A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B. Once the content transfer has completed B ensures that the received content has been physically written to non-volatile storage (to account for crashes etc. during the next step). B then calculates a hash over the received content and returns this value to the DRM Controller. If this value matches the value previously given then the transfer has been successful and the DRM Controller updates whatever central records are appropriate, while also returning a decrypt key to B to allow it to decrypt the content.

The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

A method for transmitting contents including tracking information is described. The method comprising the steps of generating a content transmission stream relevant to an original content, determining at least part of the original content as a forensic mark (FM) target segment, generating a FM stream including the FM segment in which a particular pattern is inserted into the FM target segment and a FM stream different from the content transmission stream and transmitting the content transmission stream and the FM stream to a receiving device, wherein the FM stream is combined with the content transmission stream based on session information related to the transmitting in the receiving device.

Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

A system and method to control access to data are disclosed. An access request is received from a requesting device to access requested data and a context for the requesting device is determined. An access pattern for the requested data is determined based at least on the request and the context. A deviation between the context and the access pattern is determined and based on determining the deviation, a decision request to allow or deny the access request is sent. Based on a response to the decision request, access to the requested data is allowed.

Apparatus, method, and media for permitting use of content. An exemplary method comprises associating a transfer right with content, the transfer right specifying that the content is permitted to be transferred from a first computing device to a second computing device, transferring the content from the first computing device to the second computing device in accordance with the transfer right, updating information associated with the transfer right based on the transfer of the content from the first computing device to the second computing device, and associating a usage right with the content, the usage right corresponding to a utilization of the content, wherein the first computing device includes at least a server mode of operation, and wherein the second computing device includes both a requester mode of operation and a server mode of operation.

Systems and methods related to DRM content usage mechanisms for both online and offline usage of content are disclosed, including systems providing secure access to data regardless of network state or connectivity state to the networked access control mechanism. An access control mechanism having a secondary offline access control mechanism is presented, further including multiple implementations for data encapsulation, as well as providing a method for writes to files and to the filesystem itself by externally created applications with no API or modification to their operation.

An ecosystem for distributing digital content over an electronic communications network includes a content creator computer system having a processor and a memory configured to store raw digital content. The system further includes computer systems for content service and for a retailer, both in operable communication with the processor. The content service computer system is configured to receive the raw digital content and transmit packaged digital content. The retailer computer system is configured to receive the packaged digital content and display its availability to an electronic device of a user. The ecosystem further includes a blockchain in operable communication with the processor, and the content service and retailer computer systems. The blockchain is configured to verify a transfer of the packaged digital content from the content service system to the user, a payment from the user to the retailer, and an update with information regarding the verified transfer and payment.

Devices, systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a computing device comprising a communication module, a policy module, an appliance selection module, and a coordination module. The communication module receives a document request from a first client over a network connection, establishes a session with the first client in response to the document request, and receives metadata representing collected signatures at after completion of the electronic signature operation portion of the document request. The policy module manages a policy associate with a first account corresponding to the document request. The appliance selection module selects one of a plurality of document appliances. The coordination module controls a sequence of operations performed on the on-premise document appliance to service the document request, and instructs the on-premise document appliance to communicate results at the completion of the document request.

Some embodiments provide convenient auto-authentication for user data on a primary device, while still providing a significant level of security, by taking advantage of existing security and cryptographic measures used to communicate with a secondary device. The primary device of some embodiments encrypts the user data on the primary device using a cryptographic key based on a set of keys received from the secondary device. In some embodiments, the primary device encrypts authentication data, or a local key generated from the authentication data, using a remote key received from the secondary device, and encrypts the user data with the local key. In some embodiments, the keys received from the secondary device are an existing set of keys for establishing an encrypted channel of communication for transmitting digital rights management (DRM) protected content according to a DRM protection scheme.