A system is provided that includes a plurality of nodes and a plurality of instances of a distributed media rights transaction ledger associated with the plurality of the nodes. The plurality of nodes includes a first node associated with a first participant and a second node associated with a second participant. The first node interacts with the second node based on a defined protocol in a communication network. The first node receives a request for playback of a media content from a content consumer associated with a consumer device. The second node provides media content rights associated with media content to at least one of the first participant or the content consumer. Each instance of the distributed media rights transaction ledger includes a plurality of media content rights transactions corresponding to at least an acquisition of the media content rights by the first participant or the content consumer.

A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at least one of the first and second devices is deleted at the end of the session.

Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

In some examples, a system for server-side rendering of password-protected files can receive, from a client device, a request to view a file on the system, determine that the file should be converted to a different format prior to presentation at the client device, and determine that the file is a password-protected file. The system can send a response to the client device indicating the file is a password-protected file. In response to receiving the password from the client device, the system can generate, based on the password, a preview of the password-protected file including at least a portion of the password-protected file rendered in the different format. After generating the preview, the system can store an encrypted copy of the preview in storage for future requests, and send the preview to the client device.

Systems and methods for maintaining and transferring access privileges associated with an artwork are described herein. A server may receive a request to transfer ownership privileges from a named user, the current owner of the artwork, to a second user. The request may include an identification of a universal art record, from a plurality of universal art records in a database, associated with the artwork. When both the named user and the second user use two-factor authentication to confirm the transaction, ownership privileges are transferred to the second user. This may include, for example, modifying the universal art record to indicate in the ownership field that the second user is now the current owner of the artwork, thereby providing the second user with the ability to access a virtual certificate of authenticity and grant possession access to the universal art record to other users.

A method and apparatus for providing a license to a client device, the license providing a key for decrypting a content instance. In one embodiment, the method comprises accepting a license request, the license request including a client identifier and an access token having an access token identifier and key request data comprising a content identifier identifying the content instance, determining if the received access token identifier is currently bound to a stored client device identifier, and temporarily binding the received access token identifier with the received client device identifier and providing the received access token for validation or returning an error without providing the received access token for validation depending upon the determination.

Systems and methods can use subscription and identity authentication management to remove paywalls from websites. Login information for access to an application can be received from a user. The application can verify that the login information is associated with a subscriber account associated with a subscriber to the application. Instructions can be received to access a provider site from the user through the application. The application can determine that the provider site is associated with the subscriber account and the user; and then determine access credentials to the provider site based on a predetermined access scheme associated with the provider site. The access credentials can be injected into a paywall associated with the provider site.

Systems and methods for maintaining and transferring access privileges associated with an artwork are described herein. A server may receive a request to transfer ownership privileges from a named user, the current owner of the artwork, to a second user. The request may include an identification of a universal art record, from a plurality of universal art records in a database, associated with the artwork. When both the named user and the second user use two-factor authentication to confirm the transaction, ownership privileges are transferred to the second user. This may include, for example, modifying the universal art record to indicate in the ownership field that the second user is now the current owner of the artwork, thereby providing the second user with the ability to access a virtual certificate of authenticity and grant possession access to the universal art record to other users.

A system for exchanging secure and controlled messages between a first entity and a second entity is described. The system includes a data transport mechanism, software operating on one or more processors wherein said software allows for composing, saving, encrypting, decrypting, downloading, and streaming messages and associated message rights. The system includes an input means for the first entity and the second entity. To send a secure and controlled message, the sender the composes a message and associated message rights, and makes the message along with the associated message rights available to the recipient. The message elements cannot be read by a recipient until the associated message rights are first received and applicable message rights enforced.

Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.