Digital rights management engine systems and methods

The invention claimed is: 1. A method of managing enterprise documents, the method comprising: authoring, by a first software application executing on a first computing device, an electronic document; encrypting, by a digital rights management plug-in executing on the first computing device, the electronic document; associating, by the digital rights management plug-in executing on the first computing device, a license with the encrypted electronic document, the license comprising an encrypted first key configured to decrypt the encrypted electronic document and a control program, the control program comprising instructions for determining: a logical connection between a node associated with a first group of users and a second node based on possession of one or more link objects, and a callback; sending, by the first computing device, the encrypted electronic document and the license to a second computing device; receiving the encrypted electronic document and the license by the second computing device from the first computing device; determining authorization to access the encrypted electronic document, comprising: determining the logical connection between the node associated with the first group of users and the second node based on possession of the one or more link objects by executing the control program using a virtual machine of the second computing device, the second computing device comprising the second node, wherein at least one of the one or more link objects comprises an encrypted second key, the second key configured to decrypt the encrypted first key; determining the callback by executing the control program using the virtual machine; determining a host application of the second computing device supports the callback using the host application; calling a control routine according to the callback using the host application; recording access to the encrypted electronic document in a database by executing the control routine using the virtual machine; providing an authorization indication to the host application based on execution of the control routine using the virtual machine; and accessing the encrypted electronic document based on the authorization comprising: decrypting, by the second computing device, the encrypted second key using a key associated with the second computing device, decrypting, by the second computing device, the encrypted first key using the decrypted second key, decrypting, by the second computing device, the electronic document using the decrypted first key, and accessing the decrypted electronic document. 2. The method of claim 1 , wherein encrypting the electronic document and associating the license with the electronic document further comprises: receiving, by the first computing device, a first template selection from a set of one or more templates, the one or more templates expressing policy conditions that can be imposed on access to electronic documents, the digital rights management plug-in automatically converting the policy conditions expressed by the selected first template into the control program. 3. The method of claim 1 , further comprising: creating, by the digital rights management plug-in, a controller object configured to securely bind the control program with the encrypted first key. 4. The method of claim 3 , the controller object including a hash of a content key object and a control object, wherein the content key object comprises the encrypted first key, wherein the method further comprises associating the control program with the control object. 5. The method of claim 4 , the controller object being signed with a hashed message authentication code using an unencrypted version of the encrypted first key. 6. The method of claim 4 , the controller object being signed with a public key signature of an author of the electronic document. 7. The method of claim 6 , the public key signature being signed with a hashed message authentication code using an unencrypted version of the encrypted first key.