Access to protected documents is controlled by delegating the decryption from a document source to a document processing device. Interactions between an input device and the document source are provided to generate public and non-commutative proxy keys. The document processing device can use the proxy keys to convert the documents originally encrypted for the owner/publisher/distributor to ones encrypted for the end user. Authorization and usage are combined by invoking a method of trusted rendering of documents. Thus, the proxy conversion and decryption are delayed to a late stage within the document rendering application.