Global distribution systems, such as the Internet, are increasingly being used for distribution of digital content that includes text and graphic information encoded in a variety of formats. However, copyright holders and publishers of such digital content have been slow to embrace the use of the Internet for distribution of digital content because it has been difficult to control unauthorized copying and dissemination of the content once it has been delivered onto the Internet. In particular, once content has been placed in digital form and delivered to a user, it can easily be copied, printed or forwarded to other users.
Thus, providers of digital content desire to establish a secure, global distribution system for digital content that protects the rights of the content's copyright holders. On the other hand, users want freedom to exchange information as illustrated by the popularity of current peer-to-peer file sharing systems. For example, many users implement a crude peer-to-peer file sharing system by attaching a copy of a document to an e-mail message so that the document can be transmitted directly to another user. However, if the document is in plaintext, such a system lends itself to abuse by users who may make multiple copies of the document without compensating the copyright holder's. If the document is encrypted, then, if the recipient either does not have the decrypting key or cannot easily obtain the key, the objective of file sharing is defeated.
Due to the inherent problems with file sharing, most providers of digital content shy away from such file sharing systems and opt for control that is more robust. For example, one prior art technique for controlling the distribution of digital content is shown in FIG. 1. In this technique, unencrypted content is placed in a server farm that is located behind a secure firewall. A user, such as user 100, desiring access to the content stored in database 106 logs in to the server 104 using a conventional authentication scheme, such as a password or subscription service. Once connected to the server 104, an authorized user 100 can view content and request a copy of that content as indicated by arrow 108. In response to this request, the server 104 retrieves the information from the database 106 as indicated schematically by arrow 110 and displays the content.
This conventional protection technique has several drawbacks in connection with a file sharing system. First, if the content is delivered to the user in an unencrypted form that is typically stored, at least temporarily, in the computer, it can be printed or forwarded to other users without control. Therefore, in such systems, in order to view the content with a conventional browser, the browser must be equipped with a plug-in, ActiveX components or another program which controls the browser and disables the printing function and prevents forwarding the content to unauthorized users. However, in order to use this system, it is necessary to first download and install the plug-in, the ActiveX libraries or other program, before the content can be viewed. In addition, since the content is not encrypted when it is downloaded to the browser, it can still be stored and then later printed or forwarded to other users.
Alternatively, if the content is encrypted when it is downloaded to the user site, then some method of key control such as public private key pairs must be used to control the decryption of the content. An alternative to key pairs is to use a single key or key pair that is specific to each content document rather than each user. In this manner, that publisher can encrypt the content ahead of time. In response to a user request for a document and after pre-specified authorization conditions have been met, the decryption key for the requested document is provided to a program in the user's computer that decrypts the content for presentation to the user. However, such a system is only as secure as the key distribution arrangement. Further, since the decryption keys must be associated with the corresponding documents, this association is subject to discovery especially if the content server is located in an uncontrolled environment.