The distribution of digital content or media data using modern digital communication technologies is constantly growing, increasingly replacing more traditional distribution methods. In particular, there is an increasing trend of downloading or streaming digital content from a content provider to a user, which then typically renders or executes the content using a rendering or executing device according to some usage rights or rules specified in a license associated with the digital content. Due to the advantages of this form of content distribution, including being inexpensive, fast and easy to perform, applications can now be found for distribution of all types of media such as audio, video, images, electronic books and software.
However, with this new way of distributing digital media content comes the need for protecting the content provider's digital assets against unauthorized usage and illegal copying. Copyright holders and creators of digital content naturally have a strong economic interest of protecting their rights, and this has lead to an increasing demand for digital rights management (DRM). DRM is generally a technology for protecting the content provider's assets in a digital content distribution system, including protecting, monitoring and restricting the usage of the digital content as well as handling payment. A DRM system thus normally includes components for encryption, authentication, key management, usage rule management and charging.
The most basic threats to a DRM system include eavesdropping, illegal copying, modification of usage rules, and repudiation of order, delivery or usage of content. Most of these basic security problems are solved by standard cryptographic techniques, including encryption, authentication and key management. However, what basically distinguishes the security problems of a DRM system from other general security problems is that not even the other end-part of the communication (the end user) is completely trusted. In fact, the end-user might want to try to fraudulently extend his usage rights, for example rendering the media content more times than he has paid for or illegally copying the digital content to another rendering or executing device. Therefore, some form of rule-enforcement is required in the user's rendering or executing device. To this end, a tamper-resistant circuit and some formal language, such as XrML, expressing the usage rules are commonly used together with the basic cryptographic techniques mentioned above.
Unfortunately, it now and then happens that the algorithms in the tamper-resistant DRM circuits are hacked, and a piece of software that successfully cracks some vital part of the DRM security of a particular type of rendering device is openly distributed. From the viewpoint of the content provider, this makes all the rendering devices of this type unsecure for DRM purposes, and the content provider may have to stop providing digital content intended for these rendering devices, and instead use another algorithm that has not yet been hacked. Recalling and replacing all the concerned rendering devices is obviously very expensive for the manufacturer/content provider.
A robust DRM system will make copyright holders more willing to distribute their material and offer a wider selection of content for end users over open, untrusted channels such as the Internet. It will also provide business opportunities for network operators to provide the infrastructure for distribution, charging mechanism and so forth.
Another problem is that it is often difficult, sometimes even impossible, to move media content from one rendering or executing device to another. The media usage license is often associated with a single device, and if the user wants to use the content in another device, he needs a new license. This is a cumbersome procedure for the end-user, and reduces the flexibility in the user's media system.