It is becoming increasingly common for users to have multiple devices for playing back the various types of digital media content available. Digital media content may be any form of electronic content, such as software applications, videos, movies, images, e-books, digital articles, digital magazines, audio and the like. The digital content may be downloaded content or streaming content. For example, a user may begin watching a video on a tablet computer (e.g. while at home) and wish to continue watching the video on a more portable device such as smartphone (e.g. while commuting to work). Presently, however, digital rights management (DRM) keys are stored on a device, electronic appliances or equipment (e.g. cellphone, TV, media player, etc.) by the device manufacturer, which prevents the content from being presented on another device that does not have the corresponding DRM keys.
In the present paradigm, DRM license providers (e.g. Microsoft™ or Google™) provide licenses and security keys to mobile device manufacturers (e.g. Sony™, Samsung™, etc.), and the device manufacturers generate device-specific DRM keys and store them on the devices. The device manufacturer DRM keys are not removable from the mobile device.
When the mobile device receives digital content (e.g. a movie either a rental or a purchase), a mobile device manufacturer-provided DRM key that is specific to the mobile device is associated with the digital content. When content is provided by a content server, the content is encrypted using a content encryption key. In order to securely deliver both the content and the content encryption key, a public key (which is a DRM key in form of a digital certificate) is used to encrypt the content encryption key. A content player application executing on a mobile device provides the public key to the content service provider by requesting content from content service provider, such as Netflix®.
Before providing the content, the content service provider examines a digital certificate provided by the mobile device. The digital certificate includes a chain of other certificates that “sign” the digital certificate in order to verify the authenticity of the digital certificate provided by the mobile device to the content service provider. The other certificates “sign” the digital certificate by providing a key (e.g. a string of characters/digits) that when used in a process (e.g. a hash) produce an expected result that proves the provider of the key (in this case, the mobile device) is an authorized user. The chain of other certificates are provided by a licensing entity, such as Microsoft®, that signs a certificate for an original equipment manufacturer (OEM), such as Samsung®, which signs a certificate for the respective mobile device (e.g., a Galaxy S4®), that signs the device certificate which is the digital certificate used by the content player application. The device certificate is signed by the chain of other certificates to authenticate to the content service provider server that the request is from a mobile device authorized to receive the content. This chain of other certificates controls the transfer of the DRM keys associated with the content. The above referenced chain of DRM-controlling certificates includes at least two certificates, the OEM certificate and the model certificate, that are associated with the device manufacturer.
Once the content provider server is able to verify that the request is from an authorized mobile device, the content provider server delivers the content. The device certificate provides a private key that is paired with the public key used to encrypt the content provided by the content server. However, as a result, the need for the chain of certificates prevents the DRM keys from being removed from the mobile device. When the digital content is transferred from the first mobile device to a second mobile device, a DRM key that allows the digital content to be presented on the second mobile device is not available on the second mobile device because the manufacturer DRM keys are not transferrable from the first device to the second mobile device. Since each device has device-specific DRM keys for presenting content, transferred content cannot be played on a subsequent device. In other words, the present implementation is a device-centric system, in which the network carriers only passively participate. There are at least two concerns with the present, device-centric implementation. Firstly, DRM keys are stored in a device's memory in a manner that may not provide an adequate level of security; and, secondly, the DRM content can only be played on the specific device that downloaded the content.
Hence, there is a need for a subscriber-centric mechanism that allows DRM keys to be assigned to a user thereby permitting the DRM keys to be transferable from one device to another. A subscriber-centric implementation in which network carriers take a more active role in the distribution and management of DRM keys would advantageously improve security and content portability.