1. The Field of the Invention
The present invention generally relates to digital rights management. More specifically, the present invention relates to digital rights management within a domain.
2. Background and Related Art
Due in part to concerns over the distribution of copyrighted digital content (such as digital audio, digital video, digital text, digital data, digital multimedia, etc.) to users for consumption, digital rights management (DRM) has become highly desirable. Typical modes of distribution of such content include tangible devices such as magnetic (floppy) disk, magnetic tape, optical (compact) disk, etc., and intangible media such as electronic bulletin boards, electronic networks, the Internet, etc. Upon being received by the user, such users consume the content by rendering, playing or otherwise interacting with the digital content with the aid of an appropriate rendering device such as a media player, personal computer, or the like.
Typically, a content provider, or rights-owner, such as an author, publisher, broadcaster, etc. (hereinafter “content owner”), wishes to distribute such digital content to a user or a recipient in exchange for a license fee or some other consideration. Usually, content owners wish to restrict what the user can do with such distributed digital content. For example, the content owner may restrict the user from copying and re-distributing such content to a second user. Traditionally, content owners have used DRM to bind content to a specific device.
FIG. 1 illustrates an example of a DRM system 100, which allows a content owner to bind content to a specific device. In general, the licensing process is initiated by the content owner encrypting content and packaging and distributing the content to consumers via the Internet, CD, or other conventional means. Consumers may then receive a license for consuming the content in accordance with the business rules defined by the content owner. As noted above, traditionally these rules have required that the content be bound to a specific device. For example, the following describes how a license may be used to bind content to a specific device in accordance with a typical DRM model.
A content owner usually encrypts and packages the content in accordance with any number of well known processes. Typically, however, the content will be packaged to include the encrypted content and a header portion that includes information to assist a device in consuming the content. Further, the packaged content may use a license acquisition URL to point to a location where a license may be acquired. Moreover, there is a number of other optional and important data which may be included within the packaged file, e.g., private signing key used to sign the content header, license key seed used to generate the key that is shared between content owner and license issuer, etc.
The content 105 may be sent to a content distributor 140 and placed on a web or file server or streaming server for distribution. Devices 130 receiving the content may then be directed to the license acquisition URL that is embedded within the header (or other areas) of the file to acquire the appropriate license 125 for consuming content 105. Before license 125 can be requested and distributed by license issuer 115, the content owner sends to the license issuer 115 the business rules and sharing of secrets 110, which typically include the seed, public key and the business rules by which a license 125 will be granted. The rules 110 define how and under what conditions licenses may be distributed to users. For example, the rules may allow for the distribution of digital content to be played only a limited number of times, only for a certain total time, only on a certain type of machine, only on a certain type of media player, only by a certain type of user, etc. In any event, the license issuer 115 should be trusted in order to ensure that licenses 125 are issued in accordance with the appropriate business rules or requirements 110 as specified by the content owner.
Device 130 may obtain the content 105 from the content distributor 140 after paying such consideration 135 as defined by the content owner when the content 105 is sent to the content distributor 140. As previously mentioned, in order to play the encrypted content 105 the device 130 must first obtain a license 125 from the license issuer 115. Device 130 may use the license acquisition URL within the header of the encrypted content 105 to determine who the license issuer 115 is in order to make a request 120 for a license 125. A request process may then be initiated which includes exchanging the content identification, information about the client computer 130 and other optional information. Based on the information received, the license issuer 115 responds with an appropriate license 125 allowing the device 130 to consume the encrypted content 105.
This license will typically include the encrypted key to decrypt the content, the specified usage rights, information about the device 130, and other information. As previously mentioned, in order to tightly control the consumption of the content 105 the license is bound to particular device or client computer 130 (e.g., the license is valid only for device 130 and content 105), and therefore the content usually can be consumed only by the specific device 130.
With competing interests of consumers, which desire the ability to consume the content on any number of devices (e.g., a desktop computer, a laptop computer, a handheld device, devices within a car or home audio/visual system/network), various mechanisms have been created to extend licenses for consuming content to a set of devices that share both content and license. Sharing the same content and license on any of several devices more closely approximates the user experience for tangible media, such as a CD, which may be played on any of several devices or even loaned to another. Current solutions for extending a license to a set of devices, however, rely on individual peer devices to enforce the criteria for sharing licenses and content.
FIG. 2 illustrates an example implementation of distributing content and a license within a network 200 that includes multiple devices. Initially, device 205 requests and obtains content 210 and license 220 in accordance with a procedure similar to the one described above with regard to FIG. 1. Content 210 is encrypted, and license 220 binds license 220 to content 210 through a key identifier (K_ID) that is specific to content 210. Rather than binding the license to a particular device, however, license 220 includes a device ecosystem or network identification (N_ID) which may be now distributed to other devices via device 205 (or other devices within the network 200) thereby allowing content 210 to be bound to those devices within the network 200. For example, network device 225 may request from device 205 the content 210 and the license 220 for consumption. Provided that device 225 has a N_ID that matches the N_ID within license 220, device 225 is able to use license 220 to consume content 210. Similarly, device 230 may obtain the license 220 and content 210 from device 205, and subsequently distributed the license 220 and content 210 to device 235. If device 235 has obtained the appropriate N_ID the content 210 may be consumed in accordance with license 220 and in accordance with the business rules defined therein.
One of the problems associated with the aforementioned distribution of content within a network is that there is no central network service to ensure that network membership criteria are not abused. For example, a network may be limited to a specific number of devices, say four. This limitation is intended to provide a reasonable restriction on the size of the domain, given a particular license agreement. One way that the limitation on the number of device could be circumvented is to share the four licenses among a much larger group of devices. To illustrate how this might occur, consider content that is twelve minutes in length, which therefore could be played five times an hour, 120 times a day, 840 times a week, and so forth. The four device limit introduces a factor of four, meaning that the content theoretically can be played 20 times an hour, 480 times a day, 3,360 times a week, and so forth.
Of course, no matter how much four consumers like the content, as a practical matter, they will not play the content 3,360 times a week. However, it is possible for other devices to make use of the 3,360 potential plays of the content each week. In order to play the content, a device must be part of (i.e., a member of) a licensed network, but after the content is played (or at a time when the content is not being played) there may not be a significant reason for a device to remain as a network member. As a result, a device may join a network for the sole purpose of playing the content and then unjoin after the content has been consumed. This process of joining and unjoining effective allows a four device domain to share licensed content among a much larger group of devices. In this example, the number of devices could theoretically be as large as 3,360 over the course of a single week, which is probably a much larger group of devices than was contemplated when the four-device domain license was issued for the content. At first, sharing domain membership in this way may appear analogous to sharing a physical CD, which seems reasonable and in some aspects is desirable. However, there are practical limits on how many times a physical medium, such as a CD, can be shared over time, which simply do not manifest themselves in the context of an electronic or digital medium, such as a computer network.
Current network technology, such as network 200 in FIG. 2, have not accounted for how frequently devices enter and leave the network. At least in part, this may be attributed to the lack of a centralized network service that for enforcing network membership criteria. A set of devices like network 200 also have failed to manage, and in some cases purposefully so, for the proximity of devices that make up a network. Again, analogizing to a physical media paradigm, sharing a CD typically involves at least intermittent proximity.