摘要:
A method is disclosed for rendering content encrypted according to a cryptographic key, where the content has corresponding rights data including a decryption key (KD) for decrypting the encrypted content, and where (KD) in the rights data is encrypted according to a public key of a rights management (RM) server (PU-RM) to result in (PU-RM(KD)). The RM server normally delivers (KD) within a license, but upon being decommissioned can no longer issue such license. In the method, a notification is received that the RM server has been decommissioned, and thereafter an attempt is made to render a piece of content. Such content is determined to be protected to the decommissioned RM server, and a request is sent to the decommissioned RM server for the content key (KD) for the content rather than any license. Thereafter (KD) is received from the decommissioned RM server.
摘要:
A scalable computing system for managing annotations is capable of handling requests for annotations to millions of documents a day. The computing system consists of multiple tiers of servers. A tier I server indicates whether there are annotations associated with a content source. A tier II server indexes the annotations. A tier III server stores the body of the annotation.
摘要:
An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.
摘要:
A method is disclosed for rendering content encrypted according to a cryptographic key, where the content has corresponding rights data including a decryption key (KD) for decrypting the encrypted content, and where (KD) in the rights data is encrypted according to a public key of a rights management (RM) server (PU-RM) to result in (PU-RM(KD)). The RM server normally delivers (KD) within a license, but upon being decommissioned can no longer issue such license. In the method, a notification is received that the RM server has been decommissioned, and thereafter an attempt is made to render a piece of content. Such content is determined to be protected to the decommissioned RM server, and a request is sent to the decommissioned RM server for the content key (KD) for the content rather than any license. Thereafter (KD) is received from the decommissioned RM server.
摘要:
A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.
摘要:
A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.
摘要:
A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.
摘要:
A method, apparatus, and software are disclosed for delivering customized content to clients with diverse content needs, such as clients from diverse geographical areas an language backgrounds. Customizable content is separated from the underlying code, which is used as a template for inserting localized content into a basic document framework as represented by the template. Both electronic mail and Web community customization techniques are disclosed.
摘要:
A method, apparatus, and software are disclosed for delivering customized content to clients with diverse content needs, such as clients from diverse geographical areas an language backgrounds. Customizable content is separated from the underlying code, which is used as a template for inserting localized content into a basic document framework as represented by the template. Both electronic mail and Web community customization techniques are disclosed.
摘要:
A key management interface that allows for different key protection schemes to be plugged into a digital rights management system is disclosed. The interface exposes the functionality of signing data, decrypting data encrypted using a public key, and re-encrypting data encrypted using the public key exported by the interface to a different authenticated principal (i.e., a different public key). Thus, a secure interface can be provided such that the data does not enter or leave the interface in the clear. Such an interface exports private key operations of signing and decryption, and provides security and authentication for the digital asset server in licensing and publishing. During publishing, a client can encrypt asset keys such that only a specified entity can decrypt it, using a plug-in, for example, that implements the aforementioned interface. During licensing, the license issuing entity can use the interface to decrypt keys for assets and to sign licenses and rights labels such that the asset is protected and consumable by a host digital rights management platform. The interface thus provides an abstraction for key operations.