The digital age has greatly increased concerns about ownership, access, and control of copyrighted information, restricted services and valuable resources. Rapid evolution and wide deployment has occurred for computers, and other electronic devices such as cellular phones, pagers, PDAs, and e-book readers, and these devices are interconnected through communication links including the Internet, intranets and other networks. These interconnected devices are especially conducive to publication of content, offering of services and availability of resources electronically.
One of the most important issues impeding the widespread distribution of digital works (i.e. documents or other content in forms readable by computers), via electronic means, and the Internet in particular, is the current lack of ability to enforce the intellectual property rights of content owners during the distribution and use of digital works. Efforts to resolve this problem have been termed “Intellectual Property Rights Management” (“IPRM”), “Digital Property Rights Management” (“DPRM”), “Intellectual Property Management” (“IPM”), “Rights Management” (“RM”), and “Electronic Copyright Management” (“ECM”), collectively referred to as “Digital Rights Management (DRM)” herein. There are a number of issues to be considered in effecting a DRM System. For example, authentication, authorization, accounting, payment and financial clearing, rights specification, rights verification, rights enforcement, and document protection issues should be addressed. U.S. Pat. Nos. 5,530,235, 5,634,012, 5,715,403, 5,638,443, and 5,629,980, the disclosures of which are incorporated herein by reference, disclose DRM systems addressing these issues.
Two basic DRM schemes have been employed, secure containers and trusted systems. A “secure container” (or simply an encrypted document) offers a way to keep document contents encrypted until a set of authorization conditions are met and some copyright terms are honored (e.g., payment for use). After the various conditions and terms are verified with the document provider, the document is released to the user in clear form. Commercial products such as Cryptolopes™ and Digiboxes™ fall into this category. Clearly, the secure container approach provides a solution to protecting the document during delivery over insecure channels, but does not provide any mechanism to prevent legitimate users from obtaining the clear document and then using and redistributing it in violation of content owners' intellectual property.
In the “trusted system” approach, the entire system is responsible for preventing unauthorized use and distribution of the document. Building a trusted system usually entails introducing new hardware such as a secure processor, secure storage and secure rendering devices. This also requires that all software applications that run on trusted systems be certified to be trusted. While building tamper-proof trusted systems is a real challenge to existing technologies, current market trends suggest that open and untrusted systems, such as PC's and workstations using browsers to access the Web, will be the dominant systems used to access digital works. In this sense, existing computing environments such as PC's and workstations equipped with popular operating systems (e.g., Windows™, Linux™, and UNIX) and rendering applications, such as browsers, are not trusted systems and cannot be made trusted without significantly altering their architectures. Of course, alteration of the architecture defeats a primary purpose of the Web, i.e. flexibility and compatibility.
Some DRM systems allow content owners to specify usage rights and conditions, and associate them with content. These usage rights control how the recipient thereof can use the content. Usually after a content distributor or consumer has completed selecting and ordering specific content, the content is delivered either electronically from some content repository or via a conventional distribution channel to the recipient, such as tangible media sent via a common carrier. Corresponding DRM systems used by the recipient, for example the distributor or consumer, will then interpret the rights and conditions associated with the content, and use them to control how the content is distributed and/or used. Examples of usage rights include view, print and extract the content, and distribute, repackage and loan content. Associated conditions may include any term upon which the rights may be contingent such as payment, identification, time period, or the like.
U.S. Pat. No. 5,634,012 discloses a system for controlling the distribution of digital documents. Each rendering device has a repository associated therewith. A predetermined set of usage transaction steps define a protocol used by the repositories for enforcing usage rights associated with a document. Usage rights persist with the document content. The usage rights can permit various manners of use such as, viewing only, use once, distribution, and the like. Usage rights can be contingent on payment or other conditions.
However, there are limitations associated with the above-mentioned paradigms wherein only usage rights and conditions associated with content are specified by content owners or other grantors of rights. Once purchased by an end user, a consumer, or a distributor, of content along with its associated usage rights and conditions has no means to be legally passed on to a next recipient in a distribution chain. Further the associated usage rights have no provision for specifying rights to derive other rights, i.e. rights to modify, transfer, offer, grant, obtain, transfer, delegate, track, surrender, exchange, transport, exercise, revoke, or the like. Common content distribution models often include a multi-tier distribution and usage chain. Known DRM systems do not facilitate the ability to prescribe rights and conditions for all participants along a content distribution and usage chain. Therefore, it is difficult for a content owner to commercially exploit content unless the owner has a relationship with each party in the distribution chain.