Digital rights management (DRM) is an umbrella term referring to technologies used by software developers, publishers or copyright holders to control access to or usage of digital content, as well as to restrictions associated with specific instances of digital works or devices. A time-based DRM policy allows a client unlimited access to protected digital content for a limited period of time. To be effective, a processor implementing the time-based DRM policy must have access to a trustworthy source of secure time. In order to maintain the integrity of the time-based DRM policy, access to the protected content should not be permitted if a trustworthy source of secure-time is unavailable. However, such restrictive policies may frustrate clients who believe that they have properly purchased access to the protected digital content and therefore should be permitted access so long as the licensed “limited period of time” has not elapsed, regardless of whether a trustworthy source of secure time is available.
To alleviate such client concerns, some providers of digital content protected under a time-based DRM policy may elect to allow clients continued access to the protected digital content even when a trustworthy source of secure time is unavailable. Most such providers do so under the assumption that a trustworthy source of secure time will become available before the license period expires. Such alternative time-based DRM policies are susceptible to significant fraud. This is because dishonest users may attempt to improperly extend the “limited period of time” license by manipulating or modifying the unsecure time source such that the licensed for “limited period of time” will run in perpetuity. In addition, some dishonest users purposely may make a trustworthy source of secure time unavailable or inaccessible so that continued access to the protected digital content is permitted despite the fact that the license should have expired.
Mobile devices, in particular, suffer from this susceptibility because the internal clock of the mobile device may not be accurate, secure from modification, or even present. Cellular phones, personal data assistants (PDAs), wireless modems, and similar hand-held communication devices are examples of mobile devices which may not have a self-contained, accurate and secure clock. Further, such mobile devices may not have a reliable and/or secure means of retrieving secure time under all conditions.
For these reasons, alternative DRM policies have been devised to limit the usage or access to protected digital content, based on criterion other than time. Examples of such alternative DRM policies include tracking and limiting the number of executions, instances of consumption, or accesses to the protected content. While such alternative DRM policies allow protected content providers an effective alternative to time-based DRM policies, potential clients may be dissuaded from purchasing the protected digital content concluding that such DRM policies are too limiting. As a result, fewer sales of digital content are made. Therefore, protected digital content providers may desire a more reliable method or system for time-based DRM license policies which allow for client access in the event a trustworthy source of secure time is unavailable but prevents excessive fraud by dishonest clients.