A
system and method for limiting access to and preventing unauthorized use of an owner's
digital content stored in an information network and available to clients under authorized conditions. The network includes at least one
server coupled to a storage device for storing the
limited access digital content encrypted using a random-generated key, known as a Document
Encryption Key (DEK). The DEK is further encrypted with the
server's public key, using a public / private key pair
algorithm and placed in a digital container stored in a storage device and including as a part of the meta-information which is in the container. The
client's
workstation is coupled to the
server for acquiring the
limited access digital content under the authorized condition. A Trusted Information Handler (TIH) is validated by the server after the handler provides a data signature and type of signing
algorithm to
transaction data descriptive of the purchase agreement between the
client and the owner. After the handler has authenticated, the server decrypts the encrypted DEK with its private key and re-encrypts the DEK with the handler's public key ensuring that only the information handler can process the information. The encrypted DEK is further encrypted with the
client's public key personalizing the digital content to the client. The client's program decrypts the DEK with his private key and passes it along with the encrypted content to the handler which decrypts the DEK with his private key and proceeds to decrypt the content for displaying to the client.