Techniques for invitations for establishing relationships are described. In at least some embodiments, an architecture is implemented which provides simple and integrated ways for establishing relationships between various entities. The architecture includes invitations that can be used to invite users to establish relationships with entities. A user that receives an invitation can interact with the invitation, such as to accept or decline an invitation to establish a relationship with an entity. If a user accepts an invitation, a relationship can be established between the user and an inviting entity. In at least some embodiments, the relationship can enable the user to perform various actions and/or access resources associated with the entity.

A method, apparatus, and manufacture for configuring multiple content protection systems is provided. A client media player is employed to determine whether media content is protected. The client media player includes an application, and further includes a media engine that is a distinct program from the application. At least one type of content protection system supported by the media engine is determined. The application is employed to get a key and/or a license for the protected media content in accordance with the determined type of content protection system. The application is employed to instruct the media engine to play the media content. The key and/or the license for the determined type of content protection system is sent from the application to the media engine.

The invention discloses a system for enhancing trust in transactions, most particularly in remote transactions between a plurality of transactional parties, for instance a seller and buyer(s) of goods and/or services over a public computer network such as the internet. Trust is disclosed to be a multivalent commodity, in that the trust that is to be enhanced relates to information about the subject matter of the transactions (e.g., the suitability of the goods and services sold), the bona fides of the supplier of the goods and services, the appropriateness of a pricing structure for a particular transaction or series of transactions, a quantum of additional transactional value that may be imparted to the transactional relationship, security of information exchange, etc.

A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations.

A method to provide negotiation control to data such that a person or entity can negotiate the use of data gathered beyond what is needed for a particular use by a third party transaction. The method also provides negotiation for the control and operation of autonomous vehicles such as drones operating in non-public space.

Techniques are described for reducing time to decrypt a next encrypted frame in a content stream by optimizing a license/key acquisition process. When requesting content, a key identifier and/or license identifier may be included within a webpage using a link, script, or similar access point. When a client device sends a request for content, the loading of the webpage within the client device includes the embedded key identifier. Access to the key/license identifier at the client device then may initiate a key/license acquisition process by the client device. The key/license may be obtained from a key management device in parallel with, or prior to, downloading of at least a portion of the content stream.

Embodiments are directed towards decrypting encrypted content. A key for decrypting the encrypted content may be provided to a web application executing within a browser. The application may employ a generic cryptography application program interface (GCAPI) to perform actions on the key, including, storing the key, decrypting an encrypted key, generating another key, converting the key to a different encryption type, or the like. The GCAPI may or may not be enabled to explicitly share the key with the browser's media engine. In response to receiving encrypted content, the GCAPI may provide the key to the application, explicitly or inexplicitly to the browser's media engine, or the like. The key may be utilized by the application, the browser, the media element, browser's media engine, and/or the GCAPI to decrypt the encrypted content. The decrypted content may be displayed within the browser to a user of a client device.

A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

In embodiments of the present invention improved capabilities are described for managing digital rights management (DRM) protected content sharing in a networked secure collaborative computer data exchange environment through a secure exchange facility managed by an intermediate organizational entity amongst users of a plurality of other organizational entities, wherein computer data content and access rights for the computer data content is shared between a first and second user, the computer data content and access rights for the computer data content are transformed into a DRM protected computer data content through communications with a DRM engine, wherein the DRM engine is selected based on a content type of the computer data content, and the DRM engine is provided by an entity other than the intermediate organizational entity and other than any of the plurality of other organizational entities.

An information processing system includes an information processing device, and an electronic device to utilize a service provided from the information processing device. A service delivery unit provides the service for the electronic device. An information management unit manages license information of the service, generates use permission information and sends the generated use permission information to the electronic device. An execution management unit manages an execution request of the service specifying the use permission information of the service. An execution unit determines whether to have a use authority of a function of the electronic device utilized by the service based on contents of the license included in the use permission information of the service and executes the service by utilizing the function of the electronic device upon determining that the use authority of the function of the electronic device utilized by the service is present.