Digital Rights Management system (DRM) is the technology to control the use of digital content and protect digital content against illegal distribution and copy. In a DRM system, the content is encrypted by the content encryption key (CEK) and then the encrypted content is transmitted to a device of the user who buys the content. In addition, there are rights associated with the content, which describe what the user can do with the content. Only an authorized user can receive the encrypted content, the content key and the rights by using his/her compliant devices. Stateful Rights are right objects for which the device has to explicitly maintain state information, so that the constraints and permissions expressed in the right objects can be enforced correctly. Examples of stateful rights may be “play a piece of content three times”, “play a piece of content within 30 days” or “print the e-book within 30 days”.
Nowadays, users have more and more digital CE devices and want to enjoy the digital data content conveniently in multiple devices or one device as the consumer pleases. In other words, it is desirable to share stateful rights among different devices without violating the rule of use. However, a current DRM system does not provide a flexible method for sharing stateful rights.
According to DRM Specification V2.0 of OMA (Open Mobile Alliance), if a right issuer issues a stateful right associated with a piece of content to a specific device, the content and the stateful right can only be used in the device. The state information about, for example, how many times the content has been consumed, should be kept in the device. If the user also wants to access this content from another device, then the user has to buy the content with a stateful right from the right issuer.
Another option in an OMA DRM V.2.0 mechanism is to form an authorization domain by grouping a set of devices. The devices in a domain may share a same right meaning that if a device obtains a stateful right from a rights issuer, say “play three times”, any other device in this domain has the same right “play three times”. But any state information about how many times the content has been consumed in each device shall not be shared between devices. It means that the content can only be consumed in each device in the domain independently. Therefore, the method cannot provide the flexibility and convenience to use content in different devices as the consumer pleases. Patent application US 2005/0060571 A1 discloses a method for transferring rights adapted to be associated with items from a rights supplier to a right consumer. However, it requires a unified state-of-rights manager, thus all the devices must be online or in other words, must have access to the state-of-rights manager. It does not provide a solution to content sharing among devices that are not on line. Another problem of this invention is that it allows a device to generate a new right that causes a risk of leaking, thereon embezzling the signature of the Rights Issuer who signs the right of the piece of the content.