摘要:
A computer network has storage devices organized into X levels and storing element-group information. To determine whether an element is a member of any target groups, each target group is validated by searching the storage devices to find a target group item and, if found, placing the target group in a validated target bin (V). Also, the element is validated by searching the storage devices to find an element item, and if found, determining from the item all groups that the element is listed as being a member of and placing such member-of groups in a search bin (S). If (S) intersects (V), the element is a member of a target group. If not, all groups in (S) are moved to a queue (Q1) corresponding to the storage device at level 1 and an iterative process searches for a membership path from the element to any target group.
摘要:
An organization maintains a computer network comprising at least a forest A and a forest B, where forest A has a directory A and a querying entity A capable of querying directory A, and forest B has a directory B and a querying entity B capable of querying directory B. Querying entity A receives a request from the user and decides whether to grant the request based at least in part on whether the user is a member of the group. Thus, querying entity A queries directory A to return information on the group, is directed to forest B, contacts querying entity B, requests querying entity B to query directory B whether the user is a member of the group, receives a response, and grants the request from the user based at least in part on whether the user is a member of the group.
摘要:
A licensor receives a request from a requestor including an identifier identifying the requestor and rights data associated with digital content, where the rights data lists at least one identifier and rights associated therewith. The licensor thereafter locates the identifier of the requestor in a directory, and locates in the directory based thereon an identifier of each group which the requestor is a member of. Each of the located requestor identifier and each located group identifier is compared to each identifier listed in the rights data to find a match, and a digital license to render the content is issued to the requestor with the rights associated with the matching identifier.
摘要:
A digital license corresponds to encrypted digital content and includes a content key for decrypting same. The content key is encrypted and is decryptable by a decryption key available only to the first persona, the license thereby being tied to the first persona. The license is a first license and further includes referral information specifying a first location at which a second persona may obtain a second license for the content tied thereto. The second persona requests to render the content by way of the first license and the request is denied because the first license is not tied to the second persona. The referral information is obtained from the first license and employed to initiate contact with the specified first location and obtain the second license tied to the second persona.
摘要:
A method for managing rights in digital content includes generating rights data for a piece of digital content and forming a piece of rights managed digital content by associating the rights data with the piece of digital content. The rights data includes parameters that govern the terms on which the content may be licensed, and may include a list of entities to which the content may be licensed, a respective set of one or more rights that each such entity has in the digital content, and any conditions that may be placed on those rights. A method for licensing rights managed digital content includes receiving a license request for a license to use the piece of rights managed digital content, where the license request includes such a signed rights label. The digital signature on the signed rights label is validated to determine whether a trusted entity issued the signed rights label. If a trusted entity issued the signed rights label, a license to use the piece of rights managed digital content in accordance with the rights data may be issued.
摘要:
Content is encrypted according to a content key (CK) ((CK(content))), (CK) is protected according to a license server public key (PU-DRM), and rights data associated with the content is protected according to (PU-DRM). The protected items are submitted as a rights label to the license server for signing. The license server validates the rights label and, if valid, digitally signs based on the protected rights data to result in a signed rights label (SRL), and returns same. The SRL is concatenated with (CK(content)) and both are distributed to a user. To render the content, the user submits the SRL to the license server to request a license. The license server verifies the SRL signature and reviews the SRL protected rights data to determine whether the user is entitled to the license, and if so issues the license, including (CK) in a protected form accessible to the user.
摘要:
Techniques are described for facilitating sharing of executable software images between users in a configurable manner. In at least some situations, the executable software images are virtual machine images, and while executing may access and use remote network-accessible services (e.g., Web services). In addition, some or all shared executable software images may be made available in a fee-based manner by creator users, such that execution of such a fee-based software image by a software image execution service on behalf of a user other than the creator user is performed in exchange for fees from the other user as specified by the creator user. The creator user may further receive at least some of the specified fees paid by the other user, such as at least some of a difference between the specified fees and fees charged by the software image execution service for the execution.
摘要:
A secure first process uses a non-secure software object by hosting said non-secure software object in a separate second process, where the first process's address space is inaccessible to the second process. The first process communicates with the second process, preferably by means of a COM API that the second process exposes to the first process. The application that runs in the second process may expose APIs of the hosted non-secure object to the first process, and the first process may communicate with the non-secure object hosted in the second process through this API. In a preferred embodiment, the second process renders its output in a child window of the first process, so that the use of a second process to host non-secure software objects is transparent to a user of the first process.
摘要:
An enhanced telephony (ET) computer user interface that seamlessly integrates features of a personal computer (PC) and a telephone into a coherent user interface. The user is provided with a rich variety of functionality that leverages the fact that the PC has considerably more processing power and greater access to variety of data than the ordinary telephone. This processing power and data access is used to the user's advantage as the telephone's capabilities and functionality are greatly expanded. In general, the ET user interface includes a plurality of environments for the user to choose. These environments include a My Contacts environment, a communication preferences environment, and a Call History environment. Each of these environments contains certain available processes and features for controlling and managing telephones.
摘要:
A method and system for providing an electronic shopping service integrated into a software application, and for controlling the set of web sites that are reachable from within the shopping service. Each web site is represented by data which is signed by a private key, and the data together with this signature is delivered to a plurality of computing devices that provide the shopping service. Each of the computing devices has access to the public key that corresponds to the private key, and uses the public key to verify the signature. The computing device displays links to those web sites whose representative data validates against the signature.