In current state-of-the-art DRM systems, the functionality of rights sharing among a set of potential users—which may be human beings or non-human entities, such as devices or services—is available in commercial products. A set of granted rights and how these rights may be shared are typically specified in the form of a license.
One form of license that is dedicated for rights sharing is called the concurrent user license (also known as site license or network license). A concurrent user license represents a pool of licenses that is tied to a network server; only users on this network can access the license and only a maximum number of users can access it concurrently.
In the conventional implementations of a concurrent user license, each user who is able to access the license is granted all the rights specified in the license—that is, all users have the same rights. A more advanced implementation of this type of license, by Macrovision FLEXnet, allows users of a concurrent user license to dynamically share a set of rights. Instead of specifying a set of rights that each user can have, the license specifies the maximum set of rights that all users can share. How these rights are shared is up to the purchaser of the license and can be configured using a custom access control mechanism consisting of an option file and software plug-in modules. The option file can be used to control among other things, the reservation of a number of licenses available in the license pool for a specific user or group of users, the reservation of some specific features that a user or group of users can access, and a stipulation of who can borrow a license from the pool for off-line usage. To illustrate some of the features supported by the option file, “RESERVE 1 install USER robert” reserves one license for the feature “install” for the user “robert”; “RESERVE 4 play GROUP accounting” reserves 4 licenses to play content for the accounting group; “INCLUDE_BORROW play USER tom” includes user “tom” in the list of users able to borrow feature “play”. In addition to sharing, the option file includes an option to report usage. This is, in effect, a way for the license to impose the condition to track usage upon the user. During the authorization process to determine whether a user can access content, the license is processed by a generic license manager while the option file is processed by the plug-in to produce a combined response.
Even though Macrovision FLEXnet's approach gives the user the extra mechanism to control rights sharing according to their needs, it certainly has its limitations. For example, the license is tied to a network server, and only users on this network can access or borrow the license. Also, the option file is configured by a human being and is error-prone. For instance, while reserving licenses for the different groups within a department, the administrator can make a mistake so that the number of reserved licenses exceeds the pool capacity. This mistake can go unnoticed, and some group can end up sharing fewer licenses than expected. The option file, and therefore the sharing distribution, is a clear text file. It is protected only by the administrator password. The license server cannot perform the same rights management tasks it does with licenses, which are to verify the authenticity and integrity of the options. In addition, access control based on the option file on top of the license limits the portability of content, since content can only be accessed where the access control mechanism exists. When the content leaves the perimeter (the domain of the network server), the intended access control no longer applies.
The hard-coded option to report usage is only one of the possible conditions the license purchaser may want to impose upon the users of the license. The purchaser of the license should be able to add their own conditions to the distributed rights. The custom access control mechanism only supports one level of delegation. Only the administrator can distribute rights to the network users who cannot further distribute their rights. This delegation is not suitable in a hierarchical structure, which requires multi-level delegation. The sharing is focused on the access aspect or the control of certain actions. It is not a general-purpose resource sharing mechanism managed by rules or policies. The design is centered on controlling the actions of software programs. It is not intended to control other types of digital resources such as documents, audio and video files.
Another form of licenses that typically allows sharing within a personal domain is called an end-user license. This type of license requires that the license itself be bound to a specific environment, such as a device or user ID. Sharing is confined within a specific set of device types and/or a maximum number of devices, depending on the business models supported by the rights owner. Either all sharing devices have the same rights or each device has its own, separate set of rights.
In one example of the end-user license, Microsoft Windows Media Rights Management System may grant a content purchaser a set of rights comprising the rights to play content on his PC and to transfer content to other devices. The transfer right specifies the types of device eligible to receive the content and a few pre-determined rights for these devices. As the result of a transfer and according to the license on the PC, each target device has its own, separate set of rights.
In another example, Real Networks Helix DRM offers all network-connected devices (called Native Devices), such as a PC, set top box, home media server, or mobile phone, the ability to acquire their own contents and licenses. The Helix Device DRM supports transfer from a Native Device to a Secure Receiver Device, which is a device that requires a connection to a Native Device for the transfer of data and enforcement of business rules for that data. Examples of Secure Receiver Devices include personal music players, PDAs, and personal video players. Only the playback right is available on Secure Receiver Devices.
In still another example, the FLEXnet node-lock license can be bound to the specific device, requiring the license be consumed on that device only; or it can be bound to a specific user name, requiring devices have the same user name to consume the license. Of the two requirements, the former does not allow sharing, and the latter allows sharing among devices with the same user name, which is not very practical since devices preferably are distinguished by name.
In still another example, the FLEXnet mobile license is bound to a FLEXnet ID. The hardware (dongle) that contains the FLEXnet ID must be moved to the new device if the authorized user decides to consume the license on the new device.
Thus, the sharing schemes allowed by an end-user license do not permit the user to use the acquired rights as the maximum rights that he can use in any way he sees fit.