Apparatus, method, and media for controlling utilization of content. An exemplary method comprises associating one or more usage rights with content, wherein the usage rights are based at least in part on a usage rights grammar, and wherein each of the usage rights corresponds to a permitted utilization of the content and one or more conditions which must be satisfied in order for the respective usage right to be exercised, receiving from an external computing device external, a request to access the content, the request corresponding to a utilization of the content, determining whether the requested utilization corresponds to at least one of the usage rights associated with the content, and transmitting to an external a computing device, at least one of the usage rights based at least in part on a determination that the requested utilization corresponds to at least one of the usage rights.

Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request. Upon selection of the on-premise service appliance, the coordination server controls a sequence of operations performed by the on-premise service appliance to satisfy the service request.

A framework, apparatus, system and method for realizing security and trust management for virtualized networks. A computing platform for implementation in a networking device of a virtualized network comprises a root-trusted module layer, which includes a root trust module for providing root trust; and a middleware layer, which includes system-level components configured to manage security and trust of virtualized network functions by verifying, establishing or maintaining trust with regard to the virtualized network functions based on the root trust. The computing platform can further comprise a number of virtualized security and trust functions that can be flexibly deployed in the virtualized network function infrastructure supported by the above two layers.

A digital rights management (DRM) method for protecting emails can apply different protection policies to different components of an email such as the message body and the attached digital files. While an email application of the client encrypts the entire email document including both the message and the attachments, a plugin module on the client obtains user input regarding the DRM policies to be applied to individual attachments and then transmits the encrypted email along with the information about the DRM policies for the individual attachments to a digital rights management server. The server first decrypts the entire email document, then applies the user-specified DRM policies to the attachments individually. The server re-composes an email and attaches the individually protected attachments, and transmits the email to the exchange server.

An improved method and system for digital rights management is described.

A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations.

A system is provided for downloading, for distribution and for acoustic reproduction of a music album, which includes at least one or several digital music files and/or multimedia content in the form of one or several multimedia files assignable to the music file, wherein the music file and/or multimedia file are provideable as data sets for downloading, wherein the music file and/or multimedia file are as data sets pre-holdable grouped after downloading as a music album in a data memory of an end-user-device, wherein the music file and/or multimedia file is treatable by a treatment means, particularly in dependency to an authorization, and wherein the treated music file and/or multimedia file is transferable to an output device of the end-user-device, especially a speaker device with or without a display device, in such a way, that the music file and/or multimedia file is at least acoustically emittable to one user.

Media files are often tagged, such as by XML or other tagging paradigms, in order to indicate aspects of certain portions of the media file. Disclosed herein, security policy tagging is provided that supports a logically nested or hierarchical structure. Tags may be time- and/or event-altered, such as when a user who is denied access at one point in time may be granted access at a later point in time. The need to amend the security policy based upon the passage of time is reduced or eliminated as portions, or sub-portions, of a media file that may be selectively tagged with security tags may be presented or downloaded based upon the security policy. The a security policy may incorporate rules that change permissions upon the passage of time or the occurrence of an event, without requiring the modification of the presentation, the security tags of the presentation portion, or the security tag associated with a parent portion of the presentation or the presentation itself.

Methods and apparatus to distribute media content are disclosed. An example apparatus includes a client interface to receive a request from a wireless communication device for authorization to present media, the media received at the wireless communication device in an encrypted format. A database is to store an association of the wireless communication device and a wired network termination unit. A record interface is to, in response to the request for authorization, query the database based on an identifier of the wireless network communication device to determine whether the wired network termination unit is authorized to receive the media via a wired communication path, and in response to determining that the wired network termination unit is authorized to receive the media via the wired communication path authorize the wireless communication device to decrypt and present the transmitted media.

One or more content providers push data related to: movies, movie products, digital movie content over a network (e.g., a LAN, a WAN, the Internet, or a wireless network) onto an information filling station which, in turn, wirelessly transacts (over a network based on the 802.11b protocol) and transmits any requested data to a portable computer-based device (e.g., laptop, a pen-based computer device, a PDA, a wireless phone, or a pager). The portable device performs financial transactions for: purchasing movie tickets (directly or via auctions), downloading digital entertainment content of interest (e.g., copy of a movie of interest, copy of a movie identified based on a pre-stored profile, copy of soundtrack of a movie of interest), or movie related products. Any purchased digital content is either transferred wirelessly onto the portable device or, optionally, sent on a storage medium to a physical address associated with the profile.