license entitlement. For example, the optimization criterion can based on a unit cost associated with a license entitlement, and the provisioning optimization technique can determine various types of license entitlements to be obtained (and therefore to be provisioned) in order to minimize a total cost of the license incurred in satisfying the consumption demand requests.