As is known, and referring now to FIG. 1, a rights management (RM) and enforcement system is highly desirable in connection with digital content 12 such as digital audio, digital video, digital text, digital data, digital multimedia, etc., where such digital content 12 is to be distributed to users. Upon being received by the user, such user renders or ‘plays’ the digital content with the aid of an appropriate rendering device such as a media player on a personal computer 14, a portable playback device or the like.
Typically, a content owner distributing such digital content 12 wishes to restrict what the user can do with such distributed digital content 12. For example, the content owner may wish to restrict the user from copying and re-distributing such content 12 to a second user, or may wish to allow distributed digital content 12 to be played only a limited number of times, only for a certain total time, only on a certain type of machine, only on a certain type of media player, only by a certain type of user, etc.
However, after distribution has occurred, such content owner has very little if any control over the digital content 12. An RM system 10, then, allows the controlled rendering or playing of arbitrary forms of digital content 12, where such control is flexible and definable by the content owner of such digital content. Typically, content 12 is distributed to the user in the form of a package 13 by way of any appropriate distribution channel. The digital content package 13 as distributed may include the digital content 12 encrypted with a symmetric encryption/decryption key (KD), (i.e., (KD(CONTENT))), as well as other information identifying the content, how to acquire a license for such content, etc.
The trust-based RM system 10 allows an owner of digital content 12 to specify rules that must be satisfied before such digital content 12 is allowed to be rendered. Such rules can include the aforementioned requirements and/or others, and may be embodied within a digital license 16 that the user/user's computing device 14 (hereinafter, such terms are interchangeable unless circumstances require otherwise) must obtain from the content owner or an agent thereof, or such rules may already be attached to the content 12. Such license 16 may for example include the decryption key (KD) for decrypting the digital content 12, perhaps encrypted according to another key decryptable by the user's computing device or other playback device. Because the content 12 can only be rendered in accordance with the rules in the license 16, then, the content 12 may be freely distributed.
The content owner for a piece of digital content 12 would prefer not to distribute the content 12 to the user unless such owner can trust that the user will abide by the rules specified by such content owner in the license 16 or elsewhere. Preferably, then, the user's computing device 14 or other playback device is provided with a trusted component or mechanism 18 that will not render the digital content 12 except according to such rules.
The trusted component 18 typically has an evaluator 20 that reviews the rules, and determines based on the reviewed rules whether the requesting user has the right to render the requested digital content 12 in the manner sought, among other things. As should be understood, the evaluator 20 is trusted in the DRM system 10 to carry out the wishes of the owner of the digital content 12 according to the rules, and the user should not be able to easily alter such trusted component 18 and/or the evaluator 20 for any purpose, nefarious or otherwise.
As should be understood, the rules for rendering the content 12 can specify whether the user has rights to so render based on any of several factors, including who the user is, where the user is located, what type of computing device 14 or other playback device the user is using, what rendering application is calling the RM system 10, the date, the time, etc. In addition, the rules may limit rendering to a pre-determined number of plays, or pre-determined play time, for example.
The rules may be specified according to any appropriate language and syntax. For example, the language may simply specify attributes and values that must be satisfied (DATE must be later than X, e.g.), or may require the performance of functions according to a specified script (IF DATE greater than X, THEN DO . . . , e.g.).
Upon the evaluator 20 determining that the user satisfies the rules, the digital content 12 can then be rendered. In particular, to render the content 12, the decryption key (KD) is obtained from a pre-defined source and is applied to (KD(CONTENT)) from the content package 13 to result in the actual content 12, and the actual content 12 is then in fact rendered.
Particularly with regard to the aforementioned rules, it is oftentimes necessary for an RM system 10 to maintain on the computing device 14 a state store 22 having therein state information relating to the usage of a particular license 16. For example, if a license 16 includes a rule specifying that associated content 12 can be rendered only 10 times, then the number of renderings must be stored in the state store 22 and incremented after each rendering, even if such renderings take place across multiple use sessions, days, weeks or even longer. Likewise, if a license 16 includes a rule specifying that associated content 12 can be rendered for only a set number of days after a first rendering, then the first date of rendering must be stored in the state store 22 for reference by the license evaluator 20 when such evaluator 20 is evaluating the license 16. Of course, other examples of state information that may be stored in the state store 22 are many and varied, and it is to be recognized that the present invention as set forth below is not limited to any particular type of state information stored in the state store 22.
Note that a nefarious entity attempting to avoid a rule in a license 16 may attempt to alter the state information pertaining thereto as stored in the state store 22. For example, and with regard to the aforementioned license 16 that includes a rule specifying that associated content 12 can be rendered only 10 times, the nefarious entity may attempt to alter the associated number of renderings as stored in the state store 22, or may even attempt to delete the state store 22 entirely. Likewise, and with regard to the license 16 that includes a rule specifying that associated content 12 can be rendered for only a set number of days after a first rendering, the nefarious entity may attempt to alter the first date of rendering as stored in the state store 22, or again may even attempt to delete the state store 22 entirely.
Many schemes are known to defeat attempts by a nefarious entity to modify the state store 22. For example, the state store 22 may be encrypted and/or may include a verifying signature or hash. However, it is more problematic to prevent a nefarious entity from deleting the state store 22 in its entirety.
Accordingly, a need exists for an architecture and method that hides the state store 22 by storing same in one or more seemingly random locations. Moreover, a need exists for such an architecture and method that stores the state store 22 in such one or more seemingly random locations that vary from computing device 14 to computing device 14. Further, a need exists for such an architecture and method that stores the state store 22 in a retrievable manner.