A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at least one of the first and second devices is deleted at the end of the session.

System and methods are disclosed for governing digital rights management systems and other applications through the use of supervisory governance applications and keying mechanisms. Governance is provided by enabling the supervisory applications to revoke access keys and/or to block certain file system calls, thus preventing governed applications from accessing protected electronic content.

A computer implemented system and method of sharing files between a link sharer and a link recipient over a network. The method comprises generating, in response to a request by a link sharer, a file sharing link to a file set, where the link does not provide a link recipient the ability to modify the contents of the linked file set. In response to receiving an indication that the generated link has been activated by a link recipient, displaying a representation of the linked file set with a display element configured to send a request for modification rights to the linked file set when activated by the link recipient. In response to receiving the request for modification rights, either automatically granting modification rights to the linked file set or sending notice to the link sharer indicating that the link recipient is requesting modification rights to the linked file set.

Several embodiments include a policy-bound token distribution system. The system can include a back-office server that issues policy-bound tokens to local main distribution servers. A local main distribution server can distribute a policy-bound token to a digital environment to authorize an operator to take advantage of a protected resource. The system can rely on a backup server to distribute the policy-bound tokens whenever the distribution service of the local main distribution server is unavailable. To prevent run-time leakage from the backup server, the backup server can synchronize its distribution state with the local main distribution server and the back-office server. The distribution state can include distribution transaction records between the backup server and client devices. Throughout the system, each distribution transaction record can be assigned unique transaction ID to prevent multiple accounting of the same distribution transaction record from different servers.

The different advantageous embodiments provide a system for managing license utilization comprising a client system, a number of message transport servers, and a number of license management servers. The client system is configured to generate a number of messages having information about usage associated with a project code or a business unit. The number of message transport servers replicates the number of messages. The number of messages is transmitted to a message transport server in the number of message transport servers. The message transport server receiving the number of messages replicates the number of messages to each message transport server. The number of license management servers has a number of license management services configured to listen for updates from the number of message transport servers. The updates are the number of messages replicated across the number of message transport servers.

To provide validation information to web publishers indicative of the presence of operational malicious software protection systems on user computing devices, an evaluation system resident on a web publisher server can cause web content, including validation request data, to be transmitted from the publisher server to a computing device. A submission system resident on the computing device can analyze the web content for the validation request data, and can cause the validation information to be transmitted from the computing device to the evaluation system based on the analysis. Upon receiving the validation information, the evaluation system can analyze it to determine the likelihood that content delivered to the computing device will be viewed by a real user (and not by automated computer programs).

Methods and systems for processing video data are disclosed herein and may comprise receiving within a single mobile multimedia processor chip integrated within a mobile device, a secure key from an off-chip device integrated within the mobile device. The secure key may be decrypted within the single mobile multimedia processor chip, utilizing an on-chip key. The decrypted secure key may be stored within the single mobile multimedia processor chip. The received encrypted data may be decrypted within the single mobile multimedia processor chip, using the stored, decrypted secure key. The on-chip key may be stored within a one-time programmable (OTP) memory in the single mobile multimedia processor chip. The stored on-chip key may be retrieved from the OTP memory for the decrypting. The stored decrypted received secure key may be encrypted utilizing the on-chip key stored within the single mobile multimedia processor chip.

Methods and systems are provided for use with digital data processing systems to control or otherwise limit access to networked resources based, at least in part, on transactional artifacts and/or derived artifacts.

The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.

A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.